piyokango
LightNews LightNews
piyokango.bsky.social
piyokango
@piyokango.bsky.social
1.1K followers 2 following 990 posts
セキュリティインコです🐣 Blueskyでは海外のセキュリティ関連記事を中心につぶやきます。気の向くままブログ(piyolog)も書いてます📝Podcast #セキュリティのアレ も参加中です🎤よろしくお願いします~🐦 プロフィール画像はアレティさんに描いて頂きました😃
Posts Media Videos Starter Packs
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
Contiランサムウェアの容疑でウクライナ人がアイルランドから送還
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Ukrainian extradited from Ireland on Conti ransomware charges
A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison.
www.bleepingcomputer.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
AIエージェントが暴走するとき:A2Aシステムにおけるエージェントセッション密輸攻撃
#CybersecurityNews
unit42.paloaltonetworks.com/agent-sessio...
When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems
Agent session smuggling is a novel technique where AI agent-to-agent communication is misused. We demonstrate two proof of concept examples.
unit42.paloaltonetworks.com
3
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
オーストラリア、パッチ未適用のシスコ製デバイスでBadCandy感染の恐れを警告
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Australia warns of BadCandy infections on unpatched Cisco devices
The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell.
www.bleepingcomputer.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
BRONZE BUTLER が日本の資産管理ソフトウェアの脆弱性を悪用
#CybersecurityNews
news.sophos.com/en-us/2025/1...
BRONZE BUTLER exploits Japanese asset management software vulnerability
The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932)
news.sophos.com
3
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
AWS障害で2,700ドルのスマートベッドが使用不可に
#CybersecurityNews
www.404media.co/the-aws-outa...
The AWS Outage Bricked People’s $2,700 Smartbeds
When Amazon Web Services went offline, people lost control of their cloud-connected smart beds, getting stuck in reclined positions or roasting with the heat turned all the way up.
www.404media.co
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
研究者によると、Lumma Stealerの空白は、アップグレードされたVidar 2.0 Infostealerによって埋められた
#CybersecurityNews
www.infosecurity-magazine.com/news/lumma-s...
Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer
Trend Micro believe security teams should anticipate increased Vidar 2.0 prevalence in campaigns through Q4 2025
www.infosecurity-magazine.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
新たな研究で、ディープフェイクの嫌がらせツールがソーシャルメディアや検索エンジンで拡散していることが判明
#CybersecurityNews
www.404media.co/deepfake-too...
New Research Shows Deepfake Harassment Tools Spread on Social Media and Search Engines
An analysis of how tools to make non-consensual sexually explicit deepfakes spread online, from the Institute for Strategic Dialogue, shows X and search engines surface these sites easily.
www.404media.co
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
求人募集:ベトナム人アクターが偽の求人広告キャンペーンでマルウェアを拡散し、認証情報を盗む
#CybersecurityNews
cloud.google.com/blog/topics/...
Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials | Google Cloud Blog
Financially motivated actors are using fake job postings on legitimate platforms to target the digital advertising and marketing sectors.
cloud.google.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
Windows Server の重大な WSUS の脆弱性が攻撃に悪用
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Critical WSUS flaw in Windows Server now exploited in attacks
Attackers are now exploiting a critical-severity Windows Server Update Services (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code.
www.bleepingcomputer.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
身代金支払い率が急落する中、内部からの脅威が迫る
#CybersecurityNews
www.coveware.com/blog/2025/10...
Insider Threats Loom while Ransom Payment Rates Plummet
The percentage of companies choosing to pay ransoms dropped significantly, while threat actors shift their tactics in response to decreasing profits.
www.coveware.com
3
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
AmazonがAWSの障害がWebダウンに至った経緯を説明
#CybersecurityNews
www.wired.com/story/amazon...
Amazon Explains How Its AWS Outage Took Down the Web
Plus: The Jaguar Land Rover hack sets an expensive new record, OpenAI’s new Atlas browser raises security fears, Starlink cuts off scam compounds, and more.
www.wired.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
新たなCoPhish攻撃はCopilot Studioエージェント経由でOAuthトークンを盗む
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
New CoPhish attack steals OAuth tokens via Copilot Studio agents
A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains.
www.bleepingcomputer.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
被害者がハッカーへの支払いを停止したことでランサムウェアの収益は減少
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Ransomware profits drop as victims stop paying hackers
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands.
www.bleepingcomputer.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
Google、Gmailの大規模データ漏洩に関する虚偽の主張に異議を唱える
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Google disputes false claims of massive Gmail data breach
Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accou...
www.bleepingcomputer.com
1 2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 9d
はい、おっしゃる通りの傾向があるとの記事ですね。
調査対象に日本は含まれていませんでした。
piyokango.bsky.social
piyokango @piyokango.bsky.social · 13d
ランサムウェアの支払額は減少する一方で、支払額は増加している
#CybersecurityNews
thecyberexpress.com/ransomware-p...
Ransomware Payments Get Bigger Even as Fewer Pay
Fewer organizations are paying the ransom when confronted with a ransomware attack – but those that do make ransomware payments
thecyberexpress.com
1 2 3
piyokango.bsky.social
piyokango @piyokango.bsky.social · 13d
親ロシア派の情報作戦はロシアのドローンによるポーランド領空侵犯を利用
#CybersecurityNews
cloud.google.com/blog/topics/...
Pro-Russia Information Operations Leverage Russian Drone Incursions into Polish Airspace | Google Cloud Blog
Pro-Russia information operations promoting narratives related to the incursion of Russian drones into Polish airspace.
cloud.google.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 13d
ソルティ・マッチ:最近のSalt Typhoonの侵入に関するDarktraceの見解
#CybersecurityNews
www.darktrace.com/blog/salty-m...
Proactive protection
www.darktrace.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 13d
AWSの大規模障害がインターネットについて明らかにしたこと
#CybersecurityNews
www.wired.com/story/what-t...
What the Huge AWS Outage Reveals About the Internet
Amazon Web Services experienced DNS resolution issues on Monday morning, taking down wide swaths of the web—and highlighting a long-standing weakness in the internet's infrastructure.
www.wired.com
1 5
piyokango.bsky.social
piyokango @piyokango.bsky.social · 13d
マルウェアと攻撃拡大の追跡:アジアを横断するハッカー集団の旅
#CybersecurityNews
www.fortinet.com/blog/threat-...
Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia | FortiGuard Labs
FortiGuard Labs has tracked a hacker group expanding attacks from Mainland China to Malaysia, linking campaigns through shared code, infrastructure, and tactics.…
www.fortinet.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 13d
ロボットになるか、そうでないか:ロシア政府が支援するCOLDRIVERに起因する新たなマルウェア
#CybersecuityNews
cloud.google.com/blog/topics/...
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER | Google Cloud Blog
Russia state-sponsored COLDRIVER started using new malware immediately following a May public disclosure of their activity.
cloud.google.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 13d
高速、広範囲、そして捉えにくい:Vidar Stealer 2.0 がインフォスティーラーの機能をアップグレードする方法
#CybersecurityNews
www.trendmicro.com/en_us/resear...
Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution...
www.trendmicro.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 13d
DOXINGキャンペーンにより Lumma Stealer の活動鈍化
#CybersecurityNews
thecyberexpress.com/lumma-steale...
Lumma Stealer Slowed by Doxxing Campaign
The prolific threat actors behind the Lumma Stealer malware have been slowed by an underground doxxing campaign in recent months.
thecyberexpress.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 15d
Odyssey StealerとAMOSのキャンペーン、偽ツールを通じてmacOS開発者を標的に
#CybersecurityNews
hunt.io/blog/macos-o...
Odyssey Stealer & AMOS Hit macOS Developers with Fake Homebrew Sites
A large-scale macOS malware campaign mimics trusted dev tools to spread Odyssey Stealer and AMOS via fake Homebrew sites. Learn more.
hunt.io
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 15d
TikTok動画、ClickFixを介してInfostealerを駆り立て続けている
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
TikTok videos continue to push infostealers in ClickFix attacks
Cybercriminals are using TikTok videos disguised as free activation guides for popular software like Windows, Spotify, and Netflix to spread information-stealing malware.
www.bleepingcomputer.com
2