Dark mode: ON

Infosec Decoded Season 5 #32: Multivitamins

With Doug Spindler and sambowne@infosec.exchange

Recorded Fri, Apr 25, 2025

Politics

Norway launches scheme to lure top researchers away from US universities

Following in the footsteps of multiple institutions across Europe, the Research Council of Norway on Wednesday launched a 100m kroner (£7.2m) fund to make it easier to recruit researchers from other countries.

NSF director resigns amid 55% budget cut, mass layoffs from Trump admin

Earlier this month, the NSF announced that it would be canceling active grants totaling up to $1 billion in scientific research funding. The reason given was that the research the grants funded was no longer a priority for the agency. They appear to include research focused on environmental justice, the spread of misinformation, and fostering diversity in the scientific community. The New York Times reported earlier this week that it had tallied more than 400 active NSF grants that have been terminated so far.

Trump Advisor Suggests Deportation Critics Are Breaking The Law By ‘Aiding And Abetting’ Terrorism

Trump to target ActBlue in presidential memorandum

US federal agency texts Barnard College employees to ask if they’re Jewish

Donald Trump Is Tanking One of America’s Greatest Exports in the Middle of a Trade War

The United States exports more than $44 billion per year in education and accompanying services. Most people, and perhaps the president, don’t think of education as an “export,” because we don’t ship it abroad like corn or transmit it digitally like computer software. Instead, foreigners come to the United States to purchase education from us and then take it home with them.

Federal Prosecutor Fires Off Letter To Medical Journals Asking About Their Policies On ‘Competing Viewpoints’

The letter is full of phrases that make it clear at least one federal prosecutor is interested in deterring scientific rebuttals to the parade of horrors that will be emanating from RFK Jr.’s Dept. of Health and Humans Services over the next few years.

Infosec

Ripple's recommended XRP library xrpl.js hacked to steal wallets

The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets. The malicious code appears to have been added by a developer account associated with the Ripple organization, likely through compromised credentials.

Hacking US crosswalks to talk like Zuck is as easy as 1234

The hacked crosswalks all appear to come from a common source: Polara, America's leading manufacturer of pedestrian signal systems. They can be managed using the Polara Field Service app, which until recently was freely available on both the Google Play and Apple App Store. An attacker can connect to a nearby crosswalk system via Bluetooth, and the defauilt passcode is 1234.

Hackers abuse Zoom remote control feature for crypto-theft attacks

A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. After changing their screen name to "Zoom", the permission request says "Zoom is requesting remote control of your screen", very similar to normal permission boxes Zoom pops up in normal use, making it likely that the target will click "Approve."

CVE-2025-27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide

Tightening the math behind a key quantum process: entanglement distillation

How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed

‘You Can’t Lick a Badger Twice’: Google Failures Highlight a Fundamental AI Flaw

Google’s AI Overviews feature credible-sounding explanations for completely made-up idioms.

One Prompt Can Bypass Every Major LLM’s Safeguards

Their team has uncovered what they’re calling a universal, transferable bypass technique that can manipulate nearly every major LLM—regardless of vendor, architecture or training pipeline. The method, dubbed “Policy Puppetry,” is a deceptively simple but highly effective form of prompt injection that reframes malicious intent in the language of system configuration, allowing it to circumvent traditional alignment safeguards. Prompts are framed as scenes from television dramas—like House M.D.—in which characters explain, in detail, how to create anthrax spores or enrich uranium. Perhaps even more troubling is the technique’s capacity to extract system prompts—the core instruction sets that govern how an LLM behaves.

The supplement that really can improve your brain health

Multivitamins showed consistent and highly significant benefits for slowing age-related memory loss and global cognitive decline. The benefits translated into slowing cognitive ageing by more than 50 per cent overall.