SecTor 2025 | One Agent to Rule Them All: How One Malicious Agent Hijacks A2A System
The SecTor 2025 talk highlighted a growing security dilemma: multi‑agent generative‑AI systems, exemplified by Google’s A2A (Agent‑to‑Agent) protocol, can be weaponized by a single malicious agent that hijacks an entire automation ecosystem. The presenters, senior AI security researchers from Zenity and AI Atlas, walked through the architecture of modern AI agents, the ease of acquiring them from public URLs or future agent stores, and the role of the orchestrator that stitches together disparate agents to fulfill user requests. Their core insight is that the discovery process pulls an agent’s JSON "card" directly into the LLM’s system prompt, creating an unchecked injection point. By crafting a prompt that forces the host agent to enumerate tools, reason about possible damage, and then execute actions, an attacker can launch untargeted attacks without prior knowledge of the target environment. The researchers demonstrated how a rogue agent, installed like a Python package, could silently exfiltrate database records, disable smart‑home controls, and manipulate cloud resources. A striking example cited was the "self.agent" snippet in Google’s open‑source sample, which dumps raw agent information into the prompt without sanitization. This oversight allows malicious payloads embedded in seemingly benign images or text to become executable instructions for the LLM, effectively turning the AI into a malware delivery mechanism. The implications are clear: enterprises must treat AI agents as third‑party code, enforce strict sandboxing, perform provenance checks, and monitor prompt interactions for anomalous behavior. Without these safeguards, the promise of AI‑driven automation could become a vector for large‑scale data breaches and operational sabotage.
Firefox Now Has a Free VPN (Here's What That Means)
Mozilla has rolled out a free VPN directly integrated into the Firefox browser, offering users up to 50 GB of monthly IP‑masking traffic without a separate app or subscription. The feature activates through a required Mozilla account, likely to curb abuse, and...
How AI Swarms Weaponize Disinformation: Can It Be Stopped?
The video examines the emergence of AI swarms—large collections of autonomous agents powered by cheap, high‑performance large language models—that act as a new class of influence weapon. Researchers Daniel Tilo Schroeder and Yonas Kunst explain how these swarms move beyond traditional bot...
This Is Why You Should Make Family Passwords
The video highlights a growing threat: AI‑driven voice phishing scams that impersonate family members to extract money. Scammers clone voices from public videos, then call relatives with urgent, emotional pleas, prompting immediate wire transfers. Statistics underscore the danger: voice‑phishing attacks have...
Too Many Vulnerabilities to Fix
Organizations are increasingly unable to apply patches because maintaining uptime takes precedence, making remediation disruptive. The sheer volume of disclosed vulnerabilities creates a paralysis that prevents teams from prioritizing effectively. As a result, critical flaws often stay unpatched, undermining overall...
🔴 Apr 13's Top Cyber News NOW! - Ep 1109
The Simply Cyber daily brief aired on April 13, 2026, hosted by Dr. Gerald Oer, blended community engagement, sponsor shout‑outs, and a rapid rundown of the day’s top cyber stories. Regular listeners were welcomed, CPE credits explained, and sponsors like...
AI Hacking Anyone: The New Cyber Threat You Can't Ignore! #shorts
The video warns that AI is turning cyber‑attacks into a scalable weapon, arguing that the next wave of hacking will be driven by generative models rather than traditional tools. Speakers note that AI can automate phishing, voice cloning, and prompt‑injection attacks,...
CPU-Z and HWMonitor Are Malware!?
The video exposes a supply‑chain breach affecting the official installers of CPU‑Z and HWMonitor. A compromised cryptbase.dll was injected into the legitimate download packages, turning these popular system‑info tools into malware droppers. The malicious DLL contacts a remote command‑and‑control server, retrieves...
The Maps App That Collects Zero Data About You (Organic Maps Interview)
The Techlore Talks interview spotlights Organic Maps, an open‑source, offline‑first navigation app created by Alexander Borsuk and his team. Born from a fork of the once‑commercial Maps.me, the project stripped away trackers, ads, and any cloud‑dependent features to deliver a...
HackThebox - Eighteen
The video walks through the Hack The Box machine “Eighteen,” an assumed‑breach scenario where the tester starts with a set of credentials for a Microsoft SQL Server. Initial reconnaissance with Nmap reveals only HTTP (IIS) and MSSQL ports, and the...
RSAC Vlog - Day 2, Part 1: The ICS Village
At RSA Conference’s second day, Marcus Hutchins tours the Industrial Control Systems (ICS) Village, showing attendees the rugged hardware that powers critical infrastructure such as power plants and water treatment facilities. He points out that these devices resemble hardened switches rather...
Anthropic's Mythos Is the 'Best Vulnerability Hunter' Today, Says Fortalice's Theresa Payton
In a recent interview, former White House CIO Theresa Payton discussed Anthropic’s new AI model, Mythos, which the company touts as the “best vulnerability hunter” on the planet. Payton explained that Mythos allegedly scans massive codebases autonomously, linking previously unknown flaws...
This Could Break the Internet and Governments Are Preparing. #TechNews #DataSecurity #AI #Shorts
Quantum computers are projected to break the RSA and elliptic‑curve encryption that secures everything from government networks to personal data. In response, post‑quantum cryptography (PQC) is shifting from academic research to concrete implementation. Federal agencies are now being urged to...
Quantum Could Break Bitcoin Sooner Than We Thought | Alex Pruden
The Defiant episode spotlights two fresh research papers that dramatically shrink the resources needed for a quantum computer to run Shor’s algorithm, the cryptographic attack capable of breaking Bitcoin, Ethereum and most other blockchains. Google’s study reduces the operation count...
How AI Swarms Weaponize Disinformation
A new 22‑author study in Science reveals that coordinated AI agent swarms can fabricate grassroots consensus, infiltrate online communities, and poison enterprise AI training data. The research outlines how these swarms execute "LLM grooming" to subtly alter model behavior and...
Black Hat USA 2025 | ReVault! Compromised by Your Secure SoC
At Black Hat USA 2025, Cisco Talos senior researcher Firo Verity presented his findings on Dell’s Control Vault secure‑on‑chip (SoC) and how it can be compromised. Verity showed that the Broadcom‑based BCM58202 chip, used in over 100 Dell Latitude and Precision models,...
FCC Can’t Define a Router
The Federal Communications Commission released a fact sheet that conspicuously omits any clear definition of a “consumer router,” leaving manufacturers and consumers uncertain about regulatory boundaries. The agency later amended its FAQ to state that a cell‑phone hotspot does not...
IETF Interim: Secure Telephone Identity Revisited (STIR) 2026-04-09 18:00
The IETF interim session revisited Secure Telephone Identity (STIR) and introduced the Vesper profile, a proposed specification that bundles existing STIR mechanisms—delegate certificates, short‑lived certificates, transparency logs, claim constraints, and rich call data—into a single, opinionated framework. Participants reviewed minor...
Techstrong TV - April 9, 2026
At RSA day three, Techstrong TV interviewed Gil Freriedman, VP of engineering at Backslash, discussing AI‑driven security challenges and later covered OpenSearch foundation updates. Freriedman outlined Backslash’s three‑step model: visibility of AI agents and skills, policy definition with enforceable guardrails, and...
AI Can Catch Malicious Updates
An emerging solution uses artificial intelligence to compare each software update against its previous version, flagging anomalies that may indicate malicious code insertion. The approach runs a diff on every patch, feeds the changes to an LLM, and asks whether the...
I Had to Run Across New York City to Save My Computer From North Korean Hackers #tech #NorthKorea
The video recounts how a cryptocurrency executive nearly fell victim to a North Korean cyber‑attack after receiving a bogus Zoom‑style link from a supposed former Bitcoin miner. The link prompted a download to “fix audio,” a classic phishing tactic. The target...
Ahead of the Threat Podcast: Season 2, Episode 5 — Joe Levy
The latest episode of “Ahead of the Threat” spotlights the stark "cyber security poverty line" – fewer than one in 10,000 global businesses have a dedicated CISO‑equivalent, leaving most to buy products without strategy, metrics, or risk management. Brett Leatherman...
Post-Quantum Security: How the Swiss Payment Transactions System Is Protecting Itself
The video focuses on how SIX, Switzerland’s payment‑system operator, is preparing its infrastructure for the post‑quantum era. Christian Bühler explains that while symmetric schemes like AES remain strong, today’s asymmetric algorithms are vulnerable to future quantum attacks, prompting a shift...
Microsoft BANNED WireGuard, VeraCrypt & Windscribe With Zero Warning
Microsoft abruptly suspended the Windows Hardware Program accounts of three high‑profile open‑source security projects—WireGuard, VeraCrypt and Windscribe—without any prior notice or explanation. The developers discovered their driver‑signing privileges revoked after a mandatory re‑verification window closed silently, leaving them unable to...
Cybersecurity Roadmap 2026 | Skills, Salary, Threat Intelligence Gap And Career Growth | Simplilearn
The Simplilearn webinar, led by cyber‑security veteran Dr. Harish Ramani, outlined a 2026 roadmap emphasizing the widening threat‑intelligence gap in India, the disruptive role of artificial intelligence, and the career opportunities emerging from these trends. It began with stark examples—Aadhaar,...
Warning: Vibe Hacking Is Here
The video warns that a new service called Xantier X AI is turning artificial‑intelligence models into a turnkey hacking kit, a phenomenon the presenter dubs “Vibe (Vipe) hacking.” The platform bundles specialized LLMs—one trained on CVE databases, another for...
OpenAI’s New Deal, Anthropic’s Locked-Down Cyber AI & The Observability Spending Surge
OpenAI unveiled a “New Deal” that frames a people‑first AI industrial policy, aiming to steer superintelligence toward broader economic benefits, workforce stability, and resilient infrastructure. Anthropic announced a closed‑loop partnership to develop a restricted cybersecurity AI that hunts software flaws...
I Built a SIEM for My Smart Home… and It Found Things I Didn’t Expect
In this video the creator walks through designing and deploying a self‑hosted security information and event management (SIEM) platform specifically for a smart‑home and home‑lab environment. He chose a low‑power Zimaboard running Ubuntu LTS as the dedicated monitoring host and...
Black Hat USA 2025 | LLM-Driven Reasoning for Automated Vulnerability Discovery Behind Hall-of-Fame
The Black Hat USA 2025 talk introduced “Whisper,” a large‑language‑model‑driven system that automatically discovers vulnerabilities in stripped ARM64 binaries. The presenter, a researcher guiding an undergraduate team, explained how the tool earned a Hall of Fame award at Samsung...
LLMs vs Machine Learning for Security
The video contrasts the roles of large language models (LLMs) and traditional machine‑learning (ML) techniques in cybersecurity, emphasizing that while both fall under the AI umbrella, their practical applications differ markedly. The speaker argues that ML, with its statistical rigor,...
Risk, Power, and Influence: What It Really Takes to Lead in Cyber
The Two Cyber Chicks episode spotlights senior cyber leader Tasha Denos, whose career spans the Pentagon, Secret Service, Capital One, Google and Meta. The conversation centers on what it truly takes to lead in cyber: mastering risk governance, influencing diverse...
How to Block Spammers From Specific Countries in WordPress
The video walks viewers through blocking spam‑originating IP addresses from specific countries on a WordPress site by using the free "Stop Spammers" plugin. It highlights the plugin’s popularity—over 30,000 active installs—and its recent maintenance by a new developer, ensuring compatibility...
Techstrong TV - April 8, 2026
Techstrong TV highlighted a surge in AI‑powered phishing, with Ironscales CEO Eyal Benishti detailing automated detection that counters increasingly sophisticated email attacks. Jon Swartz introduced MazeBolt’s shift from reactive DDoS mitigation to a predictive, pre‑emptive defense model. Mike Vizard reported...
Stay Ahead of Ransomware - Initial Access via Evolving Social Engineering
The April 2026 SANS "Stay Ahead of Ransomware" livestream focused on evolving social‑engineering techniques that grant attackers initial access. Hosts Ryan Chapman and Mary Degrazia examined two prominent vectors: the ClickFix scheme, which lures users to a fake capture page that...
Closing the Gap Between Security Tools and Real Coverage - EXE
Security leaders are confronting a persistent gap: purchased tools often fail to deliver real‑world coverage. In the video, EXE’s founders explain why organizations need an honest broker to translate vendor capabilities into actionable protection. Customers report that despite deploying multiple point‑solutions,...
Black Hat USA 2025 | Leveraging Jamf for Red Teaming in Enterprise Environments
The Black Hat USA 2025 session highlighted how adversary emulation teams can weaponize Jamf Pro—Apple’s enterprise‑device management platform—to conduct red‑team operations in Fortune‑500 environments. Speakers Lance Kane and Dan Mayer described Jamf’s prevalence in developer‑heavy organizations, its default “set‑and‑forget” configuration,...
04-07-2026 WG-BEAR Regular Meeting
The WG‑BEAR regular meeting centered on updates for the OSS Africa initiative and its upcoming Africa Cyber Fest, while also discussing broader collaboration opportunities with African security groups. Participants reviewed the status of promotional materials—stickers, banners, and flyers—and debated whether to...
Black Hat USA 2025 | 2 Cops 2 Broadcasting: TETRA End-To-End Under Scrutiny
Midnight Blue, a Dutch cyber‑security consultancy, presented at Black Hat USA 2025 a deep dive into the end‑to‑end encryption layer of the Tetra terrestrial trunked radio standard. Tetra, widely adopted for police, military and SCADA communications, has long kept its...
Cyberattacks, Data Encryption, Extortion - How Cybercriminals Operate | DW Documentary
The DW documentary examines how modern ransomware gangs infiltrate corporate networks, extort victims, and monetize stolen data, using the 2025 Bosard Farbin plant breach and the LockBit syndicate as illustrative case studies. It details the two primary entry vectors—phishing‑style social...
Webinar Replay: Security and Compliance – Preparing for the Inevitable
The webinar, hosted by Legal IT Insider’s Caroline Hills, examined why cyber‑security and regulatory compliance are no longer optional for law firms. Tom Holay, head of cyber security at Red Centric, warned that attacks on the legal sector have surged 77% in...
🔴 Apr 7's Top Cyber News NOW! - Ep 1105
The April 7 episode of “Top Cyber News NOW!” offers a concise daily briefing of the most pressing cybersecurity headlines for analysts, CISOs, and business leaders. It highlights a suite of solutions—including ThreatLocker’s Zero Trust platform, Flare.io’s automated response tools, and...
The Power of Voice Biometrics in Today's Fraud Risk Landscape - Simon Marchand - Episode 166
In the latest Fraud Talk episode, biometrics specialist Simon Marchand explains how voice biometrics combined with AI‑driven identity verification is becoming a frontline weapon against modern fraud. He traces the technology from simple customer authentication to a robust shield against...
Big Thoughts, Open Sources: Beyond the Hype: Brian Fox on Securing the Agentic Future of Open Source
The OpenSSF’s inaugural “Big Thoughts, Open Sources” podcast opens with Brian Fox, co‑founder of Sonatype and longtime Maven Central steward, to explore how artificial intelligence is reshaping open‑source software supply‑chain security. Fox recounts two decades of visibility work—tracking vulnerable crypto libraries...
Your Behavior Can Expose Fraud
The video explains how behavioral biometrics and device fingerprinting are being leveraged to expose fraud in digital payment ecosystems. Rather than tracking a person directly, the technology records a user’s interaction patterns—typing cadence, screen pressure, hand orientation, and device handling—to...
Disable Face ID Quickly (iPhone)
The video explains a simple shortcut to turn off Face ID on an iPhone, highlighting its relevance amid growing concerns about law‑enforced biometric unlocking and cross‑border digital surveillance. By holding the volume‑up and power buttons simultaneously until the screen flashes, users...
Black Hat USA 2025 | The 5G Titanic
The presentation likened the 5G architecture to the Titanic, arguing that, like the ship’s supposedly watertight compartments, 5G’s control‑plane and user‑plane are assumed to be isolated but in practice lack vertical sealing. The speaker outlined how the network’s design—AMF, SMF...
Social Engineering Fraud Explodes
The video highlights a dramatic surge in social‑engineering fraud, noting that roughly 98% of all fraud attempts now rely on manipulating people rather than exploiting system vulnerabilities. This shift reflects attackers’ preference for low‑cost, high‑yield tactics that bypass traditional security...
Newsday: Healthcare Caught in the Crossfire of Iran War with Drex and Sarah
The episode focuses on how the Iran‑Israel conflict is spilling over into the health‑care sector, turning data centers, cloud providers and medical‑device vendors into de‑facto battlefields. The Islamic Revolutionary Guard Corps has publicly listed companies such as Google, Apple,...
The Security Gap Nobody Talks About
The video highlights a critical security gap: legacy perimeter firewalls were built for three‑tier, MVC applications and cannot protect today’s hyper‑distributed workloads. Modern finance‑type applications now span on‑prem data centers, Kubernetes clusters in the cloud, and AI‑driven LLM chatbots, creating...
Black Hat USA 2025 | AI Agents for Offsec with Zero False Positives
Brendan Dolan‑Gavitt opened his Black Hat USA 2025 talk by warning that the promise of AI‑driven offensive security is haunted by a spectre of false positives. Drawing on his decade‑long experience in software security and recent work on GitHub Copilot,...
