UPDATE: Michigan law banning VPNs and Post-Quantum VPN Encryption
Lots has been happening in VPN-land over the past couple of weeks. If your time is short, here are the key updates: Did Michigan just propose a ban on VPNs? ncredibly, yes. A lawmaker, whose professional background is in teaching kindergarten, wrote Michigan House Bill 4938. If passed, the bill would ban VPN use-and ironically, it would harm privacy and increase the very kinds of crime the authors claim to be preventing. READ MORE...
Russia-aligned hackers target US company in attack linked to Ukraine war effort
A U.S.-based civil engineering firm has been targeted by Russia-aligned hackers with a history of malicious activity linked to the war in Ukraine, according to a blog post released Tuesday by Arctic Wolf. A Russia-aligned threat group, known as RomCom, used SocGholish malware to target the company in a September attack, according to the blog. A Russian foreign intelligence agency, GRU unit 29155, has used SocGholish to target various entities in connection with the war since 2022. READ MORE...
FBI: Cybercriminals stole $262M by impersonating bank support teams
The FBI warned today of a massive surge in account takeover (ATO) fraud schemes and said that cybercriminals impersonating financial institutions have stolen over $262 million in ATO attacks since the start of the year. Since January 2025, the FBI's Internet Crime Complaint Center (IC3) has received over 5,100 complaints, with the attacks impacting individuals, as well as businesses and organizations across all industry sectors. READ MORE...
Get ready for 2026, the year of AI-aided ransomware
Cybercriminals, including ransomware crews, will lean more heavily on agentic AI next year as attackers automate more of their operations, Trend Micro's researchers believe. The prediction comes hot on the heels of Anthropic publishing a report - disputed by some - claiming it saw the first example of agentic AI being used to orchestrate a cyberattack by a Chinese state-sponsored team. READ MORE...
Underground AI models promise to be hackers 'cyber pentesting waifu'
As legitimate businesses purchase AI tools from some of the largest companies in the world, cybercriminals are accessing an increasingly sophisticated underground market for custom LLMs designed to assist with lower-level hacking tasks. In a report published Tuesday, Palo Alto Networks' Unit 42 looked at how underground hacking forums advertise and sell custom, jailbroken, and open-source AI hacking tools. READ MORE...
Cheap Hardware Module Bypasses AMD, Intel Memory Encryption
The last decade-plus has seen a wealth of advancements designed to secure data at the microprocessor level, but a team of academic researchers recently punched through those defenses with a tiny hardware module that cost less than $50 to build. In September, researchers published a technical paper that details an attack they call "Battering RAM," which uses a simple and cheaply made interposer to bypass chipmakers' confidential computing protections. READ MORE...
Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware
Researchers have discovered a new attack targeting Mac users. It lures them to a fake job website, then tricks them into downloading malware via a bogus software update. The attackers pose as recruiters and contact people via LinkedIn, encouraging them to apply for a role. As part of the application process, victims are required to record a video introduction and upload it to a website. On that website, visitors are tricked into installing a so-called update which is, in reality, a backdoor. READ MORE...
New "HashJack" attack can hijack AI browsers and assistants
Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the attacker, or push users to perform risky actions. They call the technique HashJack, because it relies on malicious instructions being hidden in the #fragment of a URL that points to a legitimate website. READ MORE...
ASUS warns of new critical auth bypass flaw in AiCloud routers
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. AiCloud is a cloud-based remote access feature that comes with many ASUS routers, turning them into private cloud servers for remote media streaming and cloud storage. The vulnerability "can be triggered by an unintended side effect of the Samba functionality, potentially [allowing] execution of specific functions without proper authorization." READ MORE...
- ...in 1922, cartoonist Charles M. Schulz, creator of "Peanuts", is born in Minneapolis, MN.
- ...in 1922, Howard Carter and Lord Carnarvon become the first people in over 3000 years to enter the tomb of Pharaoah Tutankhamun.
- ...in 1939, singer-songwriter Tina Turner (nee Anna Mae Bullock) is born in Nutbush, TN.
- ...in 1942, the classic Humphrey Bogart/Ingrid Bergman film "Casablanca" premieres in New York City.
