piyokango
LightNews LightNews
piyokango.bsky.social
piyokango
@piyokango.bsky.social
1.1K followers 2 following 1K posts
セキュリティインコです🐣 Blueskyでは海外のセキュリティ関連記事を中心につぶやきます。気の向くままブログ(piyolog)も書いてます📝Podcast #セキュリティのアレ も参加中です🎤よろしくお願いします~🐦
プロフィール画像はアレティさんに描いて頂きました😃
Posts Replies Media Videos
piyokango.bsky.social
クラウドでの障害発生毎に、政府による対策を求める声が高まっている
#CybersecurityNews
cyberscoop.com/with-each-cl...
With each cloud outage, calls for government action grow louder
Public interest groups want the feds to investigate the systemic risk from market consolidation, while tech and security experts worry about single points of failure.
cyberscoop.com
November 7, 2025 at 9:02 AM
piyokango.bsky.social
Gootloaderマルウェアが7ヶ月の休止期間を経て新たな手口で復活
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Gootloader malware is back with new tricks after 7-month break
The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware.
www.bleepingcomputer.com
November 7, 2025 at 9:01 AM
piyokango.bsky.social
Cloudflare、Aisuruボットネットをトップドメインリストから削除
#CybersecurityNews
krebsonsecurity.com/2025/11/clou...
Cloudflare Scrubs Aisuru Botnet from Top Domains List
For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested website...
krebsonsecurity.com
November 7, 2025 at 9:00 AM
piyokango.bsky.social
Sandworm ハッカーがデータワイパーを使ってウクライナの穀物部門を混乱させる
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Sandworm hackers use data wipers to disrupt Ukraine's grain sector
Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine's education, government, and the grain sector, the country's main revenue sou...
www.bleepingcomputer.com
November 7, 2025 at 9:00 AM
piyokango.bsky.social
ClickFixマルウェア攻撃はマルチOSサポートやビデオチュートリアルで進化
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
ClickFix malware attacks evolve with multi-OS support, video tutorials
ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic  detection of the operating ...
www.bleepingcomputer.com
November 7, 2025 at 8:59 AM
piyokango.bsky.social
Booking .comを狙った「二重支払い」フィッシングキャンペーン
#CybersecurityNews
www.infosecurity-magazine.com/news/i-paid-...
https://Booking.comを狙った「二重支払い」フィッシングキャンペーン
November 7, 2025 at 8:58 AM
piyokango.bsky.social
新たなCephalusランサムウェアは偽のAESキーとGo言語を使用して分析を阻止する
#CybersecurityNews
securityonline.info/new-cephalus...
New Cephalus Ransomware Uses Fake AES Keys and GoLang to Thwart Analysis
ASEC exposed Cephalus, a Go-based RaaS group attacking RDP. The malware uses VirtualLock, XOR encryption, and a fake AES key pattern to severely complicate memory and forensic analysis.
securityonline.info
November 7, 2025 at 8:56 AM
piyokango.bsky.social
リークサイトランサムウェアの被害者が1年で13%増加
#CybersecurityNews
www.infosecurity-magazine.com/news/leak-si...
Leak Site Ransomware Victims Spike 13% in a Year
CrowdStrike data reveals a 13% annual increase in the number of European ransomware victims in 2025
www.infosecurity-magazine.com
November 7, 2025 at 8:54 AM
piyokango.bsky.social
北朝鮮のハッカーが偽の就職面接でAIフィルターを使用する様子がビデオに捉えられる
#CybersecurityNews
hackread.com/north-korean...
North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
November 7, 2025 at 8:54 AM
piyokango.bsky.social
来るべき脅威に備える:2026年のサイバーセキュリティ予測
#CybersecurityNews
cloud.google.com/blog/topics/...
Preparing for Threats to Come: Cybersecurity Forecast 2026 | Google Cloud Blog
The Cybersecurity Forecast 2026 report contains forward-looking insights on AI, cybercrime, and nation-state activity.
cloud.google.com
November 7, 2025 at 8:53 AM
piyokango.bsky.social
Google が Chrome の自動入力をパスポートと免許証に拡張、しかしこれは安全なのか
#CybersecurityNews
hackread.com/google-chrom...
Google Expands Chrome Autofill to Passports and Licenses, But Is It Safe?
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
November 7, 2025 at 8:53 AM
piyokango.bsky.social
Google Playからマルウェアを仕込んだアプリが数百件、4,200万回ダウンロードされる
#CybersecurityNews
www.infosecurity-magazine.com/news/apps-do...
Hundreds of Malware-Laden Apps Downloaded 42 Million Times From Google
Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year
www.infosecurity-magazine.com
November 7, 2025 at 8:52 AM
piyokango.bsky.social
GTIG AI脅威トラッカー:脅威アクターによるAIツールの利用の進歩
#CybersecurityNews
cloud.google.com/blog/topics/...
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools | Google Cloud Blog
Google Threat Intelligence Group's findings on adversarial misuse of AI, including Gemini and other non-Google tools.
cloud.google.com
November 7, 2025 at 8:52 AM
piyokango.bsky.social
Contiランサムウェアの容疑でウクライナ人がアイルランドから送還
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Ukrainian extradited from Ireland on Conti ransomware charges
A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison.
www.bleepingcomputer.com
November 1, 2025 at 3:05 PM
piyokango.bsky.social
AIエージェントが暴走するとき:A2Aシステムにおけるエージェントセッション密輸攻撃
#CybersecurityNews
unit42.paloaltonetworks.com/agent-sessio...
When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems
Agent session smuggling is a novel technique where AI agent-to-agent communication is misused. We demonstrate two proof of concept examples.
unit42.paloaltonetworks.com
November 1, 2025 at 3:04 PM
piyokango.bsky.social
オーストラリア、パッチ未適用のシスコ製デバイスでBadCandy感染の恐れを警告
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Australia warns of BadCandy infections on unpatched Cisco devices
The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell.
www.bleepingcomputer.com
November 1, 2025 at 3:03 PM
piyokango.bsky.social
BRONZE BUTLER が日本の資産管理ソフトウェアの脆弱性を悪用
#CybersecurityNews
news.sophos.com/en-us/2025/1...
BRONZE BUTLER exploits Japanese asset management software vulnerability
The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932)
news.sophos.com
November 1, 2025 at 3:03 PM
piyokango.bsky.social
AWS障害で2,700ドルのスマートベッドが使用不可に
#CybersecurityNews
www.404media.co/the-aws-outa...
The AWS Outage Bricked People’s $2,700 Smartbeds
When Amazon Web Services went offline, people lost control of their cloud-connected smart beds, getting stuck in reclined positions or roasting with the heat turned all the way up.
www.404media.co
November 1, 2025 at 3:02 PM
piyokango.bsky.social
研究者によると、Lumma Stealerの空白は、アップグレードされたVidar 2.0 Infostealerによって埋められた
#CybersecurityNews
www.infosecurity-magazine.com/news/lumma-s...
Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer
Trend Micro believe security teams should anticipate increased Vidar 2.0 prevalence in campaigns through Q4 2025
www.infosecurity-magazine.com
November 1, 2025 at 3:02 PM
piyokango.bsky.social
新たな研究で、ディープフェイクの嫌がらせツールがソーシャルメディアや検索エンジンで拡散していることが判明
#CybersecurityNews
www.404media.co/deepfake-too...
New Research Shows Deepfake Harassment Tools Spread on Social Media and Search Engines
An analysis of how tools to make non-consensual sexually explicit deepfakes spread online, from the Institute for Strategic Dialogue, shows X and search engines surface these sites easily.
www.404media.co
November 1, 2025 at 3:01 PM
piyokango.bsky.social
求人募集:ベトナム人アクターが偽の求人広告キャンペーンでマルウェアを拡散し、認証情報を盗む
#CybersecurityNews
cloud.google.com/blog/topics/...
Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials | Google Cloud Blog
Financially motivated actors are using fake job postings on legitimate platforms to target the digital advertising and marketing sectors.
cloud.google.com
November 1, 2025 at 3:01 PM
piyokango.bsky.social
Windows Server の重大な WSUS の脆弱性が攻撃に悪用
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Critical WSUS flaw in Windows Server now exploited in attacks
Attackers are now exploiting a critical-severity Windows Server Update Services (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code.
www.bleepingcomputer.com
November 1, 2025 at 3:00 PM
piyokango.bsky.social
身代金支払い率が急落する中、内部からの脅威が迫る
#CybersecurityNews
www.coveware.com/blog/2025/10...
Insider Threats Loom while Ransom Payment Rates Plummet
The percentage of companies choosing to pay ransoms dropped significantly, while threat actors shift their tactics in response to decreasing profits.
www.coveware.com
November 1, 2025 at 2:58 PM
piyokango.bsky.social
AmazonがAWSの障害がWebダウンに至った経緯を説明
#CybersecurityNews
www.wired.com/story/amazon...
Amazon Explains How Its AWS Outage Took Down the Web
Plus: The Jaguar Land Rover hack sets an expensive new record, OpenAI’s new Atlas browser raises security fears, Starlink cuts off scam compounds, and more.
www.wired.com
November 1, 2025 at 2:58 PM
piyokango.bsky.social
新たなCoPhish攻撃はCopilot Studioエージェント経由でOAuthトークンを盗む
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
New CoPhish attack steals OAuth tokens via Copilot Studio agents
A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains.
www.bleepingcomputer.com
November 1, 2025 at 2:58 PM