セキュリティ脅威とプライバシー保護の最新情報
7 ソースから配信中 · 50 記事
デジタル社会におけるプライバシーとセキュリティは、もはや専門家だけの関心事ではありません。ランサムウェア攻撃の増加、個人データの大規模流出、AIを悪用したソーシャルエンジニアリングなど、サイバー脅威は年々巧妙化しています。ZeroReaderのプライバシーカテゴリーでは、こうした脅威の最新動向に加え、個人が身を守るための実践的な対策情報までをカバーしています。
2025年のサイバーセキュリティ分野では、ゼロトラストアーキテクチャの企業導入が標準化しつつあります。パスキーの普及によりパスワードレス認証への移行が現実のものとなり、FIDOアライアンスの推進するWebAuthn対応サービスも増加しています。一方で、生成AIを活用したフィッシング攻撃やディープフェイクによるなりすまし詐欺が新たな脅威として浮上しており、防御側もAI駆動の脅威検知システムの導入を急いでいます。
Krebs on Securityの精緻な調査報道は業界でも定評があり、大規模なデータ侵害事件の詳細分析が読める貴重なソースです。EFF(電子フロンティア財団)からはデジタル権利に関する政策提言を、Bruce Schneierのブログからは暗号技術の専門家による冷静な分析を取得。実用面ではPrivacy Guidesのツール比較やBleepingComputerの脆弱性速報も含め、知識と実践の両面をカバーしています。
注目ポイント
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox a
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua in
New ‘LucidRook’ malware used in targeted attacks on NGOs, un
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...
New VENOM phishing attacks steal senior executives' Microsof
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...
Google moved up its estimated deadline for quantum preparedness in cryptography to 2029—only 33 months from now. That’s earlier than previous deadlines, and they proposed the new post-quantum migration deadline because of two new papers that comprise a big jump in the state of the technology. It’s a
Healthcare IT solutions provider ChipSoft hit by ransomware
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...
Google Chrome adds infostealer protection against session co
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...
As long as people have had more than one purchasing option, they’ve been comparing those options and looking for bargains. Online shoppers are no exception; in fact, one of the potential benefits of the internet is that it expands our options for everything from car rentals to airline tickets to dis
After almost twenty years on the platform, EFF is logging off of X. This isn’t a decision we made lightly, but it might be overdue. The math hasn’t worked out for a while now. The Numbers Aren’t Working Out We posted to Twitter (now known as X) five to ten times a day in 2018. Those tweets garnered
Smart Slider updates hijacked to push malicious WordPress, J
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...
When attackers already have the keys, MFA is just another do
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice.
Webinar: From noise to signal - What threat actors are targe
Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming webinar with Flare Systems to learn how to turn those early warning signs into proactive defensive action before an intrusion begins. [...
As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and creatin
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact ("Invoice540.pdf")
On Microsoft’s Lousy Cloud Security
ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the s
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets
Eurail says December data breach impacts 300,000 individuals
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. [...
Hackers exploiting Acrobat Reader zero-day flaw since Decemb
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...
Hackers steal $3.6 million from crypto ATM giant Bitcoin Dep
Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. [...
Pirate streaming network Dramacool and several associated sites shut down in November 2024, citing legal pressure from copyright holders. The operators of the Asian drama and anime portal never revealed who was behind that pressure, but court records later showed it was Wavve Americas Inc., the pare
On March 23, the FCC issued an update to their Covered List, a list of equipment banned from obtaining regulatory approval necessary for U.S. sale (and thus effectively a ban on sale of new devices), to include all new routers produced in foreign countries unless they are specifically given an excep
Another court has ruled that copyright can’t be used to keep our laws behind a paywall. The U.S. Court of Appeals for the Third Circuit upheld a lower court’s ruling that it is fair use to copy and disseminate building codes that have been incorporated into federal and state law, even though those c
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its tradition
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of I
Time and time again, we've seen police surveillance suffer from 'mission creep'—technology sold as a way to prevent heinous crimes ends up enforcing traffic violations, tracking protestors, and more. In our latest EFFector newsletter, we're diving into this troubling pattern and sharing all the late
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: i
Python Supply-Chain Compromise
This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without re
Cybersecurity in the Age of Instant Software
AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens fr
Hong Kong Police Can Force You to Reveal Your Encryption Key
According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong authoriti
In late 2022, several of the world’s largest music companies, including Warner Bros. and Sony Music prevailed in their lawsuit against Internet provider Grande Communications. The record labels accused the Astound-owned ISP of not doing enough to stop pirating subscribers. Specifically, they alleged
New Mexico’s Meta Ruling and Encryption
Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the “design choices create liability” framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it le
Last week, X asked a federal court in Tennessee to dismiss a music piracy lawsuit, arguing that the Supreme Court’s ruling in Cox v. Sony, rendered the music companies’ contributory infringement theory futile. The music publishers, meanwhile, were busy in a different court, asking a Texas judge to t
Google Wants to Transition to Post-Quantum Cryptography by 2
Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing. Slashdot thread.
An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotag
The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. Downloading content without permission is copyright infringement. These torrent download statistics are only meant to provide further insight into piracy trends. All data are
The Supreme Court’s decision to reverse the billion-dollar piracy liability verdict against Cox Communications is a major win for Internet service providers. It confirms that they can’t be held liable for pirating activities of subscribers or customers unless they actively induce copyright infringem
YouTube downloaders and other nifty tools are seen as a major piracy threat by the music industry. To curb this trend, music companies have taken legal action against various stream-ripping services. This includes Yout.com, which is operated by the American developer Johnathan Nader. Nader is not ea
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the wiper
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more t
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organi
Illustration: fria / Privacy GuidesEmail is ubiquitous. If you want to function in modern society, you pretty much have to have an email address. What was originally just a simple protocol to send messages between machines has morphed beyond what it was originally intended for into the de facto auth
