Tootfinder

R v F (2025): Addressing the Defence of Hacking
Junade Ali
https://arxiv.org/abs/2510.03764 https://arxiv.org/pdf/2510.03764…

R v F (2025): Addressing the Defence of Hacking
The defence of hacking (sometimes referred to as the "Trojan Horse Defence" or the "SODDI Defence", Some Other Dude Did It Defence) is prevalent in computer cases and a challenge for those working in the criminal justice system. Historical reviews of cases have demonstrated the defence operating to varying levels of success. However, there remains an absence in academic literature of case studies of how digital forensics investigators can address this defence, to assist courts in acquitting the…

Unit 42: "commercial grade" spyware called Landfall, likely zero-click, was used in a hacking campaign aimed at Samsung Galaxy phones in the Middle East (Suzanne Smalley/The Record)
https://therecord.media/landfall-spyware-middle-east-appears-commercia…

Newly identified Android spyware appears to be from a commercial vendor
Researchers spotted a 9-month-long campaign involving previously undiscovered spyware they call LANDFALL, which leveraged a zero-day bug in Samsung Galaxy phones.

https://techcrunch.com/2025/10/03/hacking-group-claims-theft-of-1-billion-records-from-salesforce-customer-databases/
Hacking group claims theft of 1 billion records from Salesforce customer databases

Hacking group claims theft of 1 billion records from Salesforce customer databases | TechCrunch
The hacking group claims to have stolen about a billion records from companies, including FedEx, Qantas, and TransUnion, who store their customer and company data in Salesforce.

How a bunch of hackers "freed" the Kinect
https://www.theverge.com/tech/812803/hacking-kinect-history

Risikomanagement und Resilienz in der IT-Sicherheit: IT-Sicherheitstag Dortmund
Praxisnahe Vorträge am 16. September – von aktuellen Hacking-Methoden über Schutz vor LLM-Angriffen bis hin zu Strategien für mehr Cyber-Resilienz.

An amazing #nixcon2025 this weekend so far. Rapperswil OST is a gorgeous venue. Today, hacking. Just need a few liters of coffee to get going.

Inoculation Prompting: Instructing LLMs to misbehave at train-time improves test-time alignment
Nevan Wichers, Aram Ebtekar, Ariana Azarbal, Victor Gillioz, Christine Ye, Emil Ryd, Neil Rathi, Henry Sleight, Alex Mallen, Fabien Roger, Samuel Marks
https://arxiv.org/abs/2510.05024

Inoculation Prompting: Instructing LLMs to misbehave at train-time improves test-time alignment
Large language models are sometimes trained with imperfect oversight signals, leading to undesired behaviors such as reward hacking and sycophancy. Improving oversight quality can be expensive or infeasible, motivating methods that improve learned behavior despite an imperfect training signal. We introduce Inoculation Prompting (IP), a simple but counterintuitive technique that prevents learning of an undesired behavior by modifying training prompts to explicitly request it. For example, to ino…

Do you guys know what you're doing, or are you just hacking?

Lapsus$ publishes a data leak site on the dark web threatening to release about ~1B records stolen from Salesforce-hosted customer databases (TechCrunch)
https://techcrunch.com/2025/10/03/hacking-group-claims-theft-of-1-bi…

Hacking group claims theft of 1 billion records from Salesforce customer databases | TechCrunch
The hacking group claims to have stolen about a billion records from companies, including FedEx, Qantas, and TransUnion, who store their customer and company data in Salesforce.

You know what was released on the #InternetArchive yesterday?
Johannes Grenzfurthner‘s documentary movie “Hacking at Leaves” about US history and the racism that built it, the Navajo Nation, hackerspaces and hacker culture, COVID-19, and much more.
It’s now free to watch, share, and talk about!

hacking at @… and listening to @… 🥳

China-linked hacking group Phantom Taurus targeting embassies, foreign ministries https://therecord.media/china-linked-phantom-taurus-hacking

A hacking collective calling itself "Scattered LapSus Hunters," has threatened to leak Google databases unless the company sacks two senior employees. Whilst the group has yet to provide any evidence that it holds Google data, Google has recently disclosed a third-party security breach involving Salesforce.

Hackers threaten Google with data leak unless company fires two threat intelligence employees
A hacking collective calling itself "Scattered LapSus Hunters," has threatened to leak Google databases unless the company sacks two senior employees. Whilst the group has ...

South Korea raises cyber threat level after huge data centre fire sparks hacking fears
https://www.theguardian.com/world/2025/sep/30/south-korea-raises-cyber-threat-level-after-huge-data-centre-fire-sparks-ha…

#Cellebrite can apparently extract data from most #Pixel phones, unless they’re running #GrapheneOS.

Oh, ChatGPT scheint da ein paar Anfälligkeiten zu haben, und die sind gar nicht schwierig auszunutzen…
https://thehackernews.com/2025/11/researchers-find-chatgpt.html
»Indirect prompt injection vulnerability über vertrauenswürdige Websites im Browsing-Kontext, …

A look at major UK businesses hit by cyberattacks in 2025; a government survey estimates 43% of businesses and 30% of charities were hit in the past 12 months (Theo Leggett/BBC)
https://www.bbc.com/news/articles/c5ye8zj5l4jo

The true cost of cyber hacking on businesses
Are this year's major attacks the "cumulative effect of a kind of inaction on cyber security" from the government and big business?

DOJ accuses US ransomware negotiators of launching their own ransomware attacks
The Department of Justice indicted Kevin Tyler Martin and another unnamed employee,
who both worked as ransomware negotiators at DigitalMint,
with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies.
Prosecutors also charged a third individual, Ryan Clifford Goldberg, a former incident response manage…

DOJ accuses US ransomware negotiators of launching their own ransomware attacks | TechCrunch
Three people, including two U.S. ransomware negotiators, are accused of working on behalf of the ALPHV/BlackCat ransomware gang.

Cybersecurity AI: Hacking the AI Hackers via Prompt Injection
V\'ictor Mayoral-Vilches, Per Mannermaa Rynning
https://arxiv.org/abs/2508.21669 https://…

Cybersecurity AI: Hacking the AI Hackers via Prompt Injection
We demonstrate how AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks. Prompt injection is reminiscent of cross-site scripting (XSS): malicious text is hidden within seemingly trusted content, and when the system processes it, that text is transformed into unintended instructions. When AI agents designed to find and exploit vulnerabilities interact with malicious web servers, carefully crafted reponses can hijack their execution flow, potentially gr…

The week's cyber news is really heating up so check out today's Metacurity for the most crucial infosec developments you should know, including
--Two cyber pros became cybercriminals to launch a ransomware campaign,
--Hackers infiltrated trucking and freight companies,
--Lawmakers probe Flock Safety insecurities,
--SK Telecom advised to pay $208 per hacking victim,
--Hackers stole 50K CCTV clips using admin123 password,
--AN0M phone snags 55 more vi…

Two cyber pros became cybercriminals to launch a ransomware campaign
Hackers infiltrated trucking and freight companies, Lawmakers probe Flock Safety insecurities, SK Telecom advised to pay $208 per hacking victim, Hackers stole 50K CCTV clips using admin123 password, AN0M phone snags 55 more victims, Hackers stole $100m+ from DeFi protocol Balancer, much more

»Cracking bcrypt: New-gen hardware speeds up password hacking«
Personally, I prefer Argon2id and yescript. I assume that these are more secure than the bcrypt, which is outdated in my opinion, but which is still running on servers very often today.
🔓 https://specopssoft…

[New research] Cracking bcrypt: Is new-gen hardware and AI making password hacking faster?
Computing power is growing due to reduced costs and AI. Learn how it has impacted bcrypt password cracking times.

State-aligned hacking groups have sharply escalated their cyber operations against the EU over the past year, says European Union Agency for Cybersecurity (ENISA) Threat Landscape Report
https://www.computing.co.uk/news/2025/security/state-aligned-th…

State-aligned cyber threats against EU intensify, ENISA warns
State-aligned hacking groups have sharply escalated their cyber operations against the EU over the past year, says European Union Agency for Cybersecurity (ENISA) Threat Landscape ...

CISA orders federal agencies to patch Sitecore zero-day following hacking reports https://therecord.media/cisa-orders-patch-for-sitecore-zero-day

'Call of Duty' maker goes to war with 'parasitic' cheat developers in L.A. federal court
https://www.latimes.com/california/story/2025-07-25/call-of-duty-activision-blizzard-hacking-lawsuit
🆓

'Call of Duty' maker goes to war with cheat developers in L.A. court
"Call of Duty" publisher Activision-Blizzard is suing hacking developers worldwide over cheats designed for the popular first-person-shooter video game.

George Orwell's Surprising Stance on Hypocrisy #Orwell

George Orwell's Surprising Stance on Hypocrisy
George Orwell was deeply concerned about hypocrisy—but in the opposite way you might expect. That’s what struck me about halfway through writing my new book The Hypocrisy Trap. Orwell spent his career hacking away at humbug and falsehoods and famously warned how language gets corrupted by “a gap

Federal Courts Slow to Fix Vulnerable System After Repeated Hacking
https://www.nytimes.com/2025/09/03/us/politics/federal-courts-computer-hacks.html?mid=1#cid=3061919

Federal Courts Slow to Fix Vulnerable System After Repeated Hacking
After a 2020 breach thought to be Russia’s work, the courts told Congress that they would harden a system storing sealed documents. Five years later, the system was hacked again.

The FBI and agencies in the UK, Canada, and others warn that a Chinese hacking campaign targeting US telecoms has expanded to 80 countries and 200 US companies (Joseph Menn/Washington Post)

FBI warns Chinese hacking campaign has expanded, reaching 80 countries
An FBI official told The Washington Post that Chinese hackers won deep access to major communication carriers in the U.S. and elsewhere.

On Monday, researchers at cybersecurity giant Kaspersky published a report identifying a new spyware called Dante
that they say targeted Windows victims in Russia and neighboring Belarus.
The researchers said the Dante spyware is made by Memento Labs,
a Milan-based surveillance tech maker that was formed in 2019
after a new owner acquired and took over early spyware maker
Hacking Team.
Memento chief executive
Paolo Lezzi confirmed to TechCrunch that…

Exclusive: CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker's chief executive blamed a government customer for getting caught.

I am no friend of Kemi Bad Enoch but I'm finding everyone taking the high horse about her hacking a website 17 years ago very tedious. It was 2009! Of course if your found an unsecured website you'd dick about with it! It sounds as serious as that guy who got into Jeremy Corbyn's Twitter account that time and posted "davey cameron is a pie".

Wieczorna misja zrobienia najbardziej wulgarnego tańczącego kaktusa jak się da.

Był to ten legendarny z "Gdzie jest biały węgorz" Cypisa na drugim utworze.

Teraz go całego zawale przaśnymi utworami ku uciesze spotkanych ludzi - będzie wyjątkowy i jedyny taki na całym świecie :)

#hacking

Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry https://therecord.media/russia-sandworm-grain-wipers

Hacking on #shmol #puters again. :3

How Kamada doesn’t have a yellow card is a real mystery to me. If not for hacking away then for accumulation.
#LFC

Risikomanagement und Resilienz in der IT-Sicherheit: IT-Sicherheitstag Dortmund
Am 16. September bietet die eintägige Konferenz an der FH Dortmund wieder spannende Inhalte für Forschung und Wirtschaft: Von Hacking bis LLM-Angriffen.

https://www.azernews.az/region/249665.html
Pro-Russian hacking groups KillNet and Beregini said they had obtained data from several large Ukrainian companies, including defense-sector firms,

Pro-Russian hackers claim data haul from Ukrainian defense firms
Pro-Russian hacking groups KillNet and Beregini said Friday that they had obtained data from several large Ukrainian companies, including defense-sector firms, Azernews reports, citing a KillNet representative who spoke to RIA Novosti.

Uw Paul stempt een nerd (v/m/a). Hup nerds!
https://mastodon.green/@Steeph/115445038661574934

Stephan Okhuijsen (@Steeph@mastodon.green)
Attached: 1 image Naast klimaat is er tijdens de verkiezingen veel te weinig aandacht voor alle ontwikkelingen rond het thema digitaal. AI, tech sovereignty, cyberwar, chip tekorten, election hacking, etc etc... En op de kieslijsten te weinig kandidaten met kennis op verkiesbare plaats. Daarom mijn stemadvies. Stem de digitale specialisten omhoog zodat er straks kamerleden zijn die hier serieus het debat over kunnen aangaan. Check verder https://nerdvote.nl #TK2025

Been volunteering with @… and @… since January.
We are in the Toronto Star today!
Thanks @…

The NVidia black market documentary keeps on giving: #Repair shops in #China pimp GPUs to double the VRAM. With new PCBs. Repurposing silicon, that’s sustainable hacking.
rumble.com/v6xro9o–…

Pref-GRPO: Pairwise Preference Reward-based GRPO for Stable Text-to-Image Reinforcement Learning
Yibin Wang, Zhimin Li, Yuhang Zang, Yujie Zhou, Jiazi Bu, Chunyu Wang, Qinglin Lu, Cheng Jin, Jiaqi Wang
https://arxiv.org/abs/2508.20751

Pref-GRPO: Pairwise Preference Reward-based GRPO for Stable Text-to-Image Reinforcement Learning
Recent advancements highlight the importance of GRPO-based reinforcement learning methods and benchmarking in enhancing text-to-image (T2I) generation. However, current methods using pointwise reward models (RM) for scoring generated images are susceptible to reward hacking. We reveal that this happens when minimal score differences between images are amplified after normalization, creating illusory advantages that drive the model to over-optimize for trivial gains, ultimately destabilizing the…

Anthropic's Threat Intelligence report for August says Claude was weaponized for sophisticated cybercrimes, including a "vibe-hacking" data extortion scheme (Hayden Field/The Verge)
https://www.theverge.com/ai-artificial-int

‘Vibe-hacking’ is now a top AI threat
Anthropic’s new Threat Intelligence report, out today, details the wide range of cases in which Claude — and likely many other leading AI agents and chatbots — are being abused.

It feels entirely appropriate to clock change weekend to make hearty soup and settle down to turning a heel on hand knitted socks.

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection covers:
--A hacking gang extorted Italy's elite,
--An Indian backwater became a wealthy cybercrime locale,
--The nature of China's espionage threat to the UK,
--Cybercrime laws are used to censor the press,
--The dark side of Apple&…

Reinforcement Learning with Verifiable yet Noisy Rewards under Imperfect Verifiers
Xin-Qiang Cai, Wei Wang, Feng Liu, Tongliang Liu, Gang Niu, Masashi Sugiyama
https://arxiv.org/abs/2510.00915

Reinforcement Learning with Verifiable yet Noisy Rewards under Imperfect Verifiers
Reinforcement Learning with Verifiable Rewards (RLVR) trains policies against automated verifiers to avoid costly human labeling. To reduce vulnerability to verifier hacking, many RLVR systems collapse rewards to binary $\{0,1\}$ during training. This choice carries a cost: it introduces \textit{false negatives} (rejecting correct answers, FNs) and \textit{false positives} (accepting incorrect ones, FPs). For instance, a rule-based checker may mark the correct fraction $\frac{12}{36}$ as wrong …

Large Language Model Hacking: Quantifying the Hidden Risks of Using LLMs for Text Annotation
Joachim Baumann, Paul R\"ottger, Aleksandra Urman, Albert Wendsj\"o, Flor Miriam Plaza-del-Arco, Johannes B. Gruber, Dirk Hovy
https://arxiv.org/abs/2509.08825

Large Language Model Hacking: Quantifying the Hidden Risks of Using LLMs for Text Annotation
Large language models (LLMs) are rapidly transforming social science research by enabling the automation of labor-intensive tasks like data annotation and text analysis. However, LLM outputs vary significantly depending on the implementation choices made by researchers (e.g., model selection, prompting strategy, or temperature settings). Such variation can introduce systematic biases and random errors, which propagate to downstream analyses and cause Type I, Type II, Type S, or Type M errors. W…

Some traditions must be upheld!
Hardware hacking at the PostHog Hardware Hacknight 👍 with @…
#VCET #VTTA

Apparently there is a hacking world championship and Apparently Denmark won Silver this year.
Tillykke alle! 🇩🇰🏆🇩🇰💻👩‍💻👨‍💻🇩🇰
https://www.version2.dk/artikel/danmark-vinder-soelv-til-hacker-em-jeg-er-helt-overvaeldet-og-meget-roert

AI is increasingly being used in hacking, with cybercriminals using AI to enhance their capabilities and cybersecurity firms using it to find vulnerabilities (Kevin Collier/NBC News)
https://www.nbcnews.com/tech/security/era-ai-hacking-arrived-rcna224282

The era of AI hacking has arrived
Hackers and cybersecurity companies have entered an AI arms race.

»GenAI-Infrastruktur anfällig für Cyberattacken:
Eine aktuelle Studie zeigt — GenAI-Anwendungen in Unternehmen werden zunehmend von Hackern attackiert.«
Nun ja… überraschend ist dies nicht, da die KI das "Hacking" um einiges automatisiert so wie vereinfacht. Dies wird mMn sich nicht rel. schnell in die positive Richtung sich ändern, egel was die in ihrer Werbung äussern.
🤖

GenAI-Infrastruktur anfällig für Cyberattacken
Eine aktuelle Studie zeigt: GenAI-Anwendungen in Unternehmen werden zunehmend von Hackern attackiert.

Podcast: The Underground Trade of Car Hacking Tech https://www.404media.co/podcast-the-underground-trade-of-car-hacking-tech/

https://techcrunch.com/2025/09/18/ice-unit-signs-new-3-million-contract-for-phone-hacking-tech/
ICE unit signs new $3M contract for phone-hacking tech

ICE unit signs new $3M contract for phone-hacking tech | TechCrunch
Homeland Security Investigations, the law enforcement arm of ICE, adds phone-unlocking tech made by Magnet Forensics to its arsenal of technology used to power the Trump administration’s deportation crackdown.

Peter Williams, the former general manager at defense contractor L3Harris,
has pleaded guilty to selling surveillance technology to a Russian broker that buys “cyber tools,”
the U.S. Department of Justice confirmed Wednesday. 
“The material, stolen over a three-year period from the U.S. defense contractor where he worked,
was comprised of national-security focused software that included at least eight sensitive and protected cyber-exploit components,”
read the D…

Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker | TechCrunch
Prosecutors confirmed Peter Williams, the former Trenchant boss, sold eight exploits to a Russian buyer. TechCrunch exclusively reported that the Trenchant division was investigating a leak of its hacking tools, after another employee was accused of involvement.

Bitcoin bridging app Garden Finance Reportedly Loses Over $10.8 Million in Hacking Incident
https://beincrypto.com/bitcoin-bridging-app-garden-finance-hack/

Garden Finance Reportedly Loses Over $10.8 Million in Hacking Incident
Garden Finance hack leads to $10.8 million loss after money laundering claims, echoing crypto’s ongoing security struggles.

Faced with the possibility of scrapping old computers on which Windows 11 is not supported by Microsoft: some users resort to hacking.
Others prefer a switch to free software, to no longer depend on Microsoft.
https://www.radio…

🧑‍💻 Southern California Linux Expo wants to hear from you. Literally, we want you to speak. Kernel hacking, AI modeling, gov transparency, parenting with parental control routers—if it’s open, it’s in. Submit a talk to SCaLE 23x!
https://www.socallinuxexpo.org/scale/23x/cfp

Amazon shuts down watering hole attack attributed to Russia’s APT29 hacking group https://therecord.media/amazon-shuts-down-apt29-watering-hole-attack

Wisdom of the Crowd: Reinforcement Learning from Coevolutionary Collective Feedback
Wenzhen Yuan, Shengji Tang, Weihao Lin, Jiacheng Ruan, Ganqu Cui, Bo Zhang, Tao Chen, Ting Liu, Yuzhuo Fu, Peng Ye, Lei Bai
https://arxiv.org/abs/2508.12338

Wisdom of the Crowd: Reinforcement Learning from Coevolutionary Collective Feedback
Reinforcement learning (RL) has significantly enhanced the reasoning capabilities of large language models (LLMs), but its reliance on expensive human-labeled data or complex reward models severely limits scalability. While existing self-feedback methods aim to address this problem, they are constrained by the capabilities of a single model, which can lead to overconfidence in incorrect answers, reward hacking, and even training collapse. To this end, we propose Reinforcement Learning from Coev…

Whenever a metric is created, it will be perverted.
Today: "Cool URIs don't change."
Developer: HMC, I can do that! *furious hacking* Behold! A single-page-application! Just one URI for all content, all stable.

Italian-made spyware spotted in breaches of Russian, Belarusian systems https://therecord.media/memento-labs-formerly-hacking-team-dante-spyware-russia-kaspersky

RLBFF: Binary Flexible Feedback to bridge between Human Feedback & Verifiable Rewards
Zhilin Wang, Jiaqi Zeng, Olivier Delalleau, Ellie Evans, Daniel Egert, Hoo-Chang Shin, Felipe Soares, Yi Dong, Oleksii Kuchaiev
https://arxiv.org/abs/2509.21319

RLBFF: Binary Flexible Feedback to bridge between Human Feedback & Verifiable Rewards
Reinforcement Learning with Human Feedback (RLHF) and Reinforcement Learning with Verifiable Rewards (RLVR) are the main RL paradigms used in LLM post-training, each offering distinct advantages. However, RLHF struggles with interpretability and reward hacking because it relies on human judgments that usually lack explicit criteria, whereas RLVR is limited in scope by its focus on correctness-based verifiers. We propose Reinforcement Learning with Binary Flexible Feedback (RLBFF), which combine…

Notorious hacking group Crimson Collective has claimed responsibility for a major breach of Nintendo's internal systems.
https://www.computing.co.uk/news/2025/security/crimson-collective-claims-nintendo-hack

Crimson Collective claims to have hacked Nintendo
Notorious hacking group Crimson Collective has claimed responsibility for a major breach of Nintendo's internal systems.

Don't miss today's packed Metacurity for the most critical infosec developments you should know, including
--Thai police blew up a Myanmar cyberscam compound,
--FCC blocks more Chinese-made devices,
--Hacking Team successor surfaces,
--Aisuru botnet overhauled to rent out IoT devices,
--Herodotus Android trojan mimics human behavior,
--Ad giant's subsidiary exposed data in cyber incident,
--CBP searches more devices than ever,
--ICE …

Thai police blew up a Myanmar cyberscam compound
FCC blocks more Chinese-made devices, Hacking Team successor surfaces, Aisuru botnet overhauled to rent out IoT devices, Herodotus Android trojan mimics human behavior, Ad giant's subsidiary exposed data in cyber incident, CBP searches more devices than ever, ICE is becoming a spymaster, much more

It's been a crazy week, so before you head out for the weekend, don't miss today's Metacurity for the most critical infosec developments you should know, including
--Two Scattered Spider members busted in London, US indicts one of them,
--MI6 launches dark web portal for potential spy comms,
--KT announced yet another breach,
--Korean authorities vow sweeping response to hacking spree,
--ICE signs contract with Graykey phone hacking device maker,

Two Scattered Spider members busted in the UK, one indicted in the US
MI6 launches dark web portal for potential spy comms, KT hit by another breach, Korean authorities vow sweeping response to hacking spree, ICE signs contract with Graykey phone hacking device maker, ChatGPT flaw that enabled Gmail extraction fixed, $2m theft roils BNB Chain DeFi scene, much more

Hackers steal data, extort $350,000 from massage parlor clients
https://koreajoongangdaily.joins.com/news/2025-11-03/national/socialAffairs/Hackers-steal-data-extort-350000-from-massage-parlor-cli…

Hackers steal data, extort $350,000 from massage parlor clients
Police have arrested members of a hacking and phishing crime ring that stole data from massage parlor owner phones in order to scam their clients out of millions of won by threatening to release nonexistent “massage videos” if they didn't pay.

Sign-coherence and tropical sign pattern for rank $3$ real cluster-cyclic exchange matrices
Ryota Akagi, Zhichao Chen
https://arxiv.org/abs/2509.07454 https://

Sign-coherence and tropical sign pattern for rank $3$ real cluster-cyclic exchange matrices
The sign-coherence about $c$-vectors was conjectured by Fomin-Zelevinsky and solved completely by Gross-Hacking-Keel-Kontsevich for integer skew-symmetrizable case. We prove this conjecture associated with $c$-vectors for rank 3 real cluster-cyclic skew-symmetrizable case. Simultaneously, we establish their self-contained recursion and monotonicity. Then, these $c$-vectors are proved to be roots of certain quadratic equations. Based on these results, we prove that the corresponding exchange gra…

In case you have a #FlipperZero, tune in to the livestream The Flipper Blackhat by @…
https://

The Flipper Blackhat WHY2025
I developed a 100% open-source (Quad core A7, 512MB RAM) Linux-enabled Flipper module for WiFi pentesting and ethical hacking!

Hacking Lab Boss Charged with Seeking to Sell Secrets in Russia
https://www.bloomberg.com/news/articles/2025-10-23/hacking-lab-b…

WhatsApp fixed a zero-click bug in its iOS and Mac apps that was being used, alongside a now-fixed Apple flaw, to hack into devices of "specific targeted users" (Zack Whittaker/TechCrunch)
https://techcrunch.com/2025/08/29/what…

WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware | TechCrunch
A spyware vendor was behind a recent campaign that abused a vulnerability in WhatsApp to deliver an exploit capable of hacking into iPhones and Macs.

Spanish police arrest student suspected of hacking school system to change grades https://therecord.media/spanish-police-hacker-arrest-grades

Position: AI Safety Must Embrace an Antifragile Perspective
Ming Jin, Hyunin Lee
https://arxiv.org/abs/2509.13339 https://arxiv.org/pdf/2509.13339

Position: AI Safety Must Embrace an Antifragile Perspective
This position paper contends that modern AI research must adopt an antifragile perspective on safety -- one in which the system's capacity to guarantee long-term AI safety such as handling rare or out-of-distribution (OOD) events expands over time. Conventional static benchmarks and single-shot robustness tests overlook the reality that environments evolve and that models, if left unchallenged, can drift into maladaptation (e.g., reward hacking, over-optimization, or atrophy of broader capabili…

The US DOJ's rigged-poker-game indictment involved hacking DeckMate, a casino-standard, suitcase-sized, $10K card shuffling machine, to reveal players' hands (Molly Schuetz/Bloomberg)
https://www.bloomberg.com/news/articles/20

Universal share based quantum multi secret image sharing scheme
Dipak K. Rabari, Yogesh K. Meghrajani, Laxmi S. Desai
https://arxiv.org/abs/2509.12979 https://

Universal share based quantum multi secret image sharing scheme
Image security for information has become increasingly critical as internet become more prevalent due to hacking and unauthorized access. To ensure the security of confidential image data, image encryption using visual cryptography plays a crucial role. To share multiple images using visual cryptography, the company organizer utilizes the concept of a universal or common share. Likewise, quantum computing is an emerging technology that facilitates secure communication. The ability of quantum co…

📻 Run a legal LTE network at home for $100
#hacking

Legal LTE Network at Home for $100 - Lan Tian @ Blog

Must-see TV straight into my veins.
‘We should have been shouting about this earlier’: David Tennant on his shocking TV show about phone hacking
https://www.theguardian.com/tv-and-radio/2025/sep…

A US judge sentences Matthew Lane, a 20-year-old Massachusetts man, to four years in prison after he pled guilty to hacking two companies, including PowerSchool (Nate Raymond/Reuters)
https://www.reuters.com/legal/government/m

Cybercriminals are using AI to execute highly targeted attacks at scale, causing people to unwittingly send money and sensitive information or simply open themselves up to theft.
Hackers are now able to rent generative AI large language models created in the underground cybercrime community to help formulate text-based scams.
But just as generative AI is enhancing and scaling social engineering attacks, so too is it giving defenders a leg up.

The hacking underworld has removed all of AI's guardrails, but the good guys are closing in
Fake Taylor Swift ads and malicious QR codes are just some of the newest ways cybercriminals are using AI as the cat-and-mouse cybersecurity game heats up.

RE: https://mastodon.social/@CyReVolt/115326775829183257
Well - if course it'll be Rust! 🥳✨🦀
Alright, the people have spoken.
I will do live streams while hacking on this:

CAI Fluency: A Framework for Cybersecurity AI Fluency
V\'ictor Mayoral-Vilches, Jasmin Wachter, Crist\'obal R. J. Veas Chavez, Cathrin Schachner, Luis Javier Navarrete-Lozano, Mar\'ia Sanz-G\'omez
https://arxiv.org/abs/2508.13588

CAI Fluency: A Framework for Cybersecurity AI Fluency
This work introduces CAI Fluency, an an educational platform of the Cybersecurity AI (CAI) framework dedicated to democratizing the knowledge and application of cybersecurity AI tools in the global security community. The main objective of the CAI framework is to accelerate the widespread adoption and effective use of artificial intelligence-based cybersecurity solutions, pathing the way to vibe-hacking, the cybersecurity analogon to vibe-coding. CAI Fluency builds upon the Framework for AI F…

Red Hat Investigating Breach Impacting as Many as 28,000 Customers, Including the Navy and Congress https://www.404media.co/red-hat-investigating-breach-impacting-as-many-as-28-000-customers-including-the-navy-and-congress…

Stabilizing Long-term Multi-turn Reinforcement Learning with Gated Rewards
Zetian Sun, Dongfang Li, Zhuoen Chen, Yuhuai Qin, Baotian Hu
https://arxiv.org/abs/2508.10548 https://…

Stabilizing Long-term Multi-turn Reinforcement Learning with Gated Rewards
Reward sparsity in long-horizon reinforcement learning (RL) tasks remains a significant challenge, while existing outcome-based reward shaping struggles to define meaningful immediate rewards without introducing bias or requiring explicit task decomposition. Alternatively, verification-based reward shaping uses stepwise critics, but misalignment between immediate rewards and long-term objectives can lead to reward hacking and suboptimal policies. In this work, we address this problem in the con…

Before you head out for the weekend, check out today's Metacurity for the most critical infosec developments you should know, including
--FBI seized domains for the BreachForums hacking forum operated by ShinyHunters,
--Over 100 companies affected by Cl0p attack on Oracle business products,
--All SonicWall firewall users were affected by last month's breach,
--Pro-Russian DDoS player TwoNet now targets critical infrastructure,
--Storm-2657 engages in pira…

FBI seized domains for the BreachForums hacking forum operated by ShinyHunters
100+ companies affected by Cl0p attack on Oracle business products, All SonicWall firewall users were affected by last month's breach, Pro-Russian DDoS player TwoNet now targets CI, Storm-2657 engages in pirate payroll attacks, ClayRat Android malware poses as popular apps, much more

Sources and docs: the US DOJ charges Peter Williams, ex-director of zero-day vendor L3Harris' Trenchant, with stealing trade secrets to sell to a Russian buyer (Bloomberg)
https://www.bloomberg.com/news/articles/2025-10-2…

China says the NSA has been hacking its National Time Service Center, which provides high precision time services for the government and others, since 2023 (Bloomberg)
https://www.bloomberg.com/news/articles/2025-10-19/china-…

https://www.bbc.com/news/articles/c203pedz58go
Children hacking their own schools for 'fun', watchdog warns

Children hacking their own schools for 'fun', watchdog warns
The Information Commissioner's Office says schools face an "insider threat" from children as young as seven.

A profile of Noah Urban, who was a key member of the Scattered Spider group because of his social engineering skills and is serving a 10-year prison sentence (Margi Murphy/Bloomberg)

At least three UK organizations hit by SharePoint zero-day hacking campaign https://therecord.media/organizations-united-kingdom-sharepoint

Wow, it's finally Friday, and don't leave for the weekend until you've checked out today's Metacurity for the top infosec news you should know, including
--Apple sent a new round of spyware notifications to affected users,
--Akira is exploiting critical flaw in SonicWall,
--Vietnamese government warns of National Credit Information Center hack,
--UK ICO warns that kids are hacking their schools,
--Opposition to EU Chat Control scanning of encrypte…

Apple sent a new round of spyware notifications to affected users
Akira is exploiting critical flaw in SonicWall, Vietnamese government warns of National Credit Information Center hack, UK ICO warns that kids are hacking their schools, Opposition to EU Chat Control scanning of encrypted messages grows, New infostealer dubbed ModStealer stays invisible, much more

BreachForums admin Conor Fitzpatrick is resentenced to three years in prison after an appeals court vacated his prior sentence of 20 years of supervised release (Lawrence Abrams/BleepingComputer)
https://www.bleepingcomputer.com/news/secu

So LA Metro digital signs were hacked ostensibly by the Mutarrif Siberislam hacking group that hijacked N. American airport PA systems recently.
LA Metro digital signs taken over by hackers
https://ktla.com/news/california/la-metro-digital-signs-taken-over…

Sources: UK security services including MI5 step up work with the country's largest companies over hacking fears and to improve UK cyber warfare preparedness (Financial Times)
https://www.ft.com/content/6e54967b-48ce-4788-99c7-36b5801e7dfe

UK security services step up work with business to fight cyber threats
High-profile hacks raise fears about the potential economic damage caused by disruption to supply chains and services

"Noah Urban’s role in the notorious Scattered Spider gang was talking people into unwittingly giving criminals access to sensitive computer systems."
‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker
https://www.blo…

Another airline hit by a criminal extortion group, this time Clop.
Regional airline Envoy Air confirms Oracle E-Business Suite compromise
https://therecord.media/regional-airline-envoy-oracle

Regional airline Envoy Air confirms Oracle E-Business Suite compromise
The regional American airline Envoy Air confirmed that its IT system was impacted by a recent hacking campaign targeting Oracle E-Business Suite.

Google says Cl0p hackers who exploited vulnerabilities in Oracle's E-Business Suite have stolen data from "dozens" of organizations since at least July 10 (Zack Whittaker/TechCrunch)
https://techcrunch.com/2025/10/09/dozens-of-o…

‘Dozens’ of organizations had data stolen in Oracle-linked hacks | TechCrunch
The mass-hacks targeting Oracle E-Business customers is the latest hacking campaign by Clop, an extortion group known for abusing security flaws in enterprise products to steal large amounts of sensitive data.

According to the Daily Mail, Russian hackers have stolen hundreds of sensitive military documents containing details of eight RAF and Royal Navy bases as well as Ministry of Defence staff names and emails and posted them on the dark web.
https://www.dailymail.co.uk/news/…

'Catastrophic' attack as Russians hack files on EIGHT MoD bases and post them on the dark web
In what has been described as a 'catastrophic' security breach, cybercriminals accessed the cache of files by hacking a maintenance contractor used by the MoD.

Holy cow. Finnish prosecutors have charged a second person, a 28-year-old foreign national, in the hacking of the Vastaamo psychotherapy center.
https://syyttajalaitos.fi/en/-/the-pro

North Korean operation uses ChatGPT to forge military IDs as part of cyberattack https://therecord.media/north-korea-kimsuky-hackers-phishing-fake-military-ids-chatgpt

Do we believe this?
Scattered Lapsus$ Hunters hackers announce retirement
https://www.cyberdaily.au/security/12629-scattered-lapsus-hunters-hackers-announce-retirement

Scattered Lapsus$ Hunters hackers announce retirement
The hacking league responsible for multiple high-profile hacks says it is going “gentle into that good night”.

Regional airline Envoy Air confirms Oracle E-Business Suite compromise https://therecord.media/regional-airline-envoy-oracle

North Korean hackers seen using blockchain to hide crypto-stealing malware https://therecord.media/north-korean-hackers-using-blockchain-hiding-malware

New Zealand sanctions Russian military hackers over cyberattacks on Ukraine https://therecord.media/new-zealand-russia-gru-ukraine

Two groups exploit WinRAR flaws in separate cyber-espionage campaigns https://therecord.media/winrar-zero-day-exploited-romcom-paper-werewolf-goffee-hackers