Security - Articles for the year 2025

Read interesting articles and reviews for the year 2025. Analysis of key events in the "Security" sector

AI attacks, AI defends: how to use neural networks in information security

Hello! We share with you the material prepared by Roman Strelnikov — head of the information security department at Bitrix24. Roman is the person who controls everything…

Analysis of CVE-2025-27736 vulnerability in Power Dependency Coordinator

17:52
22.07.7638

This article is dedicated to the bug in Power Dependency Coordinator, patched by Microsoft in April of this year.

Fortress under surveillance: installing Maltrail to catch "spies"

17:52
22.07.6920

Hello, tekkix!

Here's the translated text you requested: How I made friends with Yandex Cloud and Gemini API without migrating to foreign servers

17:52
22.07.1992

When I started writing the Node.js service that was supposed to integrate with the LLM model, I already understood that access to some foreign APIs from Russia could…

Kristina Svechinskaya: How a Young Russian Woman Became a Star of the Cybercriminal World

If you enter the phrase "most famous female hackers" into any foreign search engine, the impartial search engine will instantly generate a list, with Kristina Svechinskaya…

Frontend Risks #1: Bitrix CMS sends your clients' data to Ireland

As a result of my security research of 3,000 Russian frontend applications, it was discovered that Bitrix CMS has been transmitting website visitors' personal data to…

When Language Models Turn Against You: A Study of Backdoors in LLM

Imagine you're running a call center and decide to implement an open LLM for automating communication. Everything works great—until a scammer whispers a strange phrase,…

Hydroph0bia — from bypassing SecureBoot to modifying the DXE volume in Insyde H2O UEFI-compatible firmware

Hello, reader. In front of you is the second article about a serious vulnerability I found in UEFI-compatible firmware based on the Insyde H2O platform, which I named…

Electronic signature leak: how to lose property, money, and a company

Electronic signatures have long been an integral part of corporate processes. They are used to sign crucial documents, confirm transactions, and conduct financial operations.…

A hole in Cloudflare’s shield: how the attack on Jabber.ru exposed a problem no one has talked about since 2023

17:50
22.07.9865

Many remember the year-before-last incident with the Man-in-the-Middle attack on the XMPP service jabber.ru. This story caused a lot of noise, but I think the main point…

No security exists: how the NSA hacks your secrets

17:50
22.07.9461

Finite fields, hash mincers, covert radio channels, and trojans soldered into silicon. While we pride ourselves on AES-256 locks, intelligence agencies seek workarounds:…