Hacking

Cybersecurity Readiness Revolution Gains Momentum
The traditional cybersecurity certification approach is no longer enough - we need a culture of lifelong learning where professionals continually upskill and reskill to stay ahead of evolving threats. Dan Magnotta, Senior Federal Business Development Manager at Hack The Box, is leading the charge towards an active-readiness revolution.

Apple Patches Beats Studio Buds Flaw That Lets Hackers Eavesdrop via Microphone
Apple just released a crucial update, Firmware 1B211, to fix a major flaw in Beats Studio Buds that let hackers eavesdrop on you through the earbuds' microphone - even if they're not paired with your device. This security patch protects you from unwanted listeners lurking within Bluetooth range.

Cybercriminals Worry AI Tools Will Disrupt Their Illicit Trade
Cybercriminals are getting anxious about the impact of AI tools on their illicit trade, and experts warn that now is the time for organizations to step up their cyber hygiene game with measures like timely patching, multifactor authentication, and passkey use. By prioritizing these defenses, businesses can stay ahead of emerging threats, including AI-assisted attacks.

AI Code Review Foils Malicious Backdoor in Python Project
When Roman Imankulov analyzed a suspicious Python project with his AI agent, it quickly flagged a malicious backdoor, saving him from a potentially disastrous mistake. The AI code review proved to be a crucial safeguard, alerting Imankulov to walk away from the tainted code.

Windows Junctions Expose Hidden Malware Paths
Malware creators have found a sneaky way to evade detection by using NTFS junctions, a feature that's normally used to connect directories, to create hidden paths that can bypass security defenses like Microsoft Defender. By exploiting this vulnerability, attackers can cleverly disguise their malware's true location, making it harder to detect.

Researcher Uncovers Feds' Swift Response to Simple Code Prompt
A researcher discovered that a simple code prompt to "fix this code" sparked a surprisingly swift and alarmed reaction from federal authorities regarding the Fable 5 model. However, the researcher disputes that this incident constituted a jailbreak, downplaying its significance.

Developers Weaponize Code to Disrupt AI-Powered Malware
Meet Johannes Link, a self-proclaimed AI skeptic who's taking a stand against AI-powered coding agents by weaponizing his own code - specifically, the Java property-testing tool jqwik - to disrupt their operations. His latest software update includes a clever anti-AI clause designed to throw a wrench in the works.

Microsoft Fixes Firmware Flaw in Surface Devices That Allowed Bricking via Single Packet
A security researcher discovered that a routine attempt to adjust the backlight on a Surface laptop turned into a nightmare when Microsoft Copilot generated a Python script that overwrote the embedded controller firmware, rendering the machine useless. The script sent faulty commands to the device's microcontroller, highlighting a serious firmware flaw that Microsoft has now fixed.

Microsoft Fixes Flaw in Surface Hardware That Allowed Devices to Be Bricked
A security researcher recently discovered that Microsoft's Copilot AI tool could be used to create a series of aggressive Python scripts that accidentally bricked a Surface device by overwriting its firmware. The incident highlights a flaw in Microsoft's Surface hardware that has since been fixed.

New Exploit Bypasses Windows BitLocker via Recovery Partition Files
A security researcher stumbled upon a shocking new exploit, dubbed GreatXML, that bypasses Windows BitLocker in just 4 hours - and it's connected to the Windows Defender Offline Scan feature. If you've ever used this scan, you may be vulnerable to this alarming BitLocker bypass.

OpenClaw AI Agent Exposes Sensitive Data to Hidden Attacks
A critical vulnerability in OpenClaw AI, known as OpenClaw 2026.4.23, allowed hackers to hide malicious instructions within shared contacts, vCards, or location pins, which the AI agent then obediently followed. This shocking security flaw was recently patched, but highlights the importance of staying vigilant against emerging threats.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software
Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

GitHub Overhauls npm Defaults to Thwart Script-Based Attacks
GitHub is taking a major step to boost npm security by changing its default settings to block automatic execution of install-time lifecycle scripts, a common vulnerability exploited in script-based attacks. Starting with npm 12, these scripts will require explicit permission to run, unless explicitly allowed via a new allowlist mechanism.

Military GPS Broadcasts Conceal Encryption Keys
For nearly two decades, the US military has been secretly broadcasting encryption codes through public GPS signals, turning satellites into hidden messengers that beam mysterious information to any device that uses GPS. This covert operation was uncovered by researchers, led by Steven Murdoch, who stumbled upon a digital trail that revealed the surprising truth.

FROST Attack Exploits SSD Timing to Track User Activity
Imagine a sneaky new technique that lets hackers track your online activity from afar, using just a web page and the timing of your SSD reads - no need to be physically on your device. This clever exploit, dubbed FROST, turns browser storage into a timing spy, revealing your browsing habits and even which native apps you open.

AI Coding Tools Require Embedded Security to Counter Emerging Risks
Security can't keep pace with AI coding tools unless it's embedded from the start - after all, with hundreds of daily code changes, it can't be a bolt-on activity that happens after the fact. It needs to be a fundamental part of the creation process itself.

Codex Agent Uncovers Lethal HTTP/2 DoS Exploit
A home computer on a typical 100Mbps connection can cripple a vulnerable server in mere seconds with the HTTP/2 Bomb, a potent DoS exploit that combines two decade-old attack techniques. This devastating attack exhausts server memory by sending tiny, compressed HTTP/2 header fragments and holding connections open, taking the service offline.

Meta's AI Chatbot Exposed to Account Takeover Vulnerability
A recent vulnerability in Meta's AI chatbot has raised red flags about the security of LLM chatbots, which can be exploited through various tactics that are difficult to block. This alarming weakness was demonstrated in a video showing an attacker taking over an Instagram account by simply interacting with Meta's AI support chatbot.

Microsoft 365 Android Apps Expose Account Tokens Due to Debug Flag Oversight
A single line of code, "setIsDebugMode(true)," inadvertently left in multiple Microsoft 365 Android apps, created a gaping security hole that allowed other apps on the same phone to access sensitive account tokens without user permission. This tiny oversight, discovered by Enclave's Yanir Tsarimi and Ofek Levin, exposed users to potential security risks.

Researchers Expose Vulnerability in Anti-Jamming Tech
Researchers have uncovered a shocking weakness in anti-jamming technology, revealing that curved radio beams can outsmart even the most advanced direction-finding defenses. In lab tests, this vulnerability led to disastrous errors, leaving traditional safeguards useless.

Bug Hunter Exposes Microsoft VS Code Flaw in Protest of Disclosure Handling
A bug hunter's frustrating experience with Microsoft's disclosure process sparked a protest, as Ammar Askar publicly exposed a VS Code flaw that could allow attackers to steal OAuth tokens and access GitHub repositories. Askar's proof-of-concept exploit highlights the vulnerability, which was previously mishandled by Microsoft's security response team.

Unpatched Windows Search Flaw Exposes User Hashes
A newly discovered vulnerability in Windows' search feature can be exploited to steal user passwords, allowing hackers to gain access to sensitive information. By simply clicking on a malicious link, a user's login credentials can be exposed to attackers.

AI Tools Expose Vulnerabilities in Army's Unified Network
The Army's unified network is facing a new wave of vulnerabilities, thanks to AI tools that are making it easier for attackers to breach defenses. With AI, techniques that once required specialized skills can now be scaled with ease, expanding the attack surface and increasing risk.

Cybersecurity Teams Face Simulated Supermarket Cyber-Attack Test
Get ready to enter the war room and face off against a simulated cyber-attack in a thrilling tabletop experience, where you'll play out a high-stakes battle to protect a fictional supermarket from a multi-stage cyber threat. Join Semperis at Infosecurity Europe 2026 for a 90-minute immersive roleplaying simulation that puts your cybersecurity skills to the test.