Dr Jason R.C. Nurse

A fragmented ransomware ecosystem may be more threatening than we recognise Smaller ransomware groups, bigger ransomware problem

In their latest for Binding Hook, @jasonnurse.bsky.social & Will Lyne show that the #ransomware ecosystem has fragmented. It is now crowded with smaller, more agile actors. As the landscape shifts, new threats require new tactics to combat.

Read full article: bindinghook.com/a-fragmented...

Why LinkedIn is a hunting ground for threat actors – and how to protect yourself The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are.

Why LinkedIn is a hunting ground for threat actors

The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are.

www.welivesecurity.com/en/social-me...

AI’s Memorization Crisis Large language models don’t “learn”—they copy. And that could change everything for the tech industry.

New research presents the most compelling evidence yet that generative AI directly stores and reproduces material used to train it—a finding that could have massive legal consequences for the tech industry, Alex Reisner reports.

Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.

This data is available for sale on the dark web and can be abused by cybercriminals.

No new year resolutions here — just solid foundations 🌟

For when you want to revisit the fundamentals, CyBOK provides a structured, research-led body of knowledge supporting education, training, and professional practice.

Learn more 👉 buff.ly/6M7yEmQ

The Impact of Generative AI on Critical Thinking

Key finding:

“Specifically, higher confidence in GenAI is associated with less critical thinking…”

www.microsoft.com/en-us/resear...

Rejoice! Carmakers Are Embracing Physical Buttons Again Amazingly, reaction times using screens while driving are worse than being drunk or high—no wonder 90 percent of drivers hate using touchscreens in cars. Finally the auto industry is coming to its…

Amazingly, reaction times using screens while driving are worse than being drunk or high—no wonder 90 percent of drivers hate using touchscreens in cars. Finally the auto industry is coming to its senses.

.. the very type of crime that they should have been working to stop,” said the Justice Department’s Criminal Division.

The three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to the ransomware and extortion platform.

Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware Yesterday a federal district court in the Southern District of Florida accepted the guilty pleas of two men to conspiring to obstruct, delay or affect commerce through extortion in connection with ran...

🦹🏽‍♂️ When good guys go bad: “These [security professionals] used their sophisticated cybersecurity training and experience to commit ransomware attacks...”

#cybercrime #ransomware #cybersecurity #justice #crime #profession #extortion

www.justice.gov/opa/pr/two-a...

Teens flock to alternative apps after social media ban The Commonwealth's long-awaited social media ban for under-16s came into effect this month. But some experts note a rise in alternatives to popular platforms as teens find ways to stay active on socia...

Ah yes, we could never have predicted this, never www.abc.net.au/news/2025-12...

Hacks, thefts and disruption: The worst data breaches of 2025 | TechCrunch TechCrunch looks back at the biggest data breaches, disruptive cyberattacks, and damaging hacks of 2025, from the raiding of U.S. government databases to a hack every month in South Korea.

TechCrunch looks back at the biggest data breaches, disruptive cyberattacks, and damaging hacks of 2025, from the raiding of U.S. government databases to a hack every month in South Korea.

Prompt injection is not SQL injection (it may be worse) There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.

Why do researchers keep finding so many prompt injection issues?

Perhaps it is because many AI system designers and defenders are misunderstanding the risks.🚨

Find out more⬇️
https://www.ncsc.gov.uk/blog-post/prompt-injection-is-not-sql-injection

Jaguar Land Rover cyberattack shows that governments must provide post-incident support Cyber incidents impacting key national industries highlight the need for better approaches to protect the individuals who suffer most

Last month’s #JaguarLandRovercyberattack may cost £3.5B in revenue, but the bigger issue is the impact on 230,000 workers at JLR and in the supply chain facing layoffs, work reductions, and lost wages. @jasonnurse.bsky.social, Tom Johansmeyer & Gareth Mott: bindinghook.com/jaguar-land-...

Samsung brings ads to US fridges Samsung’s ‘screens everywhere’ initiative is morphing into ads everywhere.

Samsung has rolled out a software update to its smart fridges that will display ads, despite saying they had "no plans" to do so. We're headed for a future where you will have to pay extra for appliances without ads.

OpenAI will apply new restrictions to ChatGPT users under 18 | TechCrunch Under the new policy, ChatGPT will be trained to no longer engage in "flirtatious talk" with underage users, and additional guardrails will be placed around discussions of suicide.

Under the new policy, ChatGPT will be trained to no longer engage in "flirtatious talk" with underage users, and additional guardrails will be placed around discussions of suicide.

Amazon to launch augmented reality football coverage ‘Prime Vision’ service featuring gaming-style graphics comes as sports broadcasters seek to boost youth engagement

Amazon to launch augmented reality football coverage on.ft.com/3I9wuXP

A person, known as Dr. Jason Nurse, standing in the front of a room having a presentation.

Picture of a city with big colored letters in the foreground that say "Manchester".

Reposted from our colleagues who are currently visiting #EuroUSEC25 in Manchester 🇬🇧

Day 2 of #EuroUSEC25 is about to start, and amazing Dr. Nurse (@jasonnurse.bsky.social) is getting everyone on track for an inspiring day with a lot of good papers.

#SECUSO

Hear from our inspiring panel speaker @jasonnurse.bsky.social, University of Kent and @cybsafe.bsky.social, joining us at the Northern WARP 5th Annual Conference on the 12th September!

Tickets are FREE to anyone in the WARP community 👉 northernwarpconference5.eventbrite.co.uk?aff=BlueSky

Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere | TechCrunch Security researcher Eaton Zveare told TechCrunch that the flaws he discovered in the carmaker's centralized dealer portal exposed vast access to customer and vehicle data. With this access, Zveare sai...

ICYMI from Def Con: Eaton Zveare found bugs in a carmaker's centralized dealer web portal that allowed "unfettered access" to customer data and systems inside. Portal allowed remote control of some car functions, like door unlocking. The bugs highlight the risks of these web-connected data portals.

Warm, Encouraging Email From CEO Quickly Identified As Phishing Attempt

Warm, Encouraging Email From CEO Quickly Identified As Phishing Attempt theonion.com/warm-en...

OpenAI removes ChatGPT self-doxing option : Checkbox to make chatbot conversations appear in search engines deemed a footgun

OpenAI has removed the option to make ChatGPT interactions indexable by search engines to prevent users from unwittingly exposing sensitive information.

The feature rollback follows reports of ChatGPT conversations being discoverable in Google results.

www.theregister.com/2025/08/01/o...

Treating Online Abuse Like Spam

What would happen if technology companies treated online abuse more like spam? A key advantage: users would have the choice to address potentially abusive content or to ignore it altogether. Here’s why that matters: innovation.consumerreports.org/Digital-Hara...

A flyby of Earth from the International Space Station.

-Credits: NASA

LLMs' AI-Generated Code Remains Wildly Insecure Security debt ahoy: Only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time.

LLMs' AI-Generated Code Remains Wildly Insecure

Security debt ahoy: Only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time.

www.darkreading.com/application-...

Top spy laments LinkedIn profiles that reveal defence work : Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves

Top spy says LinkedIn profiles that list security work 'recklessly invite attention of foreign intelligence services'

www.theregister.com/2025/08/01/a...

Hidden features of volcanic “lava bombs” have been caught on video.

Learn more: scim.ag/478PIqq

Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users' data | TechCrunch The internet-connected sex toy maker said it fixed the vulnerabilities that exposed users' private email addresses and accounts to takeovers, but said it was also planning to take legal action followi...

New, by me: Lovense, a maker of internet-connected sex toys, has confirmed it fixed a pair of security flaws that exposed users' private email addresses and put accounts at risk of takeovers. Now the company's CEO says he might sue.

Google Project Zero to publicly announce bugs within a week of reporting them The vulnerability hunters at Google Project Zero want to address what they call the "upstream patch gap," when a vendor has a fix available but the downstream product providers haven't integrated it y...

Google Project Zero to publicly announce bugs within a week of reporting them

The elite bug-hunters at Google Project Zero are taking aim at how long it takes to fix cybersecurity vulnerabilities

therecord.media/google-proje...

The Online Safety Act is a security and compliance minefield - Raconteur Ofcom has been given broad scope to enforce the Online Safety Act. But experts warn that its methods could create disproportionate risks

I’m in Raconteur talking about the ‘new’ Online Safety Act, and range of risks surrounding online age checks and these digital ID systems.

www.raconteur.net/technology/t...