#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #cloud #exploit #phishing #ransomware #breach #zero-day #supply-chain
Articles tagged with: #security-tools Clear filter
Free interactive 3D security awareness training

Free interactive 3D security awareness training

cybersecurity www.reddit.com

Hey r/cybersecurity ! TL;DR: We're building a free & open platform for interactive security awareness training - and you can use it however you like. Most security awareness training ends up being boring slide decks or videos. The problem is, they don't actually build defensive skills, since people stay passive instead of practicing what to do in real-life situations. We're taking a different approach: an interactive 3D office environment where you face realistic incidents from a first-person...

#security-tools
Hackers Leverage Google Classroom for 115,000+ Phishing Emails Targeting 13,500+ Organizations

Hackers Leverage Google Classroom for 115,000+ Phishing Emails Targeting 13,500+ Organizations

Cyber Security News cybersecuritynews.com

A large-scale phishing campaign was conducted by threat actors who abused Google Classroom to distribute over 115,000 malicious emails to more than 13,500 organizations globally. The campaign uncovered by Check Point unfolded in five distinct waves between August 6 and August 12, 2025, and weaponized the trusted educational platform to bypass conventional security filters. The

#security-tools #phishing
Attaxion Releases Agentless Traffic Monitoring for Immediate Risk Prioritization

Attaxion Releases Agentless Traffic Monitoring for Immediate Risk Prioritization

Cyber Security News cybersecuritynews.com

Dover, DE, United States, August 25th, 2025, CyberNewsWire Attaxion announces the addition of the Agentless Traffic Monitoring capability to its exposure management platform. Agentless Traffic Monitoring is a new capability designed to give cybersecurity teams actionable visibility into network traffic flowing to and from their digital assets - all without the need to deploy any

#security-tools
KnowBe4 Report: Global Financial Sector Faces Cyber Threat Surge

KnowBe4 Report: Global Financial Sector Faces Cyber Threat Surge

Cyber Security - AI-Tech Park ai-techpark.com

Research shows financial institutions experience up to 300 times more cyberattacks than other sectors, with large banks reporting 45% of employees susceptible to phishing attacks KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, has released its latest research paper "Financial Sector Threats Report," uncovering critical insights into...

#security-tools #phishing
Hackers Leverage SendGrid in Recent Attack to Harvest Login Credentials

Hackers Leverage SendGrid in Recent Attack to Harvest Login Credentials

Cyber Security News cybersecuritynews.com

A sophisticated credential harvesting campaign has emerged, exploiting the trusted reputation of SendGrid to deliver phishing emails that successfully bypass traditional email security gateways. The attack leverages SendGrid's legitimate cloud-based email service platform to create authentic-looking communications that target unsuspecting users across multiple organizations. The campaign employs a multi-faceted approach, utilizing three distinct email themes

#cloud #security-tools #incident #phishing
from Benign import Toxic: Jailbreaking the Language Model via Adversarial Metaphors

from Benign import Toxic: Jailbreaking the Language Model via Adversarial Metaphors

cs.CR updates on arXiv.org arxiv.org

arXiv:2503.00038v4 Announce Type: replace-cross Abstract: Current studies have exposed the risk of Large Language Models (LLMs) generating harmful content by jailbreak attacks. However, they overlook that the direct generation of harmful content from scratch is more difficult than inducing LLM to calibrate benign content into harmful forms. In our study, we introduce a novel attack framework that exploits AdVersArial meTAphoR (AVATAR) to induce the LLM to calibrate malicious metaphors for...

#security-tools #incident #ai
Privacy in Speech Technology

Privacy in Speech Technology

cs.CR updates on arXiv.org arxiv.org

arXiv:2305.05227v3 Announce Type: replace-cross Abstract: Speech technology for communication, accessing information, and services has rapidly improved in quality. It is convenient and appealing because speech is the primary mode of communication for humans. Such technology, however, also presents proven threats to privacy. Speech is a tool for communication and it will thus inherently contain private information. Importantly, it however also contains a wealth of side information, such as...

#security-tools
Contrastive-KAN: A Semi-Supervised Intrusion Detection Framework for Cybersecurity with scarce Labeled Data

Contrastive-KAN: A Semi-Supervised Intrusion Detection Framework for Cybersecurity with scarce Labeled Data

cs.CR updates on arXiv.org arxiv.org

arXiv:2507.10808v3 Announce Type: replace Abstract: In the era of the Fourth Industrial Revolution, cybersecurity and intrusion detection systems are vital for the secure and reliable operation of IoT and IIoT environments. A key challenge in this domain is the scarcity of labeled cyberattack data, as most industrial systems operate under normal conditions. This data imbalance, combined with the high cost of annotation, hinders the effective training of machine learning models. Moreover, the...

#security-tools #detection-engineering
How to Beat Nakamoto in the Race

How to Beat Nakamoto in the Race

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.16202v1 Announce Type: new Abstract: This paper studies proof-of-work Nakamoto consensus under bounded network delays, settling two long-standing questions in blockchain security: How can an adversary most effectively attack block safety under a given block confirmation latency? And what is the resulting probability of safety violation? A Markov decision process (MDP) framework is introduced to precise characterize the system state (including the tree and timings of all blocks...

#security-tools #incident
CIA+TA Risk Assessment for AI Reasoning Vulnerabilities

CIA+TA Risk Assessment for AI Reasoning Vulnerabilities

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.15839v1 Announce Type: new Abstract: As AI systems increasingly influence critical decisions, they face threats that exploit reasoning mechanisms rather than technical infrastructure. We present a framework for cognitive cybersecurity, a systematic protection of AI reasoning processes from adversarial manipulation. Our contributions are threefold. First, we establish cognitive cybersecurity as a discipline complementing traditional cybersecurity and AI safety, addressing...

#security-tools #vulnerability #incident #exploit
Mandiant vs Recorded Future in Threat Intelligence

Mandiant vs Recorded Future in Threat Intelligence

cybersecurity www.reddit.com

I know Mandiant is called the godfather of cyber intelligence, but honestly after using their platform, I felt like it was missing a lot of features and I didn't like their support, not to mention all their training courses cost an arm and leg. I'm thinking about suggesting Recorded Future to our CISO since our Mandiant contract is ending soon. Anyone had experience with Recorded Future platform and their support? submitted by /u/0x476c6f776965 [link] [comments]

#security-tools
Would a CTF as a Service platform be something the community actually needs?

Would a CTF as a Service platform be something the community actually needs?

cybersecurity www.reddit.com

Hey everyone, I'm working on an idea and wanted to get some feedback from this community before going too far with it. The idea is to build a CTF hosting platform platform, similar to how ctfd.io provides software, but with more features: You would be able to define Challenges at an organizational level and reuse them across Events. Ability to manage Challenge Authors and give them access only to the challenge they need to build. Provide the infrastructure and synchronize it with your panel....

#security-tools
Need help debugging database enumeration in my open-source SQL Injection scanner

Need help debugging database enumeration in my open-source SQL Injection scanner

cybersecurity www.reddit.com

Hi everyone, I'm working on an open-source project: a SQL Injection scanner inspired by sqlmap and Havij. It detects SQLi correctly, but the database enumeration ( --dbs , --tables , --columns ) is not working . Current behavior: it only returns raw HTML tags (like <html> , <h1> , etc.) Expected behavior: should extract database names, tables, and columns Likely issue: enumeration module isn't being invoked from main.py 🔗 GitHub issue link (with more details):...

#security-tools #sql-injection #sqli
Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

The Hacker News thehackernews.com

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. "On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor," Socket researcher Kirill Boychenko

#security-tools
[Open-Source]: Made a gamified cybersecurity training and awareness framework.

[Open-Source]: Made a gamified cybersecurity training and awareness framework.

cybersecurity www.reddit.com

For the past month or so, I've been refactoring my gamified cybersecurity training and awareness framework: Meeps Security . In Meeps Security, you play as an L1 SOC Analyst responsible for handling incoming calls related to cybersecurity incidents. Your job is to analyze each incident and submit the appropriate threat within the given SLA. To pass the shift, you must resolve at least 80% of the tickets accurately. The game also allows players to manage their tickets, accounts (callers), and...

#security-tools #incident
[Showcase/Research] I'm 15 and built a small Exploitation & C2 learning framework (Elaina-Cute)

[Showcase/Research] I'm 15 and built a small Exploitation & C2 learning framework (Elaina-Cute)

cybersecurity www.reddit.com

r/cybersecurity r/programming r/netsecstudents Hi everyone, I'm 15 years old and passionate about cybersecurity. Over the past months, I've been working on a small personal project called Elaina-Cute - an Exploitation & Command-and-Control (C2) framework made purely for learning purposes. Features (research-focused): Web & infrastructure exploitation (Web, LDAP, ADCS, WinRM, SSRF, etc.) Beacon/implant management over HTTP(S) TOR & Burp Suite integration for attack chains PyQt5 GUI + CLI Basic...

#security-tools #incident #exploit #ssrf
Cybersecurity Jarvis

Cybersecurity Jarvis

cybersecurity www.reddit.com

Ok guys, I think it's imperative that we begin building a cyops Jarvis. This is the only way we are going to be able to defend infrastructure. What would such an ai agents look like?? I'm thinking we start with an openbsd core, or maybe a Qubes core, or NixOS core, and we bake an ai with some GPU for muscle?? Would we start with a claud llm? Or go rhr MoE route?? Recently I saw that someone built an AI which essentially navigate and uses your website or platform, and then builds documentation...

#security-tools #ai
Sneaking Invisible Instructions by Developers in Windsurf

Sneaking Invisible Instructions by Developers in Windsurf

Embrace The Red embracethered.com

Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or result of a tool call that the developer cannot see, but the LLM does. Some LLMs interpret invisible Unicode Tag characters as instructions, which can lead to hidden prompt injection. As far as I can tell the Windsurf SWE-1 model can also "see" these invisible...

#security-tools #vulnerability #patch-management #ai