Longtime Slashdot reader Gadi Evron writes: Bruce Schneier and Barath Raghavan say agentic AI is already broken at the core. In their IEEE Security & Privacy essay, they argue that AI agents run on untrusted data, use unverified tools, and make decisions in hostile environments. Every part of the OODA loop (observe, orient, decide, act) is open to attack. Prompt injection, data poisoning, and tool misuse corrupt the system from the inside. The model's strength, treating all input as equal, also makes it exploitable. They call this the AI security trilemma: fast, smart, or secure. Pick two. Integrity isn't a feature you bolt on later. It has to be built in from the start. "Computer security has evolved over the decades," the authors wrote. "We addressed availability despite failures through replication and decentralization. We addressed confidentiality despite breaches using authenticated encryption. Now we need to address integrity despite corruption."

"Trustworthy AI agents require integrity because we can't build reliable systems on unreliable foundations. The question isn't whether we can add integrity to AI but whether the architecture permits integrity at all."

Researchers at UC San Diego and the University of Maryland have found that roughly half of geostationary satellite signals transmit sensitive data without encryption. The team spent three years using an $800 satellite receiver on a university rooftop in San Diego to intercept communications from satellites visible from their location. They collected phone calls and text messages from more than 2,700 T-Mobile users in just nine hours of recording.

The researchers also obtained data from airline passengers using in-flight Wi-Fi, communications from electric utilities and offshore oil and gas platforms, and US and Mexican military communications that revealed personnel locations and equipment details. The exposed data resulted from telecommunications companies using satellites to relay signals from remote cell towers to their core networks.

The researchers examined only about 15% of global satellite transponder communications and presented their findings at an Association for Computing Machinery conference in Taiwan this week. Most companies warned by the researchers have encrypted their satellite transmissions, but some US critical infrastructure owners have not yet added encryption.

Cryptologist/CS professor Daniel J. Bernstein is alleging that America's National Security Agency is attempting to influence NIST post-quantum cryptography standards.

Bernstein first emphasizes that it's normal for post-quantum cryptography (or "PQ") to be part of "hybrid" security that also includes traditional pre-quantum cryptography. (Bernstein says this is important because since 2016, "We've seen many breaks of post-quantum proposals...")

"The problem in a nutshell. Surveillance agency NSA and its [UK counterpart] GCHQ are trying to have standards-development organizations endorse weakening [pre-quantum] ECC+PQ down to just PQ." Part of this is that NSA and GCHQ have been endlessly repeating arguments that this weakening is a good thing... I'm instead looking at how easy it is for NSA to simply spend money to corrupt the standardization process.... The massive U.S. military budget now publicly requires cryptographic "components" to have NSA approval... In June 2024, NSA's William Layton wrote that "we do not anticipate supporting hybrid in national security systems"...

[Later a Cisco employee wrote of selling non-hybrid cryptography to a significant customer, "that's what they're willing to buy. Hence, Cisco will implement it".]

What do you do with your control over the U.S. military budget? That's another opportunity to "shape the worldwide commercial cryptography marketplace". You can tell people that you won't authorize purchasing double encryption. You can even follow through on having the military publicly purchase single encryption. Meanwhile you quietly spend a negligible amount of money on an independent encryption layer to protect the data that you care about, so you're actually using double encryption.
This seems to be a speculative scenario. But Bernstein is also concerned about how the Internet Engineering Task Force handled two drafts specifying post-quantum encryption mechanisms for TLS ("the security layer inside HTTPS and inside various other protocols"). For a draft suggesting "non-hybrid" encryption, there were 20 statements of support (plus 2 more only conditionally supporting it), but 7 more statements unequivocally opposing adoption, including one from Bernstein. The IETF has at times said they aim for "rough consensus" — or for "broad consensus" — but Bernstein insists 7 opposers in a field of 29 (24.13%) can't be said to match the legal definition of consensus (which is "general agreement"). "I've filed a formal complaint regarding the claim of consensus to adopt."

He's also written a second blog post analyzing the IETF's decision-making process in detail. "It's already bad that the IETF TLS working group adopted non-hybrid post-quantum encryption without official answers to the objections that were raised. It's much worse if the objections can't be raised in the first place."

Thanks to alanw (Slashdot reader #1,822) for spotting the blog posts.

An anonymous reader quotes a report from CSO Online: On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to "less than five percent" of its customers. Now, the firewall provider has admitted that "all customers" using the MySonicWall cloud backup feature were affected. According to the company, the stolen files contain encrypted credentials and configuration data. "[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns in its press release.

Security specialist Arctic Wolf also warns of the consequences of the incident. "Firewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization's network," explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf. "These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates," he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks. SonicWall urges all customers and partners to regularly check their devices for updates. Admins can find additional information here.

prisoninmate shares a report from 9to5Linux: Dubbed Questing Quokka, Ubuntu 25.10 is powered by the latest and greatest Linux 6.17 kernel series for top-notch hardware support and ships with the latest GNOME 49 desktop environment, defaulting to a Wayland-only session for the Ubuntu Desktop flavor, meaning there's no other session to choose from the login screen. Ubuntu Desktop also ships with two new apps, namely GNOME's Loupe instead of Eye of GNOME as the default image viewer, as well as Ptyxis instead of GNOME Terminal as the default terminal emulator. Also, there's a new update notification that will be shown with options to open Software Updater or install updates directly.'

Other highlights of Ubuntu 25.10 include sudo-rs as the default implementation of sudo, Dracut as the default initramfs-tools, Chrony as the default NTP (Network Time Protocol) client, Rust Coreutils as the default implementation of GNU Core Utilities, and TPM-backed FDE (Full Disk Encryption) recovery key management. Moreover, Ubuntu 25.10 adds NVIDIA Dynamic Boost support and enables suspend-resume support in the proprietary NVIDIA graphics driver to prevent corruption and freezes when waking an NVIDIA desktop. For Intel users, Ubuntu 25.10 introduces support for new Intel integrated and discrete GPUs. Ubuntu 25.10 is available for download here.

An anonymous reader shares a report: A website set up by an unknown Dane over the course of one weekend in August is giving a massive headache to those trying to pass a European bill aimed at stopping child sexual abuse material from spreading online.

The website, called Fight Chat Control, was set up by Joachim, a 30-year-old software engineer living in Aalborg, Denmark. He made it after learning of a new attempt to approve a European Union proposal to fight child sexual abuse material (CSAM) -- a bill seen by privacy activists as breaking encryption and leading to mass surveillance.

The site lets visitors compile a mass email warning about the bill and send it to national government officials, members of the European Parliament and others with ease. Since launching, it has broken the inboxes of MEPs and caused a stir in Brussels' corridors of power. "We are getting hundreds per day about it," said Evin Incir, a Swedish Socialists and Democrats MEP, of the email deluge.

BrianFagioli shares a report from NERDS.xyz: Signal has introduced the Sparse Post Quantum Ratchet (SPQR), a new upgrade to its encryption protocol that mixes quantum safe cryptography into its existing Double Ratchet. The result, which Signal calls the Triple Ratchet, makes it much harder for even future quantum computers to break private chats. The change happens silently in the background, meaning users do not need to do anything, but once fully rolled out it will make harvested messages useless even to adversaries with quantum power.

The company worked with researchers and used formal verification tools to prove the new protocol's security. Signal says the upgrade preserves its guarantees of forward secrecy and post compromise security while adding protection against harvest now, decrypt later attacks. The move raises a bigger question: will this be enough when large scale quantum computers arrive, or will secure messaging need to evolve yet again?

Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.

Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.

The UK government has issued a new order to Apple to create a backdoor into its cloud storage service, this time targeting only British users' data, despite US claims that Britain had abandoned all attempts to break the tech giant's encryption. Financial Times: The UK Home Office demanded in early September that Apple create a means to allow officials access to encrypted cloud backups, but stipulated that the order applied only to British citizens' data, according to people briefed on the matter.

A previous technical capability notice (TCN) issued in January sought global access to encrypted user data. That move sparked a diplomatic clash between the UK and US governments and threatened to derail the two nations' efforts to secure a trade agreement.

In February, Apple withdrew its most secure cloud storage service, iCloud Advanced Data Protection, from the UK. "Apple is still unable to offer Advanced Data Protection in the United Kingdom to new users," Apple said on Wednesday. "We are gravely disappointed that the protections provided by ADP are not available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy." It added: "As we have said many times before, we have never built a back door or master key to any of our products or services and we never will."

"Swiss voters have backed plans for electronic identity cards by a wafer-thin margin," reports the Guardian, "in the second nationwide vote on the issue." In a referendum on Sunday, 50.4% of voters supported an electronic ID card, while 49.6% were against, confounding pollsters who had forecast stronger support for the "yes" vote. Turnout was 49.55%, higher than expected... [V]oters rejected an earlier version of the e-ID in 2021, largely over objections to the role of private companies in the system. In response to these concerns, the Swiss state will now provide the e-ID, which will be optional and free of charge... To ensure security the e-ID is linked to a single smartphone, users will have to get a new e-ID if they change their device... An ID card containing biometric data — fingerprints — will be available from the end of next year.

Critics of the e-ID scheme raised data protection concerns and said it opened the door to mass surveillance. They also fear the voluntary scheme will become mandatory and disadvantage people without smartphones. The referendum was called after a coalition of rightwing and data-privacy parties collected more than 50,000 signatures against e-ID cards, triggering the vote.
"To further ease privacy concerns, a particular authority seeking information on a person — such as proof of age or nationality, for example — will only be able to check for those specific details," notes the BBC: Supporters of the Swiss system say it will make life much easier for everyone, allowing a range of bureaucratic procedures — from getting a telephone contract to proving you are old enough to buy a bottle of wine — to happen quickly online. Opponents of digital ID cards, who gathered enough signatures to force another referendum on the issue, argue that the measure could still undermine individual privacy. They also fear that, despite the new restrictions on how data is collected and stored, it could still be used to track people and for marketing purposes.
The BBC adds that the UK government also announced plans earlier this week to introduce its own digital ID, "which would be mandatory for employment. The proposed British digital ID would have fewer intended uses than the Swiss version, but has still raised concerns about privacy and data security."

The Guardian reports: The referendum came soon after the UK government announced plans for a digital ID card, which would sit in the digital wallets of smartphones, using state-of-the-art encryption. More than 1.6 million people have signed a petition opposing e-ID cards, which would be mandatory for people working in the UK by 2029.
Thanks to long-time Slashdot reader schwit1 for sharing the news.

Friday the security researchers at Arctic Wolf Labs wrote: In late July 2025, Arctic Wolf Labs began observing a surge of intrusions involving suspicious SonicWall SSL VPN activity. Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira ransomware. Victims spanned across multiple sectors and organization sizes, suggesting opportunistic mass exploitation.

This campaign has recently escalated, with new infrastructure linked to it observed as late as September 20, 2025.
More from Cybersecurity News: SonicWall has linked these malicious logins to CVE-2024-40766, an improper access control vulnerability disclosed in 2024. The working theory is that threat actors harvested credentials from devices that were previously vulnerable and are now using them in this campaign, even if the devices have since been patched. This explains why fully patched devices have been compromised, a fact that initially led to speculation about a potential zero-day exploit.

Once inside a network, the attackers operate with remarkable speed. The time from initial access to ransomware deployment, known as "dwell time," is often measured in hours, with some intrusions taking as little as 55 minutes, Arctic Wolf said. This extremely short window for response makes early detection critical.
"Threat actors in the present campaign successfully authenticated against accounts with the one-time password (OTP) MFA feature enabled..." notes Artic Wolf Labs: The threats described in this campaign demand early detection and a rapid response to avoid catastrophic impact to organizations. To facilitate this process, we recommend monitoring for VPN logins originating from untrusted hosting infrastructure. Equally important is ensuring visibility into internal networks, since lateral movement and ransomware encryption can occur within hours or even minutes of initial access. Monitoring for anomalous SMB activity indicative of Impacket use provides an additional early detection opportunity.

When firewalls are confirmed to be running firmware versions vulnerable to credential access or full configuration export, patching alone is not enough. In such situations, credentials must be reset wherever possible, including MFA-related secrets that might otherwise be thought of as secure, and Active Directory credentials with VPN access. These considerations are best practices that apply regardless of which firewall products are in use.
Thanks to Slashdot reader Mirnotoriety for suggesting this story.

The Swiss government could soon require service providers with more than 5,000 users to collect government-issued identification, retain subscriber data for six months and, in many cases, disable encryption. From a report: The proposal, which is not subject to parliamentary approval, has alarmed privacy and digital-freedoms advocates worldwide because of how it will destroy anonymity online, including for people located outside of Switzerland. A large number of virtual private network (VPN) companies and other privacy-preserving firms are headquartered in the country because it has historically had liberal digital privacy laws alongside its famously discreet banking ecosystem.

Proton, which offers secure and end-to-end encrypted email along with an ultra-private VPN and cloud storage, announced on July 23 that it is moving most of its physical infrastructure out of Switzerland due to the proposed law. The company is investing more than $117 million in the European Union, the announcement said, and plans to help develop a "sovereign EuroStack for the future of our home continent." Switzerland is not a member of the EU. Proton said the decision was prompted by the Swiss government's attempt to "introduce mass surveillance."

US Senator Ron Wyden says glaring cybersecurity flaws by Microsoft enabled a ransomware attack on a US hospital system and has called on the Federal Trade Commission to investigate. Bloomberg: In a letter sent Wednesday to FTC Chairman Andrew Ferguson, the Oregon Democrat accused Microsoft of "gross cybersecurity negligence," which he said had resulted in ransomware attacks against US critical infrastructure.

The senator cited the case of the 2024 breach at Ascension, one of the nation's largest nonprofit health systems. The intrusion shut down computers at many of Ascension's hospitals, leading to suspended surgeries and the theft of sensitive data on more than 5 million patients. Wyden said an investigation by his office found that the Ascension hack began after a contractor carried out a search using Microsoft's Bing search engine and was served a malicious link, which led to the contractor inadvertently downloading malware. That allowed hackers access to Ascension's computer networks.

According to Wyden, the attackers then gained access to privileged accounts by exploiting an insecure encryption technology called RC4, which is supported by default on Windows computers. The hacking method is called Kerberoasting, which the company described as a type of cyberattack in which intruders aim to gather passwords by targeting an authentication protocol called Kerberos.

A newly published Investigatory Powers Tribunal filing indicates the UK government's Technical Capability Notice to Apple went beyond the company's Advanced Data Protection encryption to include standard iCloud services used by millions [non-paywalled source]. The document states the UK Home Office order "is not limited to" ADP data and applies "globally in respect of the relevant data categories of all iCloud users."

The filing emerged days after Trump administration officials claimed the UK had agreed to drop efforts targeting American citizens' data. Apple launched its legal challenge in March after receiving the TCN, which the company cannot discuss publicly under the Investigatory Powers Act. The tribunal scheduled a hearing for early next year. Apple withdrew ADP from UK customers in February.

Police Scotland and the Scottish Police Authority (SPA) are pressing ahead with a Microsoft Office 365 rollout despite Microsoft refusing to disclose where sensitive law enforcement data will be processed. Freedom of Information documents reveal that Microsoft cannot guarantee data sovereignty, may process data in "hostile" jurisdictions, retains encryption key control, and blocks vetting of overseas staff -- all leaving the force unable to comply with strict Part 3 data protection rules. Slashdot reader Mirnotoriety shares an excerpt from a Computer Weekly article: "MS is unable to specify what data originating from SPA will be processed outside the UK for support functions," said the SPA in a detailed data protection impact assessment (DPIA) created for its use of O365. "To try and mitigate this risk, SPA asked to see ... [the transfer risk assessments] for the countries used by MS where there is no [data] adequacy. MS declined to provide the assessments." The SPA DPIA also confirms that, on top of refusing to provide key information, Microsoft itself has told the police watchdog it is unable to guarantee the sovereignty of policing data held and processed within its O365 infrastructure.

"Microsoft states in their own risk factors that O365 is not designed for processing the data that will be ingested by SPA," said the DPIA, adding that while the system can be configured in ways that would allow the processing of "high-value" policing data, "that bar is high." It further added that while Microsoft previously agreed to make a number of changes to the data processing addendum (DPAdd) being used for Police Scotland's Azure-based Digital Evidence Sharing Capability (DESC) -- the nature of which is still unclear -- Microsoft has advised that "O365 operates in a completely different manner and there is currently no way to guarantee data sovereignty." It further noted that while a similar "ancillary document, like that provided ... via the DESC project" could afford "some level of assurance" for international transfers generally, it would still fall short of Part 3 requirements to set out exactly which types of data are processed and how.

The Document Foundation, which operates the popular open source productivity suite LibreOffice, is positioning the suite's newest release, v25.8, as a strategic asset for digital sovereignty, targeting governments and enterprises seeking independence from foreign software vendors and cloud infrastructure.

The Document Foundation released the update last week with zero telemetry architecture, full offline capability, and OpenPGP encryption for documents, directly addressing national security concerns about extraterritorial surveillance and software backdoors. The suite requires no internet access for any features and maintains complete transparency through open source code that governments can audit. Government bodies in Germany, Denmark, and France, alongside national ministries in Italy and Brazil, have deployed LibreOffice to meet GDPR compliance, national procurement laws, and IT localization mandates while eliminating unpredictable licensing costs from proprietary vendors.

"It's time to own your documents, own your infrastructure, and own your future," the foundation wrote in a blog post.

The Federal Trade Commission is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms. From a report: FTC Chairman Andrew N. Ferguson signed the letter sent to large American companies like Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X (Twitter). Ferguson stresses that weakening data security at the request of foreign governments, especially if they don't alert users about it, would constitute a violation of the FTC Act and expose companies to legal consequences.

Ferguson's letter specifically cites foreign laws such as the EU's Digital Services Act and the UK's Online Safety and Investigatory Powers Acts. Earlier this year, Apple was forced to remove support for iCloud end-to-end encryption in the United Kingdom rather than give in to demands to add a backdoor for the government to access encrypted accounts. The UK's demand would have weakened Apple's encryption globally, but it was retracted last week following U.S. diplomatic pressure.

The UK government has agreed to withdraw its order requiring Apple to create backdoor access to encrypted iCloud data following intervention from the Trump administration. Vice President JD Vance negotiated the agreement during his recent UK holiday after the January order issued under the UK Investigatory Powers Act prompted Apple to pull its iCloud Advanced Data Protection service from Britain in February. Director of National Intelligence Tulsi Gabbard said the UK agreed to drop demands for access to "the protected encrypted data of American citizens." Apple had filed a complaint with the Investigatory Powers Tribunal scheduled for hearing early next year.

Proton has begun relocating infrastructure outside Switzerland ahead of proposed surveillance legislation requiring VPNs and messaging services with over 5,000 users to identify customers and retain data for six months.

The company's AI chatbot Lumo became the first product hosted on German servers rather than Swiss infrastructure. CEO Andy Yen confirmed the decision and a spokesperson told TechRadar that the company isn't fully exiting Switzerland.

In a blog post about the launch of Lumo last month, Proton's Head of Anti-Abuse and Account Security, Eamonn Maguire, explained that the company had decided to invest outside Switzerland for fear of the looming legal changes. He wrote: "Because of legal uncertainty around Swiss government proposals to introduce mass surveillance -- proposals that have been outlawed in the EU -- Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move."

The proposed amendments to Switzerland's Ordinance on the Surveillance of Correspondence by Post and Telecommunications would also mandate decryption capabilities for providers holding encryption keys. Proton is developing additional facilities in Norway.

An anonymous reader quotes a report from SecurityWeek: Two different firms have tested the newly released GPT-5, and both find its security sadly lacking. After Grok-4 fell to a jailbreak in two days, GPT-5 fell in 24 hours to the same researchers. Separately, but almost simultaneously, red teamers from SPLX (formerly known as SplxAI) declare, "GPT-5's raw model is nearly unusable for enterprise out of the box. Even OpenAI's internal prompt layer leaves significant gaps, especially in Business Alignment."

NeuralTrust's jailbreak employed a combination of its own EchoChamber jailbreak and basic storytelling. "The attack successfully guided the new model to produce a step-by-step manual for creating a Molotov cocktail," claims the firm. The success in doing so highlights the difficulty all AI models have in providing guardrails against context manipulation. [...] "In controlled trials against gpt-5-chat," concludes NeuralTrust, "we successfully jailbroke the LLM, guiding it to produce illicit instructions without ever issuing a single overtly malicious prompt. This proof-of-concept exposes a critical flaw in safety systems that screen prompts in isolation, revealing how multi-turn attacks can slip past single-prompt filters and intent detectors by leveraging the full conversational context."

While NeuralTrust was developing its jailbreak designed to obtain instructions, and succeeding, on how to create a Molotov cocktail (a common test to prove a jailbreak), SPLX was aiming its own red teamers at GPT-5. The results are just as concerning, suggesting the raw model is 'nearly unusable'. SPLX notes that obfuscation attacks still work. "One of the most effective techniques we used was a StringJoin Obfuscation Attack, inserting hyphens between every character and wrapping the prompt in a fake encryption challenge." [...] The red teamers went on to benchmark GPT-5 against GPT-4o. Perhaps unsurprisingly, it concludes: "GPT-4o remains the most robust model under SPLX's red teaming, especially when hardened." The key takeaway from both NeuralTrust and SPLX is to approach the current and raw GPT-5 with extreme caution.