Lovable denies data leak, cites 'intentional behavior'
… According to the bug hunter, no offensive hacking is needed to trigger the bug. …
Search
AI agent hacked McKinsey chatbot for read-write access
… CodeWall uses AI agents to continuously attack customers' infrastructure, to help them improve their security posture. According to the startup, its own security agent suggested targeting McKinsey, citing the consulting company's public responsible disclosure policy and recent updates to Lilli. …
Rogue AI agents can work together to hack systems
… Although Irregular used some aggressive prompts that included urgent language to instruct agents to carry out assigned tasks, its experiments did not use any adversarial prompts that referenced security, hacking, or exploitation. …
Russian crims phish way into Signal and WhatsApp accounts
… As MIVD director Vice-Admiral Peter Reesink put it: "Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information." In other words, if your operational security plan relies on the hope tha…
Russians posing as Signal support to launch phishing raids
… INFOSEC IN BRIEF Russian intelligence-affiliated parties are posing as customer support services on commercial messaging applications such as Signal to compromise accounts and conduct phishing attacks, the FBI and Cybersecurity and Infrastructure Security Agency CISA warned last Friday. …
Spyware disguised as emergency-alert app sent to Israelis
… This allowed it to bypass Android security checks and appear to have been legitimately signed. …
Sticky-note security turned gym into hall of '80s horrors
Security Sticky-note security turned gym into hall of '80s horrors Even fitness equipment is vulnerable to mischief makers these days PWNED Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else shoot themselves – in the foot. …
Lightning-fast exploits mean patch fast, says Cisco Talos
… In other words, get ready for a year of rethinking your security strategies. Attackers are definitely rethinking theirs. ® talos security cybersecurity cso cisco
OpenAI ChatGPT fixes DNS data smuggling flaw
Security OpenAI patches ChatGPT flaw that smuggled data over DNS Check Point says outbound controls blocked web traffic but overlooked DNS OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed. …
Microsoft publishes workaround for Samsung C:\ drive woes
… The issue, in which some Samsung devices lost access to the C:\ drive after installing a Windows security update, was traced to a problem in the Samsung Galaxy Connect app rather than Microsoft's update. …