![[tl;dr sec] #302 - LLM Honeypot Catches Threat Actor, Supply Chain Compromise Survey, AI-powered Malware](https://image.cybernoz.com/wp-content/uploads/2025/10/tldr-sec-302-LLM-Honeypot-Catches-Threat-Actor-Supply.png)
[tl;dr sec] #302 – LLM Honeypot Catches Threat Actor, Supply Chain Compromise Survey, AI-powered Malware
CAB This week Semgrep had our Customer Advisory Board (CAB), where I got to hang out with and learn from a bunch of security leaders…
Month: October 2025
Climbing costs, skills loss and other AI warnings for CIOs
ORLANDO, Fla. — As CIOs lead their organizations through AI-driven change, runaway costs and accuracy hiccups continue to threaten momentum, analysts said during the opening…
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions
OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions. The AI…
SpaceX Disabled 2,500+ Starlink Terminals Tied to Scam Centers in Myanmar
SpaceX has disabled over 2,500 Starlink satellite internet terminals linked to notorious scam centers in Myanmar. The action underscores the company’s commitment to denying the…
Why Data Storage is the Key to Securing Smart Meters
Smart meters are at the center of smart energy, designed to support real-time data exchange, remote diagnostics, and dynamic pricing. Built to last for up…
Global SMS Phishing Campaign Traced to China Targets Users Worldwide
A sophisticated and widespread smishing campaign originating from China has emerged as a significant threat to users worldwide. Researchers have attributed the ongoing attack to…
Researchers expose large-scale YouTube malware distribution network
Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the “YouTube Ghost Network.” The…
Bereaved families call for public inquiry over suicide forum
Bereaved families are calling for a public inquiry over “repeated failures” by the government and online harms regulator Ofcom to effectively deal with a “nihilistic”…
Zero Trust Has a Blind Spot—Your AI Agents
By Ido Shlomo, CTO and Co-Founder, Token Security Agentic AI has arrived. From custom GPTs to autonomous copilots, AI agents now act on behalf of…
Caminho Malware Loader Conceals .NET Payloads inside Images via LSB Steganography
Cybersecurity researchers at Arctic Wolf Labs have uncovered a cunning new threat dubbed Caminho, a Brazilian Loader-as-a-Service (LaaS) that’s turning everyday images into Trojan horses…
Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)
CVE-2025-61932, an “improper verification of source of a communication channel” vulnerability affecting Lanscope Endpoint Manager, has been exploited as a zero-day since April 2025, the…
Amid CISA cuts, US state launches first VDP
The US state of Maryland has launched a statewide Vulnerability Disclosure Programme (VDP) to give ethical hackers the chance to probe systems across its government for…