Tootfinder

Researchers detail a technique Meta uses to glean some of its logged-in users' browsing histories from Chromium-based browsers on Android via web identifiers (Dan Goodin/Ars Technica)
https://arstechnica.com/security/2025/06/headline-to-come/

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Trump Social Security Chief Applauds Budget Bill That Will Harm Social Security's Finances | Common Dreams
https://www.commondreams.org/news/trump-social-security-budget-bill

Anthropics MCP-Inspector has critical security vulnerabilities – Remote Code Execution (RCE) and DNS rebinding: https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596

Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits
A critical Remote Code Execution flaw (CVSS 9.4) in Anthropic’s MCP Inspector exposes AI developers to browser-based attacks via 0.0.0.0 and DNS rebinding. Learn how CVE-2025-49596 was exploited from the browser and what fixes were applied in version 0.14.1.

I’m quoted here regarding the ethics in not disclosing to students and defense contractors that their information may have been leaked in an Indiana University data breach. Still no word of a third party investigator being engaged. Dear Internet, do your thing.
https://www.

Administrator says IU will never explain IT security breach publicly
For more than three weeks, Indiana University websites have been down, disrupting and frustrating the university community.

What is SSSS?
SSSS stands for
"Secondary Security Screening Selection"
by the U.S. Department of Homeland Security
and is displayed on boarding passes as a four-letter code.
The symbol prompts officers to conduct additional security screenings on a passenger.
Travelers can receive an SSSS on their boarding pass for both domestic and international flights to and from the U.S.
Those flagged with the designation have reported their carry-on…

Mrs. Betty Bowers (@mrsbettybowers.bsky.social)
Being penalized for political speech is not unique to the Trump administration. When I was a writer for the WhiteHouse.Org website, which mercilessly spoofed the George W. Bush administration, I constantly got "SSSS" written on my boarding passes. My carry-on was placed on the gangway and searched.

As we say here in Massachusetts - "shockah"
https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

"alleged security"
Elon Musk says XChat is rolling out to all, but questions remain about its alleged security
https://techcrunch.com/2025/06/02/elon-musk-says-xchat-is-rolling-out-to-all-but-questio…

Elon Musk says XChat is rolling out to all, but questions remain about its alleged security | TechCrunch
Elon Musk on Sunday announced that a new version of X's Direct Messaging (DM) feature, XChat, was rolling out with support for features like vanishing

Hi @…,
I wonder why the 'created=1748341414' at https://docs.joinmastodon.org/spec/security/#http-message-signatures…

This https://arxiv.org/abs/2401.16310 has been replaced.
link: https://scholar.google.com/scholar?q=a

An Insight into Security Code Review with LLMs: Capabilities, Obstacles, and Influential Factors
Security code review is a time-consuming and labor-intensive process typically requiring integration with automated security defect detection tools. However, existing security analysis tools struggle with poor generalization, high false positive rates, and coarse detection granularity. Large Language Models (LLMs) have been considered promising candidates for addressing those challenges. In this study, we conducted an empirical study to explore the potential of LLMs in detecting security defect…

Trump administration changes mind, won't cut Social Security benefits over defaulted student loans (Annie Nova/CNBC)
https://www.cnbc.com/2025/06/02/trump-pauses-social-security-benefit-cuts-over-defaulted-student-loans.html
http://www.memeorandum.com/250603/p105#a250603p105

Alleviating Attack Data Scarcity: SCANIA's Experience Towards Enhancing In-Vehicle Cyber Security Measures
Frida Sundfeldt, Bianca Widstam, Mahshid Helali Moghadam, Kuo-Yun Liang, Anders Vesterberg
https://arxiv.org/abs/2507.02607

Alleviating Attack Data Scarcity: SCANIA's Experience Towards Enhancing In-Vehicle Cyber Security Measures
The digital evolution of connected vehicles and the subsequent security risks emphasize the critical need for implementing in-vehicle cyber security measures such as intrusion detection and response systems. The continuous advancement of attack scenarios further highlights the need for adaptive detection mechanisms that can detect evolving, unknown, and complex threats. The effective use of ML-driven techniques can help address this challenge. However, constraints on implementing diverse attack…

Ukrainian Air Force officer acting as 'FSB mole' arrested, SBU says: https://benborges.xyz/2025/07/03/ukrainian-air-force-officer-acting.html

Cartier and NorthFace have become the latest fashion brands to suffer a data breach.
https://www.computing.co.uk/news/2025/security/cartier-and-northface-latest-brands-to-be-breached

Cartier and NorthFace latest brands to be breached
Cartier and NorthFace have become the latest fashion brands to suffer a data breach.

ICANN Security and Stability Advisory Committee (SSAC) Comments on Draft Governance Document for the
Recognition, Maintenance, and Derecognition of RIRs
https://itp.cdn.icann.org/en/files/security-and-stability-advisory…

A salutary reminder from work Slack: important backups (including recovery codes) should be stored in more than one location.
#Infosec #security #backups

There’s exactly 1 narrow way that it’s true. Before widespread #WFH, attackers often had an insurmountable barrier: no way into the business network from the Internet. At the last gig (2008) where I had to visit a “workplace” regularly, inbound remote access was officially non-existent & outbound Internet access all went through restrictive web proxies.

Kevin Beaumont (@GossiTheDog@cyberplace.social)
Attached: 1 image This Daily Mail piece about security leaders thinking work-from-home means they will be crippled is horseshit, I'm not linking it. They've taken a survey about how security people think their businesses couldn't survive ransomware, and linked it to working from home. WFH isn't the problem: business IT and resilience being built on quicksand is the problem.

"UK must consider food and climate part of national security, say top ex-military figures"
#UK #UnitedKingdom #Climate

The first group of immigrants has arrived at a new concentration camp deep in the Florida Everglades that officials have cynically dubbed “Alligator Alcatraz”
The facility, at an abandoned airport, will have an initial capacity of about 3,000 detainees, DeSantis said.
The center was built in eight days and features more than 200 security cameras,
28,000-plus feet of barbed wire and 400 security personnel

First immigration detainees arrive at Florida center in the Everglades
The first group of immigrants has arrived at a new detention center deep in the Florida Everglades that officials have dubbed “Alligator Alcatraz.” Florida Republican Attorney General James Uthmeier said on social media Wednesday that “hundreds” of immigration detainees were to arrive at the center. Republican Gov. Ron DeSantis says the facility will have a capacity of about 3,000 detainees when fully operational. The center was built in eight days and features more than 200 security ca…

Computational adversarial risk analysis for general security games
Jose Manuel Camacho, Roi Naveiro, David Rios Insua
https://arxiv.org/abs/2506.02603 http…

Computational adversarial risk analysis for general security games
This paper provides an efficient computational scheme to handle general security games from an adversarial risk analysis perspective. Two cases in relation to single-stage and multi-stage simultaneous defend-attack games motivate our approach to general setups which uses bi-agent influence diagrams as underlying problem structure and augmented probability simulation as core computational methodology. Theoretical convergence and numerical, modeling, and implementation issues are thoroughly discu…

This https://arxiv.org/abs/2505.23397 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csAI_…

A Unified Framework for Human AI Collaboration in Security Operations Centers with Trusted Autonomy
This article presents a structured framework for Human-AI collaboration in Security Operations Centers (SOCs), integrating AI autonomy, trust calibration, and Human-in-the-loop decision making. Existing frameworks in SOCs often focus narrowly on automation, lacking systematic structures to manage human oversight, trust calibration, and scalable autonomy with AI. Many assume static or binary autonomy settings, failing to account for the varied complexity, criticality, and risk across SOC tasks c…

That's a lawsuit waiting to happen.
Diddy paid hotel security a $100,000 bribe to keep video of attack on Cassie Ventura secret, guard says | The Independent
https://www.the-independent.com/news/world/americas/crime/iddy-hotel-security-bribe-cassie-video-b2763099.html

Meta und Yandex haben die Browsernutzung von Android-Nutzer'innen mit einer perfiden und bisher unbekannten Tracking-Methode deanonymisiert und damit die strikte Trennung von Apps ausgehebelt.
Das in Websites eingebettete Tracking-Script (also z.B. "Facebook Pixel") konnte sein _fbp-Cookie über einen internen Port (z.B. 127.0.0.0:12387) senden und die Facebook-App hat auf diesem Port gelauscht und das Cookie abgefangen. So wurde ein Webseitenbesuch, bei dem Facebook eing…

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

student_cooperation: Student cooperation (2012)
Network of cooperation among students in the "Computer and Network Security" course at Ben-Gurion University, in 2012. Nodes are students, and edges denote cooperation between students while doing their homework. The graph contains three types of links: Time, Computer, Partners.
This network has 185 nodes and 360 edges.
Tags: Social, Offline, Multigraph, Unweighted

Access Control Threatened by Quantum Entanglement
Zhicheng Zhang, Mingsheng Ying
https://arxiv.org/abs/2507.02622 https://arxiv.org/p…

Access Control Threatened by Quantum Entanglement
Access control is a cornerstone of computer security that prevents unauthorised access to resources. In this paper, we study access control in quantum computer systems. We present the first explicit scenario of a security breach when a classically secure access control system is straightforwardly adapted to the quantum setting. The breach is ultimately due to that quantum mechanics allows the phenomenon of entanglement and violates Mermin inequality, a multi-party variant of the celebrated Bell…

BidenCash carding market domains seized in international operation
https://www.bleepingcomputer.com/news/security/bidencash-carding-market-domains-seized-in-international-operation/

BidenCash carding market domains seized in international operation
Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access.

I'll test it on Apples.
I use the Orion browser on Apple computers. EFF's attempting to tell advertisers to USE EXPLICIT METHODS to control ads, and our privacy.
The Orion browser has its own "advanced" blockers.
But because it has Firefox extensions, it should "work" in Orion (the free browser by search engine company Kagi). Also, on iPads and iPhones, extensions work in Orion, but not Safari.
Privacy is a Human Right.

The TSA is in the same category as ICE in terms of what fucking cruel shit it pulls.
https://unionrayo.com/en/tsa-ban-children-toys-flight/

Goodbye to children's toys on flights - the TSA bans these common items in carry-on luggage
The Transportation Security Administration (TSA) has started confiscating one of the most common items in the carry-on luggage of young children: stuffed

So, if you've been using Fly to deploy stuff you might want to reconsider. Given this true believer post on "AI" my trust into the security of their infrastructure has plummeted to zero. (My one deployment I had with them was incidentally already deleted before reading this 😅).
https://fly.io/blog/youre-all-nuts/

Ha, great news. One of the rather embarrassing points about nixos, to my mind, is that it doesn't work with SELinux. But it seems like things are beginning to move. https://tristanxr.com/post/selinux-on-nixos/

Seriously, linkedin spammers?
You say you came across my REcon talk. About semiconductor reverse engineering.
And this somehow makes me a good candidate for a role involving cheating at online poker???

🎉 @… wraca do Poznania!

XIV edycja Poznańskiej Imprezy Wolnego Oprogramowania już w sobotę! Dwie ścieżki wykładowe (hacking, DevOps, security, programowanie, narzędzia), LAN party, quiz, pizza i masa inspiracji!

Za reaktywacją imprezy stoi @…

Oh the irony of this free airport wifi forcing me to watch an ad for Chrome.. in order for me to get online so that I can release a Debian security update for Chromium.

Kommt noch jemand von Euch morgen in die #CyBARsecurity nach Bochum?
Würde mich freuen, mal ein paar aus der #Security Bubble im Fediverse persönlich kennen zu lernen.
PS: ich produziere übrigens seit einigen Jahren den WeTalkSecurity - ESET Podcast. Hört den jemand von Euch?

WeTalkSecurity - der ESET Podcast
WeTalkSecurity ist der deutschsprachige ESET Security Podcast zu den Bereichen Digitalisierung und IT-Sicherheit. Unsere Themen reichen vom Online-Shopping, Cyber-Spionage bis zur Absicherung des Unternehmensnetzwerks. Jeden Monat sprechen wir mit interessanten Gästen über aktuelle Themen aus der IT-Security. Über ESET ESET ist ein europäisches Unternehmen mit Hauptsitz in Bratislava (Slowakei). Seit 1987 entwickelt ESET preisgekrönte Sicherheits-Software, die bereits über 110 Million…

X aims to roll out an "XChat" messaging feature "with encryption, vanishing messages and the ability to send any kind of file" to all users this week (Sarah Perez/TechCrunch)
https://techcrunch.com/2025/06/02/elon

Elon Musk says XChat is rolling out to all, but questions remain about its alleged security | TechCrunch
Elon Musk on Sunday announced that a new version of X's Direct Messaging (DM) feature, XChat, was rolling out with support for features like vanishing

Newspaper giant Lee Enterprises says nearly 40,000 Social Security numbers leaked in ransomware attack https://therecord.media/newspaper-lee-enterprises-cyberattack-ssn

Spring Secret Starter: Managing #Secrets in Your #SpringBoot App
https://lucas-fern…

Evaluating Language Models For Threat Detection in IoT Security Logs
Jorge J. Tejero-Fern\'andez, Alfonso S\'anchez-Maci\'an
https://arxiv.org/abs/2507.02390

Evaluating Language Models For Threat Detection in IoT Security Logs
Log analysis is a relevant research field in cybersecurity as they can provide a source of information for the detection of threats to networks and systems. This paper presents a pipeline to use fine-tuned Large Language Models (LLMs) for anomaly detection and mitigation recommendation using IoT security logs. Utilizing classical machine learning classifiers as a baseline, three open-source LLMs are compared for binary and multiclass anomaly detection, with three strategies: zero-shot, few-shot…

Patel and Ratcliffe try to bolster claims that FBI and CIA conspired against Trump (NBC News)
https://www.nbcnews.com/politics/national-security/patel-ratcliffe-try-bolster-claims-fbi-cia-conspired-trump-rcna216848
http://www.memeorandum.com/250704/p57#a250704p57

Software Bill of Materials in Software Supply Chain Security A Systematic Literature Review
Eric O'Donoghue, Yvette Hastings, Ernesto Ortiz, A. Redempta Manzi Muneza
https://arxiv.org/abs/2506.03507

Software Bill of Materials in Software Supply Chain Security A Systematic Literature Review
Software Bill of Materials (SBOMs) are increasingly regarded as essential tools for securing software supply chains (SSCs), yet their real-world use and adoption barriers remain poorly understood. This systematic literature review synthesizes evidence from 40 peer-reviewed studies to evaluate how SBOMs are currently used to bolster SSC security. We identify five primary application areas: vulnerability management, transparency, component assessment, risk assessment, and SSC integrity. Despite c…

Please join me on July 7th for next month's MediaEd Club webinar for the Media Education Lab: "Privacy, Power, and Platforms"
https://mediaeducationlab.com/index.php/events/privacy-power-and-platforms
If you missed today's / this month…

And this is deeply disappointing from #Unite's Sharon Graham
“Given the global challenges we face it is right that defence spending is increasing."
‘If government cared about security, it would end child poverty and pursue peace’ | Morning Star

This https://arxiv.org/abs/2504.01525 has been replaced.
initial toot: https://mastoxiv.page/@arX…

Rapid Muon Tomography for Border Security
Cosmic-ray muon tomography is a promising technique for border security applications, leveraging highly penetrating cosmic-ray muons and their interactions with various materials to generate 3D images of large and dense objects, such as shipping containers. Using scattering and absorption of muons as they pass through dense cargo materials, muon tomography provides a viable solution for customs and border security by enabling the verification of shipping container declarations and preventing il…

Everybody complaining about getting hammered with #AI traffic seems to think that these are crawlers scraping for training data.
How likely is it that this is a complete misconception and this is all inference time?
Most public companies give their cralwers and RAG agents different user agent strings. But what about security services trawling through their data?

4. Similar to number 1, but I just want a button in the web UI which can update the app. It's probably a security thing or something, but this is literally the first time I do all this docker RPi self-hosting stuff... 😭 I think a huge chunk of my issues would go away if I could just manage everything (updates, song additions, auto file tagging) in the Navidrome web UI instead of all of these other apps.

"Fresh off an ego-crushing defeat and a heightened appetite for mind-altering drugs, what workplace debauchery he gets into next is anyone's guess." --Futurism
'In the comments section, users praised Mr Musk for his dedication to his work. "Elon is a bit bizarre, but that's exactly why he's so successful. Boring people prefer to seek security and comfort," wrote one user.' --NDTV

The U.S. military B-2 Spirit bomber pilots and crew involved with the coordinated strikes on Iran's nuclear facilities last month have been invited to attend a July 4 celebration at the White House
-- but it's not clear what measures have been taken to protect their identities.
The White House confirmed to Military.com that those involved in the mission, dubbed Operation Midnight Hammer, were invited to the White House's July 4 celebration.
It follows comments mad…

Pilots Who Conducted Iran Strikes Invited to White House on July 4, Raising Security Concerns
The B-2 Spirit bomber pilots and crew involved with the strikes on Iran's nuclear facilities last month have been invited to attend a July 4 celebration at the White House, but it's not clear what measures have been taken to protect their identities.

Frequency-switching Array Enhanced Physical-Layer Security in Terahertz Bands: A Movable Antenna Perspective
Cong Zhou, Changsheng You, Shuo Shi, Weidong Mei
https://arxiv.org/abs/2507.01624

Frequency-switching Array Enhanced Physical-Layer Security in Terahertz Bands: A Movable Antenna Perspective
In this paper, we propose a new frequency-switching array (FSA) enhanced physical-layer security (PLS) system in terahertz bands, where the carrier frequency can be flexibly switched and small frequency offsets can be imposed on each antenna at Alice, so as to eliminate information wiretapping by undesired eavesdroppers. First, we analytically show that by flexibly controlling the carrier frequency parameters, FSAs can effectively form uniform/non-uniform sparse arrays, hence resembling movable…

Cybersec information overload got you down? Then don't miss today's Metacurity for a concise run-down of the most critical infosec developments you should know, including
--1,000 CISA employees have decamped from the agency since January
--Victoria's Secret postpones earnings release after cyberattack,
--New security fixes for Qualcomm chips,
--AFP nabs nearly two dozen in sextortion sting,
--Marriott can't be sued for breach,
--Trump dumps …

1,000 CISA employees have left the agency since January
Victoria's Secret postpones earnings release after cyberattack, New security fixes for Qualcomm chips, AFP nabs nearly two dozen in sextortion sting, Marriott can't be sued for breach, Trump dumps AI Safety Institute, Indian grocery delivery startup wiped out by hack, so much more

AgentAuditor: Human-Level Safety and Security Evaluation for LLM Agents
Hanjun Luo, Shenyu Dai, Chiming Ni, Xinfeng Li, Guibin Zhang, Kun Wang, Tongliang Liu, Hanan Salam
https://arxiv.org/abs/2506.00641

AgentAuditor: Human-Level Safety and Security Evaluation for LLM Agents
Despite the rapid advancement of LLM-based agents, the reliable evaluation of their safety and security remains a significant challenge. Existing rule-based or LLM-based evaluators often miss dangers in agents' step-by-step actions, overlook subtle meanings, fail to see how small issues compound, and get confused by unclear safety or security rules. To overcome this evaluation crisis, we introduce \sys, a universal, training-free, memory-augmented reasoning framework that empowers LLM evaluator…

ProPublica: "NEW: Meet the 22-Year-Old Trump’s Team Picked to Lead Terrorism Prevention One year out of college and with no apparent national security expertise, Thomas Fugate is the Department of Homeland Security official tasked with overseeing the government’s main hub for combating violent extremism." — Bluesky
https://bsky.app/profile/did:plc:k4jt6heuiamymgi46yeuxtpt/post/3lqsubtkczc22

ICE arrests record number of immigrants in single day, including hundreds at scheduled appointments (NBC News)
https://www.nbcnews.com/politics/national-security/ice-arrests-record-number-immigrants-single-day-rcna210817
http://www.memeorandum.com/250604/p171#a250604p171

This https://arxiv.org/abs/2505.18889 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

Security Concerns for Large Language Models: A Survey
Large Language Models (LLMs) such as GPT-4 (and its recent iterations like GPT-4o and the GPT-4.1 series), Google's Gemini, Anthropic's Claude 3 models, and xAI's Grok have caused a revolution in natural language processing, but their capabilities also introduce new security vulnerabilities. In this survey, we provide a comprehensive overview of the emerging security concerns around LLMs, categorizing threats into prompt injection and jailbreaking, adversarial attacks (including input perturbat…

Trump signed a proclamation Wednesday evening to ban travel from several countries, citing security risks.
The ban will fully restrict entry of nationals from 12 countries:
Afghanistan; Myanmar, also known as Burma; Chad; Republic of the Congo; Equatorial Guinea; Eritrea; Haiti; Iran; Libya; Somalia; Sudan; and Yemen.
People from seven countries will have partial restriction:
Burundi, Cuba, Laos, Sierra Leone, Togo, Turkmenistan and Venezuela.
The proclamation i…

Trump signs proclamation to ban travel from 12 countries
President Donald Trump signed a proclamation Wednesday evening to ban travel from several countries to the US, citing security risks.

Mind Security, which offers AI-powered automated data loss prevention services to help prevent breaches, raised a $30M Series A (Kyt Dotson/SiliconANGLE)
https://siliconangle.com/2025/06/04/mind-raises-30m-help-businesses-prevent-da…

Mind raises $30M to help businesses prevent data leaks using AI - SiliconANGLE
Mind raises $30M to help businesses prevent data leaks using AI - SiliconANGLE

Opinion | Tariffs Make the World Poorer and More Perilous - The New York Times
https://www.nytimes.com/2025/06/05/opinion/tariffs-trade-us-security.html

Video shows immigration agents urinating on Pico Rivera school grounds, officials say; feds investigating (Anissa Rivera/SGV Tribune)
https://www.sgvtribune.com/2025/07/02/school-officials-say-video-shows-immigration-agents-urinating-in-public-view-homeland-security-investigating/
http://www.memeorandum.com/250703/p62#a250703p62

Ukraine detonated a massive underwater blast t
argeting the key road and rail bridge connecting the Russian-occupied Crimean peninsula to Russia,
damaging its underwater supports.
The operation, claimed by Kyiv’s SBU security service, is the second high-profile operation by Ukraine in days striking significant Russian assets after a sophisticated drone raid on Moscow’s strategic bomber fleet on Sunday

Docker under Siege: Securing Containers in the Modern Era
Gogulakrishnan Thiyagarajan, Prabhudarshi Nayak
https://arxiv.org/abs/2506.02043 https://

Docker under Siege: Securing Containers in the Modern Era
Containerization, driven by Docker, has transformed application development and deployment by enhancing efficiency and scalability. However, the rapid adoption of container technologies introduces significant security challenges that require careful management. This paper investigates key areas of container security, including runtime protection, network safeguards, configuration best practices, supply chain security, and comprehensive monitoring and logging solutions. We identify common vulner…

Rapid7 finds eight vulnerabilities, including one remotely-exploitable flaw that cannot be fixed via firmware patch, affecting 689 models of Brother printers (Jess Weatherbed/The Verge)
https://www.theverge.com/news/694877/brother-printer…

Hundreds of Brother printer models have an unpatchable security flaw
Serious security flaws have been found in hundreds of Brother printer models that could allow attackers to remotely access the device.

Trump's Homeland Security Council Sets Its Sights on Zohran Mamdani (Jose Pagliery/NOTUS)
https://www.notus.org/trump-white-house/zohran-mamdani-homeland-security-trump
http://www.memeorandum.com/250702/p99#a250702p99

Bitcoin options trading venue BitMEX discovered an operational security mistake in a thwarted attack by N. Korea's Lazarus Group, which revealed the attackers' IP address and uncovered at least 10 potential accounts used to test or develop its malware.
h…

Education Department pausing plan to garnish Social Security checks over defaulted loans
https://thehill.com/homenews/education/5329805-education-department-pausing-plan-garnish-social-security-checks-defaulted-loans/

Replaced article(s) found for cs.CR. https://arxiv.org/list/cs.CR/new
[1/1]:
- Learned-Database Systems Security
Roei Schuster, Jin Peng Zhou, Thorsten Eisenhofer, Paul Grubbs, Nicolas Papernot

UK minister instructs the Turing AI institute, which has lately focused on responsible AI and ethics, to prioritize national security and defense instead (Joshua Nevett/BBC)
https://www.bbc.com/news/articles/cy7nppe5gkgo

Minister tells UK's Turing AI institute to focus on defence
Peter Kyle says the Alan Turing Institute should prioritise boosting the UK's AI capabilities.

COALESCE: Economic and Security Dynamics of Skill-Based Task Outsourcing Among Team of Autonomous LLM Agents
Manish Bhatt, Ronald F. Del Rosario, Vineeth Sai Narajala, Idan Habler
https://arxiv.org/abs/2506.01900

COALESCE: Economic and Security Dynamics of Skill-Based Task Outsourcing Among Team of Autonomous LLM Agents
The meteoric rise and proliferation of autonomous Large Language Model (LLM) agents promise significant capabilities across various domains. However, their deployment is increasingly constrained by substantial computational demands, specifically for Graphics Processing Unit (GPU) resources. This paper addresses the critical problem of optimizing resource utilization in LLM agent systems. We introduce COALESCE (Cost-Optimized and Secure Agent Labour Exchange via Skill-based Competence Estimation…

#Infosec2025: Good Cybersecurity Enabled Ukraine’s Surprise Attack on Russia, Says NCSC
https://www.infosecurity-magazine.com/news/infosec2025-ukraine-drone-atta…

#Infosec2025: Good Cybersecurity Enabled Ukraine’s Surprise Attack on Russia, Says NCSC
Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed

Control at Stake: Evaluating the Security Landscape of LLM-Driven Email Agents
Jiangrong Wu, Yuhong Nan, Jianliang Wu, Zitong Yao, Zibin Zheng
https://arxiv.org/abs/2507.02699

Control at Stake: Evaluating the Security Landscape of LLM-Driven Email Agents
The increasing capabilities of LLMs have led to the rapid proliferation of LLM agent apps, where developers enhance LLMs with access to external resources to support complex task execution. Among these, LLM email agent apps represent one of the widely used categories, as email remains a critical communication medium for users. LLM email agents are capable of managing and responding to email using LLM-driven reasoning and autonomously executing user instructions via external email APIs (e.g., se…

The US DOJ seized ~145 domains and crypto linked to BidenCash, a dark web market that made $17M in revenue since 2022 by selling stolen credit cards and more (Ionut Ilascu/BleepingComputer)
https://www.bleepingcomputer.com/news/secu

In Donald Trump’s White House, the easiest way to avoid being surprised is to remember that anything can happen.
Air Force leaders learned that lesson earlier this year when they arrived for a 💥top-secret briefing 💥with Trump in the Oval Office,
which according to NBC News was scheduled for them to discuss plans for America’s sixth-generation fighter aircraft, dubbed the F-47 in a nod to Trump’s status as the 47th President of the United States.
As the generals were going o…

Military leaders aghast as Meta founder Zuckerberg crashes classified Oval Office meeting on fighter jets: report
Facebook mogul’s sudden appearance is increasingly typical of freewheeling West Wing during Donald Trump’s second term, which president has reportedly nicknamed ‘Grand Central Terminal’

Ex-Homeland Security official Taylor fights back against Trump's 'unprecedented' investigation order (Rebecca Santana/Associated Press)
https://apnews.com/article/trump-retaliation-miles-taylor-chris-krebs-b4f13e61b84afce7874c6500e8b891bd
http://www.memeorandum.com/250603/p46#a250603p46

Check out today's Metacurity for the most critical infosec developments you might have missed over the weekend, including
--German police ID Trickbot's "Stern,"
--BitMEX thwarts Lazarus Group attack,
--Shin Bet thwarted 85 Iranian cyberattacks aimed at civilians,
--Vibe coding app Lovable failed to fix critical flaw,
--China's quantum satellite Micius has a severe security flaw,
--Russia's GRU Unit 29155 has a hacker team,
--…

Law enforcement took down cybercriminal malware testing service AVCheck
German police ID Trickbot's "Stern," BitMEX thwarts Lazarus Group attack, Shin Bet thwarted 85 Iranian cyberattacks aimed at civilians, Vibe coding app Lovable failed to fix critical flaw, China's quantum satellite Micius has a security flaw, Russia's Unit 29155 has a hacker team, much more

A Systematic Review of Security Vulnerabilities in Smart Home Devices and Mitigation Techniques
Mohammed K. Alzaylaee
https://arxiv.org/abs/2507.01018 http…

A Systematic Review of Security Vulnerabilities in Smart Home Devices and Mitigation Techniques
Smart homes that integrate Internet of Things (IoT) devices face increasing cybersecurity risks, posing significant challenges to these environments. The study explores security threats in smart homes ecosystems, categorizing them into vulnerabilities at the network layer, device level, and those from cloud-based and AI-driven systems. Research findings indicate that post-quantum encryption, coupled with AI-driven anomaly detection, is highly effective in enhancing security; however, computatio…

GOP tax bill includes a $6,000 ‘senior deduction.’ Here’s who qualifies.
Under current law, most taxpayers claim the standard deduction of $15,000 (or $30,000 for couples)
to reduce their tax liability,
though the GOP tax bill would increase those amounts slightly.
Additionally, seniors already qualify for an additional deduction of $2,000 (or $3,600 for couples).

The Senate bill would create a third category that gives seniors an additional $6,000 (or $12,000) off…

GOP tax bill includes a $6,000 ‘senior deduction.’ Here’s who qualifies.
The provision emerged from President Donald Trump’s campaign pledge to end taxes on Social Security. But experts say many are excluded.

Military leaders aghast as Meta founder Zuckerberg crashes classified Oval Office meeting on fighter jets: report | The Independent
https://www.independent.co.uk/news/world/americas/us-politics/trump-oval-office-mark-zuckerberg-security-b2781215.html

Meta SecAlign: A Secure Foundation LLM Against Prompt Injection Attacks
Sizhe Chen, Arman Zharmagambetov, David Wagner, Chuan Guo
https://arxiv.org/abs/2507.02735

Meta SecAlign: A Secure Foundation LLM Against Prompt Injection Attacks
Prompt injection attacks pose a significant security threat to LLM-integrated applications. Model-level defenses have shown strong effectiveness, but are currently deployed into commercial-grade models in a closed-source manner. We believe open-source models are needed by the AI security community, where co-development of attacks and defenses through open research drives scientific progress in mitigation against prompt injection attacks. To this end, we develop Meta SecAlign, the first open-sou…

Kristi Noem has repeatedly claimed that the U.S. government deported a cannibal that “ate other people”
and then, while on a flight from the U.S., became so “deranged” that he began to “eat himself.”
Noem first shared the dubious tale late last week during an interview with Fox News’s Jesse Watters.
The Cabinet secretary said that a U.S. marshal “off-handedly” told her about a cannibal on a “planeload of illegals.”
When Noem asked, “What do you mean he was a canniba…

Why Won’t ICE Comment on Kristi Noem’s Cannibal Stories?
Secretary of Homeland Security Kristi Noem repeated a story of ICE deporting a “cannibal,” despite no evidence to support it. This plays into centuries of racist fantasies.

Social Security Backs Off Listing Living Migrants as Dead (New York Times)
https://www.nytimes.com/2025/07/01/us/politics/social-security-immigrants-dead.html?unlocked_article_code=1.TU8.IM62.3OjkBYPHfZ_0&smid=nytcore-ios-share&referringSource=articleShare
http://www.memeorandum.com/250701/p161#a250701p161

A tertiary review on quantum cryptography
Luiz Filipi Anderson de Sousa Moura, Carlos Becker Westphall
https://arxiv.org/abs/2506.02028 https://

A tertiary review on quantum cryptography
Quantum computers impose an immense threat to system security. As a countermeasure, new cryptographic classes have been created to prevent these attacks. Technologies such as post-quantum cryptography and quantum cryptography. Quantum cryptography uses the principle of quantum physics to produce theoretically unbreakable security. This tertiary review selected 51 secondary studies from the Scopus database and presented bibliometric analysis, a list of the main techniques used in the field, and …

"Two lessons here: 1) Use a marker with a wider tip than a Sharpie, so it’ll be more visible, and 2a) if civilians are able to get right onto your armored vehicle to write graffiti, maybe this wasn’t the kind of militarized raid that you needed an armored truck for in the first place, or 2b) at the very least, your security cordon sucks."
**Minneapolis Says No Fascists, DHS Won't Deport And Kill Preschooler Yet. Your ICE Times Roundup**
https://www.wonkette.com/p/minneapolis-says-no-fascists-dhs

UK deploys AI to boost Arctic security amid growing threats
https://www.artificialintelligence-news.com/news/uk-deploys-ai-to-boost-arctic-security-amid-growing-threats/?mid=1#cid=2874048

UK deploys AI to boost Arctic security amid growing threats
The UK is deploying AI to keep a watchful eye on Arctic security threats from hostile states amid growing geopolitical tensions.

As the Senate weighs possible changes to the state and local tax (SALT) deduction cap as part of the tax portion of the "big, beautiful bill,"
House Republicans from blue states are already threatening to derail the bill's prospects.
"Let's be clear — no SALT, no deal," New York Republican Mike Lawler said Wednesday in a post on X

Trump admin live updates: Trump signs proclamation banning travel from 12 countries
The president cited national security concerns for enacting the ban.

DHS Announces ICE Arrest of Mexican Boxer, Sinaloa Cartel Affiliate with Active Criminal Arrest Warrant Julio Cesar Chavez Jr. (Department of Homeland Security)
https://www.dhs.gov/news/2025/07/03/dhs-announces-ice-arrest-mexican-boxer-sinaloa-cartel-affiliate-active-criminal
http://www.memeorandum.com/250703/p106#a250703p106

19-year-old Edward Coristine, a DOGE staffer known as "Big Balls" online, has joined the Social Security Administration days after resigning from the GSA (Wired)
https://www.wired.com/story/big-balls-social-security-administration/

‘Big Balls’ Is Now at the Social Security Administration
Edward “Big Balls” Coristine’s placement at the SSA comes after a White House official told WIRED on Tuesday that the 19-year-old had resigned from his position in government.

ATAG: AI-Agent Application Threat Assessment with Attack Graphs
Parth Atulbhai Gandhi, Akansha Shukla, David Tayouri, Beni Ifland, Yuval Elovici, Rami Puzis, Asaf Shabtai
https://arxiv.org/abs/2506.02859

ATAG: AI-Agent Application Threat Assessment with Attack Graphs
Evaluating the security of multi-agent systems (MASs) powered by large language models (LLMs) is challenging, primarily because of the systems' complex internal dynamics and the evolving nature of LLM vulnerabilities. Traditional attack graph (AG) methods often lack the specific capabilities to model attacks on LLMs. This paper introduces AI-agent application Threat assessment with Attack Graphs (ATAG), a novel framework designed to systematically analyze the security risks associated with AI-a…

Deepening divisions are threatening the fate of the sprawling bill,
which includes large tax cuts;
reductions to Medicaid, food assistance and clean energy programs;
and additional money for border security and the military.
They erupted online on Tuesday after Trump lashed out at an outspoken Republican opponent of the legislation
-- and as Elon Musk, the tech billionaire who recently left his governmental role leading the Department of Government Efficiency, …

Trump Pressures Divided G.O.P. to Back Policy Bill
The president is pressing Republicans in the Senate to unite quickly behind sprawling legislation that carries his domestic agenda, but the measure’s opponents have a powerful new ally: Elon Musk.

International Criminal Court hit with cyber security attack
https://apnews.com/article/international-court-cyberattack-hague-netherlands-50ac8b2f53928fc1f05163c67b09c4bf

International Criminal Court hit with cyber security attack
The International Criminal Court says it has been hit by a “sophisticated” cyberattack. The court said Monday the incident, which happened last week, has been contained, but it has not disclosed the impact or motive. A court-wide analysis is underway, and measures are being taken to limit damage. The attack coincided with a NATO summit in The Hague, raising security concerns. The ICC, which handles high-profile war crimes cases, has faced espionage attempts in the past. It remains unclear i…

Judge: FBI surveillance records on MLK may take years to release (Spencer S. Hsu/Washington Post)
https://www.washingtonpost.com/national-security/2025/06/04/martin-luther-king-fbi-records-release/
http://www.memeorandum.com/250604/p174#a250604p174

While it may not feel like it since January,
the rule of law still matters.
The U.S. remains a signatory to dozens of international agreements related to the use of force,
which ultimately protect our national security interests.
We have a raft of U.S. laws, including a Constitution and Bill of Rights,
that determine how and when our nation may legally engage in conflict abroad.
We are ill-served as a public when the most crucial decision a government can …

Trump endangers US by ignoring rule of law – Marin Independent Journal - EUROPE SAYS
Congressional approval for military engagement still matters. Here’s why.

Hegseth moves to rename Navy ship honoring gay rights icon Harvey Milk (Dan Lamothe/Washington Post)
https://www.washingtonpost.com/national-security/2025/06/03/harvey-milk-navy-hegseth-civil-rights/
http://www.memeorandum.com/250603/p132#a250603p132

Trump Exaggerates His Agenda Bill's Impact on Social Security Taxes (Karoun Demirjian/New York Times)
https://www.nytimes.com/2025/07/01/us/politics/trump-bill-social-security-taxes.html
http://www.memeorandum.com/250701/p95#a250701p95

On the Effect of Ruleset Tuning and Data Imbalance on Explainable Network Security Alert Classifications: a Case-Study on DeepCASE
Koen T. W. Teuwen, Sam Baggen, Emmanuele Zambon, Luca Allodi
https://arxiv.org/abs/2507.01571

On the Effect of Ruleset Tuning and Data Imbalance on Explainable Network Security Alert Classifications: a Case-Study on DeepCASE
Automation in Security Operations Centers (SOCs) plays a prominent role in alert classification and incident escalation. However, automated methods must be robust in the presence of imbalanced input data, which can negatively affect performance. Additionally, automated methods should make explainable decisions. In this work, we evaluate the effect of label imbalance on the classification of network intrusion alerts. As our use-case we employ DeepCASE, the state-of-the-art method for automated a…

Threatening investigations on spurious grounds:
The most recent example is the government’s attack on CNN
for its reporting about an app called #ICEBlock that alerts users to sightings of ICE agents nearby.
“Border czar” Tom Homan called on the Department of Justice to investigate CNN for its reporting,
and Department of Homeland Security Secretary Kristi Noem said her agency is w…

‘I wanted to do something to fight back’: This iPhone app alerts users to nearby ICE sightings
Joshua Aaron has worked in and around the tech industry for around two decades. He built his first app — a blackjack game — at computer camp when he was 13.

HoneySat: A Network-based Satellite Honeypot Framework
Efr\'en L\'opez-Morales (Texas A&M University-Corpus Christi), Ulysse Planta (CISPA Helmholtz Center for Information Security), Gabriele Marra (CISPA Helmholtz Center for Information Security), Carlos Gonz\'alez (German Aerospace Center), Jacob Hopkins (Texas A&M University-Corpus Christi), Majid Garoosi (CISPA Helmholtz Center for Information Security), El\'ias Obreque (Universidad de Chile), Carlos Rubio-M…

HoneySat: A Network-based Satellite Honeypot Framework
Satellites are the backbone of several mission-critical services, such as GPS that enable our modern society to function. For many years, satellites were assumed to be secure because of their indecipherable architectures and the reliance on security by obscurity. However, technological advancements have made these assumptions obsolete, paving the way for potential attacks, and sparking a renewed interest in satellite security. Unfortunately, to this day, there is no efficient way to collect dat…

“This is another snake-oil salesman’s pitch to make him look good and reward the billionaires and millionaire executives and stakeholders for US Steel,”
said Doug May, who worked for 43 years as a steel worker at a mill in Granite City, Illinois, from the age of 19.
“He’s a proven flip-flopper.
Just look at his trade cases:
on again, off again.”
Trump ditched his opposition to the deal
– which Joe Biden blocked in January, citing national security concerns …

A Compact 16-bit S-box over Tower Field $\F_{(((2^2)^2)^2)^2}$ with High Security
Bahram Rashidi, Behrooz Khadem
https://arxiv.org/abs/2507.01423 https://

A Compact 16-bit S-box over Tower Field $\F_{(((2^2)^2)^2)^2}$ with High Security
This paper introduces a compact and secure 16-bit substitution box (S-box) designed over the composite field $\F_{(((2^2)^2)^2)^2}$, optimized for both hardware efficiency and cryptographic robustness. The proposed S-box decomposes operations into subfields, leveraging a tower field architecture. This enables significant hardware reduction through optimized field inversion and a low-cost affine transformation. Security evaluations confirm resilience against linear, differential, algebraic and D…

The Secrets Must Not Flow: Scaling Security Verification to Large Codebases (extended version)
Linard Arquint, Samarth Kishor, Jason R. Koenig, Joey Dodds, Daniel Kroening, Peter M\"uller
https://arxiv.org/abs/2507.00595

The Secrets Must Not Flow: Scaling Security Verification to Large Codebases (extended version)
Existing program verifiers can prove advanced properties about security protocol implementations, but are difficult to scale to large codebases because of the manual effort required. We develop a novel methodology called *Diodon* that addresses this challenge by splitting the codebase into the protocol implementation (the *Core*) and the remainder (the *Application*). This split allows us to apply powerful semi-automated verification techniques to the security-critical Core, while fully-automat…

The Trump administration knew
that the vast majority of the
238 Venezuelan immigrants
it sent to a maximum-security prison in El Salvador in mid-March
had not been convicted of crimes in the United States
before it labeled them as terrorists and deported them,
according to U.S. Department of Homeland Security data
that has not been previously reported.

Trump Administration Knew Vast Majority of Venezuelans Sent to Salvadoran Prison Had Not Been Convicted of U.S. Crimes
Homeland Security records reveal that officials knew that more than half of the 238 deportees were labeled as having no criminal record in the U.S. and had only violated immigration laws.

Replaced article(s) found for cs.CR. https://arxiv.org/list/cs.CR/new
[1/1]:
- OblivIO: Securing reactive programs by oblivious execution with bounded traffic overheads
Jeppe Fredsgaard Blaabjerg, Aslan Askarov

Ukrainian security services conducted a massive drone attack against Russian military airbases on Sunday,
striking thousands of kilometres from the front line in what President Volodymyr Zelensky said was their longest-range operation ever.
The operation, code-named "Spider's Web," required months of preparation and the smuggling of drones into Russian territory
Using 117 drones, Ukraine was able to reach regions thousands of kilometres from the front,
w…

What We Know About Ukraine’s Drone Attacks in Russia
Ukrainian security services conducted a massive drone attack against Russian military airbases on Sunday, striking thousands of kilometres from the front line in what President Volodymyr Zelensky said was their longest-range operation ever.

LLM Agents Should Employ Security Principles
Kaiyuan Zhang, Zian Su, Pin-Yu Chen, Elisa Bertino, Xiangyu Zhang, Ninghui Li
https://arxiv.org/abs/2505.24019

LLM Agents Should Employ Security Principles
Large Language Model (LLM) agents show considerable promise for automating complex tasks using contextual reasoning; however, interactions involving multiple agents and the system's susceptibility to prompt injection and other forms of context manipulation introduce new vulnerabilities related to privacy leakage and system exploitation. This position paper argues that the well-established design principles in information security, which are commonly referred to as security principles, should be…