Skip to content
View in the app

A better way to browse. Learn more.

Baseops Forums

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

That Cyber Thread

Featured Replies

  • Author

AI needs to do the DoD Cybersecurity training...


BLUF: A newly discovered AI (Artificial Intelligence) prompt injection exploit can bypass critical safeguards in AI-driven systems, as demonstrated in a proof-of-concept (PoC) attack on Anthropic's Claude and exacerbated by vulnerabilities in platforms like DeepSeek. This exploit allows for autonomous malware download and execution, posing significant threats to organizations using AI in security-sensitive workflows, with the potential for malware infections, data breaches, supply chain compromises via weaponized dependencies, like poisoned datasets, and exploitation of AI service vulnerabilities.


A PoC attack demonstrated that AI systems can be successfully manipulated via hidden instructions embedded in web pages. In this attack, the AI was tricked into downloading and running malware disguised as a support tool, which ultimately compromised the entire computer system. Meanwhile, service vulnerabilities like those in DeepSeek’s design amplify risks: Its iOS app transmits unencrypted user data and uses hardcoded encryption keys, enabling man-in-the-middle attacks if compromised via prompt injection or direct exploitation. Cybercriminals can hide malicious commands in web pages or documents that AI systems process, manipulating AI bots into performing these commands as legitimate tasks, such as downloading tools or modifying system settings. Once the AI executes the command, malware is deployed, allowing attackers to take control of the system and steal data. Since the AI believes it is following valid instructions, it bypasses traditional security measures.  


This vulnerability exposes organizations using AI in security-sensitive workflows to significant threats, including malware infections, data breaches, supply chain attacks via compromised AI model dependencies, and reputational harm. DeepSeek’s open-source model compounds these dangers: If integrated into autonomous AI agents, attackers could weaponize systems to exfiltrate data or modify security settings, mirroring the Claude PoC attack. For instance, an AI tool with access to customer data or financial systems could be manipulated into leaking sensitive information or approving fraudulent transactions after being compromised.  


Additionally, insecure AI supply chains, such as untrusted model repositories or vulnerable dependencies (insecure PyTorch/Pickle modules), could allow attackers to inject malicious code during model training or deployment. Further complicating governance, DeepSeek stores user data in China under government jurisdiction allowing access without consent, creating regulatory risks for global enterprises. This not only jeopardizes security but also undermines customer trust and can lead to financial losses, regulatory penalties, and reputational damages.

 

  • 3 months later...
  • Replies 308
  • Views 137.4k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Hey gents, thanks for keeping this one alive. I retired, got a contract job, got blackballed, filed a FWA complaint and am now 100% doing they cybers on the outside. Somehow lost the password to here

  • ClearedHot
    ClearedHot

    A few points to ponder: 1.  It is NOT a foregone conclusion that the Russians hacked anything.  Shockingly the mainstream media is starting to push back on the administration narrative that it wa

  • Well,   It's been awhile since I've posted in here with the latest happenings from the cyber front.   Since the last time AFSPC finally gave up it's choke hold on cyber ops and it moved over

Posted Images

Over the years, I’ve seen numerous discussions here about the potential impact of Cyber on warfighters, the threat posed by China, and what the AF and DoD should do.

i highly recommend anyone interested in the current focus on 2027 and beyond should listen to a podcast called “To Catch a Thief.” There are 9 episodes and it is well worth listening to, especially if you have more than a 20 minute drive to/from work. If you can’t muster that much attention span, just listen to the last episode. Nicole Perleroth worked for the NYT, and reminds mo of the stories of a conservative being “a liberal who got robbed.”  
check it out, you should be able to use it for PME credit or CEUs if you have any computer certification.

https://podcasts.apple.com/us/podcast/to-catch-a-thief-chinas-rise-to-cyber-supremacy/id1798267956

  • 5 months later...
  • Author

Lots is happening on the gov't side as related to cybersecurity and IMO none of it is good. I can't speak to DoD anymore, so I won't focus on that.

On the civ side the overall focus from the administration seems to be that cyber not a national strategy concern. They've de-funded or cancelled many of the coordination groups (ISAC's) between gov't, business and local leaders. ISACs now require a fee to participate, if they're continued at all.

The FCC just rolled back the cybersecurity standards that were proposed in the wake of the Salt Typhoon hack that popped a ton of US telco's (and those around the world). The rule required -

  • Create and implement cybersecurity risk-management plans

  • Submit annual FCC certifications proving they were doing so

  • Treat general network cybersecurity as a legal obligation

Since retiring I have done Incident Response for everything from a local school board, city governments, state agencies, and businesses from non-profits to multi-billion dollar, world wide critical manufacturing organizations. I wish I could completely articulate the complete shit show that most of these organizations are when it comes to cybersecurity, especially the bigger ones.

They only care about 2 things - what is the minimum amount of security to show legally (customer lawsuit) we did due diligence and what does the gov't require us to do? The fines are not high enough and counted as "the cost of doing business" (re: Facebook fines) and they lobby actively to have a "self evaluation" standard for regulations. We all know how that goes.

The fact that these companies successfully said making a risk management plan is "too hard" really tells me all I need to know. Step one of incident response (and I'd assume anything critical) is "have a plan." The telco's said, "no." Big business basically says no, unless they're a bank. Don't even ask me about the health care sector, you'd think $10K HIPPA fines per instance would be a forcing function. It's not.

  • 6 months later...
  • Author

New studies coming out about building out a Cyber Force. Still working through it, this was an interesting article about it - https://defensescoop.com/2026/06/05/a-cyber-force-without-enlisted-new-report-poses-model-for-standalone-military-cyber-organization/

Of note is they're leading with a Officer, Warrant, Civ and no enlisted force.

Study - https://csis-website-prod.s3.amazonaws.com/s3fs-public/2026-06/260602_Stiefel_Commission_Cyber.pdf?VersionId=pgsvIgJ5pgEwBl0WCFripVqbQeQ7z7eZ

  • 1 month later...
  • Author

Microsoft caught yet again not informing users about the massive amount of tracking they do. Tracking that 3-letter agencies can use to target any individual using a windows based platform. They, like all tech companies, aren't interested in consumer protections, privacy, or capitalism: fair competition, better product, etc. I'll leave the political rant there, but I will not be using Windows 11 at home.

Once Windows 10 dies (Oct 2027) I'm going to another platform, either Apple or Linux. I have a Apple Air laptop right now and it's just lovely.

Fuck the guy that got caught in this article. He and his crew have caused a lot of turmoil and pain. I'm constantly surprised that this Administration hasn't declared these crews as either terrorist orgs, or as dangers to national security (economic/critical infrastructure).

https://www.windowslatest.com/2026/07/10/you-cant-fully-disable-microsofts-gdid-windows-11-tracker-but-these-settings-limit-what-it-captures/

1 hour ago, 17D_guy said:

Microsoft caught yet again not informing users about the massive amount of tracking they do. Tracking that 3-letter agencies can use to target any individual using a windows based platform. They, like all tech companies, aren't interested in consumer protections, privacy, or capitalism: fair competition, better product, etc. I'll leave the political rant there, but I will not be using Windows 11 at home.

Once Windows 10 dies (Oct 2027) I'm going to another platform, either Apple or Linux. I have a Apple Air laptop right now and it's just lovely.

Fuck the guy that got caught in this article. He and his crew have caused a lot of turmoil and pain. I'm constantly surprised that this Administration hasn't declared these crews as either terrorist orgs, or as dangers to national security (economic/critical infrastructure).

https://www.windowslatest.com/2026/07/10/you-cant-fully-disable-microsofts-gdid-windows-11-tracker-but-these-settings-limit-what-it-captures/

If it wasn't obvious, it should have been.

Windows 8 was the first OS that was clearly and unambiguously designed to benefit Microsoft, not the end user. It's been nothing but the same in years since.

Switched OSs many, many, many years ago at this point and couldn't be happier. No regrets.

Perhaps the biggest crime of all is how embedded Microsoft has become in all layers of our society. Government, primary school, college, business, etc. It's unconscionable that the government uses a single-source end-user OS. Going forward it would be far better if the government mandated that different OS's be used by different agencies to break Microsoft's soft monopoly - ala Burger King vs McDonald's on USAF vs Navy bases.

Edited by ViperMan

  • Author
On 7/11/2026 at 3:03 PM, ViperMan said:

If it wasn't obvious, it should have been.

Windows 8 was the first OS that was clearly and unambiguously designed to benefit Microsoft, not the end user. It's been nothing but the same in years since.

Switched OSs many, many, many years ago at this point and couldn't be happier. No regrets.

Perhaps the biggest crime of all is how embedded Microsoft has become in all layers of our society. Government, primary school, college, business, etc. It's unconscionable that the government uses a single-source end-user OS. Going forward it would be far better if the government mandated that different OS's be used by different agencies to break Microsoft's soft monopoly - ala Burger King vs McDonald's on USAF vs Navy bases.

Concur on all.

Europe is doing exactly what you said and moving away from Microsoft for multiple reasons. They're moving to Linux. Did you go Linux or Apple?

DOD Halts Cybersecurity Requirements for CMMC Phase 2: ‘The math just simply doesn’t math’

The Pentagon placed an immediate freeze on forthcoming cybersecurity requirements after government research suggested the policy would drive many businesses out of the defense industrial base at a time when the U.S. military urgently needs their innovations.

Defense Department Chief Information Officer Kirsten Davies and Under Secretary of Defense for Acquisition and Sustainment Michael Duffey unveiled plans Monday to suspend the much-anticipated Cybersecurity Maturity Model Certification (CMMC) Phase 2 requirements that were set to take effect Nov. 10. A new CMMC Reform Task Force is expected to conduct a review of the entire program and submit a report of its findings and recommendations within the next 60 days.

This major pause comes as contractors have been hustling to obtain third-party assessments of their CMMC compliance in preparation for that near-term enforcement date...

(Full article at title link).

15 hours ago, 17D_guy said:

Concur on all.

Europe is doing exactly what you said and moving away from Microsoft for multiple reasons. They're moving to Linux. Did you go Linux or Apple?

Yeah, that is one of the things I really admire about Europe. Their recent attempts to strip Microsoft from their tech stacks has been admirable.

I went with Linux after having no previous experience with it. Once I saw what Windows 7 was going to become with Windows 8, I was over it. Windows XP and 7 were the last major versions I used on my own hardware (I skipped Vista). Windows 8/10/11(?) seem like they are becoming ever more focused on data extraction from their user base along with migrating literally everything to a SaaS model. On that topic, I understand the need for some software to be run as a service, but the model has been adapted (IMO) to realms where it serves literally no purpose other than to capture user data (for monetization) and/or place utility behind a paywall that was otherwise free or better than the current, modern offerings. See Microsoft Word/Excel/Powerpoint, etc. 99% of computer users have no need for a Windows machine. The old refrain of needing Windows because Linux couldn't run certain software like Adobe, or AutoCAD are now no longer relevant - namely because those products are now paywalled as SaaS which you need to interact with through a web browser! Even the refrain to gaming is no longer relevant as Windows gaming has declined (as I understand), and much of gaming is now done through the web anyway.

10+ years ago I bought a cheap second-hand laptop off of Ebay and installed Linux (https://fedoraproject.org/workstation/). Does all my spreadsheeting, word-processing, internet browsing, etc. Plays all the music I need it to. Whatever. It'd even game if I was in to that. Also, the computer hasn't worn out like Windows machines and Mac phones (computers) seem to strangely do every few years...weird.

As far as Mac goes, that's just a proprietary skin on top of UNIX anyway. Ultimately they're beholden to the same fundamental problem that Microsoft is. Namely that they need to control access to what they see as "their" customer: i.e. they own you, and need to make sure the price to leave (or access you) is high. Hence you can't install whatever software you want, and ultimately you need to interact with the services they provide in the manner they have chosen / designed. What's worse is that most of that is invisible to users.

Create an account or sign in to comment

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.