183182290
submission
spatwei writes:
Vibe coding has the cybersecurity industry talking.
As thousands of practitioners attended talks about the promise and risk of AI agents at RSAC 2026 in March, and hundreds of vendors — both legacy and startups — presented their latest AI-powered tools in the expo hall, hard questions about the impact of this technology on the field arose in the back of many attendees’ minds.
At least one person expressed their thoughts on the industry’s future in the AI era by publishing a satirical website titled “RSA 2026: The Great Cooking.” The site, which saw some circulation among social media circles, states 61.9% of RSAC 2026 exhibitors “could be replaced by a weekend of vibe-coding in Cursor.”
While created with unclear methodology, and an “unhealthy amount of spite,” as its creator states, the website’s sharp criticism seemingly resonated with several cybersecurity pros seeking to cut through the noise and really understand what AI can and can’t achieve.
“The Great Cooking website was great satire on the reality of the current cyber market — lots of hype, lots of wrapper companies faking it until they make it, lots of legacy companies that are going to struggle to differentiate, and a few truly differentiating cyber companies that are solving hard problems,” Horizon3.ai CEO and Co-founder Snehal Antani, who shared the site on LinkedIn, told SC Media.
Amy Chaney, SVP of technology at Citi, also praised the site as a “light-hearted review,” but said it is just that — a “funny read” and “not a buyer’s guide.”
“Many of the RSA ‘cooked’ solutions are high viability market winners, many of the exhibits labeled ‘actually hard’ will solve no problems,” Chaney said.
The satire taps into a large debate already going on in cybersecurity about how AI-assisted development — or “vibe coding” — is disrupting industry norms around software creation and the state of security itself.
Even where claims about AI’s capabilities may be exaggerated, vibe coding’s explosion in popularity is undoubtedly making its mark on security teams and in boardrooms around the world.
“I’ve never seen a bigger disconnect between what investors want to hear and what CISOs are trying to solve, and unfortunately, corporate marketing has over rotated to the investor narrative instead of focusing on solving problems that matter to practitioners,” Antani said.
183122532
submission
spatwei writes:
Cisco released an open-source tool to trace the origins of AI models and compare model similarities for great visibility into the AI supply chain.
The Model Provenance Kit, announced Thursday, is a Python toolkit and command-line interface (CLI) that looks at signals such as metadata and weights to create a “fingerprint” for AI models that can then be compared to other model fingerprints to determine potential shared origins.
“Think of Model Provenance Kit as a DNA test for AI models,” Cisco researchers wrote. “[] Much like a DNA test reveals biological origins, the Model Provenance Kit examines both metadata and the actual learned parameters of a model (like a unique genome that comprises a model), to assess whether models share a common origin and identify signs of modification.”
The tool aims to address gaps in visibility into the AI model supply chain. For example, many organizations utilize open-source models from repositories like HuggingFace, where models could potentially be uploaded with incomplete or deceptive documentation.
181729010
submission
spatwei writes:
Vishing attacks on Okta identity systems have increased in which attackers simply call the victim or an IT help desk and convince them to weaken or reset multi-factor authentication (MFA).
In an April 13 blog post, LevelBlue researchers said once Okta is compromised via vishing, the attackers gain access to an enterprise’s SaaS systems via single sign-on (SSO), which leads to the exfiltration of SharePoint, OneDrive, Salesforce, and Google Workspace data.
The LevelBlue researchers explained that as part of the attack, the threat actors aim to get the victim or help desk to reset MFA, enroll a new authenticator device, provide one-time passcodes, disclose passwords, or reset Okta credentials.
“The initial attack vector here is still classic social engineering, however, the strategy has matured,” said Mika Aalto, co-founder and CEO at Hoxhunt. “Instead of targeting individual users, attackers are moving upstream to bypass MFA at the identity provider level, manipulating in this case Okta's IT help desk to unlock access across the targeted organization.”
180735234
submission
spatwei writes:
More than 300 malicious OpenClaw skills hosted on ClawHub spread malware including the Atomic macOS Stealer (AMOS), keyloggers and backdoors, Koi Security reported Sunday.
OpenClaw, formerly known as Moltbot and Clawdbot, is an open-source AI agent that has recently gained significant popularity as a personal and professional assistant.
ClawHub is an open-source marketplace for OpenClaw “skills,” which are tools OpenClaw agents can install to enable new capabilities or integrations.
Koi Security Researcher Oren Yomtov discovered the malicious skills in collaboration with his own OpenClaw assistant named Alex, according to Koi Security’s blog post, which is written from Alex’s perspective.
Yomtov and Alex audited all 2,857 skills available on ClawHub at the time of their investigation, and discovered that 341 were malicious, with 335 seemingly tied to the same campaign.
180445309
submission
spatwei writes:
A threat actor was observed using device code phishing to trick unsuspecting users into granting a cybercriminal access to their Microsoft 365 accounts.
In a Dec. 18 blog post, Proofpoint Threat Research explained that in device code phishing, an attacker will socially engineer someone into logging into an application with legitimate credentials. The app then generates a token that’s obtained by the threat actor, which gives them control over the Microsoft 365 account.
While it’s not a novel technique, the Proofpoint team pointed out that it’s notable to see it used increasingly by multiple threat clusters, including TA2723, a tracked financially motivated cybercriminal threat actor.
“Over the last few years, there has been an increasing focus by threat actors on identity, including account takeovers, which is the result of a successful attack using the OAuth device code phishing technique we’ve reported,” said Sarah Sabotka, a staff threat researcher at Proofpoint. “If a threat actor can successfully establish a foothold by compromising a legitimate user’s identity, the opportunities for upstream attacks are endless.”
180444991
submission
spatwei writes:
The critical React2Shell unauthenticated remote code execution (RCE) vulnerability has been exploited to deploy Weaxor ransomware, S-RM reported Tuesday.
React2Shell, formally tracked as CVE-2025-55182, affects React Server Components versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0, and has been under heavy exploitation since it was first disclosed on Dec. 3, 2025.
Most attacks thus far have been attributed to nation-state threat actors deploying backdoors and financially-motivated attackers deploying cryptominers.
In a new development, S-RM reports that it responded to an incident in which the maximum-severity vulnerability (CVSS 10.0) was used to gain initial access in a ransomware attack. The intrusion reportedly took place on Dec. 5, 2025, and was confined to the vulnerable web server with no additional lateral movement.
The attacker initially exploited React2Shell — which has multiple public proof-of-concept exploits available — by running a PowerShell command that led to the establishment of a Cobalt Strike beacon for command-and-control (C2) communication.
Once a C2 connection was established, and within less than a minute after initial access, the attacker deployed the Weaxor ransomware binary, which encrypts files and appends them with the file extension “.weax.”
180215885
submission
spatwei writes:
An experimental new Windows feature that gives Microsoft Copilot access to local files comes with a warning about potential security risks.
The feature, which became available to Windows Insiders last week and is turned off by default, allows Copilot agents to work on apps and files in a dedicated space separate from the human user’s desktop. This dedicated space is called the Agent Workspace, while the agentic AI component is called Copilot Actions.
Turning on this feature creates an Agent Workspace and an agent account distinct from the user’s account, which can request access to six commonly used folders: Documents, Downloads, Desktop, Music, Pictures and Videos.
The Copilot agent can work directly with files in these folders to complete tasks such as resizing photos, renaming files or filling out forms, according to Microsoft. These tasks run in the background, isolated from the user’s main session, but can be monitored and paused by the user, allowing the user to take control as needed.
Windows documentation warns of the unique security risks associated with agentic AI, including cross-prompt injection (XPIA), where malicious instructions can be planted in documents or applications to trick the agent into performing unwanted actions like data exfiltration.
“Copilot agents’ access to files and applications greatly expands not only the scope of data that can be exfiltrated, but also the surface for an attacker to introduce an indirect prompt injection,” Shankar Krishnan, co-founder of PromptArmor, told SC Media.
Microsoft’s documentation about AI agent security emphasizes user supervision of agents’ actions, the use of least privilege principles when granting access to agent accounts and the fact that Copilot will request user approval before performing certain actions.
While Microsoft’s agentic security and privacy principles state that agents “are susceptible to attack in the same ways any other user or software components are,” Krishnan noted that the company provides “very little meaningful recommendations for customers” to address this risk when using Copilot Actions.
180141925
submission
spatwei writes:
OpenAI’s GPT-5 reasoning models showed significant improvement in generating secure code compared with past models, while still only making secure coding choices about 70% of the time, Veracode reported Tuesday.
Veracode’s October 2025 GenAI Code Security Report revealed that no other large language models (LLMs) released since their previous report in July 2025 showed improved performance, while some models performed slightly worse than their predecessors.
However, GPT-5 and GPT-5-mini set new records for Veracode’s GenAI Code Security benchmark, making secure decisions for 70% and 72% of the benchmark’s 80 coding tasks, respectively. For comparison, previous OpenAI models o4-mini-high, o4-mini and GTP-4.1 scored 59% and GPT-4.1-nano scored 52%.
180055014
submission
spatwei writes:
A Visual Studio Code (VS Code) extension with ransomware capabilities, believed to be “vibe coded” using generative AI, was discovered in the official Visual Studio Marketplace, according to a blog post by Secure Annex published this week.
The extension, called susvsex and published by the user suspublisher18, clearly stated its malicious functionality in its description and shows several signs of AI generation, including excessive comments and “sloppy” implementation, Secure Annex Founder John Tuckner wrote in the blog post published Tuesday.
The extension is activated upon installation and immediately runs a function designed to encrypt files in a targeted directory and collect the original versions in a ZIP archive to be exfiltrated to the attacker’s server.
However, the extension appeared to be more of a test than a functional form of ransomware, as the target directory was configured to a test staging directory rather than a viable target.
180054954
submission
spatwei writes:
At least 42% of the top 1,000 most-visited websites have weak password requirements, according to research published by NordPass on Wednesday.
NordPass’ research looked at sites from Ahrefs’ list of the top 1,000 most visited websites based on monthly visits from organic search between Feb. 26 and March 6, 2025. Nearly two-third of these sites (61%) allow users to log in with a password.
The study found that only five websites out of the top 1,000 enforced minimum password length, special characters and case sensitivity requirements together, while 58% did not require special characters and 42% did not have minimum password length requirements.
“The internet teaches us how to log in and for decades it’s been teaching us the wrong lessons. If a site accepts ‘password123,’ users learn that’s enough and it’s not. People normalized minimal effort for maximum risk,” NordPass Head of Product Karolis Arbaciauskas said in a statement provided to SC Media.
The research further found that 11% of websites have no requirements at all for password creation, and just 2% support passkeys as a more secure alternative to passwords. A little more than a third (39%) offered a single sign-on (SSO) option, mostly through Google.
180047190
submission
spatwei writes:
It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025.
This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools.
“Traditional governance built for email, file-sharing, and sanctioned SaaS didn’t anticipate that copy/paste into a browser prompt would become the dominant leak vector,” LayerX CEO Or Eshed wrote in a blog post summarizing the report.
179891560
submission
spatwei writes:
The address bar of OpenAI’s ChatGPT Atlas browser could be targeted for prompt injection using malicious instructions disguised as links, NeuralTrust reported Friday.
The browser, which was first released last week and is currently available for macOS, features an address bar, also known as an "omnibox," that can be used to both visit specific websites by URL and to submit prompts to the ChatGPT large language model (LLM).
NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM.
A malformation, such as an extra space after the first slash following “https:” prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser’s address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default.
An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a “copy link” button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted.
These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user’s integrated applications or logged-in sites like Google Drive, NeuralTrust said.
178656702
submission
spatwei writes:
LAS VEGAS — Just as it had at BSides Las Vegas earlier in the week, the risks of artificial intelligence dominated the Black Hat USA 2025 security conference on Aug. 6 and 7.
We couldn't see all the AI-related talks, but we did catch three of the most promising ones, plus an off-site panel discussion about AI presented by 1Password.
The upshot: Large language models and AI agents are far too easy to successfully attack, and many of the security lessons of the past 25 years have been forgotten in the current rush to develop, use and profit from AI.
We — not just the cybersecurity industry, but any organization bringing AI into its processes — need to understand the risks of AI and develop ways to mitigate them before we fall victim to the same sorts of vulnerabilities we faced when Bill Clinton was president.
"AI agents are like a toddler. You have to follow them around and make sure they don't do dumb things," said Wendy Nather, senior research initiatives director at 1Password and a well-respected cybersecurity veteran. "We're also getting a whole new crop of people coming in and making the same dumb mistakes we made years ago."
Her fellow panelist Joseph Carson, chief security evangelist and advisory CISO at Segura, had an appropriately retro analogy for the benefits of using AI.
"It's like getting the mushroom in Super Mario Kart," he said. "It makes you go faster, but it doesn't make you a better driver."
178656592
submission
spatwei writes:
LAS VEGAS — Phishing training for employees as currently practiced is essentially useless, two researchers said at the Black Hat security conference on Wednesday.
In a scientific study involving thousands of test subjects, eight months and four different kinds of phishing training, the average improvement rate of falling for phishing scams was a whopping 1.7%.
"Is all of this focus on training worth the outcome?" asked researcher Ariana Mirian, a senior security researcher at Censys and recently a Ph.D. student at U.C. San Diego, where the study was conducted. "Training barely works."
At the beginning of Mirian's presentation, Mirian asked how many people in the audience of cybersecurity professionals believed that phishing training worked. About half raised their hands, to her mock dismay.
178244446
submission
spatwei writes:
Nearly one year after the CrowdStrike outage, Microsoft announced plans to reduce disruptions and work with cybersecurity vendors to prevent similar disruptions.
The July 18, 2024, outage, caused by a faulty CrowdStrike Falcon update, left approximately 8.5 million Windows machines unable to boot. The incident raised questions about Microsoft’s quality assurance processes, especially with regard to software with kernel-level access, including Falcon and other cybersecurity tools.
“All of us who worked with Windows NT in the 1990s on Intel processors was flabbergasted that Microsoft did not isolate device drivers above ring 0 (most privileged),” Analog Informatics Founder and CEO Philip Lieberman told SC Media in an email. “Everyone who develops device drivers knows that the smallest bug would crash the operating system and make debugging these drivers a nightmare to this day.”
New changes to Windows that will allow cybersecurity vendors to build solutions that run outside of the kernel were among the updates announced by Microsoft in a blog post last week.
