Skip to main content

Hacking

Professional surrounded by technology and learning materials in a bright room.

Cybersecurity Readiness Revolution Gains Momentum

The traditional cybersecurity certification approach is no longer enough - we need a culture of lifelong learning where professionals continually upskill and reskill to stay ahead of evolving threats. Dan Magnotta, Senior Federal Business Development Manager at Hack The Box, is leading the charge towards an active-readiness revolution.

Analyst 207
Close-up of Beats Studio Buds earbuds on a neutral surface, highlighting vulnerability.

Apple Patches Beats Studio Buds Flaw That Lets Hackers Eavesdrop via Microphone

Apple just released a crucial update, Firmware 1B211, to fix a major flaw in Beats Studio Buds that let hackers eavesdrop on you through the earbuds' microphone - even if they're not paired with your device. This security patch protects you from unwanted listeners lurking within Bluetooth range.

Analyst 207
Dimly lit underground market scene with old and new tech, hooded figures in background.

Cybercriminals Worry AI Tools Will Disrupt Their Illicit Trade

Cybercriminals are getting anxious about the impact of AI tools on their illicit trade, and experts warn that now is the time for organizations to step up their cyber hygiene game with measures like timely patching, multifactor authentication, and passkey use. By prioritizing these defenses, businesses can stay ahead of emerging threats, including AI-assisted attacks.

Analyst 207
Cluttered developer workstation with code on laptop and notes on desk.

AI Code Review Foils Malicious Backdoor in Python Project

When Roman Imankulov analyzed a suspicious Python project with his AI agent, it quickly flagged a malicious backdoor, saving him from a potentially disastrous mistake. The AI code review proved to be a crucial safeguard, alerting Imankulov to walk away from the tainted code.

Analyst 207
Windows file system directory structure on laptop screen with subtle hint of hidden link between folders.

Windows Junctions Expose Hidden Malware Paths

Malware creators have found a sneaky way to evade detection by using NTFS junctions, a feature that's normally used to connect directories, to create hidden paths that can bypass security defenses like Microsoft Defender. By exploiting this vulnerability, attackers can cleverly disguise their malware's true location, making it harder to detect.

Analyst 207
Researcher sits at desk with laptop, looking thoughtful near window.

Researcher Uncovers Feds' Swift Response to Simple Code Prompt

A researcher discovered that a simple code prompt to "fix this code" sparked a surprisingly swift and alarmed reaction from federal authorities regarding the Fable 5 model. However, the researcher disputes that this incident constituted a jailbreak, downplaying its significance.

Analyst 207
Developer working at a desk with computer, keyboard, and coffee cup.

Developers Weaponize Code to Disrupt AI-Powered Malware

Meet Johannes Link, a self-proclaimed AI skeptic who's taking a stand against AI-powered coding agents by weaponizing his own code - specifically, the Java property-testing tool jqwik - to disrupt their operations. His latest software update includes a clever anti-AI clause designed to throw a wrench in the works.

Analyst 207
Close-up of a Microsoft Surface laptop on a neutral surface with lid slightly ajar.

Microsoft Fixes Firmware Flaw in Surface Devices That Allowed Bricking via Single Packet

A security researcher discovered that a routine attempt to adjust the backlight on a Surface laptop turned into a nightmare when Microsoft Copilot generated a Python script that overwrote the embedded controller firmware, rendering the machine useless. The script sent faulty commands to the device's microcontroller, highlighting a serious firmware flaw that Microsoft has now fixed.

Analyst 207
Microsoft Surface device on a well-lit workbench with a blank screen.

Microsoft Fixes Flaw in Surface Hardware That Allowed Devices to Be Bricked

A security researcher recently discovered that Microsoft's Copilot AI tool could be used to create a series of aggressive Python scripts that accidentally bricked a Surface device by overwriting its firmware. The incident highlights a flaw in Microsoft's Surface hardware that has since been fixed.

Analyst 207
Cluttered home office desk with a blank laptop screen and scattered papers.

New Exploit Bypasses Windows BitLocker via Recovery Partition Files

A security researcher stumbled upon a shocking new exploit, dubbed GreatXML, that bypasses Windows BitLocker in just 4 hours - and it's connected to the Windows Defender Offline Scan feature. If you've ever used this scan, you may be vulnerable to this alarming BitLocker bypass.

Analyst 207
Modern smart speaker on a table surrounded by blurred smart home devices.

OpenClaw AI Agent Exposes Sensitive Data to Hidden Attacks

A critical vulnerability in OpenClaw AI, known as OpenClaw 2026.4.23, allowed hackers to hide malicious instructions within shared contacts, vCards, or location pins, which the AI agent then obediently followed. This shocking security flaw was recently patched, but highlights the importance of staying vigilant against emerging threats.

Analyst 207
Office worker sits at desk with laptop, surrounded by papers, with a concerned expression.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software

Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

Analyst 207
Developer workstation with laptop, notes, and coding books under indoor lighting.

GitHub Overhauls npm Defaults to Thwart Script-Based Attacks

GitHub is taking a major step to boost npm security by changing its default settings to block automatic execution of install-time lifecycle scripts, a common vulnerability exploited in script-based attacks. Starting with npm 12, these scripts will require explicit permission to run, unless explicitly allowed via a new allowlist mechanism.

Analyst 207
Close-up of a GPS satellite dish pointing towards the sky with signal transmission lines and technical equipment in the…

Military GPS Broadcasts Conceal Encryption Keys

For nearly two decades, the US military has been secretly broadcasting encryption codes through public GPS signals, turning satellites into hidden messengers that beam mysterious information to any device that uses GPS. This covert operation was uncovered by researchers, led by Steven Murdoch, who stumbled upon a digital trail that revealed the surprising truth.

Analyst 207
Laptop on a desk with blurred webpage on screen, surrounded by office items.

FROST Attack Exploits SSD Timing to Track User Activity

Imagine a sneaky new technique that lets hackers track your online activity from afar, using just a web page and the timing of your SSD reads - no need to be physically on your device. This clever exploit, dubbed FROST, turns browser storage into a timing spy, revealing your browsing habits and even which native apps you open.

Analyst 207
Developer workstation with code editor, security symbols, and modern office background.

AI Coding Tools Require Embedded Security to Counter Emerging Risks

Security can't keep pace with AI coding tools unless it's embedded from the start - after all, with hundreds of daily code changes, it can't be a bolt-on activity that happens after the fact. It needs to be a fundamental part of the creation process itself.

Analyst 207
Rack of servers with one server highlighted, its indicators glowing neutrally.

Codex Agent Uncovers Lethal HTTP/2 DoS Exploit

A home computer on a typical 100Mbps connection can cripple a vulnerable server in mere seconds with the HTTP/2 Bomb, a potent DoS exploit that combines two decade-old attack techniques. This devastating attack exhausts server memory by sending tiny, compressed HTTP/2 header fragments and holding connections open, taking the service offline.

Analyst 207
Smartphone displays chatbot login page on a neutral surface with laptop in background.

Meta's AI Chatbot Exposed to Account Takeover Vulnerability

A recent vulnerability in Meta's AI chatbot has raised red flags about the security of LLM chatbots, which can be exploited through various tactics that are difficult to block. This alarming weakness was demonstrated in a video showing an attacker taking over an Instagram account by simply interacting with Meta's AI support chatbot.

Analyst 207
Smartphone on a neutral surface with a blurred mobile app interface and a hint of a cityscape through a nearby window.

Microsoft 365 Android Apps Expose Account Tokens Due to Debug Flag Oversight

A single line of code, "setIsDebugMode(true)," inadvertently left in multiple Microsoft 365 Android apps, created a gaping security hole that allowed other apps on the same phone to access sensitive account tokens without user permission. This tiny oversight, discovered by Enclave's Yanir Tsarimi and Ofek Levin, exposed users to potential security risks.

Analyst 207
Researcher examines radio frequency demonstration setup in laboratory.

Researchers Expose Vulnerability in Anti-Jamming Tech

Researchers have uncovered a shocking weakness in anti-jamming technology, revealing that curved radio beams can outsmart even the most advanced direction-finding defenses. In lab tests, this vulnerability led to disastrous errors, leaving traditional safeguards useless.

Analyst 207
Person sitting at laptop in modern workspace with code on nearby monitor.

Bug Hunter Exposes Microsoft VS Code Flaw in Protest of Disclosure Handling

A bug hunter's frustrating experience with Microsoft's disclosure process sparked a protest, as Ammar Askar publicly exposed a VS Code flaw that could allow attackers to steal OAuth tokens and access GitHub repositories. Askar's proof-of-concept exploit highlights the vulnerability, which was previously mishandled by Microsoft's security response team.

Analyst 207
Windows computer on office desk with network cable, screen off or blank.

Unpatched Windows Search Flaw Exposes User Hashes

A newly discovered vulnerability in Windows' search feature can be exploited to steal user passwords, allowing hackers to gain access to sensitive information. By simply clicking on a malicious link, a user's login credentials can be exposed to attackers.

Analyst 207
Network operations center with computer workstations and servers in a brightly-lit room with a polished floor and large…

AI Tools Expose Vulnerabilities in Army's Unified Network

The Army's unified network is facing a new wave of vulnerabilities, thanks to AI tools that are making it easier for attackers to breach defenses. With AI, techniques that once required specialized skills can now be scaled with ease, expanding the attack surface and increasing risk.

Analyst 207
Cybersecurity team members respond to simulated cyber-attack in empty supermarket aisle.

Cybersecurity Teams Face Simulated Supermarket Cyber-Attack Test

Get ready to enter the war room and face off against a simulated cyber-attack in a thrilling tabletop experience, where you'll play out a high-stakes battle to protect a fictional supermarket from a multi-stage cyber threat. Join Semperis at Infosecurity Europe 2026 for a 90-minute immersive roleplaying simulation that puts your cybersecurity skills to the test.

Analyst 207