#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #malware #cloud #breach #phishing #ransomware #zero-day #authentication
Articles tagged with: #security-tools Clear filter
Noticed a large number of odd updates to the EUVD today

Noticed a large number of odd updates to the EUVD today

cybersecurity www.reddit.com

Is anyone else using the EUVD as a supplemental data feed? We added support to the SOOS platform earlier this year when there were concerns over the fate of the NVD. Earlier today we started noticing a large number of EUVD Ids being updated with a new description and all linking to a newly created GHSA. The GHSA was published yesterday: https://github.com/advisories/GHSA-293c-r3p4-g63r It appears as if the update to EUVD is targeting older Ids first. The update always seems to be the same, add...

#security-tools #patch-management
Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware

Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware

Cyber Security News cybersecuritynews.com

Microsoft has issued a warning that both cybercriminals and state-sponsored threat actors are increasingly abusing the features and capabilities of Microsoft Teams throughout their attack chains. The platform's extensive adoption for collaboration makes it a high-value target, with its core functions for messaging, calls, and screen-sharing being weaponized for malicious purposes. The extensive collaboration features

#security-tools #incident #malware
Security Team Size based on Number of Tools

Security Team Size based on Number of Tools

cybersecurity www.reddit.com

Hello! I'm a security manager who manages a very lean security team - besides myself, we have two security engineers, a GRC analyst, and a SOC analyst (we all pitch in to help each other where necessary). As we're looking to finalize budget and resourcing, I'm trying to advocate for additional team members based on the number of tools that we all have to manage (along with the tool stack we're looking to bring on next year). Is there anybody else there working on a similarly small team? If so,...

#security-tools
My Starter Project on the Lyft Rider Data Science Team

My Starter Project on the Lyft Rider Data Science Team

Lyft Engineering - Medium eng.lyft.com

Credit to Brian Wu for creating the illustrations in this post. I joined Lyft in January of 2024, as a Data Scientist - Decisions, on the Rider Science Core Experience team. My journey at Lyft began with a starter project, which focussed on using the Rider Experience Score (RES) tool to measure long-term effects of various rider experiences at Lyft. In this blog post, I will discuss my experience at Lyft as a new hire, focusing on this starter project. What is RES? Motivation At Lyft, we aim...

#security-tools
InfoSec News Nuggets 10/07/2025

InfoSec News Nuggets 10/07/2025

AboutDFIR – The Definitive Compendium Project aboutdfir.com

Thieves steal IDs and payment info after data leaks from Discord support vendor Discord has confirmed customers' data was stolen - but says the culprit wasn't its own servers, just a compromised support vendor. The chat platform revealed late last week that an unnamed customer service vendor had been compromised, exposing support tickets and personal details submitted

#security-tools
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

The Hacker News thehackernews.com

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published last week. "These plugins are

#security-tools #malware
Need help: Safe Links/Attachments skewing Mimecast phishing-sim clicks (AU tenants)

Need help: Safe Links/Attachments skewing Mimecast phishing-sim clicks (AU tenants)

cybersecurity www.reddit.com

I'm running user awareness phishing simulations in Mimecast for several Australian clients, but my Mimecast click reports still show Microsoft IPs (Safe Links/Attachments) instead of real user IPs. That makes it impossible to tell which clicks and credential submissions are genuine user interactions versus scanner activity. From the Microsoft Defender side, I've already done the usual: set up Advanced Delivery for the simulation senders/domains, added Mimecast AU IP ranges and domains there,...

#security-tools #phishing
Unified Threat Detection and Mitigation Framework (UTDMF): Combating Prompt Injection, Deception, and Bias in Enterprise-Scale Transformers

Unified Threat Detection and Mitigation Framework (UTDMF): Combating Prompt Injection, Deception, and Bias in Enterprise-Scale Transformers

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.04528v1 Announce Type: new Abstract: The rapid adoption of large language models (LLMs) in enterprise systems exposes vulnerabilities to prompt injection attacks, strategic deception, and biased outputs, threatening security, trust, and fairness. Extending our adversarial activation patching framework (arXiv:2507.09406), which induced deception in toy networks at a 23.9% rate, we introduce the Unified Threat Detection and Mitigation Framework (UTDMF), a scalable, real-time pipeline...

#security-tools #vulnerability #detection-engineering #threat-detection
AgentTypo: Adaptive Typographic Prompt Injection Attacks against Black-box Multimodal Agents

AgentTypo: Adaptive Typographic Prompt Injection Attacks against Black-box Multimodal Agents

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.04257v1 Announce Type: new Abstract: Multimodal agents built on large vision-language models (LVLMs) are increasingly deployed in open-world settings but remain highly vulnerable to prompt injection, especially through visual inputs. We introduce AgentTypo, a black-box red-teaming framework that mounts adaptive typographic prompt injection by embedding optimized text into webpage images. Our automatic typographic prompt injection (ATPI) algorithm maximizes prompt reconstruction by...

#security-tools
Cyber Warfare During Operation Sindoor: Malware Campaign Analysis and Detection Framework

Cyber Warfare During Operation Sindoor: Malware Campaign Analysis and Detection Framework

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.04118v1 Announce Type: new Abstract: Rapid digitization of critical infrastructure has made cyberwarfare one of the important dimensions of modern conflicts. Attacking the critical infrastructure is an attractive pre-emptive proposition for adversaries as it can be done remotely without crossing borders. Such attacks disturb the support systems of the opponents to launch any offensive activities, crippling their fighting capabilities. Cyberattacks during cyberwarfare can not only be...

#security-tools #malware #detection-engineering
Real-VulLLM: An LLM Based Assessment Framework in the Wild

Real-VulLLM: An LLM Based Assessment Framework in the Wild

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.04056v1 Announce Type: new Abstract: Artificial Intelligence (AI) and more specifically Large Language Models (LLMs) have demonstrated exceptional progress in multiple areas including software engineering, however, their capability for vulnerability detection in the wild scenario and its corresponding reasoning remains underexplored. Prompting pre-trained LLMs in an effective way offers a computationally effective and scalable solution. Our contributions are (i)varied prompt designs...

#security-tools #vulnerability #patch-management #detection-engineering #ai
FHEON: A Configurable Framework for Developing Privacy-Preserving Neural Networks Using Homomorphic Encryption

FHEON: A Configurable Framework for Developing Privacy-Preserving Neural Networks Using Homomorphic Encryption

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.03996v1 Announce Type: new Abstract: The widespread adoption of Machine Learning as a Service raises critical privacy and security concerns, particularly about data confidentiality and trust in both cloud providers and the machine learning models. Homomorphic Encryption (HE) has emerged as a promising solution to this problems, allowing computations on encrypted data without decryption. Despite its potential, existing approaches to integrate HE into neural networks are often limited...

#cloud #security-tools
Quantifying Distributional Robustness of Agentic Tool-Selection

Quantifying Distributional Robustness of Agentic Tool-Selection

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.03992v1 Announce Type: new Abstract: Large language models (LLMs) are increasingly deployed in agentic systems where they map user intents to relevant external tools to fulfill a task. A critical step in this process is tool selection, where a retriever first surfaces candidate tools from a larger pool, after which the LLM selects the most appropriate one. This pipeline presents an underexplored attack surface where errors in selection can lead to severe outcomes like unauthorized...

#security-tools #incident #attack-surface #ai
Complex Domain Approach for Reversible Data Hiding and Homomorphic Encryption: General Framework and Application to Dispersed Data

Complex Domain Approach for Reversible Data Hiding and Homomorphic Encryption: General Framework and Application to Dispersed Data

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.03770v1 Announce Type: new Abstract: Ensuring the trustworthiness of data from distributed and resource-constrained environments, such as Wireless Sensor Networks or IoT devices, is critical. Existing Reversible Data Hiding (RDH) methods for scalar data suffer from low embedding capacity and poor intrinsic mixing between host data and watermark. This paper introduces Hiding in the Imaginary Domain with Data Encryption (H[i]dden), a novel framework based on complex number arithmetic...

#security-tools
CryptOracle: A Modular Framework to Characterize Fully Homomorphic Encryption

CryptOracle: A Modular Framework to Characterize Fully Homomorphic Encryption

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.03565v1 Announce Type: new Abstract: Privacy-preserving machine learning has become an important long-term pursuit in this era of artificial intelligence (AI). Fully Homomorphic Encryption (FHE) is a uniquely promising solution, offering provable privacy and security guarantees. Unfortunately, computational cost is impeding its mass adoption. Modern solutions are up to six orders of magnitude slower than plaintext execution. Understanding and reducing this overhead is essential to...

#security-tools #ai
Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management

Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management

Cyber Security News cybersecuritynews.com

Paris, France, October 6th, 2025, CyberNewsWire Reemo continues its mission to secure enterprise remote access and becomes the first French cybersecurity provider to protect all remote access within a single platform. Reemo announces Bastion+, a next-generation bastion solution deployable without limits. "Companies don't need another bastion. They need a global vision that remains simple and

#security-tools #privileged-access
Secure Use of the Agent Payments Protocol (AP2): A Framework for Trustworthy AI-Driven Transactions

Secure Use of the Agent Payments Protocol (AP2): A Framework for Trustworthy AI-Driven Transactions

Cloud Security Alliance cloudsecurityalliance.org

Written by Ken Huang, CEO at DistributedApps.ai and Jerry Huang, Engineering Fellow, Kleiner Perkins. Abstract AI agents used in e-commerce necessitates secure payment protocols capable of handling high-determinism user authorization, agent authentication, and non-repudiable accountability. The Agent Payments Protocol (AP2) [1], an open extension to Agent2Agent (A2A) [2] and Model Context Protocol (MCP) [3], introduces Verifiable Credentials (VCs) in the form of crypto

#security-tools #authentication #authorization #ai
HTB or THM

HTB or THM

cybersecurity www.reddit.com

Hey guyz I am begineer in cyber and I want to start learning. Many people told me about these two platform so I am thinking of buying premium. pls suggest me whom with I move forward ? THM or HTB?? Thank You submitted by /u/Fantastic-Pop8343 [link] [comments]

#security-tools