Cybersecurity researchers are warning of a new type of supply chain attack, Slopsquatting, induced by a hallucinating generative AI model recommending non-existent dependencies.

According to research by a team from the University of Texas at San Antonio, Virginia Tech, and the University of Oklahama, package hallucination is a common thing with Large Language Models (LLM)-generated code which threat actors can take advantage of.

“The reliance of popular programming languages such as Python and JavaScript on centralized package repositories and open-source software, combined with the emergence of code-generating LLMs, has created a new type of threat to the software supply chain: package hallucinations,” the researchers said in a https://arxiv.org/pdf/2406.10279.

From the analysis of 16 code-generation models, including GPT-4, GPT-3.5, CodeLlama, DeepSeek, and Mistral, researchers observed approximately a fifth of the packages recommended to be fakes.

According to the researchers, threat actors can register hallucinated packages and distribute malicious codes using them.

“If a single hallucinated package becomes widely recommended by AI tools, and an attacker has registered that name, the potential for widespread compromise is real,” according to a Socket analysis of the research. “And given that many developers trust the output of AI tools without rigorous validation, the window of opportunity is wide open.”

Slopsquatting, as researchers are calling it, is a term first coined by Seth Larson, a security developer-in-residence at Python Software Foundation (PSF), for its resemblance to the typosquatting technique. Instead of relying on a user’s mistake, as in typosquats, threat actors rely on an AI model’s mistake.

A significant number of packages, amounting to 19.7% (205,000 packages), recommended in test samples were found to be fakes. Open-source models –like DeepSeek and WizardCoder– hallucinated more frequently, at 21.7% on average, compared to the commercial ones (5.2%) like GPT 4.

Researchers found CodeLlama ( hallucinating over a third of the outputs) to be the worst offender, and GPT-4 Turbo ( just 3.59% hallucinations) to be the best performer.

These package hallucinations are particularly dangerous as they were found to be persistent, repetitive, and believable.

When researchers reran 500 prompts that had previously produced hallucinated packages, 43% of hallucinations reappeared every time in 10 successive re-runs, with 58% of them appearing in more than one run.

The study concluded that this persistence indicates “that the majority of hallucinations are not just random noise, but repeatable artifacts of how the models respond to certain prompts.” This increases their value to attackers, it added.

Additionally, these hallucinated package names were observed to be “semantically convincing”. Thirty-eight percent of them had moderate string similarity to real packages, suggesting a similar naming structure. “Only 13% of hallucinations were simple off-by-one typos,” Socket added.

While neither the Socket analysis nor the research paper mentioned any in-the-wild Slopsquatting instances, both cautioned protective measures. Socket recommended developers install dependency scanners before production and runtime to fish out malicious packages. Rushing through security testing is one of the reasons AI models succumb to hallucinations. Recently, OpenAI was blamed for slashing its models’ testing time and resources significantly, exposing its usage to significant threats.

Following the compromise of a popular GitHub tool, developers having to turn and face their code repo’s strange ch-ch-changes.

The poisoning of an automation mechanism used in over 23,000 repositories exposed software-development credentials known as secrets. While GitHub promptly stopped the attack days after the report’s release, the discoverers of the supply-chain threat see similar compromises on the horizon as the secret’s out.

“It is a very nightmare-ish scenario that we are facing right now, with all these credentials that have been leaked,” StepSecurity co-founder and CEO Varun Sharma told. “We can expect a lot more of these supply-chain attacks.”

On March 14, StepSecurity’s anomaly detection spotted the compromise of tj-actions/changed-files—a third-party GitHub Action that allows developers to see which files changed after a pull request or commit.

According to details from StepSecurity’s report, an access-token compromise of the “tj-actions” automation account used by the maintainer allowed a threat actor to modify the action’s code and retroactively update versions to reference the malicious commit, or revision.

The compromised action sent code-development “secrets”—credentials like passwords, encryption keys, API tokens, and digital certificates—into publicly viewable GitHub action logs, StepSecurity researchers said in their post.

GitHub, on March 15, both removed the tj-actions/changed-files Action for use and then later restored it free of the malicious exploit code.

There is currently no evidence to suggest a compromise of GitHub or its systems, Jesse Geraci, online safety counsel at GitHub, wrote to us, adding that GitHub tj-actions is a user-maintained, open-source project.

“We reinstated the account and restored the content after confirming that all malicious changes have been reverted and the source of compromise has been secured. Users should always review GitHub Actions or any other package that they are using in their code before they update to new versions. That remains true here as in all other instances of using third-party code," Geraci shared in a written statement...

TideLift’s 2024 State of the Open-Source Maintainer report, released in September of that year, found that 60% of maintainers are not paid for their work—and professional maintainers are more likely to be able to prioritize remediating security vulnerabilities. (Maintainers also admitted to spending three times more on security work compared to 2021.)

“For trivial things, sometimes it makes sense to build them yourself, rather than rely on third-party dependencies that you don’t know,” Dimitri Stiliadis, co-founder and CTO of Endor Labs, told us.

Sharma imagines a scenario where attackers use the exposed secrets to create more code chaos and supply-chain attacks.

Owners of packages used by other developers, for example, can use secrets to publish new versions. An owner of a brand-new secret can potentially launch a malicious package that starts to look for more credentials.

“It’s now really up to these open-source maintainers who have these credentials in their logs. They need to take action. They need to find out where those credentials are logged, and then they need to rotate them to prevent these supply-chain attacks,” Sharma said.

On March 18, StepSecurity claimed “conclusive evidence” of compromises in several actions related to the GitHub organization reviewdog. “It’s possible that the tj-actions/changed-files incident may have been caused due to this, as several GitHub Actions workflows in the tj-actions organization use the compromised Actions. However, there is no conclusive evidence currently to link these two supply-chain security incidents,” the post read(More details: https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised#summary-of-the-incident).

Google will soon begin testing a machine learning-based model that can estimate a user's age—or at least whether they're under 18, "so that we can apply protections to help provide more age-appropriate experiences."(More details: https://blog.google/technology/families/google-new-built-in-protections-kids-teens).

Tests will start in the US this year before expanding to other countries over time. Google says the model will use signals already associated with someone's account, like the types of sites they search for or videos they watch, as well as how long their account has been around.

If Google's system makes a mistake and flags an older user as under 18, those people can appeal and prove their age via something like a selfie, credit card, or government ID. Google says it will add more age-verification options over time.

Technically, 13-year-olds can have Google accounts, but Google can age-restrict content for kids under 18, including turning on SafeSearch. And parents can keep tabs via Google's Family Link parental-control system. But it's also relatively easy to just lie about your age when signing up for a Google account.

YouTube CEO Neal Mohan hinted about this new model in his “big bets for 2025” letter on Tuesday. “We'll use machine learning in 2025 to help us estimate a user’s age – distinguishing between younger viewers and adults – to help provide the best and most age-appropriate experiences and protections,” he wrote(More details: https://blog.youtube/inside-youtube/our-big-bets-for-2025).

Industry forces — led by Apple and Google — are pushing for a sharp acceleration of how often website certificates must be updated, but the stated security reason is raising an awful lot of eyebrows.

Website certificates, also known as SSL/TLS certificates, use public-key cryptography to authenticate websites to web browsers. Issued by trusted certification authorities (CAs) that verify the ownership of web addresses, site certificates were originally valid for eight to ten years. That window dropped to five years in 2012 and has gradually stepped down to 398 days today.

The two leading browser makers, among others, have continued to advocate for a much faster update cadence. In 2023, Google called for site certificates that are valid for no more than 90 days, and in late 2024, Apple submitted a proposal to the Certification Authority Browser Forum (CA/Browser Forum) to have certificates expire in 47 days by March 15, 2028. (Different versions of the proposal have referenced 45 days, so it’s often referred to as the 45-day proposal.)

If the CA/Browser Forum adopts Apple’s proposal, IT departments that currently update their company’s site certificates once a year will have to do so approximately every six weeks, an eightfold increase. Even Google’s more modest 90-day proposal would multiply IT’s workload by four. Here’s what companies need to know to prepare.

The official reason for speeding up the certificate renewal cycle is to make it far harder for cyberthieves to leverage what are known as orphaned domain names to fuel phishing and other cons to steal data and credentials.

Orphaned domain names come about when an enterprise pays to reserve a variety of domain names and then forgets about them. For example, Nabisco might think up a bunch of names for cereals that it might launch next year — or Pfizer might do the same with various possible drug names — and then eight managerial meetings later, all but two of the names are discarded because those products will not be launching. How often does someone bother to relinquish those no-longer-needed domain names?

Even worse, most domain name registrars have no mechanism to surrender an already-paid-for name. The registrar just tells the company, “Make sure it’s not auto-renewed, and then don’t renew it later.”

When bad guys find those abandoned sites, they can grab them and try and use them for illegal purposes. Therefore, the argument goes, the shorter the timeframe when those site certificates are valid, the less of a security threat it poses. That is one of those arguments that seems entirely reasonable on a whiteboard, but it doesn’t reflect reality in the field.

Shortening the timeframe might lessen those attacks, but only if the timeframe is so short it denies the attackers sufficient time to do their evil. And, some security specialists argue, 47 days is still plenty of time. Therefore, those attacks are unlikely to be materially reduced.

“I don’t think it is going to solve the problem that they think is going to be solved — or at least that they have advertised it is going to solve,” said Jon Nelson, the principal advisory director for security and privacy at the Info-Tech Research Group. “Forty-seven days is a world of time for me as a bad guy to do whatever I want to do with that compromised certificate.”

Himanshu Anand, a researcher at security vendor c/side, agreed: “If a bad actor manages to get their hands on a script, they can still very likely find a buyer for it on the dark web over a period of 45 days.”

That is why Anand is advocating for even more frequent updates. “In seven days, the amount of coordination required to transfer and establish a worthy man-in-the-middle attack would make it a lot tighter and tougher for bad actors.”

But Nelson questions whether expired domain stealing is even a material concern for enterprises today.

“Of all of the people I talk with, I don’t think I have talked with a single one that has had an incident dealing with a compromised certificate,” Nelson said. “This isn’t one of the top ten problems that needs to be solved.”

That opinion is shared by Alex Lanstein, the CTO of security vendor StrikeReady. “I don’t want to say that this is a solution in search of a problem, but abusing website certs — this is a rare problem,” Lanstein said. “The number of times when an attacker has stolen a cert and used it to impersonate a stolen domain” is small.

Nevertheless, it seems clear that sharply accelerated certificate expiration dates are coming. And that will place a dramatically larger burden on IT departments and almost certainly force them to adopt automation. Indeed, Nelson argues that it’s mostly an effort for vendors to make money by selling their automation tools.

“It’s a cash grab by those tool makers to force people to buy their technology. [IT departments] can handle their PKI [Public Key Infrastructure] internally, and it’s not an especially heavy lift,” Nelson said.

But it becomes a much bigger burden when it has to be done every few months or weeks. In a nutshell, renewing a certificate manually requires the site owner to acquire the updated certificate data from the certification authority and transmit it to the hosting company, but the exact process varies depending on the CA, the specific level of certificate purchased, the rules of the hosting/cloud environment, the location of the host, and numerous other variables. The number of certificates an enterprise must renew ranges widely depending on the nature of the business and other circumstances.

C/side’s Anand predicted that a 45-day update cycle will prove to be “enough of a pain for IT to move away from legacy — read: manual — methods of handling scripts, which would allow for faster handling in the future.”

Automation can either be handled by third parties such as certificate lifecycle management (CLM) vendors, many of which are also CAs and members of the CA/Browser Forum, or it can be created in-house. The third-party approach can be configured numerous ways, but many involve granting that vendor some level of privileged access to enterprise systems — which is something that can be unnerving following the summer 2024 CrowdStrike situation, when a software update by the vendor brought down 8.5 million Windows PCs around the world. Still, that was an extreme example, given that CrowdStrike had access to the most sensitive area of any system: the kernel.

The $12 billion publisher Hearst is likely going to deal with the certificate change by allowing some external automation, but the company will build virtual fences around the automation software to maintain strict control, said Hearst CIO Atti Riazi.

“Larger, more mature organizations have the luxury of resources to place controls around these external entities. And so there can be a more sensible approach to the issue of how much unchecked automation is to exist, along with how much access the third parties are given,” Riazi said. “There will most likely be a proxy model that can be built where a middle ground is accessed from the outside, but the true endpoints are untouched by third parties.”

The certificate problem is not all that different from other technology challenges, she added.

“The issue exemplifies the reality of dealing with risk versus benefit. Organizational maturity, size, and security posture will play great roles in this issue. But the reality of certificates is not going away anytime soon,” Riazi said. “That is similar to saying we should all be at a passwordless stage by this point, but how many entities are truly passwordless yet?

There is a partially misleading term often used when discussing certificate expiration. When a site certificate expires, the public-facing part of the site doesn’t literally crash. To the site owner, it can feel like a crash, but it isn’t.

What happens is that there is an immediate plunge in traffic. Some visitors — depending on the security settings of their employer — may be fully blocked from visiting a site that has an expired certificate. For most visitors, though, their browser will simply flag that the certificate has expired and warn them that it’s dangerous to proceed without actually blocking them.

But Tim Callan, chief compliance officer at CLM vendor Sectigo and vice chair elect of the CA/Browser Forum, argues that site visitors “almost never navigate past the roadblock. It’s very foreboding.”

That said, an expired certificate can sometimes deliver true outages, because the certificate is also powering internal server-to-server interactions.

“The majority of certs are not powering human-facing websites; they are indeed powering those server-to-server interactions,” Callan said. “Most of the time, that is what the outage really is: systems stop.” In the worst scenarios, “server A stops talking to server B and you have a cascading failure.”

Either way, an expired certificate means that most site visitors won’t get to the site, so keeping certificates up to date is crucial. With a faster update cadence on the horizon, the time to make new plans for maintaining certificates is now.

All that said, IT departments may have some breathing room. StrikeReady’s Lanstein thinks the certification changes may not come as quickly or be as extreme as those outlined in Apple’s recent proposal.

“There is zero chance the 45 days will happen” by 2028, he said. “Google has been threatening to do the six-month thing for like five years. They will preannounce that they’re going to do something, and then in 2026, I guarantee that they will delay it. Not indefinitely, though.”

C/side’s Anand also noted that, for many enterprises, the certificate-maintenance process is multiple steps removed.

“Most modern public-facing platforms operate behind proxies such as Cloudflare, Fastly, or Akamai, or use front-end hosting providers like Netlify, Firebase, and Shopify,” Anand said. “Alternatively, many host on cloud platforms like AWS [Amazon Web Services], [Microsoft] Azure, or GCP [Google Cloud Platform], all of which offer automated certificate management. As a result, modern solutions significantly reduce or eliminate the manual effort required by IT teams.”

Russia has reportedly cut some regions of the country off from the rest of the world's internet for a day, effectively siloing them, according to reports from European and Russian news outlets reshared by the US nonprofit Institute for the Study of War (ISW) and Western news outlets.

Russia's communications authority, Roskomnadzor, blocked residents in Dagestan, Chechnya, and Ingushetia, which have majority-Muslim populations, ISW says. The three regions are in southwest Russia near its borders with Georgia and Azerbaijan. People in those areas couldn't access Google, YouTube, Telegram, WhatsApp, or other foreign websites or apps—even if they used VPNs, according to a local Russian news site.

Russian digital rights NGO Roskomsvoboda told that most VPNs didn't work during the shutdown, but some apparently did. It's unclear which ones or how many actually worked, though. Russia has been increasingly blocking VPNs more broadly, and Apple has helped the country's censorship efforts by taking down VPN apps on its Russian App Store. At least 197 VPNs are currently blocked in Russia, according to Russian news agency Interfax.

These latest partial internet blocks are because Russia is testing its own sovereign internet it can fully control. Russia already tested blocking or throttling sites like YouTube this year by slowing down speeds so much that sites are virtually unusable. Russia has reportedly poured $648 million into its national internet and tech that can power restrictions and has been seemingly working on this since at least 2019.

In the future, Russia could also block Amazon Web Services (AWS), HostGator, and other foreign web hosts. The country may also force Russian residents and companies to stop using such services and migrate over to Russian-owned ones so the government can enforce its own rules.

Separately, in September, the Wix and Notion platforms told Russian users to stop using their sites due to US sanctions. And back in 2022, when Russia invaded Ukraine, Western domain registrar GoDaddy condemned the war as "horrible," stopped supporting Russian domains, ditched Russia's currency, and announced it was donating $500,000 to support Ukraine. All of these blocks and disconnections contribute to the splinternet(An Internet that is increasingly fragmented due to nations filtering content or blocking it entirely for political purposes. Splinternet also occurs when apps use their own standards for accessing data, which differs from the universality of the Web (browsers, websites, HTTP protocol, etc.) we're hurtling toward today.

China is another country known for its internet censorship. Colloquially dubbed the "Great Firewall" in reference to the Great Wall of China, internet access in China has been censored in this way for over a decade, but Chinese internet censorship efforts first began back in 1998 with China's "Golden Shield" project. In recent years, China has censored even single letters as well as keywords it deems unwanted and unacceptable for the internet. Video streaming sites and meeting platforms like Zoom have also been censored, along with a slew of other foreign apps. It's unclear, however, to what extent Russian internet censorship might mirror these policies.

VPNs, which stand for virtual private networks, can allow users to get around certain geographic restrictions by virtually locating the user in another country. But VPNs aren't a one-size-fits-all solution and can be censored. Internet providers are able to tell if a user has a VPN enabled and can block access to sites in some circumstances. In the US, streaming platforms like Netflix and some shopping sites have blocked VPN users globally by determining whether an IP address is tied to a VPN provider or appears to be in a different location from the user's internet provider.

VPN use has historically spiked when internet censorship appears. US Pornhub users in some states have been looking for VPNs to get around state-level blocks, and Hong Kong residents flocked to VPNs when China announced a new security law, to name two examples from the past few years. But Iran, Cuba, Myanmar, Vietnam, and Saudi Arabia are also considered to offer little internet freedom. While VPNs can help some for now, they're not a perfect solution and may not work forever.

Microsoft-owned LinkedIn recently began training AI models on your data without your express consent. Days later, LinkedIn stops scraping UK users after regulators sound the alarm, but is still scraping US user data by default. The UK's International Commissioner's Office revealed that LinkedIn pulled the plug on sourcing AI training data from the country's LinkedIn users after the regulator raised legal concerns.

"We are pleased that LinkedIn has reflected on the concerns we raised about its approach to training generative AI models with information relating to its UK users. We welcome LinkedIn’s confirmation that it has suspended such model training pending further engagement with the ICO," said Stephen Almond, ICO executive director of regulatory risk.

"In order to get the most out of generative AI and the opportunities it brings, it is crucial that the public can trust that their privacy rights will be respected from the outset," Almond continued. "We will continue to monitor major developers of generative AI, including Microsoft and LinkedIn, to review the safeguards they have put in place and ensure the information rights of UK users are protected."

About a week ago, LinkedIn quietly published a post that reveals it's now using your data to train its AI models. But many LinkedIn users may not be aware that their data is being swiped for AI training in the first place(More details: https://www.linkedin.com/help/linkedin/answer/a6278444).

LinkedIn and "its affiliates" are using your profile page's data, posts, and other LinkedIn content to train AI models, including the ones LinkedIn uses to power its various AI features. LinkedIn does not specify in its post who exactly its "affiliates" are, but LinkedIn is owned by Microsoft, which has close financial ties to OpenAI.

Reached for comment, a LinkedIn spokesperson tells via email that "affiliates" refer to any Microsoft-owned company (Microsoft has acquired more than 270 companies since 1986, including five AI companies). The spokesperson adds, however, that LinkedIn is not sending collected user data to OpenAI. LinkedIn does use OpenAI models for its platform, however, via Microsoft's Azure AI service.

At time of writing, LinkedIn's Pages Terms, User Agreement, Privacy Policy, and Copyright Policy do not contain the words "AI" or "artificial intelligence" in any capacity. But LinkedIn's terms state: "You and LinkedIn agree that we may access, store, process and use any information and personal data that you provide."

LinkedIn's own policies prohibit any user-instigated "software, devices, scripts, robots" or crawlers from trawling its site. It bars its own users from selling or otherwise monetizing any data published on the work-focused social media platform.

But LinkedIn announced(https://www.linkedin.com/blog/member/trust-and-safety/updates-to-our-terms-of-service-2024) Wednesday that it's rolling out changes to these policies, specifically, its User Agreement and Privacy Policy, to include a disclosure on its use of your data for AI. LinkedIn SVP and General Counsel Blake Lawit writes: "We have added language to clarify how we use the information you share with us to develop the products and services of LinkedIn and its affiliates, including by training AI models used for content generation."

Notably, EU users (or those with VPNs that make it look like they're based in the EU) get more protections from AI training on LinkedIn than those elsewhere. Lawit says EU users, unlike the rest of LinkedIn, are automatically opted out. So LinkedIn won't be scraping and training AI on EU or Switzerland-based user data "until further notice."

UK- and US-based LinkedIn users noticed the site's AI training toggle popped up this week, with some arguing that Microsoft should pay LinkedIn users for scraping their data(More details: https://www.linkedin.com/posts/kevin-beaumont-security_psa-linkedin-are-training-ai-models-and-activity-7242048727664775171-nC0d).

"Turn this off!" exclaimed VectorField founder and CEO Ido Banai in a post warning LinkedIn users about the toggle. "In the age of AI every time you add data into a platform and it's used for [machine learning] training you should get paid, it's a no-brainer!"

If you don't want Microsoft, LinkedIn, or other Microsoft-owned companies using your LinkedIn data and posts going forward, you can disable the setting by navigating to Me > Settings & Privacy > Data Privacy > Data for Generative AI Improvement.

A Telegram-based bot service has been collecting compromised credentials from accounts associated with the Democratic Party ahead of the Democratic National Convention later this month, according to a report released on Wednesday by ZeroFox.

The cybersecurity firm’s assessment — which reviewed potential threats to the DNC ahead of its presidential nominating convention in Chicago next week — warned that the identified “IntelFetch” bot had been aggregating login information that could be leveraged “to infiltrate secure systems, access confidential information and disrupt operations.”

ZeroFox security researchers located accounts associated with “demconvention[.]com” and "democrats[.]org," as well as “those of users registered on the Democratic Party's official site.” The report also noted that specific “domains and email addresses” from the Democrats’ Washington and Idaho state offices were identified among the compromised credentials.

“The exposed data, consisting predominantly of URLs paired with login credentials or login pairs, appears to originate from botnet logs and third-party data breaches,” the report said, adding that “while this exposure does not seem to result from a targeted attack, it poses a risk of unauthorized access to sensitive systems and information within the Democratic Party and the DNC.”

The report was unclear, however, as to whether the credentials had been compromised recently or had been disclosed during a previous cyber incident. ZeroFox noted that some of the records it found “were previously observed in private threat actor-operated repositories.”

Russian hackers previously gained access to email accounts associated with the DNC and the campaign of Hillary Clinton in the run-up to the 2016 presidential election, with the illicitly acquired information ultimately being disclosed on the WikiLeaks platform.

Although political candidates, election officials and government staffers have taken steps to shore up their cyberdefenses in recent years, foreign adversaries and other hostile groups are continuing to successfully exploit security vulnerabilities.

The campaign of former President Donald Trump confirmed on Saturday that a high-ranking official with the campaign had been hacked by “foreign sources hostile to the United States.” Politico also reported that an individual had contacted the outlet to disclose an internal research dossier that had been compiled as part of the Trump campaign’s vetting of his eventual running mate, JD Vance.

The FBI announced earlier this week that it was investigating attempted hacks targeting the Trump campaign and the Biden-Harris campaign. Agency officials said they also believe Iran is responsible for a series of phishing attacks that targeted staffers associated with both campaigns, which took place before President Joe Biden announced that he would not be running for reelection.

More details: https://www.zerofox.com/blog/zerofox-assessment-threats-to-the-democratic-national-convention/

The show opened with a keynote panel discussion about cybersecurity issues affecting election security around the world. Considering that there are some 50 major elections slated for 2024 alone, including the US presidential election in November, it’s no wonder that concerns about cyberattacks and generative AI-assisted misinformation were major talking points.

The panelists, all high-ranking representatives from global cybersecurity groups, urged the cybersecurity community to come together to protect democracies from meddling via cyberattacks. After calling for more community members to become poll workers, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly urged voters not to be swayed by disinformation gleaned from social media influencers or unofficial news sources.

Speaking of dubious news sources, a Black Hat panel discussion between high-profile tech reporters revealed that hackers are now using classic media relations strategies to publicize their crimes and pressure victims. This trend of “hacker-turned-PR flack” means that corporate response teams must move quicker and be more responsive when crafting public statements about cybersecurity incidents.

In other alarming news, researchers followed up on previous news about cybercrimes perpetrated via sports betting platforms. At Black Hat, representatives from Infoblox said DNS entries led them to link several popular gambling websites to human-trafficked slave labor.

You’d think that modern versions of Windows are hardened against every imaginable kind of hacking. A super-sensitive process like Windows Update surely is the safest of all, right? Well, a thought like that is nothing but a challenge to an ethical security hacker. Yes, most of the update process is armored against all tweaking, but one tiny hole in that armor proved sufficient to let a Black Hat speaker totally take over the update process, forcing it to downgrade security in unlimited ways. This attack proved invisible to security and impossible to undo. Next time you see that Windows Update prompt, just hope you don’t get a Windows downgrade instead.

The hacks demonstrated at Black Hat weren’t limited to software. A Dutch team showed off their skills on several home EV chargers. Their hacks allow anybody within Bluetooth range to take control of a charger. What does that control let them do? The attacker could overheat your charger, limit its current, or meddle with its charging schedule. More importantly, they could do anything at all to your billing, from zeroing it out to raising it sky-high. It’s true this hack isn’t super consequential, but the same persistence and ingenuity they used could serve to compromise just about any Internet of Things device.

Any smartphone that comes within range of your home router can and does identify it to one or more huge positioning databases owned by powers such as Apple, Google, and Microsoft. Apple’s database is open to anyone, making it simple to gather information about millions of routers around the world.

A Black Hat talk ran through just how this knowledge could be used or abused, from tracking a cheating spouse who skipped town to locating staging areas in Russia’s war on Ukraine. Fortunately, Apple released an opt-out solution. Unfortunately, Apple should have done much more. (Starlink solved the problem for its devices, which are often used in conflict areas.)

Also, we know that being emotionally vulnerable while on a dating app can be scary, but the risks to your privacy are scarier. At Black Hat this year, a team of researchers put 15 popular apps to the test and found that they leak personal information like crazy, from sexual orientation to exact location. You swipe left, they swipe right, the next thing you know they’ve swiped your purse. As is often the case, many of the apps cleaned up their acts after the research team contacted them.

n an age of deepfakes and online content swiped for AI training, it’s not surprising that industry leaders are coming up with ways to help identify and vet images and videos. At Black Hat, an Adobe representative spoke about the role of content credential labels within the digital media landscape. The labels, which are a bit like the nutrition labels for food, document how an image was created and what kind of software or AI tools were used to modify it later.

When we give large language models (LLMs) simple tasks like answering questions, they sometimes go wildly wrong. What if the task involves cyber security? Are LLMs dangerous? Can they help protect us? At Black Hat, MITRE researchers demonstrated tests to help answer such questions. For now, LLMs aren’t going to function as cyber warriors, but in the future, who knows?

In less scary news, Signal developer Moxie Marlinspike urged fellow developers to revel in the complexity of their creations but not pass that experience on to customers. Many people just aren’t interested in how or why their software or devices function, he argued. It’s up to developers to ensure users don't have to think about it.

As always, the sights and sounds from around the show floor were a lot to take in. Cybersecurity vendors from around the world converged at the Mandalay Bay casino and resort to show off their latest developments and rub elbows with customers and competitors alike. And the team in charge of keeping the Wi-Fi flowing had some interesting insights into the security practices of attendees who should probably know better. On Thursday afternoon, the two people handling Wi-Fi at the security conference here shared what they learned. As at previous iterations of this gathering, the network performed better than many of the humans on it.

Conference staffers Neil Wyler and Bart Stump (their respective day jobs are vice president of defensive services and managing principal at the security firm Coalfire) recounted how they built the conference network to be self-aware and speedy, starting with two 10Gbps circuits that far exceeded peak observed traffic of 3.16Gbps.

All that network analysis gear not only helped them spot attacks but also revealed how many attendees put themselves in positions to be pwned. Wyler’s one-word summary of how many of these professionals behaved: "poorly."

Both Wyler and Stump emphasized how essential automation was to monitor a network on which they had to expect malicious traffic and also allow much of it to proceed. People will test exploits at an event like Black Hat, so finding intentional attacks that need intervention is even harder.

“On this network, we're looking for a needle in a needlestack,” said Wyler. “We have to let most of that traffic go,” Stump added, “unless we see a direct attack on infrastructure or one of you.”

So of 2.65 million threats detected, the NOC blocked only 241.

But a disturbingly high number of attendees were oblivious about a much more basic aspect of online security: not sending data unencrypted.

Overall, 73.8% of network traffic was encrypted in transit (not the same as end-to-end encryption). That is an embarrassingly low number, considering that Google says 94% of web traffic is encrypted in Chrome for Windows, leaving only domain names visible to any online snoop. This figure is lower than in the Android, Mac, and ChromeOS versions of Google’s browser.

That share grew after years of work by security professionals and in-browser nagging by Google and other developers. Back in 2018, Chrome began slapping unencrypted sites with a “not secure” warning.

Stump called the amount of unencrypted email observed “just wild.” (Google’s data shows that 96% of messages sent to Gmail addresses is encrypted in transit.) Wyler’s advice to people using those insecure mail services: “Knock it off.”

Worse yet, the duo also spotted passwords being sent in the clear, which absolutely Should Not Happen. It doesn’t matter how complex your password is if anybody else on the same network can read it. For good measure, they saw one VPN transmit its user’s precise location in clear text.

The talk also included details about attendees' favorite sites and services. Google search was the top category of domain-name-system queries, Slack was the top chat app, Tinder was the top dating app, and the top porn site among a great many visited was a foot-fetish site that we’re not going to link to because we know many of you read us at work.

“So much adult traffic,” said Wyler. ”Seriously, wash your hands.”