Hacking

Google Bolsters Android Spyware Defenses with Intrusion Logging Feature
Google just launched a game-changing feature to help protect Android users from spyware: Intrusion Logging, a powerful tool that collects forensic data to help investigate suspected device compromises. Now available in Advanced Protection Mode, this innovative feature lets users opt-in to safeguard their digital security and peace of mind.

Google Bolsters Android Security to Counter Spyware Vendors
Google's new Intrusion Logging feature is a game-changer in the fight against spyware, helping digital forensics researchers uncover sophisticated attacks on Android devices. By recording security incidents like device unlocking and spyware installation, it provides crucial evidence to investigate and take down these threats.

Attackers Exploit AD CS for Stealthy Privilege Escalation
Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often under-monitored.

GhostLock Exploits Windows API to Disrupt File Access
Meet GhostLock, a proof-of-concept that cleverly exploits Windows API to disrupt file access, causing operational downtime without data loss, similar to the impact of ransomware. By manipulating the CreateFileW sharing parameter, GhostLock effectively locks files, leaving other processes in the dark with a sharing violation error.

Active Directory Breaches Persist After Password Resets
Resetting passwords isn't enough to keep hackers at bay, especially in Active Directory environments where cached credentials and sync delays can leave gaping security holes. Even after a password reset, attackers can still find ways to exploit outdated credentials and gain unauthorized access.

Vulnerabilities in TETRA Radio System Expose Global Security Risks
A single misstep in a radio system can send critical infrastructure crashing down - as Taiwan's bullet train system learned the hard way when a university student's clever hack with a radio and online kit brought the entire network to a standstill for nearly an hour. The incident highlights the urgent need for robust defenses to safeguard our global security.

Claude AI Extension Flaw Enables Cross-Plugin Hijacking
A security flaw in the Claude AI Chrome extension could put users at risk, as it allows other browser extensions to issue commands to Claude without verification. This vulnerability creates a backdoor for hackers to hijack the AI model, warns LayerX senior researcher Aviad Gispan.

Schumer Urges DHS to Bolster AI Cyber Defenses with State, Local Governments
Senate Minority Leader Chuck Schumer is sounding the alarm on the urgent need for stronger AI cyber defenses, warning that there's a high-stakes race between cybersecurity defenders and AI-enabled hackers. He’s pressing the Department of Homeland Security to team up with state and local governments to stay ahead of rapidly evolving threats.

Contractor Convicted for Destroying Dozens of Federal Databases
A contractor's reckless actions led to the destruction of dozens of federal databases, showcasing a staggering disregard for the security and integrity of sensitive government information. After being terminated on February 18, 2025, the contractor and his twin brother intentionally caused chaos by accessing computers without authorization and deleting crucial data.

Anthropic's AI Tool Exposes to One-Click Remote Code Execution Risk
A single click on Claude Code's generic dialog can unleash a major security risk, allowing an unsandboxed Node.js process to spawn with full user privileges. This vulnerability can be exploited using just two common JSON files, putting developers at risk of one-click remote code execution.

MD5 Password Hashes Cracked in Under an Hour
In a shocking test, Kaspersky researchers cracked 60% of 231 million MD5 password hashes in under an hour using just one high-powered graphics card, revealing the alarming vulnerability of even the most seemingly secure passwords. This unsettling experiment highlights the urgent need for stronger password protection.

Weak Passwords Expose Networks to Unintended Access
Even a seasoned expert like Roger Grimes, CISO advisor at KnowBe4, has fallen victim to the pitfalls of weak passwords - in a surprising turn of events, he recalling a time when he accidentally gained access to a client's network using the password "rosebud", famously lifted from a film plot.

Defense Contractor Exposes Military Training Data Through API Flaw
A defense contractor's careless API flaw left sensitive military training data vulnerable, sparking a 152-day saga between the contractor and the open-source security project Strix that ultimately led to the exposure being patched. The breach was caused by a low-privilege account having broad access to user records and training materials due to lax authorization checks.

Google Bolsters Android App Security with Public Verification Ledger
Google is stepping up its game to keep your Android apps safe with a new public verification ledger that ensures the Google apps on your device are genuine and exactly as intended. This move builds on its Pixel Binary Transparency feature, now expanding it to all Android production apps.

AI Models Reach Hacking Parity, But Reasoning Falters
The AI hacking landscape has reached a major milestone: two top AI models, GPT-5.5 and Anthropic's Mythos Preview, have demonstrated nearly identical capabilities in a rigorous 95-task cybersecurity evaluation, with scores of 71.4% and 68.6% respectively. This parity marks a significant tipping point in the development of AI-powered hacking tools.

Google Boosts Bounty Payouts for Elusive Android Exploits
Google just supercharged its bounty program, offering up to $1.5 million for the most elusive Android exploits that require top-notch technical skills to pull off. The biggest prizes go to zero-click, full-chain exploits with persistence, highlighting Google's focus on tackling the toughest security challenges.

AI Infrastructure Exposes Widespread Security Gaps
A staggering 2 million hosts and 1 million exposed services were uncovered through a simple scan of certificate transparency logs, revealing alarming security gaps in AI infrastructure. The findings painted a concerning picture: most AI projects lack even basic authentication, leaving them vulnerable to exploitation.

Pharmacist Indicted for Spying on Co-Workers with Cyber Tools
A pharmacist in Maryland has been indicted for allegedly spying on nearly 200 coworkers and individuals over eight years using cyber tools, breaching trust and violating digital boundaries. Matthew Bathula faces federal charges for unauthorized computer access and aggravated identity theft.

AI Drives Shift to Continuous Penetration Testing in Cloud Environments
The AI revolution is transforming technology like never before, and Evinova is at the forefront, shifting from annual penetration testing to continuous security validation to safeguard its cloud-native healthcare software. This bold move replaces traditional point-in-time assessments with ongoing validation, ensuring rock-solid security for its customers.

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers
Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

Senators Probe Navigate360 Over Hacked Student Data
Senators Maggie Hassan and Jim Banks are demanding answers from Navigate360 after a cyberattack compromised its anonymous tip line, putting the sensitive data of students, staff, and schools at risk. The breach allegedly exposed 93 gigabytes of data, sparking concerns over the safety and security of those who rely on the company's services.

Academics Crack 15th-Century Diplomatic Cipher
Meet Pedro de Ayala, a 15th-century diplomat who took infosec to new heights by encrypting sensitive royal gossip with clever symbols - only to have his secrets cracked 500 years later by some codebreaking academics. His creative encryption method, which combined symbol substitutions with deliberate omissions, kept his messages safe from prying eyes for centuries.

Crypto Launderer Sentenced to 70 Months for $230M Heist Role
Meet Evan Tangeman, a 22-year-old crypto launderer who lived large on stolen millions, racking up half-million-dollar nightclub tabs and luxury cars, before getting sentenced to 70 months in prison for his role in a $230M heist. His lavish lifestyle, fueled by greed, came crashing down with a guilty plea and a lengthy prison term.

Frontier AI Exposes Gaps in Traditional Security Programs
Imagine having the power to replicate a full year’s worth of manual penetration testing in just three weeks - that's the reality with frontier AI, which has exposed significant gaps in traditional security programs. Palo Alto Networks and Unit 42 have revealed that advanced models like Anthropic Mythos can autonomously identify software vulnerabilities and adapt to defensive controls in near-real-time.