CyberSecurity news

FlagThis - #security

@www.microsoft.com //
IACR News has highlighted recent advancements in post-quantum cryptography, essential for safeguarding data against future quantum computer attacks. A key area of focus is the development of algorithms and protocols that remain secure even when classical cryptographic methods become vulnerable. Among these efforts, FrodoKEM stands out as a conservative quantum-safe cryptographic algorithm, designed to provide strong security guarantees in the face of quantum computing threats.

The adaptive security of key-unique threshold signatures is also under scrutiny. Research presented by Elizabeth Crites, Chelsea Komlo, and Mary Mallere, investigates the security assumptions required to prove the adaptive security of threshold signatures. Their work reveals impossibility results that highlight the difficulty of achieving adaptive security for key-unique threshold signatures, particularly for schemes compatible with standard, single-party signatures like BLS, ECDSA, and Schnorr. This research aims to guide the development of new assumptions and properties for constructing adaptively secure threshold schemes.

In related news, Muhammed F. Esgin is offering PhD and Post-Doc positions in post-quantum cryptography, emphasizing the need for candidates with a strong mathematical and cryptography background. Students at Monash University can expect to work on their research from the beginning, supported by competitive stipends and opportunities for teaching assistant roles. These academic opportunities are crucial for training the next generation of cryptographers who will develop and implement post-quantum solutions.

Recommended read:
References :
  • mfesgin.github.io: PhD and Post-Doc in Post-Quantum Cryptography
  • IACR News: Zero-Trust Post-quantum Cryptography Implementation Using Category Theory

Waqas@hackread.com //
A massive data breach has exposed over 184 million passwords and login credentials from various online platforms, including major players like Google, Microsoft, Facebook, and Apple. The unprotected database, containing 184,162,718 records, was discovered by security researcher Jeremiah Fowler. The exposed data includes logins for accounts connected to multiple governments, highlighting the severity of the potential impact.

The exposed Elastic database, which was over 47 GB in size, contained a plain text file with millions of sensitive pieces of data, lacking encryption, password protection, or any security measures. Fowler noted the unusual nature of the discovery, as the database didn't offer any clues about its owner or the source of the collected data. The unsecured nature of the database highlights the risks associated with recklessly compiling sensitive information in a single, vulnerable repository.

The incident underscores the importance of robust data security practices and the potential consequences of misconfigured or unsecured databases. The exposure of millions of plaintext passwords and login credentials raises significant concerns about potential misuse and unauthorized access to personal accounts. The discovery serves as a stark reminder of the need for organizations to prioritize data protection and implement strong security measures to safeguard sensitive user information.

Recommended read:
References :
  • hackread.com: Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords
  • PCMag UK security: Security Nightmare: Researcher Finds Trove of 184M Exposed Logins for Google, Apple, More
  • WIRED: Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • www.zdnet.com: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more
  • Davey Winder: 184,162,718 Passwords And Logins Leaked — Apple, Facebook, Snapchat
  • DataBreaches.Net: Mysterious database of 184 million records exposes vast array of login credentials
  • 9to5Mac: Apple logins with plain text passwords found in massive database of 184M records
  • www.engadget.com: Someone Found Over 180 Million User Records in an Unprotected Online Database
  • borncity.com: Suspected InfoStealer data leak exposes 184 million login data
  • databreaches.net: The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address.
  • borncity.com: [German]Security researcher Jeremiah Fowler came across a freely accessible and unprotected database on the Internet. The find was quite something, as a look at the data sets suggests that it was probably data collected by InfoStealer malware. Records containing 184 …
  • securityonline.info: 184 Million Leaked Credentials Found in Open Database
  • Know Your Adversary: 184 Million Records Database Leak: Microsoft, Apple, Google, Facebook, PayPal Logins Found
  • securityonline.info: Security researchers have identified a database containing a staggering 184 million account credentials—prompting yet another urgent reminder to The post appeared first on .

info@thehackernews.com (The@The Hacker News //
A new cybersecurity threat, dubbed Hazy Hawk, has emerged, exploiting misconfigured DNS records to hijack abandoned cloud resources. Since at least December 2023, the threat actor has been using DNS CNAME hijacking to seize control of abandoned cloud endpoints belonging to reputable organizations, including Amazon S3 buckets and Microsoft Azure endpoints. By registering new cloud resources with the same names as the abandoned ones, Hazy Hawk redirects traffic to malicious sites, incorporating these hijacked domains into large-scale scam delivery and traffic distribution systems (TDS). This allows them to distribute scams, fake applications, and malware to unsuspecting users, leveraging the trust associated with the original domains.

Infoblox researchers first detected Hazy Hawk's activities in February 2025, when the group successfully took control of subdomains belonging to the U.S. Centers for Disease Control (CDC). Further investigation revealed that global government agencies, major universities, and international corporations such as Deloitte and PricewaterhouseCoopers have also been targeted. Hazy Hawk scans for domains with CNAME records pointing to abandoned cloud endpoints, determining this through passive DNS data validation. They then register a new cloud resource with the same name, causing the original domain's subdomain to resolve to the attacker's controlled resource.

The attack chains often involve cloning legitimate websites to appear trustworthy, and URL obfuscation techniques are employed to hide malicious destinations. Hazy Hawk uses hijacked domains to host malicious URLs that redirect users to scams and malware. What makes Hazy Hawk's operations particularly concerning is the use of trusted domains to serve malicious content, enabling them to bypass detection and exploit the reputation of high-profile entities. Cybersecurity experts advise organizations to diligently monitor and manage their DNS records, ensuring that CNAME records pointing to abandoned cloud resources are removed to prevent unauthorized domain hijacking.

Recommended read:
References :
  • BleepingComputer: Threat actors have been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDSes).
  • BleepingComputer: Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains
  • The Hacker News: Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
  • hackread.com: Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…
  • The DefendOps Diaries: Explore Hazy Hawk's DNS hijacking tactics and learn how to protect your domains from this emerging cybersecurity threat.
  • bsky.app: A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS).
  • www.bleepingcomputer.com: Hazy Hawk has been observed hijacking abandoned cloud resources.
  • Virus Bulletin: Researchers Jacques Portal & Renée Burton look into Hazy Hawk, a threat actor that hijacks abandoned cloud resources of high-profile organizations.
  • blogs.infoblox.com: Hazy Hawk is a threat actor that hijacks abandoned cloud resources of high-profile organizations.
  • www.scworld.com: Misconfigured DNS, neglected cloud assets harnessed in Hazy Hawk domain hijacking attacks
  • Infoblox Blog: Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor
  • DomainTools: Report on the threat actor's tactics and techniques, including targeting abandoned cloud resources.
  • Security Risk Advisors: Hazy Hawk Actor Hijacks Abandoned Cloud DNS Records of High-Profile Organizations for Scam Distribution
  • cyble.com: Cyble reports on Hazy Hawk campaign hijacks abandoned cloud DNS records from CDC, Berkeley, & 100+ major orgs to distribute scams.
  • BleepingComputer: Hazy Hawk exploits abandoned cloud resources from high-profile organizations to distribute scams and malware through traffic distribution systems (TDSes).
  • cyberscoop.com: Coordinated effort took down seven kinds of malware and targeted initial access brokers.
  • securityonline.info: A significant takedown neutralized ransomware delivery and initial access malware infrastructure.
  • BleepingComputer: International law enforcement took down hundreds of servers and domains.

@siliconangle.com //
References: Techmeme , SiliconANGLE , siliconangle.com ...
Microsoft Corp. has announced a significant expansion of its AI security and governance offerings, introducing new features aimed at securing the emerging "agentic workforce," where AI agents and humans work collaboratively. The announcement, made at the company’s annual Build developer conference, reflects Microsoft's commitment to addressing the growing challenges of securing AI systems from vulnerabilities like prompt injection, data leakage, and identity sprawl, while also ensuring regulatory compliance. This expansion involves integrating Microsoft Entra, Defender, and Purview directly into Azure AI Foundry and Copilot Studio, enabling organizations to secure AI applications and agents throughout their development lifecycle.

Leading the charge is the launch of Entra Agent ID, a new centralized solution for managing the identities of AI agents built in Copilot Studio and Azure AI Foundry. This system automatically assigns each agent a secure and trackable identity within Microsoft Entra, providing security teams with visibility and governance over these nonhuman actors within the enterprise. The integration extends to third-party platforms through partnerships with ServiceNow Inc. and Workday Inc., supporting identity provisioning across human resource and workforce systems. By unifying oversight of AI agents and human users within a single administrative interface, Entra Agent ID lays the groundwork for broader nonhuman identity governance across the enterprise.

In addition, Microsoft is integrating security insights from Microsoft Defender for Cloud directly into Azure AI Foundry, providing developers with AI-specific threat alerts and posture recommendations within their development environment. These alerts cover more than 15 detection types, including jailbreaks, misconfigurations, and sensitive data leakage. This integration aims to facilitate faster response to evolving threats by removing friction between development and security teams. Furthermore, Purview, Microsoft’s integrated data security, compliance, and governance platform, is receiving a new software development kit that allows developers to embed policy enforcement, auditing, and data loss prevention into AI systems, ensuring consistent data protection from development through production.

Recommended read:
References :
  • Techmeme: Microsoft expands Entra, Defender, and Purview, embedding them directly into Azure AI Foundry and Copilot Studio to help organizations secure AI apps and agents (Duncan Riley/SiliconANGLE)
  • SiliconANGLE: Microsoft Corp. today unveiled a major expansion of its artificial intelligence security and governance offerings with the introduction of new capabilities designed to secure the emerging “agentic workforce,†a world where AI agents and humans collaborate and work together.
  • www.zdnet.com: Trusting AI agents to deal with your data is hard, and these features seek to make it easier.
  • siliconangle.com: Microsoft expands AI platform security with new identity protection threat alerts and data governance

Sead Fadilpašić@techradar.com //
ASUS DriverHub, a driver management utility designed to simplify updates by automatically detecting motherboard models, is facing scrutiny following the discovery of critical security flaws. Cybersecurity researchers identified vulnerabilities, designated as CVE-2025-3462 and CVE-2025-3463, that could allow malicious actors to remotely execute code on systems with the software installed. These flaws stem from insufficient HTTP request validation, potentially enabling unauthorized remote interactions with the software and the ability for malicious sites to execute commands with administrative rights.

Researchers discovered a one-click remote code execution vulnerability in ASUS's pre-installed DriverHub software. The attack vector involves tricking users into visiting a malicious subdomain of driverhub.asus[.]com. By leveraging the DriverHub's UpdateApp endpoint, attackers can execute a legitimate version of "AsusSetup.exe" with modified parameters that enable the execution of arbitrary files hosted on the attacker's domain. This exploit requires the creation of a malicious domain hosting three files: the payload, a modified AsusSetup.ini with a "SilentInstallRun" property pointing to the payload, and the legitimate AsusSetup.exe.

ASUS has released an update, version 1.0.6.0 or newer, to address these vulnerabilities and urges users to update immediately. The update includes important security fixes to mitigate the risk of remote code execution. Users are advised to open the ASUS DriverHub utility and click the "Update Now" button to complete the patching process. While there are no confirmed cases of active exploitation in the wild, a proof of concept exploit exists, highlighting the potential danger, especially for sectors relying heavily on ASUS motherboards.

Recommended read:
References :
  • securityonline.info: Critical Security Flaws Found in ASUS DriverHub: Update Immediately
  • Rescana: Vulnerabilities in ASUS DriverHub Exposed: CVE-2025-3462 and CVE-2025-3463 Analysis
  • cyberinsider.com: Critical Flaw in ASUS DriverHub Exposes Users to Remote Code Execution
  • securityaffairs.com: Researchers found one-click RCE in ASUS’s pre-installed software DriverHub
  • The DefendOps Diaries: ASUS DriverHub Vulnerability: Understanding and Mitigating CVE-2025-3463
  • The Hacker News: ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
  • BleepingComputer: The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed.
  • bsky.app: ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed.
  • www.techradar.com: Details on ASUS DriverHub driver management tool targeted by RCE vulnerability
  • www.scworld.com: ASUS DriverHub vulnerabilities fixed
  • Tech Monitor: TechMonitor article about ASUS DriverHub security vulnerability
  • the420.in: The420.in
  • Blog: ASUS patches RCE flaw in DriverHub utility
  • socradar.io: CVE-2025-3462 & CVE-2025-3463: ASUS DriverHub Flaws Enable RCE

info@thehackernews.com (The@The Hacker News //
Google is enhancing its defenses against online scams by integrating AI-powered systems across Chrome, Search, and Android platforms. The company announced it will leverage Gemini Nano, its on-device large language model (LLM), to bolster Safe Browsing capabilities within Chrome 137 on desktop computers. This on-device approach offers real-time analysis of potentially dangerous websites, enabling Google to safeguard users from emerging scams that may not yet be included in traditional blocklists or threat databases. Google emphasizes that this proactive measure is crucial, especially considering the fleeting lifespan of many malicious sites, often lasting less than 10 minutes.

The integration of Gemini Nano in Chrome allows for the detection of tech support scams, which commonly appear as misleading pop-ups designed to trick users into believing their computers are infected with a virus. These scams often involve displaying a phone number that directs users to fraudulent tech support services. The Gemini Nano model analyzes the behavior of web pages, including suspicious browser processes, to identify potential scams in real-time. The security signals are then sent to Google’s Safe Browsing online service for a final assessment, determining whether to issue a warning to the user about the possible threat.

Google is also expanding its AI-driven scam detection to identify other fraudulent schemes, such as those related to package tracking and unpaid tolls. These features are slated to arrive on Chrome for Android later this year. Additionally, Google revealed that its AI-powered scam detection systems have become significantly more effective, ensnaring 20 times more deceptive pages and blocking them from search results. This has led to a substantial reduction in scams impersonating airline customer service providers (over 80%) and those mimicking official resources like visas and government services (over 70%) in 2024.

Recommended read:
References :
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • BleepingComputer: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web.
  • Davey Winder: Mobile malicious, misleading, spammy or scammy — Google fights back against Android attacks with new AI-powered notification protection.
  • www.zdnet.com: How Google's AI combats new scam tactics - and how you can stay one step ahead
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • www.eweek.com: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
  • www.techradar.com: Tired of scams? Google is enlisting AI to protect you in Chrome, Google Search, and on Android.
  • www.tomsguide.com: Google is keeping you safe from scams across search and your smartphone
  • bsky.app: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web.
  • PCMag UK security: Google's Chrome Browser Taps On-Device AI to Catch Tech Support Scams
  • thecyberexpress.com: Google is betting on AI
  • The Tech Portal: Google to deploy Gemini Nano AI for real-time scam protection in Chrome
  • Malwarebytes: Google announced it will equip Chrome with an AI driven method to detect and block Tech Support Scam websites
  • cyberinsider.com: Google plans to introduce a new security feature in Chrome 137 that uses on-device AI to detect tech support scams in real time.
  • The DefendOps Diaries: Google Chrome's AI-Powered Defense Against Tech Support Scams
  • gbhackers.com: Google Chrome Uses Advanced AI to Combat Sophisticated Online Scams
  • security.googleblog.com: Using AI to stop tech support scams in Chrome
  • cyberpress.org: Chrome 137 Adds Gemini Nano AI to Combat Tech Support Scams
  • thecyberexpress.com: Google Expands On-Device AI to Counter Evolving Online Scams
  • CyberInsider: Details on Google Chrome for Android deploying on-device AI to tackle tech support scams.
  • iHLS: discusses Chrome adding on-device AI to detect scams in real time.
  • www.ghacks.net: Google integrates local Gemini AI into Chrome browser for scam protection.
  • gHacks Technology News: Scam Protection: Google integrates local Gemini AI into Chrome browser
  • www.scworld.com: Google to deploy AI-powered scam detection in Chrome

info@thehackernews.com (The@The Hacker News //
Google is integrating its Gemini Nano AI model into the Chrome browser to provide real-time scam protection for users. This enhancement focuses on identifying and blocking malicious websites and activities as they occur, addressing the challenge posed by scam sites that often exist for only a short period. The integration of Gemini Nano into Chrome's Enhanced Protection mode, available since 2020, allows for the analysis of website content to detect subtle signs of scams, such as misleading pop-ups or deceptive tactics.

When a user visits a potentially dangerous page, Chrome uses Gemini Nano to evaluate security signals and determine the intent of the site. This information is then sent to Safe Browsing for a final assessment. If the page is deemed likely to be a scam, Chrome will display a warning to the user, providing options to unsubscribe from notifications or view the blocked content while also allowing users to override the warning if they believe it's unnecessary. This system is designed to adapt to evolving scam tactics, offering a proactive defense against both known and newly emerging threats.

The AI-powered scam detection system has already demonstrated its effectiveness, reportedly catching 20 times more scam-related pages than previous methods. Google also plans to extend this feature to Chrome on Android devices later this year, further expanding protection to mobile users. This initiative follows criticism regarding Gmail phishing scams that mimic law enforcement, highlighting Google's commitment to improving online security across its platforms and safeguarding users from fraudulent activities.

Recommended read:
References :
  • Search Engine Journal: How Google Protects Searchers From Scams: Updates Announced
  • www.zdnet.com: How Google's AI combats new scam tactics - and how you can stay one step ahead
  • cyberinsider.com: Google Chrome Deploys On-Device AI to Tackle Tech Support Scams
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Davey Winder: Google Confirms Android Attack Warnings — Powered By AI
  • securityonline.info: Chrome 137 Uses On-Device Gemini Nano AI to Combat Tech Support Scams
  • BleepingComputer: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web. [...]
  • The Official Google Blog: How we’re using AI to combat the latest scams
  • The Tech Portal: Google to deploy Gemini Nano AI for real-time scam protection in Chrome
  • www.tomsguide.com: Google is keeping you safe from scams across search and your smartphone
  • www.eweek.com: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
  • the-decoder.com: Google deploys AI in Chrome to detect and block online scams.
  • www.techradar.com: Tired of scams? Google is enlisting AI to protect you in Chrome, Google Search, and on Android.
  • Daily CyberSecurity: Chrome 137 Uses On-Device Gemini Nano AI to Combat Tech Support Scams
  • PCMag UK security: Google's Chrome Browser Taps On-Device AI to Catch Tech Support Scams
  • Analytics India Magazine: Google Chrome to Use AI to Stop Tech Support Scams
  • eWEEK: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
  • bsky.app: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • The DefendOps Diaries: Google Chrome's AI-Powered Defense Against Tech Support Scams
  • gHacks Technology News: Scam Protection: Google integrates local Gemini AI into Chrome browser
  • Malwarebytes: Google Chrome will use AI to block tech support scam websites
  • security.googleblog.com: Using AI to stop tech support scams in Chrome
  • iHLS: Chrome Adds On-Device AI to Detect Scams in Real Time
  • bsky.app: Google will use on-device LLMs to detect potential tech support scams and alert Chrome users to possible dangers
  • bsky.app: Google's #AI tools that protect against scammers: https://techcrunch.com/2025/05/08/google-rolls-out-ai-tools-to-protect-chrome-users-against-scams/ #ArtificialIntelligence
  • www.searchenginejournal.com: How Google Protects Searchers From Scams: Updates Announced

@sec.cloudapps.cisco.com //
Cisco has issued a critical security advisory to address CVE-2025-20188, a severe vulnerability affecting its IOS XE Wireless LAN Controllers (WLCs). This flaw, which has been assigned a CVSS score of 10.0, allows an unauthenticated, remote attacker to upload arbitrary files to a vulnerable system. The root cause of this vulnerability lies in a hard-coded JSON Web Token (JWT) present within the affected system, enabling attackers to potentially gain root privileges. The vulnerability impacts several products, including Catalyst 9800-CL Wireless Controllers for Cloud, Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches, Catalyst 9800 Series Wireless Controllers, and Embedded Wireless Controllers on Catalyst APs.

The exploitation requires the Out-of-Band AP Image Download feature to be enabled, which is not enabled by default. An attacker can exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could enable the attacker to perform path traversal and execute arbitrary commands with root privileges, leading to a complete compromise of the affected system. Cisco advises administrators to check if the Out-of-Band AP Image Download feature is enabled by using the `show running-config | include ap upgrade` command. If the command returns `ap upgrade method https`, the feature is enabled, and the device is vulnerable.

Currently, there are no direct workarounds available to address this vulnerability. However, as a mitigation measure, administrators can disable the Out-of-Band AP Image Download feature. This will cause AP image downloads to use the CAPWAP method. Cisco strongly recommends implementing this mitigation until an upgrade to a fixed software release can be performed. Cisco has released free software updates to address this vulnerability, advising customers with service contracts to obtain these security fixes through their usual update channels, urging them to upgrade to the fixed release as soon as possible. As of now, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of this vulnerability.

Recommended read:
References :
  • securityonline.info: Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access
  • The Hacker News: Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
  • Rescana: Detailed Analysis Report on Cisco Security Advisory: cisco-sa-wlc-file-uplpd-rHZG9UfC Overview The Cisco Security Advisory ID...
  • Anonymous ???????? :af:: New Cisco flaw scores a perfect 10.0 CVSS. A hardcoded token. Root access. No login needed. If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.
  • securityaffairs.com: Cisco fixed a critical flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files.
  • thecyberexpress.com: News about Cisco fixing a 10.0-rated wireless controller flaw (CVE-2025-20188).
  • securityonline.info: SecurityOnline reports on critical CVE-2025-20188 flaw in Cisco IOS XE WLCs allowing remote root access.
  • sec.cloudapps.cisco.com: Security Advisory - Security updates available for Cisco IOS and IOS XE Software
  • BleepingComputer: Cisco fixed a maximum severity IOS XE flaw letting attackers hijack devices
  • Security Risk Advisors: Critical Vulnerability in Cisco IOS XE Wireless Controllers Allows Unauthenticated Remote Code Execution
  • BleepingComputer: Cisco fixed a maxmimum severity (10.0) flaw in IOS XE for WLCs that allows attackers to hijack devices. The flaw, tracked as CVE-2025-20188, is caused by a hardcoded JWT token that lets you bypass authentication and ultimately execute commands as root.
  • www.scworld.com: Cisco patches maximum severity vulnerability in IOS XE Software
  • www.bleepingcomputer.com: Critical vulnerability in Cisco IOS XE Wireless Controllers allows unauthenticated remote code execution
  • darkwebinformer.com: Cisco IOS XE Wireless Controllers Vulnerable to Unauthenticated Root Exploits via JWT (CVE-2025-20188)
  • BleepingComputer: Cisco fixed a maxmimum severity (10.0) flaw in IOS XE for WLCs that allows attackers to hijack devices.
  • www.csoonline.com: Cisco patches max-severity flaw allowing arbitrary command execution
  • nvd.nist.gov: CVE-2025-20188 Details

@securityonline.info //
Security researchers are raising alarms about the open-source library 'easyjson,' a Golang package used extensively across cloud-native technologies. A new investigation by cybersecurity firm Hunted Labs has revealed that easyjson is maintained and controlled by developers associated with VK Group, a major Russian internet conglomerate based in Moscow. VK Group's ties to the Kremlin, including its leadership being under U.S. and E.U. sanctions, have ignited concerns about potential supply chain risks for organizations relying on this library. Easyjson is used by the US government and American companies.

The 'easyjson' library is deeply embedded in the software ecosystem, particularly in cloud-native applications, distributed systems, and real-time analytics platforms. It's found to be widely used in projects like Helm, Istio, Kubernetes, ArgoCD, Grafana, Sigstore, and across many US Government and Fortune 500 organizations. This widespread integration makes it difficult to monitor, remove, or replace, according to Hunted Labs. The firm's report warns that "Any compromise of a serializer is extremely dangerous because they are: invisible, deeply integrated, hard to remove, and trusted by default.”

Researchers fear that Russia could alter easyjson to steal data or otherwise be abused. Hunted Labs outlines alarming possibilities if easyjson were to be compromised or weaponized, including supply chain backdoors enabling mass compromise, remote code execution via crafted JSON inputs, espionage and covert data exfiltration, and even kill switch activation across critical systems. As Hayden Smith, a cofounder at Hunted Labs, stated, the package is "basically a linchpin for the cloud native ecosystem, that’s maintained by a group of individuals based in Moscow belonging to an organization that has this suspicious history."

Recommended read:
References :
  • securityonline.info: Critical Open Source Library ‘easyjson’ Linked to Russian VK Group
  • Security Latest: The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.
  • Cyber Security News: A new investigation by cybersecurity firm Hunted Labs has uncovered that “easyjson,†a pivotal open source software library, is entirely owned, maintained, and controlled by software developers employed by VK Group (formerly Mail.ru), one of Russia’s largest internet conglomerates based in Moscow.
  • The Register - Software: Easyjson library's presence in numerous open source projects alarms security biz
  • infosec.exchange: : a Golang package created by a Russian company with sanctioned CEO is found to be widely used in Helm, Istio, Kubernetes, ArgoCD, Grafana, Sigstore and across many US Government, Fortune 500 organisations: 👇
  • securityonline.info: Hunted Labs has uncovered that a widely used open source library—easyjson—is maintained and controlled by developers associated with The post first appeared on .

@zdnet.com //
Microsoft is rolling out a wave of new AI-powered features for Windows 11 and Copilot+ PCs, aiming to enhance user experience and streamline various tasks. A key addition is an AI agent designed to assist users in navigating and adjusting Windows 11 settings. This agent will understand user intent through natural language, allowing them to simply describe the setting they wish to change, such as adjusting mouse pointer size or enabling voice control. With user permission, the AI agent can then automate and execute the necessary adjustments. This feature, initially available to Windows Insiders on Snapdragon X Copilot+ PCs, seeks to eliminate the frustration of searching for and changing settings manually.

Microsoft is also enhancing Copilot with new AI skills, including the ability to act on screen content. One such action, "Ask Copilot," will enable users to draft content in Microsoft Word based on on-screen information, or create bulleted lists from selected text. These capabilities aim to boost productivity by leveraging generative AI to quickly process and manipulate information. Furthermore, the Windows 11 Start menu is undergoing a revamp, offering easier access to apps and a phone companion panel for quick access to information from synced iPhones or Android devices. The updated Start menu, along with the new AI features, will first be available to Windows Insiders running Snapdragon X Copilot Plus PCs.

In a shift toward passwordless security, Microsoft is removing the password autofill feature from its Authenticator app, encouraging users to transition to Microsoft Edge for password management. Starting in June 2025, users will no longer be able to save new passwords in the Authenticator app, with autofill functionality being removed in July 2025. By August 2025, saved passwords will no longer be accessible in the app. Microsoft argues that this change streamlines the process, as passwords will be synced with the Microsoft account and accessible through Edge. However, users who do not use Edge may find this transition less seamless, as they will need to install Edge and make it the default autofill provider to maintain access to their saved passwords.

Recommended read:
References :
  • cyberinsider.com: Microsoft to Retire Password Autofill in Authenticator by August 2025
  • www.bleepingcomputer.com: Microsoft ends Authenticator password autofill, moves users to Edge
  • Davey Winder: You Have Until June 1 To Save Your Passwords, Microsoft Warns App Users
  • The DefendOps Diaries: Microsoft's Strategic Shift: Transitioning Password Management to Edge
  • www.ghacks.net: Microsoft removes Authenticator App feature to promote Microsoft Edge
  • www.ghacks.net: Microsoft Removes Authenticator App feature to promote Microsoft Edge
  • Tech Monitor: Microsoft to phase out Authenticator autofill by August 2025
  • Davey Winder: You won't be able to save new passwords after June 1, Microsoft warns all authenticator app users. Here's what you need to do.
  • www.microsoft.com: The post appeared first on .
  • PCWorld: If you use Microsoft’s Authenticator app on your mobile phone as a password manager, here’s some bad news: Microsoft is discontinuing the “autofill†password management functionality in Authenticator.
  • securityaffairs.com: Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security.
  • heise Security: Microsoft Authenticator: Zurück vom Passwort-Manager zum Authenticator Microsofts Authenticator-App kann neben erweiterter Authentifizierung als zweiter Faktor auch Passwörter verwalten. Das endet jetzt.
  • PCMag Middle East ai: Microsoft Tests Using Copilot AI to Adjust Windows 11 Settings for You
  • PCMag UK security: Microsoft Is Dropping A Useful Feature From Its Authenticator App
  • www.zdnet.com: Microsoft's new AI skills are coming to Copilot+ PCs - including some for all Windows 11 users
  • Dataconomy: Microsoft is revamping the Windows 11 Start menu and introducing several new AI features this month, initially available to Windows Insiders running Snapdragon X Copilot Plus PCs, including the newly announced Surface devices.
  • www.windowscentral.com: Microsoft just announced major Windows 11 and Copilot+ PC updates, adding a bunch of exclusive features and AI capabilities.
  • Microsoft Copilot Blog: Welcome to Microsoft’s Copilot Release Notes. Here we’ll provide regular updates on what’s happening with Copilot, from new features to firmware updates and more.
  • shellypalmer.com: Microsoft is officially going passwordless by default. On the surface, it’s a welcome step toward a safer, simpler future.
  • www.techradar.com: Microsoft has a big new AI settings upgrade for Windows 11 on Copilot+ PCs – plus 3 other nifty tricks
  • www.engadget.com: Microsoft introduces agent for AI-powered settings controls in Copilot+ PCs
  • www.ghacks.net: Finally! Microsoft is making AI useful in Windows by introducing AI agents
  • www.cybersecurity-insiders.com: Cybersecurity Insiders reports Microsoft is saying NO to passwords and to shut down Authenticator App
  • FIDO Alliance: PC Mag: RIP Passwords: Microsoft Moves to Passkeys as the Default on New Accounts
  • www.cybersecurity-insiders.com: Microsoft to say NO to passwords and to shut down Authenticator App

@arstechnica.com //
Microsoft is facing scrutiny over a design choice in its Remote Desktop Protocol (RDP) that allows users to log in with old, expired passwords. Security researcher Daniel Wade discovered that Windows RDP accepts previously used passwords, even after they have been changed or revoked. This means that if an attacker or unauthorized user once had access to a system and the password was cached, that old password remains valid for RDP login indefinitely, creating a potential "silent, remote backdoor." Microsoft has acknowledged this behavior, stating it's an intentional design decision to ensure at least one account can always log in, even if the system has been offline for an extended period.

Security experts are raising concerns about the security implications of this feature. David Shipley, head of Beauceron Security, suggests CISOs should reconsider using RDP, calling it a "really risky move." The vulnerability bypasses cloud verification, multifactor authentication (MFA), and Conditional Access policies, leaving systems vulnerable even if protective measures are in place. Analyst Will Dormann emphasizes that administrators expect revoked credentials to be unusable across the board, but this is not the case with RDP.

The discovery comes as Microsoft is actively pushing for a passwordless future. The company has already started defaulting new accounts to passwordless methods using passkeys, aiming to improve security and reduce phishing risks. Existing users can also switch to passwordless options in their account settings. However, the RDP flaw presents a contradictory security risk, as it undermines the trust users place in password changes and creates an avenue for unauthorized access via outdated credentials. Microsoft has stated it currently has no plans to change this behavior in RDP.

Recommended read:
References :
  • cybersecuritynews.com: Windows RDP Bug Allows Login With Expired Passwords – Microsoft Confirms No Fix
  • www.csoonline.com: CISOs should re-consider using Microsoft RDP due to password flaw, says expert
  • Davey Winder: Windows Warning — Microsoft Confirms Old Login Passwords Can Still Be Used
  • www.techradar.com: Microsoft RDP apparently lets you log in with expired passwords - and it apparently doesn't have plans to fix the issue

@www.microsoft.com //
References: Source , Yubico , NCSC News Feed ...
The digital landscape is witnessing a significant shift in authentication methods, with passkeys emerging as a secure and user-friendly alternative to traditional passwords. This evolution has led to the celebration of the inaugural World Passkey Day, marking a pivotal moment in the journey towards a passwordless future. As passwords have long been a source of vulnerability and frustration, the rise of passkeys promises simpler and safer sign-ins, enhancing overall digital security by eliminating the inherent weaknesses associated with passwords.

Microsoft and Yubico are at the forefront of this movement, actively promoting the adoption of passkeys. Microsoft is rolling out updates designed for simpler, safer sign-ins, making passkeys more accessible and convenient for users. Yubico, a strong advocate for ditching passwords altogether, emphasizes the importance of embracing passkeys for a more secure digital future. This collaborative effort underscores the industry's commitment to transitioning to a passwordless authentication system.

The transition to passkeys is not merely a technological upgrade but a fundamental shift in how we approach digital security. As highlighted by Microsoft, the number of password-based cyberattacks has dramatically increased, with a staggering 7,000 password attacks per second observed last year. Passkeys, being resistant to phishing and brute-force attacks, offer a robust defense against these threats. By celebrating World Passkey Day and actively promoting the adoption of passkeys, the industry aims to create a safer and more secure online experience for everyone.

Recommended read:
References :
  • Source: Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins
  • Yubico: Have you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable?
  • www.zdnet.com: Although passkeys remain an evolving ecosystem, we'd be wise to embrace tomorrow's authentication standard today. Here are ZDNET's 10 recommendations for reaching passkey paradise.
  • NCSC News Feed: Government to roll out passkey technology across digital services as an alternative to SMS-based verification.

@Salesforce //
Salesforce is enhancing its security operations by integrating AI agents into its security teams. These AI agents are becoming vital force multipliers, automating tasks that previously required manual effort. This automation is leading to faster response times and freeing up security personnel to focus on higher-value analysis and strategic initiatives, ultimately boosting the overall productivity of the security team.

The deployment of agentic AI in security presents unique challenges, particularly in ensuring data privacy and security. As businesses increasingly adopt AI to remain competitive, concerns arise regarding data leaks and accountability. Dr. Eoghan Casey, Field CTO at Salesforce, emphasizes the shared responsibility in building trust into AI systems, with providers maintaining a trusted technology platform and customers ensuring the confidentiality and reliability of their information. Implementing safety guardrails is crucial to ensure that AI agents operate within technical, legal, and ethical boundaries, safeguarding against undesirable outcomes.

At RSA Conference 2025, SecAI, an AI-enriched threat intelligence company, debuted its AI-native Investigator platform designed to solve the challenges of efficient threat investigation. The platform combines curated threat intelligence with advanced AI techniques for deep information integration, contextual security reasoning, and suggested remediation options. Chase Lee, Managing Director at SecAI, stated that the company is reshaping what's possible in cyber defense by giving security teams superhuman capabilities to meet the scale and speed of modern threats. This AI-driven approach streamlines the investigation process, enabling analysts to rapidly evaluate threats and make confident decisions.

Recommended read:
References :
  • Salesforce: Meet the AI Agents Augmenting Salesforce Security Teams
  • venturebeat.com: Salesforce unveils groundbreaking AI research tackling "jagged intelligence," introducing new benchmarks, models, and guardrails to make enterprise AI agents more intelligent, trusted, and consistently reliable for business use.
  • Salesforce: Salesforce AI Research Delivers New Benchmarks, Guardrails, and Models to Make Future Agents More Intelligent, Trusted, and Versatile
  • www.marktechpost.com: Salesforce AI Research Introduces New Benchmarks, Guardrails, and Model Architectures to Advance Trustworthy and Capable AI Agents
  • www.salesforce.com: Salesforce AI Research Delivers New Benchmarks, Guardrails, and Models to Make Future Agents More Intelligent, Trusted, and Versatile
  • MarkTechPost: Salesforce AI Research Introduces New Benchmarks, Guardrails, and Model Architectures to Advance Trustworthy and Capable AI Agents