Security - Articles for the year 2025

Read interesting articles and reviews for the year 2025. Analysis of key events in the "Security" sector

When Language Models Turn Against You: A Study of Backdoors in LLM

Imagine you're running a call center and decide to implement an open LLM for automating communication. Everything works great—until a scammer whispers a strange phrase,…

Hydroph0bia — from bypassing SecureBoot to modifying the DXE volume in Insyde H2O UEFI-compatible firmware

Hello, reader. In front of you is the second article about a serious vulnerability I found in UEFI-compatible firmware based on the Insyde H2O platform, which I named…

Electronic signature leak: how to lose property, money, and a company

Electronic signatures have long been an integral part of corporate processes. They are used to sign crucial documents, confirm transactions, and conduct financial operations.…

A hole in Cloudflare’s shield: how the attack on Jabber.ru exposed a problem no one has talked about since 2023

17:50
23.10.9865

Many remember the year-before-last incident with the Man-in-the-Middle attack on the XMPP service jabber.ru. This story caused a lot of noise, but I think the main point…

No security exists: how the NSA hacks your secrets

17:50
23.10.9461

Finite fields, hash mincers, covert radio channels, and trojans soldered into silicon. While we pride ourselves on AES-256 locks, intelligence agencies seek workarounds:…

AI Security with a French Flavor or an Analysis of Securing Artificial Intelligence from ETSI. Part 1

Artificial intelligence technologies are developing rapidly, but with new opportunities come new risks. Prompt injections, abuse of agent tools, vulnerabilities in the…

Zerotrust the Streetwise Way #3. Endpoint Protection

Let’s recall the main idea of ZT for admin panel protection: you can only access the admin panel by providing a certificate that’s stored in a secure device keystore.…

How HTTP is Used for DNS: DNS-over-HTTPS in Practice

HTTPS makes it possible to implement secure interaction with the DNS resolver interface, concealing the DNS traffic that would otherwise be transmitted in plain text.…

How a Designer’s Stolen Passwords Nearly Tanked a Startup [MITRE: T1078 — Valid Accounts]

Incident Description: The attacker uses stolen credentials to access the company’s server, website, or cloud.

Protection Without Encryption: Paradox or Alternative?

Is it possible to protect data without encryption? In 2025, as algorithms become outdated, quantum computing is on the rise, and most data breaches are caused by human…

How one developer prevented the largest cyberattack: the story of the XZ Utils hack

Exactly one year has passed since the world watched in awe as the investigation of one of the most sophisticated backdoors in Linux history unfolded. The story of the…

Digest of Information Security Regulation. January – March 2025

Hello, tekkix! We continue our series of reviews on laws, orders, decrees, and regulatory initiatives related to information security. In this article, we cover what…

Let's still make it until the May holidays: what is important to do so that the "long" weekend is not overshadowed by cyberattacks

Holidays, public holidays, any "extra" days off - this is an opportunity for attackers to try to launch an attack. The attackers' calculation is simple: the fewer "defending"…

Password Transmission over the Internet: Which is Safer - Hashing or TLS?

Security - Articles for the year 2025

Read interesting articles and reviews for the year 2025. Analysis of key events in the "Security" sector

When Language Models Turn Against You: A Study of Backdoors in LLM

Hydroph0bia — from bypassing SecureBoot to modifying the DXE volume in Insyde H2O UEFI-compatible firmware

Electronic signature leak: how to lose property, money, and a company

A hole in Cloudflare’s shield: how the attack on Jabber.ru exposed a problem no one has talked about since 2023

No security exists: how the NSA hacks your secrets

AI Security with a French Flavor or an Analysis of Securing Artificial Intelligence from ETSI. Part 1

Zerotrust the Streetwise Way #3. Endpoint Protection

How HTTP is Used for DNS: DNS-over-HTTPS in Practice

How a Designer’s Stolen Passwords Nearly Tanked a Startup [MITRE: T1078 — Valid Accounts]

Protection Without Encryption: Paradox or Alternative?

How one developer prevented the largest cyberattack: the story of the XZ Utils hack

Digest of Information Security Regulation. January – March 2025

Let's still make it until the May holidays: what is important to do so that the "long" weekend is not overshadowed by cyberattacks

Password Transmission over the Internet: Which is Safer - Hashing or TLS?

Several rules for organizing a cybersecurity hackathon

WebSocket: simple about the complex. Part 2 — practical application and nuances

Five things you shouldn’t tell ChatGPT

The history of "World Backup Day" [and a compact solutions digest] is a good reason to make a backup

Also read

Parsing Telegram channels, groups, and chats with LLM processing

Concepts of Information Security

AI website generator on ChatGPT and Next.js 15: Creating SEO‑optimized pages from scratch

Velleman HPS40 — compact oscilloscope from 2002