Author: Andy Stern
-
NDSS 2025 Diffence: Fencing Membership Privacy With Diffusion Models
Session 12C: Membership Inference Authors, Creators & Presenters: PAPER Yuefeng Peng (University of Massachusetts Amherst), Ali Naseh (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst) Deep learning models, while achieving remarkable performances across various tasks, are vulnerable to membership inference attacks (MIAs), wherein adversaries identify if a specific data point was part of…
-
NDSS 2025 Diffence: Fencing Membership Privacy With Diffusion Models
Session 12C: Membership Inference Authors, Creators & Presenters: PAPER Yuefeng Peng (University of Massachusetts Amherst), Ali Naseh (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst) Deep learning models, while achieving remarkable performances across various tasks, are vulnerable to membership inference attacks (MIAs), wherein adversaries identify if a specific data point was part of…
-
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized “Ninja Browser.” The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ctm360-lumma-stealer-and-ninja-browser-malware-campaign-abusing-google-groups/
-
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pastebin-comments-push-clickfix-javascript-attack-to-hijack-crypto-swaps/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT New Spyware Targeting Android and iOS Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet Reynolds: Defense Evasion Capability […]…
-
Security Affairs newsletter Round 563 by Pierluigi Paganini INTERNATIONAL EDITION
Tags: attack, breach, cisa, data, data-breach, email, fintech, flaw, international, phishing, WeeklyReviewA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attack U.S. CISA adds a flaw in…
-
DefTech-Startups warnen vor verminderter Verteidigungsfähigkeit Deutschlands
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/deftech-startups-warnung-verminderung-verteidigungsfaehigkeit-deutschland
-
How AI could eat itself: Competitors can probe models to steal their secrets and clone them
Tags: aiJust ask DeepSeek First seen on theregister.com Jump to article: www.theregister.com/2026/02/14/ai_risk_distillation_attacks/
-
Welche Länder sabotieren die Russen bevorzugt?
In Deutschland fanden seit Beginn des Ukraine-Kriegs bis Ende 2024 die meisten Angriffe auf kritische Infrastruktur statt. Das ist ein Ergebnis einer Erhebung des Londoner Thinktanks International Institute for Strategic Studies (IISS [1]). Demzufolge gab es in Deutschland 12 physischen Angriffe auf Objekte, Dienste oder Personen. Es folgen Frankreich (11 Angriffe) und Polen (8 Angriffe)….…
-
ICE verliert Beweis-Festplatten: Beweischaos um Haftvideos
Tags: unclassifiedICE verliert drei Festplatten mit Haftvideo-Beweisen. Im Prozess um das Broadview-Detention-Center häufen sich die Pannen. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/rechtssachen/ice-verliert-beweis-festplatten-beweischaos-um-haftvideos-325950.html
-
Week in review: Exploited newly patched BeyondTrust RCE, United Airlines CISO on building resilience
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: United Airlines CISO on building resilience when disruption is inevitable In … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/15/week-in-review-exploited-newly-patched-beyondtrust-rce-united-airlines-ciso-on-building-resilience/
-
Neuer Job als IT Application Engineer gesucht? Schau dir unsere Top Jobs an
Tags: jobsFirst seen on t3n.de Jump to article: t3n.de/news/unsere-jobs-der-woche-1175973/
-
Google-Statistik zeigt: 40 Prozent aller Android-Smartphones erhalten keine Sicherheitsupdates mehr
First seen on t3n.de Jump to article: t3n.de/news/google-statistik-zeigt-40-prozent-aller-android-smartphones-erhalten-keine-sicherheitsupdates-mehr-1728678/
-
36 Millionen Euro Schaden: Wie ein Bankfehler in Äthiopien zum viralen Goldrausch wurde
Tags: unclassifiedFirst seen on t3n.de Jump to article: t3n.de/news/wie-ein-bankfehler-in-aethiopien-zum-viralen-goldrausch-wurde-1615137/
-
Fake-WebShops und -Dating-Plattformen: Verschärfung der Cyberbedrohungen rund um den Valentinstag
Tags: unclassifiedFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/fake-webshops-dating-plattformen-verschaerfung-cyberbedrohungen-valentinstag
-
Cloudflare turns websites into faster food for AI agents
Tags: aiWhy serve up tough HTML when you can offer tasty Markdown? First seen on theregister.com Jump to article: www.theregister.com/2026/02/13/cloudflare_markdown_for_ai_crawlers/
-
Are there guaranteed cybersecurity benefits with Agentic AI implementation?
Can Non-Human Identities Reinvent Cybersecurity with Agentic AI? What if the key to fortifying cybersecurity lies not in more layers of defense, but in effectively managing the machine identities that already exist within your organization’s infrastructure? Enter Non-Human Identities (NHIs)”, the machine identities that are increasingly important. Understanding Non-Human Identities NHIs function much like machine…
-
How assured is identity security with the adoption of NHIs?
How Does Non-Human Identity Management Enhance Identity Security Assurance? How can organizations bolster their identity security assurance amidst the growing complexity of cloud environments and the proliferation of machine identities? The answer lies in adopting Non-Human Identities (NHIs). This approach is increasingly crucial for diverse industries, providing a comprehensive solution to the security challenges posed……
-
Why should IT managers feel relieved by advanced secrets management?
Tags: conferenceWhy Should IT Managers Prioritize Non-Human Identities and Secrets Security Management? How well do you know the invisible workforce within your organization? No, it’s not the human workforce that charms at meetings or brainstorms ideas in conference rooms. Instead, it’s the machine identities”, also known as Non-Human Identities (NHIs)”, that silently perform myriad tasks, from…
-
What proactive measures can be taken for NHI lifecycle management?
How Can We Streamline NHI Lifecycle Management for Better Cloud Security? What if you could seamlessly integrate non-human identity management into your cybersecurity strategy to bolster cloud security across your organization? With digital transforms rapidly, the importance of proactive NHI lifecycle management becomes ever more crucial. Let’s explore how organizations can optimize NHI lifecycle management……
-
Homeland Security reportedly sent hundreds of subpoenas seeking to unmask anti-ICE accounts
Tags: unclassifiedThe Department of Homeland Security has been increasing pressure on tech companies to identify the owners of accounts that criticize ICE. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/14/homeland-security-reportedly-sent-hundreds-of-subpoenas-seeking-to-unmask-anti-ice-accounts/
-
287 Chrome Extensions Caught Harvesting Browsing Data from 37M Users
New investigation by Q Continuum reveals 287 Chrome extensions leaking the private browsing data of 37.4 million users to firms like Similarweb and Alibaba. Learn how these harmless tools turn your history into a product. First seen on hackread.com Jump to article: hackread.com/chrome-extensions-harvest-browsing-data-37m-users/
-
Homeland Security reportedly sent hundreds of subpoenas seeking to unmask anti-ICE accounts
Tags: unclassifiedThe Department of Homeland Security has been increasing pressure on tech companies to identify the owners of accounts that criticize ICE. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/14/homeland-security-reportedly-sent-hundreds-of-subpoenas-seeking-to-unmask-anti-ice-accounts/
-
Identity Risk Scoring Only Works If Attribution Is Defensible
Identity risk scoring has become a critical input for fraud prevention, security operations, and trust decisions. Organizations increasingly rely on risk scores to decide when to step up authentication, block access, or flag activity for investigation. But despite widespread adoption, many identity risk programs struggle with the same problem: Risk scores are generated, but teams……
-
NDSS 2025 Black-Box Membership Inference Attacks Against Fine-Tuned Diffusion Models
Session 12C: Membership Inference Authors, Creators & Presenters: Yan Pang (University of Virginia), Tianhao Wang (University of Virginia) PAPER Black-box Membership Inference Attacks against Fine-tuned Diffusion Models With the rapid advancement of diffusion-based image-generative models, the quality of generated images has become increasingly photorealistic. Moreover, with the release of high-quality pre-trained image-generative models, a growing…
-
One threat actor responsible for 83% of recent Ivanti RCE attacks
Tags: attack, cve, endpoint, exploit, intelligence, ivanti, mobile, rce, remote-code-execution, threat, vulnerabilityThreat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/one-threat-actor-responsible-for-83-percent-of-recent-ivanti-rce-attacks/
-
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…
-
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…