May 25, 2025
May 25, 2025
NEW: More than a decade ago, Kaspersky discovered a mysterious "elite" hacking group it called Careto (“The Mask”), which then vanished and only resurfaced last year.
— Lorenzo Franceschi-Bicchierai (@lorenzofb) May 23, 2025
We can now reveal that researchers who investigated it were confident that the Spanish government was behind it. pic.twitter.com/1HtVfoHaP4
Mysterious hacking group Careto was run by the Spanish government, sources say | TechCrunch
The elusive hacking group Careto was never publicly linked to a specific government, but TechCrunch has learned researchers concluded privately that the Spanish government was behind the group.
FBI/Europol couldn't seize the Lumma servers, so they hacked them, deleted backups, and phished threat actors https://theravenfile.com/2025/05/23/lumma-stealer-still-active-after-fbi-crackdown/
— Catalin Cimpanu (@campuscodi.risky.biz) 2025-05-24T11:55:50.951Z
What a great blog post! Thank you to the researcher for sharing the research!
— Haifei Li (@HaifeiLi) May 24, 2025
Besides the core fuzzing part, the researcher has a great offensive point of view: the DoS-only bugs are still valuable as it can disable the Defender and make malware run without protection, in…
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation – Sean Heelan's Blog
In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API ̵…
https://archive.is/SGyNx
much of DeepSeek traffic in China was (is?) driven by people using it for Traditional Chinese Divination of all kinds (most of them are derived from the I-Ching system) pic.twitter.com/hNQVDsCNN7
— Yuxi on the Wired (@layer07_yuxi) May 22, 2025
[2503.18813] Defeating Prompt Injections by Design
Large Language Models (LLMs) are increasingly deployed in agentic systems that interact with an external environment. However, LLM agents are vulnerable to prompt injection attacks when handling untrusted data. In this paper we propose CaMeL, a robust defense that creates a protective system layer around the LLM, securing it even when underlying models may be susceptible to attacks. To operate, CaMeL explicitly extracts the control and data flows from the (trusted) query; therefore, the untruste...
This week on the blog: The logistics of Road War in Mad Max (and similar) settings: given logistical and tactical constraints, how might we actually expect warfare to be waged in a post-apocalypse?
— "Online Rent-a-Sage" Bret Devereaux (@BretDevereaux) May 23, 2025
The answer is...a little bit technical.https://t.co/qxSdKztefy
#SpyNews - week 21 (May 18-24):
— Spy Collection (@SpyCollection1) May 25, 2025
A summary of 74 espionage-related stories from week 21 coming from 🇺🇸🇷🇺🇮🇱🇸🇾🇮🇳🇵🇰🇹🇼🇨🇳🇫🇷🇦🇿🇺🇦🇬🇧🇮🇷🇷🇴🇲🇩🇰🇵🇰🇷🇯🇵🇻🇳🇳🇱🇸🇪🇩🇪🇵🇱🇯🇴🇵🇸🇨🇴🇬🇪🇲🇽🇨🇺🇹🇷🇧🇪🇪🇪🇨🇿🇦🇺🇨🇦🇩🇰🇧🇷🇳🇴🇵🇹🇳🇵🇻🇪🇸🇻🇭🇺🇱🇧🇮🇪🇬🇱🇱🇻🇹🇯🇩🇿🇲🇱 https://t.co/exr2TRobJB#OSINT #SIGINT #HUMINT #espionage #spy
Belgian security agents bugged a corporate box at the RSC Anderlecht football stadium that was being used by 🇨🇳 Huawei to schmooze members of the European Parliament.
— Byron Wan (@Byron_Wan) May 25, 2025
They also listened into other conversations involving one of Huawei’s leading lobbyists, including in his car.… https://t.co/np8d84JUPu pic.twitter.com/CY4i1aUlPW
John Young founder of Cryptome, early model for WikiLeaks, died. The Register has a good obituary. I had run-in w/ John in 2010 after Cryptome got hacked and I wrote about it. He was often difficult to deal with but his dedication to transparency was firm https://t.co/00KK2cPBYk
— Kim Zetter (@KimZetter) May 25, 2025
how do you govern a volunteer hacking army? New article w/ Anna Lysenko. We look at the rise of Ukraine’s IT army and what it means for the evolution of cyber conflicthttps://t.co/aZYoEEUYX5 pic.twitter.com/qlvxN7AF8P
— Seva (@SevaUT) May 25, 2025