AI in the SOC: What Could Go Wrong?
GénéralDark Readingil y a 5 jours
Two cybersecurity leaders tested out AI in their respective SOCs for six months — and here's what they learned.
Flux RSS
— Sources secondaires109articles RSS
ReinitialiserTrivy Supply Chain Attack Targets CI/CD Secrets
Vulnérabilités & PatchesDark Readingil y a 5 jours
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
Ransomware's New Era: Moving at AI Speed
Gouvernance & RégulationDark Readingil y a 5 jours
Threat actors bypass security tools and use AI to launch faster ransomware attacks that exploit valid credentials and target data.
CISOs Debate Human Role in AI-Powered Security
Gouvernance & RégulationDark Readingil y a 5 jours
The idea of a "human in the loop" in AI deployment was challenged during a security executive panel at the RSAC 2026 Conference this week.
Attackers Hide Infostealer in Copyright Infringement Notices
Malware & RansomwareDark Readingil y a 5 jours
A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detection.
Mr Davy Reinard sworn in by the Minister of Finance as Director Resolution (only in French)
GénéralCSSF Publicationsil y a 5 jours
Press release 26/07
Microsoft Xbox One Hacked
Gouvernance & RégulationSchneier on Securityil y a 5 jours
It’s an impressive feat, over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn’t ‘see’ into the Xbox One, so had to develop new hardware introspection tools. Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data. As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted.
Friday Squid Blogging: Jumbo Flying Squid in the South Pacific
Gouvernance & RégulationSchneier on Securityil y a 8 jours
The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw
Gouvernance & RégulationDark Readingil y a 8 jours
Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Malware & RansomwareDark Readingil y a 8 jours
Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.
Interlock Ransomware Targets Cisco Enterprise Firewalls
Vulnérabilités & PatchesDark Readingil y a 8 jours
The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.
Proton Mail Shared User Information with the Police
GénéralSchneier on Securityil y a 8 jours
404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment information related to a particular account—but still important knowledge. This sort of thing happens, even to privacy-centric companies like Proton Mail.
Development of the banks' financial situation over the last years
GénéralCSSF Publicationsil y a 9 jours
Situation as at 31 December 2025
Warning concerning persons misusing the name of the Chair of the CSSF Board
Gouvernance & RégulationCSSF Publicationsil y a 9 jours
(first publication: 30 October 2024)
Development of the bank's balance sheet total
GénéralCSSF Publicationsil y a 9 jours
Situation as at 31 December 2025
Quarterly development of employment in banks
GénéralCSSF Publicationsil y a 9 jours
Situation as at 31 December 2025
List of members of the Investment Fund Managers Committee (Updated)
GénéralCSSF Publicationsil y a 9 jours
Register of EU/EEA Mortgage Credit Intermediaries operating in Luxembourg under the freedom to provide services in accordance with the Mortgage Credit Directive 2014/17/EU (Updated)
Gouvernance & RégulationCSSF Publicationsil y a 9 jours
AI Conundrum: Why MCP Security Can't Be Patched Away
Vulnérabilités & PatchesDark Readingil y a 9 jours
RSAC Conference Preview: MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says.
With Government's Role Uncertain, Businesses Unite to Combat Fraud
GénéralDark Readingil y a 9 jours
Major industry leaders agree to share information and collaborate to boost defenses in the wake of distressing online scams.