piyokango
LightNews LightNews
piyokango.bsky.social
piyokango
@piyokango.bsky.social
1.1K followers 2 following 1.1K posts
セキュリティインコです🐣 Blueskyでは海外のセキュリティ関連記事を中心につぶやきます。気の向くままブログ(piyolog)も書いてます📝Podcast #セキュリティのアレ も参加中です🎤よろしくお願いします~🐦
プロフィール画像はアレティさんに描いて頂きました😃
Posts Replies Media Videos
piyokango.bsky.social
2025年に最も危険なソフトウェアの脆弱性トップ25が明らかに
#CybersecurityNews
www.infosecurity-magazine.com/news/top-25-...
Top 25 Most Dangerous Software Weaknesses of 2025 Revealed
MITRE has released its Top 25 CWE list for 2025, compiled from software and hardware flaws behind almost 40,000 CVEs
www.infosecurity-magazine.com
December 17, 2025 at 3:47 PM
piyokango.bsky.social
AMOS StealerがAI Trustを悪用:ChatGPTとGrokを通じて拡散されるマルウェア
#CybersecurityNews
www.huntress.com/blog/amos-st...
AI-Poisoning & AMOS Stealer: How Trust Became the Biggest Mac Threat | Huntress
Attackers are exploiting user trust in AI and aggressive SEO to deliver an evolved Atomic macOS Stealer. Learn why this social engineering tradecraft bypasses traditional network controls and the futu...
www.huntress.com
December 17, 2025 at 3:46 PM
piyokango.bsky.social
複数の脅威アクターがReact2Shell(CVE-2025-55182)を悪用
#CybersecurityNews
cloud.google.com/blog/topics/...
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) | Google Cloud Blog
Widespread exploitation of the React2Shell vulnerability (CVE-2025-55182) by multiple threat actors, including China and cyber criminals.
cloud.google.com
December 17, 2025 at 3:43 PM
piyokango.bsky.social
偽のMicrosoft TeamsとGoogle MeetのダウンロードがOysterバックドアを拡散
#CybersecurityNews
hackread.com/fake-microso...
Fake Microsoft Teams and Google Meet Downloads Spread Oyster Backdoor
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
December 17, 2025 at 3:43 PM
piyokango.bsky.social
セキュリティ研究者が新たな欠陥指摘後、Reactは新たなパッチをリリース
#CybersecurityNews
www.cybersecuritydive.com/news/react-i...
React issues new patches after security researchers flag additional flaws
Researchers warn that critical infrastructure providers and government sites are being targeted by state-linked attackers.
www.cybersecuritydive.com
December 17, 2025 at 3:41 PM
piyokango.bsky.social
バックドア NANOREMOTEはFINALDRAFTのいとこ
#CybersecurityNews
www.elastic.co/security-lab...
NANOREMOTE, cousin of FINALDRAFT — Elastic Security Labs
The fully-featured backdoor we call NANOREMOTE shares characteristics with malware described in REF7707 and is similar to the FINALDRAFT implant.
www.elastic.co
December 17, 2025 at 3:40 PM
piyokango.bsky.social
ConsentFix: OAuth 同意付与をハイジャックするブラウザネイティブの ClickFix スタイルの攻撃を分析
#CybersecurityNews
pushsecurity.com/blog/consent...
ConsentFix: Browser-native ClickFix hijacks OAuth grants
Analysing
pushsecurity.com
December 17, 2025 at 3:39 PM
piyokango.bsky.social
悪意のあるPDFを通じて政府ウェブサイトにポルノが挿入されている
#CybersecurityNews
www.404media.co/porn-is-bein...
Porn Is Being Injected Into Government Websites Via Malicious PDFs
Dozens of government websites have fallen victim to a PDF-based SEO scam, while others have been hijacked to sell sex toys.
www.404media.co
December 17, 2025 at 3:37 PM
piyokango.bsky.social
SantaStealerが街にやってくる:地下フォーラムで宣伝されている野心的な新インフォスティーラー
#CybersecurityNews
www.rapid7.com/blog/post/tr...
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums | Rapid7 Blog
Rapid7 Website
www.rapid7.com
December 17, 2025 at 3:37 PM
piyokango.bsky.social
ハッカーのハニーポット?フランス内務省から送られたメールを通じてBreachForumsが再開
#CybersecurityNews
securityonline.info/hacker-honey...
Hacker Honeypot? BreachForums Reopens via Emails Sent from French Ministry of the Interior Domain
Following a data leak, emails from the French Ministry of the Interior's domain invited hackers to the 'new' BreachForums. The community warns it is likely a highly sophisticated honeypot.
securityonline.info
December 17, 2025 at 3:35 PM
piyokango.bsky.social
中国のInk Dragonは欧州の政府ネットワークに潜んでいる
#CybersecurityNews
www.theregister.com/2025/12/16/c...
China's Ink Dragon hides out in European government networks
: Misconfigured servers are in, 0-days out
www.theregister.com
December 17, 2025 at 3:34 PM
piyokango.bsky.social
米Amazon、エッジネットワークデバイスを攻撃する露GRUハッカーを阻止
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Amazon disrupts Russian GRU hackers attacking edge network devices
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers' cloud infrastru...
www.bleepingcomputer.com
December 17, 2025 at 3:33 PM
piyokango.bsky.social
米テキサス州、視聴者の視聴内容をスクリーンショットしたとしてテレビメーカーを提訴
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Texas sues TV makers for taking screenshots of what people watch
The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (...
www.bleepingcomputer.com
December 17, 2025 at 3:32 PM
piyokango.bsky.social
React2Shell攻撃、複数セクターに拡大
#CybersecurityNews
www.cybersecuritydive.com/news/react2s...
React2Shell attacks expand widely across multiple sectors
Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools.
www.cybersecuritydive.com
December 17, 2025 at 3:29 PM
piyokango.bsky.social
現在、パークドメインのほとんどが悪質なコンテンツを提供している
#CybersecurityNews
krebsonsecurity.com/2025/12/most...
Most Parked Domains Now Serving Malicious Content
Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expire...
krebsonsecurity.com
December 17, 2025 at 3:28 PM
piyokango.bsky.social
React2Shell の GitHub スキャナー (CVE-2025-55182) がマルウェアであることが判明
#CybersecurityNews
hackread.com/github-scann...
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
December 17, 2025 at 3:25 PM
piyokango.bsky.social
OWASP 生成AI セキュリティ プロジェクトが、エージェント AI セキュリティにおけるトップ 10 のリスクと軽減策を発表
#CybersecurityNews
genai.owasp.org/2025/12/09/o...
OWASP GenAI Security Project Releases Top 10 Risks and Mitigations for Agentic AI Security
Culmination of over 100 industry leaders’ input and extensive published resources to deliver critical guidance to address Agentic AI Security risks   WILMINGTON, Del. — Dec. 10, 2025 — The OWASP GenAI...
genai.owasp.org
December 11, 2025 at 8:49 AM
piyokango.bsky.social
Google、2025年に攻撃で悪用されたChromeのゼロデイ脆弱性8件目を修正
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Google fixes eighth Chrome zero-day exploited in attacks in 2025
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year.
www.bleepingcomputer.com
December 11, 2025 at 8:49 AM
piyokango.bsky.social
米国、水道システムや食肉工場を標的にしたロシアのグループと関係のあるハッカーを起訴
#CybersecurityNews
cyberscoop.com/us-charges-r...
US charges hacker tied to Russian groups that targeted water systems and meat plants
Victoria Dubranova faces charges tied to her alleged role in two groups backed by the Russian government.
cyberscoop.com
December 11, 2025 at 8:48 AM
piyokango.bsky.social
中国のハッカー集団「Salt Typhoon」に関係する2人はCiscoの「アカデミー」で訓練を受けた可能性
#CybersecurityNews
www.wired.com/story/2-men-...
2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’
The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years before the group targeted Cisco’s devices in a spy campaign...
www.wired.com
December 11, 2025 at 8:48 AM
piyokango.bsky.social
Group123の最近のキャンペーンのハイライトとトレンド
#CybersecurityNews
www.cyfirma.com/research/apt...
APT PROFILE – GROUP 123 - CYFIRMA
Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked...
www.cyfirma.com
December 11, 2025 at 8:47 AM
piyokango.bsky.social
Microsoft Teams、外部ドメインとの不審なトラフィックを警告
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Microsoft Teams to warn of suspicious traffic with external domains
Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats.
www.bleepingcomputer.com
December 11, 2025 at 8:46 AM
piyokango.bsky.social
CISA、FBI、米国および世界のパートナーは、親ロシア派ハクティビストの脅威から重要なインフラを守るために即時行動を推奨
#CybersecurityNews
www.cisa.gov/news-events/...
CISA, FBI, and U.S. and Global Partners Urge Immediate Action to Defend Critical Infrastructure from Pro-Russia Hacktivist Threats | CISA
www.cisa.gov
December 11, 2025 at 8:43 AM
piyokango.bsky.social
Spiderman Phishing Kit、リアルタイム認証情報窃取で欧州の銀行を狙う
#CybersecurityNews
hackread.com/spiderman-ph...
Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
December 11, 2025 at 8:42 AM
piyokango.bsky.social
Log4Shellは2025年に4000万回ダウンロード
#CybersecurityNews
www.infosecurity-magazine.com/news/log4she...
Log4Shell Downloaded 40 Million Times in 2025
Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug
www.infosecurity-magazine.com
December 11, 2025 at 8:41 AM