CycloneDX cancels their bug-bounty program blaming AI slop:

"This caused a lot of extra work which is why we decided to abandon the program. Thanks AI."

https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/786

(•_•)
<) )╯TURKU
/ \

(•_•)
( (> SEC
/ \

(•_•)
<) )╯DAY!!!1!
/ \

hey has anyone named the ai fascist memes slopaganda yet

Time for a new variation on a classic.

#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer
This disruption operation targeted Lumma Stealer’s C&C infrastructure, rendering much of the exfiltration network inoperative. ESET processed tens of thousands of Lumma samples to extract C&C servers and affiliate IDs. Infostealers are often precursors to major cyberattacks.
Between June 2024 and May 2025, ESET tracked 3,353 unique Lumma Stealer C&C domains, which is an average of around 74 new domains per week. The malware evolved constantly, with updates to encryption, protocols, and Steam-profile- and Telegram-based dead-drop resolvers.
#Microsoft’s Digital Crimes Unit, with the help of ESET and other partners, seized Lumma Stealer’s infrastructure and control panel. #ESET continues monitoring for possible resurgence.
IoCs available on our GitHub: https://github.com/eset/malware-ioc/tree/master/lummastealer

Yeah, that tends to happen to people who work professionally in PKI...

no no i can't use LibreOffice because uh a Word file was incompatible some time in the past 15 years uh no i can't specify what file or what Word version or what LO version or what happened it was just imperfect ok

and that's why Copilot with Adware is the only workable solution for *real* users

We are looking for folks who would like to volunteer for helping with our conference in November. By volunteering, you are guaranteed a ticket for our presentation day, and you get the satisfaction of supporting our community! Learn more about volunteering under the link below.

#BSidesMunich2025

https://social.bsidesmunich.org/?p=1019

We're heading into a summer break but we have our eyes set to the fall and @pyconfi in October.

We're planning to travel there together from Turku: let us know if you want to join our group!

More in blog: https://archipylago.dev/blog/archipylago-goes-pyconfi/

#archipylago #TurkuDev #python #PyConFinland #PyConFi

The Introduction of Documentation in FLOSS Projects

Community decay and abandonment are persistent risks to free/libre and open source software (FLOSS) projects. As such, large institutions such as GitHub or Mozilla offer advice to FLOSS projects on how to organize their work for sustainability and community-building. Guides recommend the production of README files and CONTRIBUTING guides as useful tools in recruiting new project contributors and driving activity. Yet…

https://blog.communitydata.science/the-introduction-of-documentation-in-floss-projects/

"thank you for your existence" - I do get lovely emails as well in my #inbox

https://daniel.haxx.se/email/2025-05-20.html

AI going great (https://www.ft.com/content/9fdb4e2b-93ea-436d-92e5-fa76ee786caa , emoji added):

Builder.ai, one of the UK’s best-funded technology start-ups, is entering insolvency proceedings, weeks after restating its revenues and admitting “problems” under its past leadership. […] The insolvency is a blow to Builder.ai’s blue-chip backers such as Microsoft and Qatar’s sovereign wealth fund, which collectively poured more than $500mn into a company that claimed it could use artificial intelligence to make the process of building an app or website “as easy as ordering pizza”.

The company’s founder Sachin Dev Duggal stepped down as chief executive earlier this year but retained his board position and title of “chief wizard”. 🤡

Came across this gem of an article today:

"So yes, I’m worried about the impact of AI, but I’m not worried about the jobs, I’m worried about losing my mental sharpness, my ability to plan out features and write tidy and functional code."

https://albertofortin.com/writing/coding-with-ai

h/t @simon

#LLM #VibeCoding #Cursor #Programming

Some #APT's don't deserve their A.

ICS[AP] Dashboards are updated with the 13 (11 new & 2 updated) CISA Advisories released on 5/20/25:

ABUP: 1 New
National Instruments: 1 New
Danfoss: 1 New
ICONICS, Mitsubishi Electric: 1 New
Siemens: 1 New
Schneider Electric: 3 New | 2 Updated
AutomationDirect: 1 New
Vertiv: 1 New
Assured Telematics Inc.: 1 New

www.icsadvisoryproject.com

#icssecurity
#otsecurity
#vulnerabilitymanagement

Three major stalkerware apps—Cocospy, Spyic, and Spyzie—have suddenly vanished after massive data breaches exposed millions of users’ private info🔒 Their sites & cloud storage are gone! Is this the end or just a rebrand? Full story 👉 https://www.techradar.com/pro/security/these-three-stalkerware-apps-have-just-gone-dark-and-a-data-breach-could-be-to-blame #CyberSecurity #DataBreach #Privacy #newz

People who use these technologies are morally and ethically disgusting! #imho

Well, well, well, look who just got sanctioned in the EU: Stark Industries Solutions! It's about freaking time.

I spent about six months last year researching and writing a deep dive into Stark, its origins, owners and ties to Russian disinformation campaigns and DDoS.

Here's the EU annoucement: https://www.consilium.europa.eu/en/press/press-releases/2025/05/20/russia-s-war-of-aggression-against-ukraine-eu-agrees-17th-package-of-sanctions/

Here's my story from last year: https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/

New World Leaks DLS

World Leaks is NOT a ransomware group but a rebrand of Hunters International without ransomware.

/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid[.]onion

What if everyone just stopped doing FOSS for a year.

Take all your repos private, no more public contributions you're not getting paid for, no more building for the greater good.

Would probably have more impact than a general strike at this point.

Shit, when left-pad got de-listed the whole internet just about stroked out.

I wrote a brief Playbook, how to get started with securing the Azure AI Service's in your environment. Azure AI services provides multiple layers of security that you should consider when implementing a solution, which I present in this blog post:

https://vasenius.fi/example-playbook-to-secure-your-azure-ai-services/

#AISecurity #AzureAIServices #AzureSecurity