infosec

🚀🤘Introducing Psylo: A New Kind of Private Browser

After 9 months of development, we're super excited to finally launch Psylo, a new kind of private web browser for iOS and iPadOS.

In Psylo, each tab is its own “silo” with isolated storage, cookies, and even its own IP address. Psylo introduces advanced anti-tracking and anti-fingerprinting features that go beyond what a VPN can offer.

Full announcement: https://mysk.blog/2025/06/17/introducing-psylo/

#infoSec #privacy #iOS

🤖 Gemini’s Gmail summaries were just caught parroting phishing scams. A security researcher embedded hidden prompts in email text (w/ white font, zero size) to make Gemini falsely claim the user's Gmail password was compromised and suggest calling a fake Google number. It's patched now, but the bigger issue remains: AI tools that interpret or summarize content can be manipulated just like humans. Attackers know this and will keep probing for prompt injection weaknesses.

TL;DR
⚠️ Invisible prompts misled Gemini
📩 AI summaries spoofed Gmail alerts
🔍 Prompt injection worked cleanly
🔐 Google patched, but risk remains

https://www.pcmag.com/news/google-gemini-bug-turns-gmail-summaries-into-phishing-attack
#cybersecurity #promptinjection #AIrisks #Gmail #security #privacy #cloud #infosec #AI

Great, informative writeup of Cryptographic Gotchas: https://gotchas.salusa.dev/

Lots of fantastic references and links in there, too.

#cryptography #crypto #security #infosec

Oh I see the absurdly, negligently insecure Tea app is now getting the "hackers hacked" treatment, so that it can comfortably deflect blame to some unspecified scary hackers?

Cool, cool.

*takes out a bullhorn*

📢 Tea kept drivers license photos of thousands of women in an unprotected Google Firebase storage bucket.

📢 Centering "hackers" means helping let those responsible for the horrendous negligence at Tea off the hook.

👏 There is no "hack", only other people's negligence.

#InfoSec #Tea

📰 Governo Digital — Gestão assina protocolo de intenções com Rede Nacional de Ensino e Pesquisa (RNP) para ampliar iniciativas de privacidade e segurança da informação

[...] estão previstas ações para fomentar a cultura de privacidade e segurança da informação, tanto para o cidadão quanto para a Administração Pública.

Poderiam começar devolvendo ao Estado todos os dados e serviços que foram e permanecem terceirizados para o Google Workspace com a RNP como intermediária em manobra descarada de deturpação da intenção do legislador — cf. Lei 14.133, art. 75, XV — para conseguir ser contratado sem licitação por dezenas de instituições públicas de ensino e pesquisa brasileiras, mesmo envolvendo cifras milionárias.

Também seria interessante deixarem de rotear todos os dados entre RNP e Europa pelos Estados Unidos da América. Compare um traceroute para qualquer destino europeu dentro e fora da RNP.

Algo imporante seria estimular que equipes especializadas em segurança da informação tivessem consciência das consequências de se comunicarem por WhatsApp ou correio eletrônico do mesmíssimo Google Workspace intermediado pela RNP.

Paralelamente, cidadãos poderiam passar a conseguir ser plenamente reconhecidos pelo Governo Digital sem uma tornozeleira eletrônica de bolso oficialmente suportada por Google ou Apple.

Enfim, fica bem difícil acreditar em privacidade e segurança da informação no Estado brasileiro enquanto perdurarem essas práticas, entre outras notícias.

#SoberaniaDigital #InfoSec #segurança #governo #Brasil

Don't trust cloud services with your creative work.

#enshittification #privacy #infosec #security #cybersecurity #writing #art

***infosec specialists are needed in the resistance ***

The world needs tech security specialists to run workshops at public libraries for all ages & abilities to remove spyware, AI, reduce surveillance, understand the issues, & for more advanced, move to Linux, degooglefy, etc.

Libraries will pay good wages for these workshops.
If you have these skills, please consider offering them.

#libraries #library #tech #infosec #privacy #security #activism #antifa #resistance

Are you interested in a different kind of security conference?

Then take a look at the Open Security Conference (@OSCo). #osco25 takes place from October 2 to 5 in Rückersbach (Germany near Frankfurt) and registration is still open at https://opensecurityconference.org/.
(this is an English version of the original German thread https://infosec.exchange/@realn2s/114936419689473030)

Why?

The Open Security Conference aims to be diverse and inclusive. This also includes different levels of knowledge and experience.
It is therefore not only for security experts or for people who have (already) worked in the security sector for a long time,
but also for people who are interested in security or want to get into the field.

The #OpenSpace format not only enables expert presentations,
but also non-expert topics or questions as session topics. Sessions are not resticted to presentations, they can be interactive, collaborative, workshops or basically anything else.

Since topics do not have to be submitted months in advance,
but the agenda is created jointly by the participants, hot topics can also be covered.

The conference is non-commercial, i.e. the total costs are shared between the participants (including the organizers).
The costs include accommodation and meals in the conference hotel.

And yes, there are also sponsors who cover part of the costs.

But not everything is different.

There are great keynotes e.g. by @bkastl ("History repeating itself") and Mireia Cano ("Building an AppSec Program from Scratch").

#CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity

Did you know Deloitte has a free job simulator?

Did you know I have a #blog ?

Did you know... Idk, new post (This one isn't a CTF writeup) xoxo

https://ligniform.blog/posts/deloitte/

#infosec #cybersecurity