🚧 Programmers Using AI Create Way More Glaring Security Issues, Data Shows

｢ The tradeoff has, however, been severe: privilege escalation, or code that allows an attacker to get higher access to a system than they should, increased by a staggering 322 percent. Architectural design problems, meanwhile, were up 153 percent ｣

https://futurism.com/ai-coding-security-problems

#ai #llm #vibecoding #cybersecurity

VPNs must not face the chop 🚫

Next week the UK House of Lords will debate whether VPNs undermine the Online Safety Act.

Banning or blocking VPNs will shatter security, privacy and free expression in a self-defeating attempt to make the unworkable workable.

Read our briefing ⬇️

https://www.openrightsgroup.org/publications/briefing-vpns-and-the-online-safety-act/

#OnlineSafetyAct #onlinesafety #OSA #VPN #VPNs #privacy #cybersecurity #freespeech #ukpolitics #ukpol #ageverification

here it is! finally, my big idea for a #vpn application for you #cybersecurity fokes.
https://blindsoft.net/blog/vpn.html
#cybersecurity #privacy #comsec #vpn

#AI agents are coming for your #privacy, warns #MeredithWhittaker
The #Signal Foundation’s president worries they will also blunt competition and undermine #cybersecurity
In one sense, the problem is fundamental: there is a powerful tension between privacy and security, on the one hand, and the vision of letting a complex system with broad access to your data do whatever it wants, on the other.
https://www.economist.com/by-invitation/2025/09/09/ai-agents-are-coming-for-your-privacy-warns-meredith-whittaker
https://archive.ph/Q32cJ

Really, you can embed HTML in SVG? Really secure image format, there. 🙄

https://www.bleepingcomputer.com/news/security/virustotal-finds-hidden-malware-phishing-campaign-in-svg-files/

#svg #malware #cybersecurity

I wrote that my Pixel 10, maybe the first phone capable of detecting IMSI catchers, has issued many alerts throughout the day in my apartment building to warn me that my phone has given up information to a potential rogue cell tower. Sometimes hours apart, sometimes minutes apart.

A lot of what I've read is blaming this on either a hardware issue with the Pixel 10 or a software issue. However, I downloaded the Network Cell Info Lite app, and I've been looking at the raw cell data. Normally I see I'm connected to a T-Mobile tower with a TAC (Tracking Area Code) that is static. I see the TAC of my neighboring cell towers too.

But suddenly I'm connected to a completely unknown TAC, 5633280, not a neighbor, just long enough for my device information to be collected. Then the connection breaks, and I'm back on my normal tower. This coincides exactly with the Pixel alerts!

Here's how this works:

The IMSI catcher broadcasts a signal with a strong "fake" TAC, which it knows my phone's network has not assigned to any legitimate tower in the area.

My phone, which is constantly looking for the strongest signal, sees this new, powerful signal. Because the TAC is different from the one it's currently on, my phone is tricked into initiating a "Location Update" procedure. This is the exact moment when my phone sends its IMSI and IMEI to the "new" tower and alerts me.

The IMSI catcher logs my phone's IDs and then immediately drops the connection, causing my phone to revert to the legitimate cell tower.

A rogue tower or IMSI catcher is the only explanation, as this is the classic attack. The changing unknown TAC, for just a moment that coincides with the alert, is a smoking gun.

Is it far-fetched to believe that the government is tracking everyone's phones so they know who was in an area where a crime is committed or who is attending a protest? Remember that Edward Snowden alerted us to the U.S. government illegally recording phone calls of millions of people. Tracking phones could have been a covert operation for years since nobody had a way to detect it.

I wrote more about it here: https://jerry.hear-me.blog/pixel10_deviceid_access_warning/

#CyberSecurity #Pixel #IMSICollectors #RogueCellTowers #Privacy

Rule 1: Don't ever use an #agentic browser (one that an AI can control).
Rule 2: But, if you do use an agentic browser, only run it inside a virtual machine.

#AI hacking. Downloading images can allow your computer to become hijacked. Here's how.

https://www.scientificamerican.com/article/hacking-ai-agents-how-malicious-images-and-pixel-manipulation-threaten/

#CyberSecurity #Hacking

🔥 Salesforce layoffs 4000 people after disastrous security breaches that left bigtech giants exposed to hackers.

https://www.nbcbayarea.com/news/local/salesforce-layoffs-artificial-intelligence/3941975/

#layoffs #salesforce #cybersecurity

Jury rules Meta stole your menstrual data ...

with emphasis on "stole". Why does anyone still use Meta applications?

https://tuta.com/blog/meta-guilty-flo-app-controversy

#Privacy #CyberSecurity #Meta

This "cybersecurity" site collects everything and the kitchen sink and uses Google Analytics. If you choose to read the article, delete the cookie.

Recorded Future: Russian Influence Assets Converge on Moldovan Elections https://www.recordedfuture.com/research?page=1 #cybersecurity #infosec

This website doesn't give you any cookie options. It doesn't bother to tell you what data it collects and or who the buyers are. "If you continue to use this site we will assume that you are happy with it." 🙄

Cyble: How Chinese State-Sponsored APT Actors Exploit Routers for Stealthy Cyber Espionage https://cyble.com/blog/chinese-state-sponsored-group/ #cybersecurity #infosec #espionage

Poll: How many screens do you work with? 🖥️

Vote + Boost 🔁 = ❤️

(Feel free to reply with how this setup helps you 👇)

#Linux #Arch #LinuxMint #Fedora #Debian #Ubuntu #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #Tech #Technology #Apple #OS #iOS #MacOS #OperatingSystem #Monitor #Monitors #Screen #Screens #TV #OLED #2k #4k #HD #Job #Work #Productivity #Multitasking #Dev #DevOps #Development #Developers #DevLife #SysAdmin #TechCommunity

"Artists&Clients is a website that connects independent artists with interested clients. Around August 30, a message appeared on Artists&Clients attributed to the ransomware group LunaLock.

“We have breached the website Artists&Clients to steal and encrypt all its data,” the message on the site said, according to screenshots taken before the site went down on Tuesday. “If you are a user of this website, you are urged to contact the owners and insist that they pay our ransom. If this ransom is not paid, we will release all data publicly on this Tor site, including source code and personal data of users. Additionally, we will submit all artwork to AI companies to be added to training datasets.”
LunaLock promised to delete the stolen data and allow users to decrypt their files if the site’s owner paid a $50,000 ransom. “Payment is accepted in either Bitcoin or Monero,” the notice put on the site by the hackers said. The ransom note included a countdown timer that gave the site’s owners several days to cough up the cash. “If you do not pay, all files will be leaked, including personal user data. This may cause you to be subject to fines and penalties under the GDPR and other laws.”

Most of LunaLock’s threat is standard language for a ransomware attack. What’s new is the explicit threat to give the site’s data—which includes the unique artwork and information of its users—to AI companies."

https://www.404media.co/hackers-threaten-to-submit-artists-data-to-ai-models-if-art-site-doesnt-pay-up/

#CyberSecurity #Ransomware #AITraining #Hacking #AI #GenerativeAI

Case matters, folks. 🫠

#Linux #FOSS #Terminal #OpenSource #Bash #CommandLine #TechHumor #TechMeme #Humor #Meme #SysAdmin #System #Privacy #InfoSec #CyberSecurity #LinuxLife #LinuxGaming #Shell #DevLife #Dev #Development #CLI #LinuxCommunity #SecureByDesign #Ubuntu #TechNews #Wayland #DevOps #SelfHosting #ArchLinux #Debian #LinuxAdmin #LinuxTips #LinuxMint #Fedora #PopOS #GNULinux #CloudComputing #GNU #BSD #FreeBSD #OpenBSD

Alt...

A meme showing a common Linux command line error. Top text says: "my folder: Downloads" "me: cd downloads" "Linux:" Below is an image of Loki from Marvel’s Thor movies saying, “I’ve never met this man in my life,” implying Linux doesn’t recognize the folder due to incorrect capitalization.

Wow!

Cloudflare blocks the largest DDOS attack, 11.5 tbs. Cloudflare confirmed its systems “autonomously detected and mitigated” the threat.

https://cybersecuritynews.com/record-breaking-ddos-attack-11-5-tbps/

#CyberSecurity #DDOS #Cloudflare