Aggregator

Maritieme onbemenste systemen, pantserrupsvoertuigen en upgrades van helikopters en simulatoren. Dit zijn 3 van de 17 projecten voor nieuw materieel die prioriteit krijgen van Defensie. Staatssecretaris Gijs Tuinman informeert de Tweede Kamer hier vandaag over.

Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.”

Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats to humanity. Although Guillotine borrows some well-known virtualization techniques, Guillotine must also introduce fundamentally new isolation mechanisms to handle the unique threat model posed by existential-risk AIs. For example, a rogue AI may try to introspect upon hypervisor software or the underlying hardware substrate to enable later subversion of that control plane; thus, a Guillotine hypervisor requires careful co-design of the hypervisor software and the CPUs, RAM, NIC, and storage devices that support the hypervisor software, to thwart side channel leakage and more generally eliminate mechanisms for AI to exploit reflection-based vulnerabilities. Beyond such isolation at the software, network, and microarchitectural layers, a Guillotine hypervisor must also provide physical fail-safes more commonly associated with nuclear power plants, avionic platforms, and other types of mission critical systems. Physical fail-safes, e.g., involving electromechanical disconnection of network cables, or the flooding of a datacenter which holds a rogue AI, provide defense in depth if software, network, and microarchitectural isolation is compromised and a rogue AI must be temporarily shut down or permanently destroyed. ...

The post Regulating AI Behavior with a Hypervisor appeared first on Security Boulevard.

Expert Lauds 'Textbook Cyber Crisis Communications' as M&S Details Some Disruption
It's rare to see a corporation lauded for its hacking incident communications, but British retailer Marks & Spencer has executed an admirable version of what informing the world of bad news should look like. M&S notified customers directly about the cybersecurity incident.

Bureau Endorses Enhanced Information Sharing With Global Allies to Curb Cybercrime
The FBI strongly supported recent efforts to expand information sharing with international partners and launch new efforts to curb global cybercrime, including working with Indian authorities to combat cyber-enabled financial crimes and transnational call center fraud.

Acquisition Adds Expert Team, Reachability Analysis Tech to Socket's Security Stack
With Coana's team and tools, Socket aims to strengthen its platform's ability to identify actionable vulnerabilities. The integration will help security teams eliminate busywork, focusing on high-impact issues using precomputed reachability data from open source codebases.

Expert Lauds 'Textbook Cyber Crisis Communications' as M&S Details Some Disruption
It's rare to see a corporation lauded for its hacking incident communications, but British retailer Marks & Spencer has executed an admirable version of what informing the world of bad news should look like. M&S notified customers directly about the cybersecurity incident.

Bureau Endorses Enhanced Information Sharing With Global Allies to Curb Cybercrime
The FBI strongly supported recent efforts to expand information sharing with international partners and launch new efforts to curb global cybercrime, including working with Indian authorities to combat cyber-enabled financial crimes and transnational call center fraud.

Acquisition Adds Expert Team, Reachability Analysis Tech to Socket's Security Stack
With Coana's team and tools, Socket aims to strengthen its platform's ability to identify actionable vulnerabilities. The integration will help security teams eliminate busywork, focusing on high-impact issues using precomputed reachability data from open source codebases.

The dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undetected. Microsoft Threat Intelligence has observed threat actors taking advantage of unsecured workload identities to gain access to resources, including containerized environments. Microsoft data […]

The post Understanding the threat landscape for Kubernetes and containerized assets appeared first on Microsoft Security Blog.

The dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undetected. Microsoft Threat Intelligence has observed threat actors taking advantage of unsecured workload identities to gain access to resources, including containerized environments. Microsoft data […]

The post Understanding the threat landscape for Kubernetes and containerized assets appeared first on Microsoft Security Blog.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Инвесторы в панике, но Илон уверен — это просто временные трудности.

In the rapidly evolving world of cybersecurity, organizations are confronted with increasingly sophisticated threats that demand a coordinated and multi-layered defense approach. The days of relying on isolated security tools are long gone, as modern attack vectors now target various facets of enterprise infrastructure simultaneously. To effectively counter these threats, organizations must integrate Digital Forensics, […]

The post Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR For Maximum Protection appeared first on Cyber Security News.

Alleged Sale of U.S. Payment Card Data

The Evolving role of the Chief Information Security Officer (CISO) has transcended its roots in technical oversight to become a cornerstone of organizational strategy. As digital transformation accelerates, fueled by cloud computing, artificial intelligence, and IoT, CISOs grapple with a dual mandate: safeguarding assets while enabling innovation. Cyber threats, now more sophisticated and frequent, demand […]

The post The Evolving Role of the CISO – Balancing Risk and Innovation in the Digital Age appeared first on Cyber Security News.

A significant supply chain attack targeting cryptocurrency users. The official XRPL (Ripple) NPM package, which serves as the JavaScript SDK for the XRP Ledger, was compromised with malicious code designed to steal cryptocurrency private keys, potentially affecting hundreds of thousands of applications. On April 21, 2025, at 20:53 GMT, Aikido Intel’s security monitoring system detected […]

The post Ripple XPRL Official NPM Package Hijacked To Inject Private Key Stealing Malware appeared first on Cyber Security News.

欧盟委员会周三认定美国科技巨头苹果和 Meta 违反了欧盟的《数字市场法（DMA）》义务，分别处以 5 亿欧元和 2 亿欧元的罚款。欧盟委员会认为，苹果阻止开发者引导用户前往 App Store 以外的渠道获取更便宜的服务或交易，因此对苹果公司开罚。Meta 则因其付费换隐私的系统而被罚，即用户必须付费才能避免数据被收集，或同意与 Meta 旗下平台 Facebook 和 Instagram 共享数据，才能继续免费使用服务。欧盟认为 Meta 没有向用户提供个性化程度较低但等效的平台版本，且也未赋予用户自由同意其个人数据被合并使用的权利。

Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. [...]