Skip to main content

Hacking

Close-up of a video cable connected to a monitor with blurred background.

TrojPix Exploits Video Cables to Leak Air-Gapped Data

Meet TrojPix, a sneaky technique that can stealthily siphon air-gapped data at lightning-fast speeds of up to 1 megabyte per second - fast enough to exfiltrate a 100MB file in under two minutes while the monitor appears dark and inactive.

Analyst 207
Browser window with muted notification bar on a computer screen in a quiet indoor setting.

Opera GX Flaw Enables Silent Mod Installs to Steal User Data

Researchers have discovered a security flaw in Opera GX that allows for silent mod installs, potentially putting user data at risk, and surprisingly, this vulnerability can be exploited with just a single page visit. This alarming issue enables malicious mods to be installed without user consent, highlighting a concerning gap in the browser's security.

Analyst 207
Researcher works on laptop in lab while computer screen displays obscured code.

Malicious AI Skills Evade Scanners With Self-Extracting Packing

Researchers have developed a sneaky tool called SKILLCLOAK that can disguise malicious AI skills, making them slip past scanners undetected more than 90% of the time. This unsettling breakthrough challenges the reliability of static AI skill reviews, leaving a gaping hole in security defenses.

Analyst 207
Diverse group gathered around workbench with Flipper Zero device and electronics.

Flipper Zero Firmware Evolves with Community-Driven Model

The Flipper Zero firmware is getting a boost from its vibrant community, with Flipper Devices shifting to a community-driven model to keep up with the demand from over a million users. This change will allow the company to focus on building innovative new devices while still supporting the official firmware.

Analyst 207
Systems administrator looks concerned at computer screen amidst technical equipment.

Error Message Misinterpretation Exposes False Hacking Claim

A simple pause and a couple of words can make all the difference - in this case, changing a supposedly sinister hacking claim into a straightforward hard disk failure. A vice president's misread error message, "General failure reading Drive C:", nearly sparked a security scare before Lee, a quick-thinking sysadmin, got to the bottom of it.

Analyst 207
Laptop connected to external authenticator device in bright office setting.

WebAuthn Integration Breaches Windows RDP Security Gap

Prisma Browser's innovative team successfully integrated WebAuthn redirection into their RDP client, pioneering a secure solution that enables seamless authentication via local devices like YubiKey, Touch ID, or Windows Hello. This game-changing move closed a significant security gap in Windows RDP, paving the way for enhanced remote desktop security.

Analyst 207
Modern office setup with laptop on desk, cityscape through window.

Startup Sues Palo Alto Networks Unit Over AI-Generated Espionage Claims

When a cybersecurity report wrongly labeled MeetingTV a part of a Chinese espionage operation, its CEO knew it was a death sentence - and now the video conferencing startup is fighting back with a lawsuit against Palo Alto Networks and Koi Security. MeetingTV alleges the report, generated by AI, was reckless and falsely accused it of criminal conduct.

Analyst 207
Cluttered workspace with laptop, smartphone, and papers, with blurred screen and urban view outside.

Google Cloud billing dispute escalates over $11,000 hijack charges

Developer Charles Jones was hit with a whopping $11,089.77 in Google Cloud charges after his account was hijacked, despite reporting the compromise and revoking the implicated keys. The unexpected charges, largely linked to Gemini image-generation models, left him stunned as his business doesn't even use such technology.

Analyst 207
Secure tech development environment with workstation, blurred laptop screen, and abstract whiteboard notes.

NCSC Offers Guidance on Thwarting Penetration Testers

Want to make life harder for hackers? The National Cyber Security Centre teamed up with penetration testers to share practical tips on building secure systems from the ground up.

Analyst 207
Maintenance door left ajar in a dimly lit office corridor, with an open and unlocked door handle in the foreground.

Physical Security Lapses Grant Hackers Network Admin Access

Meet Kristopher Johnson and Michael, two expert red teamers who walked into a company's office through an unlocked maintenance door, posing as new IT employees, and gained access to the building by simply offering to help shovel ice. Their easy entry exposed a shocking truth: physical security lapses can give hackers an open invitation to wreak havoc on your network.

Analyst 207
Frustrated infosec professional sits at cluttered desk surrounded by papers and empty coffee cups.

Infosec Pros Ditch Automated Pentesting Tools Amid AI Vulnerability Failures

Infosec pros are ditching automated pentesting tools as they fail to detect AI-driven vulnerabilities, with 78% of practitioners experiencing critical false negatives. Humans are needed to outsmart AI-era flaws that automated scanners miss.

Analyst 207
Smartphone displays AI chatbot interface on a clean, minimalist surface with a laptop in the background.

iOS AI Apps Expose API Keys, Open AI Proxy Access

Nearly two-thirds of AI chatbot apps for iPhone, that's 282 out of 444 tested, are leaking sensitive API keys, leaving users' data vulnerable to exposure through open AI proxy access. This alarming discovery highlights a critical security gap in many popular iOS AI apps.

Analyst 207
A well-lit computer workstation with a laptop and technical instruments in a clean, minimalist environment.

GuardFall Exposes AI Coding Agents to Shell Injection Risks

Researchers at Adversa AI have uncovered a shocking weakness, dubbed GuardFall, that lets advanced open-source coding agents slip past safety filters and execute destructive shell commands, exposing them to shell injection risks. This gap between text-based checks and shell execution leaves a trail of vulnerability wide open to exploitation.

Analyst 207
Modern office scene with people around a table, laptops, and a large screen displaying a blurred Teams interface.

Microsoft Bolsters Teams Security with Enhanced Bot Controls

Microsoft's new Teams admin policy gives you more control over third-party bots in meetings, allowing you to block unwanted guests and require explicit approval for external bots to join. This enhanced security feature can be easily managed for individual users or specific groups through the Teams Admin Center.

Analyst 207
Blurred Teams meeting on laptop screen in office setting with abstract overlays.

Microsoft Bolsters Teams Security with Enhanced Bot Protections

Microsoft is stepping up its Teams security game with enhanced bot protections, allowing admins to block third-party bots from joining meetings without approval. This new policy gives organizations greater control over who can access their meetings, helping to prevent malicious apps and unwanted disruptions.

Analyst 207
Devices with blank screens sit on a table in a public area, surrounded by people in the background.

AirDrop and Quick Share Flaws Expose Devices to Local Attacks

Millions of devices are vulnerable to local attacks due to flaws in popular sharing services like AirDrop and Samsung Quick Share, discovered by researchers Arash Ale Ebrahim and Nils Ole Tippenhauer. They found six distinct flaws that can be exploited by nearby attackers to crash services or bypass security checks.

Analyst 207
Cybersecurity workstation with Linux computer, equipment, and reference materials on a neutral background.

Kali Linux Release Bolsters Cybersecurity Arsenal with 9 New Tools

Kali Linux just got a major boost with its latest release, packing 9 new tools to supercharge your cybersecurity arsenal. This update slashes boot time by nearly 3x and trims down the initrd to just 60 MB for VM users.

Analyst 207
Blurred laptop screen on a minimalist desk shows a Microsoft Teams meeting, with a subtle gatekeeper figure in the…

Microsoft Fortifies Teams Against Bot Intrusions

Microsoft is stepping up its game to protect Teams meetings from unwanted bot intrusions by introducing a virtual bouncer that keeps automated accounts at bay. This new defensive measure is a significant boost to Microsoft Teams security.

Analyst 207
Google Chrome browser window on laptop with YouTube open, surrounded by home office setting.

Popular Chrome Ad Blocker Exposes Script Injection Risk

A popular Chrome ad blocker with over 10 million installs, Adblock for YouTube, has been found to have a shocking vulnerability that could allow hackers to inject malicious JavaScript into any website, all with just a single server-side tweak. This means users could be exposed to serious security risks without even realizing anything has changed.

Analyst 207
A computer lab with generic equipment and cables shows signs of neglect, with a slightly ajar cabinet and exposed wiring.

UK School's Lax Network Security Exposes Sensitive Data

A 17-year-old student gained unrestricted access to a UK school's network, discovering sensitive leadership documents and being able to reset passwords, delete accounts, and even wipe the entire network. The alarming vulnerability was uncovered when the student connected their laptop to the school's Active Directory domain, which surprisingly required no administrator authentication.

Analyst 207
Person sitting at desk with laptop and puzzle piece, testing vulnerability in office setting.

Researchers Expose AI Browser Vulnerability to Credential Theft

Imagine a simple game trick that could convince AI-powered browsers to hand over your login credentials - a vulnerability researchers have now exposed, leaving users at risk. By creating a malicious web page that changes an AI agent's sense of reality, hackers can bypass safety guardrails and gain access to sensitive information.

Analyst 207
Laptop screen displays AI agent skill page in home office setting.

AI Skill Exploits Security Scanners, Reaches 26,000 Agents

In a shocking experiment, a security firm created a fake AI skill that evaded detection by security scanners and reached a staggering 26,000 agents, including those on corporate accounts. The skill, designed to be harmless, was able to bypass every scanner it was tested on, raising serious concerns about the safety of AI marketplaces.

Analyst 207
Developer stands at workstation, holding tablet with blurred screen.

GitHub Bolsters Supply Chain Security by Blocking Pwn Request Patterns

GitHub is stepping up its game to protect your code by blocking common attack patterns on pull requests, helping to prevent security vulnerabilities from untrusted code. As of June 18, 2026, its actions/checkout v7 will refuse risky fork checkouts by default, keeping your workflows safer from attacker-controlled code.

Analyst 207
Person working on laptop in modern room with cityscape background.

Cloudflare Unveils Token Protocol to Help Websites Distinguish Humans from Bots

Cloudflare is teaming up with top browsers to launch Private Access Tokens, a game-changing protocol that helps websites tell humans from bots, filtering out abusive traffic while keeping user data safe. This innovative solution is a major step forward in tackling AI-powered traffic and ensuring a smoother online experience.

Analyst 207