Security Bulletin

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This is just a quick diary entry to report that I saw requests on my honeypot for (code) repositories:

Learn all about where to find Cisco Customer Experience integrations at Cisco Live Melbourne 2025.

The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices.

A published VS Code extension didn't hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated.

In partnership with Emirates tech company G42, Microsoft is building the first stage of a 5-gigawatt US-UAE AI campus using Nvidia GPUs.

Human-centered identity frameworks are incorrectly being applied to AI agents, creating the potential for catastrophe at machine speed, Poghosyan argues.

New synthetic security staffers promise to bring artificial intelligence comfortably into the security operations center, but they will require governance to protect security.

Security researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code execution.

Megjelent a 2025. 45. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.10.31. és 2025.11.06. között kezelt incidensek, valamint az elosztott kormányzati IT biztonsági csapdarendszerből (GovProbe1) származó adatok statisztikai eloszlását is...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Threat actors will continue to abuse deepfake technology to conduct fraudulent activity, so organizations need to implement strong security protocols – even if it adds to user friction.