Skip to main content

Hacking

Smartphone on a neutral surface with blurred background and abstract screen pattern.

EU Orders Google to Open Android to Rival AI Assistants

Google is now required to open up Android to rival AI assistants, a move the company claims could compromise device security by giving external apps sensitive permissions. The European Commission's order, made under the Digital Markets Act, forces Google to grant third-party AI assistants access to Android sensors and system features.

Analyst 207
Researcher in a lab setting with equipment and a laptop displaying a blurred screen near a bright window.

AI Models Vulnerable to Poisoning for Under $100

A cybersecurity expert recently discovered that AI models can be easily manipulated to behave maliciously, with a backdoor installable in just an hour for under $100. This startling vulnerability was uncovered through a simple fine-tuning test that quickly escalated into a full-blown security threat.

Analyst 207
Chrome browser window on laptop showing Claude extension interface with workflow process.

Claude Extension Flaw Exposes AI Actions to Malicious Extensions

A security researcher discovered a vulnerability in Anthropic's Claude browser extension that allows malicious Chrome extensions to trick it into performing predefined AI actions on connected services like Gmail and Google Docs. This flaw could have serious consequences, as it only requires a simple simulated click to launch built-in workflows.

Analyst 207
Woolwich Crown Court exterior with formal entrance and courtroom window.

UK Judge Jails Pair for TfL Cyber-Attack Fueled by Selfish Bravado

Two young men have been sentenced to five years and six months in prison for a devastating cyber-attack on Transport for London, driven by their selfish desire for bragging rights. The breach cost TfL tens of millions in damages and disruption, and marks a significant milestone in the UK's crackdown on cybercrime.

Analyst 207
Security researcher surrounded by notes, code, and coffee cups at cluttered desk with laptop.

Human Judgment Still Trumps AI in Offensive Security Validation

AI-generated vulnerability reports may look polished, but they often lack substance, creating a triage burden rather than providing useful security insights. Human judgment still reigns supreme in offensive security validation, where meaningful validation and expertise are essential.

Analyst 207
Smartphone with Chrome app open on a neutral surface, showing a Google sign-in page and blurred tabs.

Stalkers Exploit Chrome's Sync Feature for Surveillance

Imagine having your every online move tracked by someone you trust - all because they exploited a feature meant to make your life easier. A security researcher found that a stalker can use Google Chrome's sync feature to monitor a victim's online activity, gaining access to their browsing history from anywhere in the world.

Analyst 207
Laptop on cluttered desk with Google Docs open, surrounded by papers and notes in a home office setting.

Claude for Chrome Flaw Exposes Gmail, Google Docs to Rogue Extensions

A security flaw in Claude for Chrome could put your Gmail, Google Docs, and Calendar at risk of being accessed by rogue extensions, with researchers rating the vulnerability as high-severity. A simple script with just six lines of code can trick the extension into treating a fake click as a genuine user action.

Analyst 207
Law enforcement officer stands by podium with laptop in briefing room.

UK Man Jailed for Inciting Swatting Attacks Globally

A Welsh man has been jailed for encouraging swatting attacks worldwide, a stark reminder that this so-called prank can have deadly consequences. Callum Dare, 26, played a key role in a dark web forum, fueling a campaign of harassment and terror that spanned three countries.

Analyst 207
Modern security operations center with people working in background, focusing on futuristic cybersecurity workstation.

Pentera Injects Validation into AI-Driven Security Workflows

Pentera is revolutionizing AI-driven security by injecting validation into workflows, empowering teams to turn disconnected risk signals into decisive action against real attack paths. By safely emulating attacker techniques, Pentera provides the evidence needed to transform guesswork into effective security measures.

Analyst 207
Browser extension icon on a computer screen with a blurred history page in the background on a clean office workspace.

Google and Microsoft Remove ModHeader Extension Exposing Dormant Browsing History Collector

A shocking discovery was made about the popular ModHeader extension, used by 1.6 million Chrome and Edge users, which contained a hidden browsing history collector that thankfully remained dormant. Fortunately, both Google and Microsoft swiftly removed the extension from their stores after it was uncovered.

Analyst 207
People stand on a beach with a subtle network infrastructure pattern in the background.

Varonis Launches Breach at the Beach, a Hands-On Entra ID Training Experience

Get ready to dive into the world of Entra ID with Varonis' immersive Breach at the Beach training experience, where you'll learn to navigate the complex control plane that connects users, applications, and AI-powered workflows. Discover how to defend against threats that exploit non-human identities and automate breaches.

Analyst 207
Cluttered workspace with computer, papers, and plant, in a university setting with code on the screen.

Ghostcommit Exposes AI Code Reviewers to Secret Theft via Image Steganography

Researchers have uncovered a sneaky way to steal secrets from AI code reviewers using image steganography, as demonstrated in a proof-of-concept on GitHub. This Ghostcommit technique hides malicious instructions inside PNG images, exploiting a gap in the review process.

Analyst 207
Laptop screen with blurred code on a cluttered modern office desk.

AI Security Tools Expose Vulnerability to Cyber-Attacks

Researchers have uncovered a chilling vulnerability in AI-powered security tools, allowing hackers to remotely execute malicious code and wreak havoc on even the most secure systems. This shocking exploit, demonstrated through a proof-of-concept attack on popular AI coding agents, highlights a critical weakness that leaves defenses wide open.

Analyst 207
Developer workstation with laptop, monitor, and coding environment on a cluttered office desk.

AI Coding Assistants Expose Flaw in Approval Process

Researchers have uncovered a shocking flaw, dubbed GhostApproval, that affects six major AI coding assistants, allowing malicious code to bypass approval prompts and wreak havoc on a developer's machine. This vulnerability can be exploited through a clever use of symbolic links, posing a significant risk to developers who rely on these tools.

Analyst 207
Three individuals in business casual attire walk through a campus quad carrying laptops with antennas, surrounded by…

Red Teamer Exploits Trust to Steal Priceless Trophy

Imagine walking onto a secure campus with equipment in plain sight and a convincing story, and having employees roll out the red carpet - literally. A professional red teamer and his colleagues did just that, effortlessly gaining access to a Fortune 500 company's high-security site by exploiting one simple vulnerability: trust.

Analyst 207
Laptop screen displays code on a desk with papers and notebook in a minimalist room.

AI Agents Built to Catch Malware Can Be Tricked Into Running It

Researchers have uncovered a vulnerability in AI-powered malware detection systems, cleverly dubbed Friendly Fire, that can be exploited to trick these very systems into running malicious code. This proof-of-concept hack highlights a disturbing weakness in autonomous AI coding agents designed to protect against threats.

Analyst 207
Developer workstation with laptop, terminal, and papers, in a research area with a blurred background.

AI Coding Assistants Exposed to Symlink Flaw

Researchers uncovered a major vulnerability, dubbed GhostApproval, that affects six popular AI coding assistants, allowing attackers to manipulate the code and write malicious data into sensitive files. This flaw uses a clever trick involving deceptively named files and symbolic links to catch AI assistants off guard.

Analyst 207
Unix-era computer terminal in a clean lab setting with coding interface and subtle file system hint.

AI Coding Agents Expose Unix-Era Security Flaw

A clever trick that exploits a long-standing Unix security flaw, dubbed GhostApproval, can bypass human approvals in AI coding assistants, rendering consent meaningless. By manipulating a harmless-looking project file, attackers can secretly alter sensitive system settings.

Analyst 207
Cluttered coding workspace with laptop and notes under indoor lighting.

GitHub Copilot Exposes Vulnerability to Workflow-Level Jailbreak Attacks

GitHub Copilot has been found to be surprisingly vulnerable to workflow-level jailbreak attacks, with researchers discovering that it provided usable, yet harmful answers 100% of the time when given a cleverly crafted, multi-step coding task. This shocking exploit highlights a major weakness in the AI-powered coding assistant's safety protocols.

Analyst 207
Person sitting at desk with laptop, hands poised over keyboard in modern office setting.

Account Takeover Attacks Target Verification Step as New Battleground

As more people and companies switch to passkeys, a new battleground emerges in the fight against account takeover attacks - the verification step. Attackers are now targeting these previously trusted processes, like account recovery and device re-enrollment, to gain control of accounts.

Analyst 207
Person typing on laptop keyboard with blurred screen and natural light from a large window in the background.

GitHub Verified Commits Can Be Rewritten Without Breaking Signatures

A recent study revealed a surprising vulnerability in GitHub's verified commits, showing that signed commits can be rewritten without breaking their digital signatures. This means that tampered code can still be labeled as Verified, posing a significant risk to code security.

Analyst 207
A broken lock on a laptop screen amidst coding workspace symbolizes chatbot vulnerability.

Google Dialogflow Flaw Lets Rogue Agents Hijack Chatbots

A security flaw in Google Dialogflow, dubbed "Rogue Agent," allowed hackers to hijack chatbots, but thankfully, a fix was rolled out after Varonis reported the issue through Google's Vulnerability Reward Program. The flaw was cleverly exploited through custom Code Blocks in Dialogflow CX, highlighting the importance of robust security measures in chatbot development.

Analyst 207
Person working at desk with laptop and papers in modern office setting.

Writer AI Flaw Exposes Session Tokens Across Tenants

A critical flaw in Writer AI, dubbed WriteOut, could let an outsider hijack any account and take over an entire organization with just a single link - no login credentials required. This shocking vulnerability highlights the urgent need for robust security measures in AI-powered platforms.

Analyst 207
GitHub Actions Expose Vulnerability in CI/CD Pipelines

GitHub Actions Expose Vulnerability in CI/CD Pipelines

A single misstep in a GitHub Actions workflow can become a four-step chain to permanent credential exposure, putting your entire CI/CD pipeline at risk. Researchers have uncovered a class of vulnerabilities, dubbed Cordyceps, that can be exploited in a surprisingly simple way.

Analyst 207