Cybersecurity Exploit Techniques

🇨🇳🇺🇸 Chinese “𝐤𝐢𝐥𝐥 𝐬𝐰𝐢𝐭𝐜𝐡𝐞𝐬” capable of crippling power grids have been found in equipment at US solar farms, - The Times The devices, including hidden cellular radios, were discovered in Chinese inverters used to connect solar panels and wind turbines to grids worldwide. ❗️ These hidden cellular radios could be activated remotely to cripple power grids in the event of a confrontation between China and the West Engineers in American solar farms have found "𝐤𝐢𝐥𝐥 switches" in Chinese-made components, which raised severe fears that Beijing might have the power to manipulate supplies or "physically destroy" grids across the US, #UK and #Europe as per a report. Unauthorized communication devices were discovered inside some solar power inverters, reported Reuters. The devices, not mentioned in product documentation, were found by US experts who strip equipment hooked to grids to check for security issues. 🔍 Currently, energy officials are trying to find the risks posed by the small communication devices in power inverters, which are an integral part of renewable energy systems that connect them to the power grid. Though inverters are made in a way that allows remote access for updates and maintenance, the utility companies using them usually install firewalls to prevent direct communication back to China 🎤 Former director of the #USA National #Security Agency, Mike Rogers said, "We know that China believes there is value in placing at least some elements of our core infrastructure at risk of destruction or disruption," adding, "I think that the Chinese are, in part, hoping that the widespread use of inverters limits the options that the West has to deal with the security issue," quoted Daily Mail. In our endless efforts to reach #Sustainability goals by installing cheap solar panels, have we made our #Energy sectors vulnerable to outside forces who care not for #environment in the slightest? #Journalism

𝗨𝗸𝗿𝗮𝗶𝗻𝗲 𝗶𝘀 𝗻𝗼𝘁 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗼𝗻𝗲 𝗱𝗿𝗼𝗻𝗲 𝗶𝗻𝘁𝗲𝗿𝗰𝗲𝗽𝘁𝗼𝗿. 𝗜𝘁 𝗶𝘀 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗮𝗻 𝗮𝗶𝗿-𝗱𝗲𝗳𝗲𝗻𝗰𝗲 𝗲𝗰𝗼𝘀𝘆𝘀𝘁𝗲𝗺. 🛩️ Brave1 CEO Andrii Hrytseniuk has described a Ukrainian interceptor-drone ecosystem that is moving far beyond a single “anti-Shahed” design, with more than 150 companies reportedly working on interceptor solutions inside a defence-tech cluster that now includes thousands of firms. The important signal is architectural diversity. Ukraine is not betting everything on one platform, one supplier or one technical answer. It is building a layered family of small FPV-derived interceptors, fixed-wing designs, larger loitering systems, X-wing hybrids, high-speed variants, endurance-focused platforms and specialised systems for different target sets, from reconnaissance UAVs and decoys to heavy Shahed-type attack drones. That matters because #DroneWarfare is now a cost-curve fight. A Shahed should not always require an expensive missile, and a decoy should not always consume a premium interceptor. Ukraine’s answer is to build many cheaper layers that can match the threat more intelligently, preserve scarce air-defence missiles and turn industrial speed into defensive depth. ⚙️ The autonomy debate is just as important. Hrytseniuk reportedly points to a human-on-the-loop model, where a human retains the authority to cancel or block action but does not necessarily approve every intercept in real time. That is a major shift, driven by reaction speed against mass drone attacks, but it also raises the central question every military will face: how much autonomy is acceptable when seconds decide whether a city, power plant or airbase is hit? For #Ukraine, the lesson is brutally practical. Air defence is no longer only a question of radars, launchers and missiles; it is becoming a software-defined, mass-manufactured, continuously updated kill web where startups, soldiers, volunteers and state platforms iterate together under fire. In #ModernWarfare, the country that can adapt the interceptor faster than the enemy adapts the drone begins to change the economics of the sky. 𝘛𝘩𝘦 𝘧𝘶𝘵𝘶𝘳𝘦 𝘰𝘧 𝘢𝘪𝘳 𝘥𝘦𝘧𝘦𝘯𝘤𝘦 𝘮𝘢𝘺 𝘯𝘰𝘵 𝘣𝘦 𝘰𝘯𝘦 𝘱𝘦𝘳𝘧𝘦𝘤𝘵 𝘮𝘪𝘴𝘴𝘪𝘭𝘦. 𝘐𝘵 𝘮𝘢𝘺 𝘣𝘦 𝘢 𝘵𝘩𝘰𝘶𝘴𝘢𝘯𝘥 𝘪𝘮𝘱𝘦𝘳𝘧𝘦𝘤𝘵 𝘥𝘳𝘰𝘯𝘦𝘴 𝘪𝘵𝘦𝘳𝘢𝘵𝘪𝘯𝘨 𝘧𝘢𝘴𝘵𝘦𝘳.

What’s really inside your critical infrastructure? 🇺🇲 United States Findings: U.S. officials identified hidden "kill switches" in Chinese-manufactured solar inverters. These undocumented communication devices could potentially allow external entities to remotely control or disable power grid components, posing risks of blackouts or infrastructure damage. 🇩🇰 Denmark's Discovery: Danish companies, during routine checks, found unlisted components in circuit boards intended for green energy projects. While these components were not connected to the grid, their presence has sparked concerns about possible espionage or sabotage. ⚠️ Recent reports from the US and Denmark revealed suspicious hardware embedded in energy infrastructure, including parts capable of remote shutdown. 💡 How often do you truly assess the equipment running your critical operations? Not just surface-level checks, but deep inspections, firmware analysis, and supply chain tracing. And even if you want to… do you actually have the expertise and resources to do it thoroughly? Source: https://lnkd.in/dBRbHUUC

Backdoor attacks on LLMs are evolving, and our latest research reveals a stealthy new attack surface: 𝗽𝗼𝘀𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗲𝗻𝗰𝗼𝗱𝗶𝗻𝗴. Traditionally, backdoors rely on content-based triggers—specific words or phrases that activate a malicious response. In our new paper, 𝗠𝗲𝘁𝗮𝗕𝗮𝗰𝗸𝗱𝗼𝗼𝗿, we demonstrate that an attacker doesn't actually need to modify the input text to trigger a backdoor. Because Transformer-based LLMs use positional encoding to process sequences, the "position" of a token itself can serve as a trigger signal. We found that even a simple, length-based trigger is enough to activate a backdoor. This introduces a stealthy backdoor risk:  • 𝗜𝗻𝗽𝘂𝘁𝘀 𝘀𝘁𝗮𝘆 "𝗰𝗹𝗲𝗮𝗻": The trigger is semantically and visibly invisible, making it much harder for traditional text-scanning defenses to catch.  • 𝗦𝗲𝗻𝘀𝗶𝘁𝗶𝘃𝗲 𝗗𝗮𝘁𝗮 𝗗𝗶𝘀𝗰𝗹𝗼𝘀𝘂𝗿𝗲: A backdoored model can be induced to leak internal information, including proprietary system prompts, once a specific length condition is met.  • 𝗦𝗲𝗹𝗳-𝗔𝗰𝘁𝗶𝘃𝗮𝘁𝗶𝗼𝗻: In a multi-turn conversation, a normal interaction can naturally push the context into the "trigger region," activating malicious tool-calls or behaviors without any obvious attacker input. This research expands our understanding of the LLM threat model and highlights why defenses need to look beyond just suspicious text and start accounting for the underlying architecture of these models. You can read the full paper on arXiv here: https://lnkd.in/geNpPpkf

𝗪𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝘀 𝗶𝗳 𝘁𝗵𝗲 𝗽𝗮𝗻𝗲𝗹𝘀 𝗽𝗼𝘄𝗲𝗿𝗶𝗻𝗴 𝘆𝗼𝘂𝗿 𝗰𝗶𝘁𝘆 𝗮𝗿𝗲 𝗾𝘂𝗶𝗲𝘁𝗹𝘆 𝘀𝗽𝘆𝗶𝗻𝗴 𝗼𝗻 𝘆𝗼𝘂? A recent discovery in the US—spyware embedded in solar panels, most of them sourced from China—should be front page news everywhere. But the silence is deafening. 𝗔𝘂𝘀𝘁𝗿𝗮𝗹𝗶𝗮 𝗴𝗲𝘁𝘀 𝗼𝘃𝗲𝗿 𝟵𝟬% 𝗼𝗳 𝗶𝘁𝘀 𝘀𝗼𝗹𝗮𝗿 𝗽𝗮𝗻𝗲𝗹𝘀 𝗳𝗿𝗼𝗺 𝗖𝗵𝗶𝗻𝗮. 𝗘𝘂𝗿𝗼𝗽𝗲? 𝗡𝗼𝘁 𝗳𝗮𝗿 𝗯𝗲𝗵𝗶𝗻𝗱. 𝗧𝗵𝗲 𝗽𝗿𝗶𝗰𝗲 𝗶𝘀 𝗴𝗼𝗼𝗱, 𝘁𝗵𝗲 𝘁𝗲𝗰𝗵 𝗶𝘀 𝘀𝗹𝗶𝗰𝗸, 𝗮𝗻𝗱 𝗲𝘃𝗲𝗿𝘆𝗼𝗻𝗲 𝘄𝗮𝗻𝘁𝘀 𝘁𝗼 𝗴𝗼 𝗴𝗿𝗲𝗲𝗻, 𝗳𝗮𝘀𝘁. But what if you’re not just buying clean energy, but also an invisible backdoor? Security used to mean locking the server room. Now it means checking if your grid has been compromised before the lights even turn on. This isn’t fearmongering. It’s a reminder that “cheap and easy” can have invisible costs—especially when critical infrastructure is on the line. If you’re in renewables, procurement, or national security: Are you ready to bet your country’s grid on an untrusted supply chain? Or will you start asking the tougher questions before the breach hits home? The future is bright—but only if we remember to keep an eye on what’s powering it. https://lnkd.in/eqxPYRKR

Recruitment Leaders: You just got promoted to "System Operator" Reckon cyber security is just a headache for the IT crowd? Think again. The new European Standard (ETSI EN 304 223) is dropping a massive reality check on HR. We used to treat Recruitment Tech like a magical black box where we plug it in, switch it on, and cross our fingers. That era is over. Under these new baseline requirements, deploying any AI tool - from CV parsers to chatbots - stamps a new label on your forehead: "System Operator". That title means the risk lands squarely on your desk. You can't just point fingers at the vendor anymore. Here are 3 questions to hit your AI vendors with today: 1️⃣ "Can this thing handle Data Poisoning?" Candidates are getting savvy. We aren't just talking about fudging dates on a resume. "Data Poisoning" is real. It happens when bad actors feed junk data to your system to game the ranking algorithm or compromise how it behaves. If your vendor isn't watching for this, your shortlist is toast. 2️⃣ "Where are the guardrails?" Running a chatbot? You need to know if a candidate can sweet-talk or "trick" the bot into giving them a thumbs up via prompt injection. The standard demands strict rules on "prohibited use cases". Make sure your tech has the backbone to stop the AI going rogue. 3️⃣ "Who built the engine?" Is your vendor just wrapping a generic LLM model? If so, they better have receipts for a proper risk assessment on that component. You are on the hook for the whole supply chain now. Security has evolved way past stopping simple data leaks. We are looking at stopping your recruitment funnel from getting gamed. We are doing more than buying software these days. We are managing critical infrastructure. Link to the new standards in the comments.

🚨 Incoming – New Active Directory Remediation Guidance! 🚨 A newly released report on Detecting and Mitigating Active Directory (AD) Compromises has arrived, thanks to a collaborative effort from government agencies across five nations, with Australia’s Signals Directorate (ASD)leading partnering with CISA, NSA, CCCS, NCSC-UK, and NCSC-NZ, this guidance focuses on the key vulnerabilities in AD, a critical authentication system used globally. 🔑 "Active Directory’s pivotal role in authentication and authorization makes it a valuable target for malicious actors," the report states. With AD's complex configurations and legacy support, attackers can exploit weak points to gain privileged access. Highlighted threats include: 🔹Kerberoasting: Attackers crack service account passwords to escalate privileges. 🔹Password Spraying: "Malicious actors exploit reused passwords to take control of user accounts." 🔹Golden Ticket: A forged Kerberos ticket can grant persistent access to a domain. The report provides practical recommendations for mitigating these threats, such as adopting tiered access control models, implementing phishing-resistant MFA, and closely monitoring Active Directory events to detect suspicious activity early. This global effort underscores the importance of international collaboration in strengthening cybersecurity measures. These findings also align with CISA’s #ZeroTrust Maturity Model, which emphasizes securing identity, privileged access, and continuous monitoring—key pillars in defending against AD compromises. 🔐 #technology #informationsecurity #computersecurity #cloudcomputing

Most AI security programs protect the wrong thing 🛡️ Traditional cybersecurity is built around the network perimeter, keeping attackers out, protecting the data inside, detecting intrusions when they happen. AI systems introduce a different attack surface. The model itself is the target. The training data is the target. The inference pipeline is the target. Let's look at the three attack categories every GRC and security team needs to understand now. 👇 1️⃣ Data Poisoning: An adversary introduces manipulated data into the training set, causing the model to learn incorrect patterns or develop hidden behaviors that activate under specific conditions. The most dangerous variant is the backdoor attack, in which the model performs normally on clean inputs and passes every standard accuracy test, then fails in predictable, attacker-controlled ways when triggered by a specific input pattern. The governance failure mode is subtle. Poisoned models look fine in testing. The gap between "model passed evaluation" and "model is safe to deploy" is exactly where data governance lives. 2️⃣ Prompt Injection: The defining security threat of LLM deployment. An attacker embeds malicious instructions in content the model processes, a user message, a retrieved document, a webpage, that override the model's intended behavior. Indirect injection is the more dangerous variant. The model retrieves attacker-controlled content during operation, redirecting its actions without the user or operator knowing. 💡 Agentic AI systems are particularly exposed. A model that can take actions, send emails, query databases, or execute code is one where a successful prompt injection becomes an execution vector, not just an output problem. 3️⃣ Model Extraction: An attacker queries a deployed model repeatedly, observing inputs and outputs, and uses those observations to reconstruct a functional replica. The replica can compete commercially, enable adversarial attacks offline, or reveal vulnerabilities exploitable against the original. This is an intellectual property and security risk simultaneously. The attack is difficult to detect because it looks like normal API usage. What makes these different from traditional cybersecurity risks is that they target the AI system's behavior and integrity, not just surrounding infrastructure. A firewall doesn't stop a poisoned training set. Endpoint detection doesn't catch prompt injection in a retrieved document. Organizations need AI-specific threat modeling, not traditional controls applied to AI deployments. MITRE ATLAS maps these attacks in detail. OWASP's LLM Top 10 is a good starting list: https://lnkd.in/g3ZRuZNq Drop a comment and let me know which of these three attack categories you need more to learn more about! #AIGovernance #AIRisk #Cybersecurity #GRC #AI

Yesterday, I laid out the threat of the "Echo Chamber" attack—a stealthy method of turning an LLM's own reasoning against itself to induce a state of localized model collapse. As promised, the deep(er) dive is here. Static defenses can't stop an attack that never trips the alarm. This new class of semantic exploits requires a new class of active, intelligent defense. In this full technical report, I deconstruct the attack vector and detail a multi-layered security strategy that can not only block these threats but learn from them. We'll go beyond simple filters and explore: ► The Semantic Firewall: A system that monitors the state of a conversation to detect the subtle signs of cognitive manipulation. ► The "Turing Interrogator": A reinforcement learning agent that acts as an automated honeypot, actively engaging and profiling attackers to elicit threat intelligence in real time. ► A system diagram illustrating how these components create a resilient, self-improving security ecosystem. The arms race in adversarial AI is here. It's time to build defenses that can think. #AISecurity #LLMSecurity #RedTeaming #CyberSecurity #ModelCollapse #AdversarialAI

>> Are hidden radios putting our clean-energy assets at risk? ⚠️ According to a recent 𝐑𝐞𝐮𝐭𝐞𝐫𝐬 report, U.S. investigators have found “rogue communication devices”—undocumented cellular radios—inside some Chinese-made solar inverters and batteries, allowing them to punch straight through plant firewalls and potentially shut down or even damage equipment. Source: Reuters, “Ghost in the machine? Rogue communication devices found in Chinese inverters,” 14 May 2025. Link at the end of the post Mike Rogers, a former NSA Director put it plain and simple: “China believes there is value in placing at least some elements of our core infrastructure at risk of destruction or disruption.” 𝐖𝐡𝐲 𝐢𝐭 𝐦𝐚𝐭𝐭𝐞𝐫𝐬 �� Sheer exposure: Chinese firms supply about 70% of global PV inverters and almost 80% of lithium-ion batteries —including much of the PCS hardware that ties BESS to the grid. 🪫Grid vulnerability made real: The Iberian blackout last month reminded us how cascading faults can ripple across interconnected networks. Add a deliberate remote shutdown and the stakes multiply. A bipartisan U.S. bill had already proposes banning federal purchases of Chinese batteries by 2027; utilities and regulators on both sides of the Atlantic are now scrutinising inverter firmware and potentially hidden radios. What do you think - Is the energy industry ignoring real risks to our grid stability or could this be just a misunderstanding - after all, modern inverters are incredibly complex gadgets with layers upon layers of interconnected systems... https://lnkd.in/eFaZc_pK