Hacking

TrojPix Exploits Video Cables to Leak Air-Gapped Data
Meet TrojPix, a sneaky technique that can stealthily siphon air-gapped data at lightning-fast speeds of up to 1 megabyte per second - fast enough to exfiltrate a 100MB file in under two minutes while the monitor appears dark and inactive.

Opera GX Flaw Enables Silent Mod Installs to Steal User Data
Researchers have discovered a security flaw in Opera GX that allows for silent mod installs, potentially putting user data at risk, and surprisingly, this vulnerability can be exploited with just a single page visit. This alarming issue enables malicious mods to be installed without user consent, highlighting a concerning gap in the browser's security.

Malicious AI Skills Evade Scanners With Self-Extracting Packing
Researchers have developed a sneaky tool called SKILLCLOAK that can disguise malicious AI skills, making them slip past scanners undetected more than 90% of the time. This unsettling breakthrough challenges the reliability of static AI skill reviews, leaving a gaping hole in security defenses.

Flipper Zero Firmware Evolves with Community-Driven Model
The Flipper Zero firmware is getting a boost from its vibrant community, with Flipper Devices shifting to a community-driven model to keep up with the demand from over a million users. This change will allow the company to focus on building innovative new devices while still supporting the official firmware.

Error Message Misinterpretation Exposes False Hacking Claim
A simple pause and a couple of words can make all the difference - in this case, changing a supposedly sinister hacking claim into a straightforward hard disk failure. A vice president's misread error message, "General failure reading Drive C:", nearly sparked a security scare before Lee, a quick-thinking sysadmin, got to the bottom of it.

WebAuthn Integration Breaches Windows RDP Security Gap
Prisma Browser's innovative team successfully integrated WebAuthn redirection into their RDP client, pioneering a secure solution that enables seamless authentication via local devices like YubiKey, Touch ID, or Windows Hello. This game-changing move closed a significant security gap in Windows RDP, paving the way for enhanced remote desktop security.

Startup Sues Palo Alto Networks Unit Over AI-Generated Espionage Claims
When a cybersecurity report wrongly labeled MeetingTV a part of a Chinese espionage operation, its CEO knew it was a death sentence - and now the video conferencing startup is fighting back with a lawsuit against Palo Alto Networks and Koi Security. MeetingTV alleges the report, generated by AI, was reckless and falsely accused it of criminal conduct.

Google Cloud billing dispute escalates over $11,000 hijack charges
Developer Charles Jones was hit with a whopping $11,089.77 in Google Cloud charges after his account was hijacked, despite reporting the compromise and revoking the implicated keys. The unexpected charges, largely linked to Gemini image-generation models, left him stunned as his business doesn't even use such technology.

NCSC Offers Guidance on Thwarting Penetration Testers
Want to make life harder for hackers? The National Cyber Security Centre teamed up with penetration testers to share practical tips on building secure systems from the ground up.

Physical Security Lapses Grant Hackers Network Admin Access
Meet Kristopher Johnson and Michael, two expert red teamers who walked into a company's office through an unlocked maintenance door, posing as new IT employees, and gained access to the building by simply offering to help shovel ice. Their easy entry exposed a shocking truth: physical security lapses can give hackers an open invitation to wreak havoc on your network.

Infosec Pros Ditch Automated Pentesting Tools Amid AI Vulnerability Failures
Infosec pros are ditching automated pentesting tools as they fail to detect AI-driven vulnerabilities, with 78% of practitioners experiencing critical false negatives. Humans are needed to outsmart AI-era flaws that automated scanners miss.

iOS AI Apps Expose API Keys, Open AI Proxy Access
Nearly two-thirds of AI chatbot apps for iPhone, that's 282 out of 444 tested, are leaking sensitive API keys, leaving users' data vulnerable to exposure through open AI proxy access. This alarming discovery highlights a critical security gap in many popular iOS AI apps.

GuardFall Exposes AI Coding Agents to Shell Injection Risks
Researchers at Adversa AI have uncovered a shocking weakness, dubbed GuardFall, that lets advanced open-source coding agents slip past safety filters and execute destructive shell commands, exposing them to shell injection risks. This gap between text-based checks and shell execution leaves a trail of vulnerability wide open to exploitation.

Microsoft Bolsters Teams Security with Enhanced Bot Controls
Microsoft's new Teams admin policy gives you more control over third-party bots in meetings, allowing you to block unwanted guests and require explicit approval for external bots to join. This enhanced security feature can be easily managed for individual users or specific groups through the Teams Admin Center.

Microsoft Bolsters Teams Security with Enhanced Bot Protections
Microsoft is stepping up its Teams security game with enhanced bot protections, allowing admins to block third-party bots from joining meetings without approval. This new policy gives organizations greater control over who can access their meetings, helping to prevent malicious apps and unwanted disruptions.

AirDrop and Quick Share Flaws Expose Devices to Local Attacks
Millions of devices are vulnerable to local attacks due to flaws in popular sharing services like AirDrop and Samsung Quick Share, discovered by researchers Arash Ale Ebrahim and Nils Ole Tippenhauer. They found six distinct flaws that can be exploited by nearby attackers to crash services or bypass security checks.

Kali Linux Release Bolsters Cybersecurity Arsenal with 9 New Tools
Kali Linux just got a major boost with its latest release, packing 9 new tools to supercharge your cybersecurity arsenal. This update slashes boot time by nearly 3x and trims down the initrd to just 60 MB for VM users.

Microsoft Fortifies Teams Against Bot Intrusions
Microsoft is stepping up its game to protect Teams meetings from unwanted bot intrusions by introducing a virtual bouncer that keeps automated accounts at bay. This new defensive measure is a significant boost to Microsoft Teams security.

Popular Chrome Ad Blocker Exposes Script Injection Risk
A popular Chrome ad blocker with over 10 million installs, Adblock for YouTube, has been found to have a shocking vulnerability that could allow hackers to inject malicious JavaScript into any website, all with just a single server-side tweak. This means users could be exposed to serious security risks without even realizing anything has changed.

UK School's Lax Network Security Exposes Sensitive Data
A 17-year-old student gained unrestricted access to a UK school's network, discovering sensitive leadership documents and being able to reset passwords, delete accounts, and even wipe the entire network. The alarming vulnerability was uncovered when the student connected their laptop to the school's Active Directory domain, which surprisingly required no administrator authentication.

Researchers Expose AI Browser Vulnerability to Credential Theft
Imagine a simple game trick that could convince AI-powered browsers to hand over your login credentials - a vulnerability researchers have now exposed, leaving users at risk. By creating a malicious web page that changes an AI agent's sense of reality, hackers can bypass safety guardrails and gain access to sensitive information.

AI Skill Exploits Security Scanners, Reaches 26,000 Agents
In a shocking experiment, a security firm created a fake AI skill that evaded detection by security scanners and reached a staggering 26,000 agents, including those on corporate accounts. The skill, designed to be harmless, was able to bypass every scanner it was tested on, raising serious concerns about the safety of AI marketplaces.

GitHub Bolsters Supply Chain Security by Blocking Pwn Request Patterns
GitHub is stepping up its game to protect your code by blocking common attack patterns on pull requests, helping to prevent security vulnerabilities from untrusted code. As of June 18, 2026, its actions/checkout v7 will refuse risky fork checkouts by default, keeping your workflows safer from attacker-controlled code.

Cloudflare Unveils Token Protocol to Help Websites Distinguish Humans from Bots
Cloudflare is teaming up with top browsers to launch Private Access Tokens, a game-changing protocol that helps websites tell humans from bots, filtering out abusive traffic while keeping user data safe. This innovative solution is a major step forward in tackling AI-powered traffic and ensuring a smoother online experience.