Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands https://www.csoonline.com/article/4025139/novel-malware-from-russias-apt28-prompts-llms-to-create-malicious-windows-commands.html #cybersecurity #infosec

Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days https://go.theregister.com/feed/www.theregister.com/2025/07/19/idf_cyber_chief_iran/ #cybersecurity #infosec

There are no words for how garbage this is. If you currently give money to Amazon in any capacity, please stop.

"Not only is the company reintroducing new versions of old features which would allow police to request footage directly from Ring users, it is also introducing a new feature that would allow police to request live-stream access to people’s home security devices.

[Ring founder Jamie] Siminoff has announced in a memo seen by Business Insider that the company will now be reimagined from the ground up to be “AI first”—whatever that means for a home security camera that lets you see who is ringing your doorbell. We fear that this may signal the introduction of video analytics or face recognition to an already problematic surveillance device."

https://www.eff.org/deeplinks/2025/07/amazon-ring-cashes-techno-authoritarianism-and-mass-surveillance

Digital occupation: Russia's battle for the hearts & minds of Ukraine https://www.inoreader.com/article/3a9c6e7710e04976 #cybersecurity #infosec

ASN: AS4713
Location: Kawasaki, JP
Added: 2025-07-14T11:09

another indian crypto exchange got hacked (exactly one year after #NorthKorea hacked a different Indian crypto exchange, #wazirx)
https://www.coindesk.com/web3/2025/07/19/indian-crypto-exchange-coindcx-suffers-44m-hack

AI-generated news channels spread election fraud and separatist narratives in Canada https://dfrlab.org/2025/07/17/ai-generated-news-channels-spread-election-fraud-and-separatist-narratives-in-canada/ #cybersecurity #infosec

About that dumb Microsoft move. No, not that one.

Reuters: Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review https://www.reuters.com/world/us/microsoft-stop-using-engineers-china-tech-support-us-military-hegseth-orders-2025-07-18/ @Reuters #Microsoft #cybersecurity #infosec

If the Tech Crunch story about how you should not give AI models any personal data isn't enough, here's more, from yesterday.

Blatantly scraped/stolen without permission: "Thousands of images—including identifiable faces—were found in a small subset of DataComp CommonPool, a major AI training set for image generation scraped from the web."

MIT Tech Review: A major AI training data set contains millions of examples of personal data https://www.technologyreview.com/2025/07/18/1120466/a-major-ai-training-data-set-contains-millions-of-examples-of-personal-data/ @mittechreview

Fortune: Leaked Document Reveals Troubling Details About How AI Is Really Being Trained https://futurism.com/documents-ai-training-surge @fortune #privacy #AI #cybersecurity #Infosec @IncMagazine

Don't give in to these requests.

"TechCrunch found that when Perplexity requests access to a user’s Google Calendar, the browser asks for a broad swath of permissions to the user’s Google Account, including the ability to manage drafts and send emails, download your contacts, view and edit events on all of your calendars, and even the ability to take a copy of your company’s entire employee directory."

Tech Crunch: For privacy and security, think twice before granting AI access to your personal data https://techcrunch.com/2025/07/19/for-privacy-and-security-think-twice-before-granting-ai-access-to-your-personal-data/ @TechCrunch @zackwhittaker #AI #privacy #cybersecurity #infosec

Roblox’s New Age Verification Feature Uses AI to Scan Teens’ Video Selfies https://www.wired.com/story/robloxs-new-age-verification-feature-uses-ai-to-scan-teens-video-selfies/ #cybersecurity #infosec

PoisonSeed phishing kit bypasses FIDO2 by removing secure options from login flows & redirecting users to cloned Microsoft, Google, or Okta pages.

It doesn’t exploit FIDO2—it avoids it.
Experts warn this is part of a broader phishing evolution using social engineering + session hijacking.
Full article:
https://www.technadu.com/seed-of-deceit-poisonseed-tricks-users-out-of-fido2-redirects-microsoft-google-and-okta-logins-to-phishing-pages/603376/

Russia-linked group spoofing European journalists to spread disinformation https://therecord.media/russia-group-spoofing-journalists-disinfo #cybersecurity #infosec