Hacking

FBI Extracts Signal Messages from iPhone Push Notification Records
In a surprising forensic discovery, the FBI was able to extract Signal messages from an iPhone's notification database, even after the app was deleted, by exploiting a loophole that stores message previews on the lock screen. This finding raises significant concerns about iPhone users' message security.

Wi-Fi Encryption Flaws Expose Enterprises to AirSnitch Attacks
Enterprises are in grave danger of being hacked through their Wi-Fi networks, as newly discovered AirSnitch attacks can bypass WPA2 and WPA3-Enterprise encryption, exposing sensitive credentials and backend systems to both insider and remote threats. This critical vulnerability undermines the very foundations of wireless network security.

Stolen Credentials Empower Attackers in Identity-Based Breaches
While security teams obsess over complex threats, attackers often find it easier to simply walk in with stolen credentials - the quickest and most reliable way into networks. By focusing on sophisticated threats, we might be overlooking the front door, which is wide open with a copy of the keys in the wrong hands.

Google's Antigravity AI Flaw Exposes Remote Code Risk
Google's top-of-the-line Antigravity AI safeguard can be surprisingly easily tricked into letting its guard down, leaving the door open for attackers to execute remote code. Even with its highest security setting, the AI agent manager's weaknesses can be exploited, putting users at risk.

Scattered Spider Operative Pleads Guilty to US Federal Charges
In a major breakthrough, Tyler Robert Buchanan, a senior figure in the notorious Scattered Spider cybercrime group, has pleaded guilty to federal charges, bringing an end to his digital crime spree. Buchanan admitted to conspiracy to commit wire fraud and aggravated identity theft in a US federal district court.

AI Cybersecurity Pipelines Unlock Mythos' Full Potential
Mythos can dazzle with its ability to uncover vulnerabilities and chain exploits, but the real challenge lies in harnessing its power through robust AI cybersecurity pipelines that deliver lasting value across an organization. It's time to shift from showcasing AI capabilities to building the engineering and governance scaffolding that turns promise into practical utility.

Google Fortifies Ad Ecosystem, Cracks Down on 8.3B Policy-Violating Ads
Google is taking a giant leap in protecting user privacy and cracking down on fraud, having blocked over 8.3 billion ads and suspended 24.9 million accounts in a single year. This bold move is part of a broader effort to reshape how apps handle sensitive data, with a focus on transparency and security.

DraftKings Hacking Scheme Draws 30-Month Prison Sentence
A 23-year-old man from Memphis, Tennessee, has been sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts, a brazen crime that left countless victims feeling vulnerable and betrayed. The case highlights the growing threat of account-fraud markets, where stolen credentials are bought and sold like commodities.

Google Deploys Gemini AI to Combat Malicious Ads
Google is ramping up its ad safety game by leveraging its cutting-edge Gemini AI models to detect and block malicious ads, but scammers are constantly evolving their tactics to stay one step ahead. It's a digital cat-and-mouse game where sophisticated defenses meet adaptive adversaries.

AI Code Reviewer Vulnerable to Git Identity Spoofing
Imagine a security system that can be tricked into trusting a foe as a friend with just two lines of code - that's what happened with Anthropic's AI code reviewer, Claude, which was vulnerable to Git identity spoofing. This simple hack allowed researchers to forge a trusted developer's identity and get hostile code approved in no time.

Microsoft Awards $2.3M for Cloud and AI Flaws Uncovered in Zero Day Quest Hacking Contest
Microsoft just took a bold step towards securing our digital future by awarding $2.3 million to researchers who uncovered critical cloud and AI flaws in its Zero Day Quest hacking contest, showcasing the power of incentive-driven vulnerability discovery. Nearly 700 submissions poured in, highlighting the vast scope of potential weaknesses in our rapidly evolving tech landscape.

Microsoft Bolsters Windows Defenses Against Malicious Remote Desktop Files
Microsoft is stepping up its game to protect Windows users from phishing attacks that hide in plain sight as Remote Desktop files. The tech giant is introducing on-screen warnings and stricter default settings to help shield you from malicious .rdp files.

Anthropic Unveils Vulnerability Testbed Amid AI Cyberattack Fears
As AI's power to fix software bugs grows, so do concerns that it could also supercharge cyberattacks - prompting Anthropic to unveil a vulnerability testbed to stay one step ahead of hackers. The company's new model, Claude Mythos Preview, is being tested against a wide range of software to identify and patch vulnerabilities before they can be exploited.
Open-Source Silicon Initiative Aims to Bolster Hardware Trust
Imagine having a tiny chip inside your device that you can trust completely - one that's transparent, secure, and designed to put your mind at ease. The Baochip-1x, a groundbreaking open-source silicon project by Andrew Bunnie Huang, aims to provide just that, giving developers an affordable and security-focused solution for building high-assurance embedded devices.

Google Chrome Bolsters Defenses Against Infostealer Cookie Heists
Google Chrome just got a major security boost with its new Device Bound Session Credentials feature, designed to prevent infostealers from swiping your session cookies and letting hackers impersonate you without a password. This update is a game-changer in the fight against cookie heists and stolen login credentials.

Browser Extensions Emerge as Unchecked AI Security Risk
Did you know that the biggest AI security risk to your organization might be hiding in plain sight - in the browser extensions used by every employee, quietly evading your existing security protections? A recent report from LayerX reveals the shocking truth about this largely overlooked threat.

Google Deploys DBSC in Chrome to Thwart Windows Session Hijacking
Google just flipped the switch on Device Bound Session Credentials (DBSC) for Chrome users on Windows, giving millions a major security boost against session hijacking - but what does it mean for you? This game-changing update ties your credentials to your device, making it much harder for hackers to get hold of your online sessions.

Google Chrome Bolsters Defenses Against Session Cookie Theft
Google Chrome just got a major security boost with the introduction of Device Bound Session Credentials (DBSC) protection, designed to block info-stealing malware from harvesting session cookies and putting your online credentials at risk. This move is a key step in the ongoing cat-and-mouse game between defenders and cyber threats.

Microsoft Abruptly Bans Top Open-Source Developers
Imagine being a leading open-source developer, only to be suddenly and silently locked out of your Microsoft developer account, with no warning, no emails, and no human contact - just automated blocks and a lengthy appeal wait. This is what recently happened to the creators of VeraCrypt and WireGuard, leaving their critical projects in limbo.

Apple Intelligence Exposed to Hijacking Risk via Prompt Injection
Security researchers have discovered a vulnerability in Apple Intelligence, allowing hackers to manipulate the AI system into producing malicious output, including profanity, through a technique called prompt injection. This raises serious concerns about user safety and the effectiveness of current security safeguards.

Fitness Equipment Exposes Weak Link in Gym Security
A recent security mishap at a gym serves as a stark reminder of the importance of safeguarding sensitive information, as a technician's careless mistake - stapling configuration details to a cupboard - left fitness equipment vulnerable to exploitation by mischief makers. This embarrassing blunder highlights the need for vigilance in protecting security credentials.

GPU Price Doesn't Dictate Password Cracking Success
You don't need to break the bank on cutting-edge AI hardware to crack weak passwords - a recent study found that a $30,000 GPU doesn't outperform readily available consumer cards, proving that attackers can succeed with everyday tech.

Researchers bypass Grafana AI with stealthy data exfiltration technique
Imagine a tool meant to reveal operational insights being turned into a stealthy spy, siphoning off sensitive corporate secrets - that's what happened when researchers exploited Grafana's AI with a cunning technique called indirect prompt injection. Dubbed GrafanaGhost, this attack bypasses Grafana's defenses, exfiltrating data without leaving a digital trail.

Russian Hackers Exploit Router Flaws to Steal Microsoft Office Tokens
Russian hackers have been quietly stealing Microsoft Office tokens from users on over 18,000 networks by exploiting known flaws in older internet routers, and here's the kicker: they did it without installing any malicious software. This sneaky campaign, linked to Russia's military intelligence units, highlights the surprising vulnerability of legacy devices to secret siphoning.