Hackaday

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And ...

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Woman's cold case solved by Milwaukee investigators, gives family closure

Berline Trammel was found in the Milwaukee River in 1982. Exactly 44 years later, her identity was confirmed by investigators ...
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors ...

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
Dark Reading

With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Researchers found a way to spy on your browsing by watching your SSD's activity

The method, known as FROST – short for "fingerprinting remotely using OPFS-based SSD timing" – focuses on how different processes compete for storage access. That competition ...

Did 19-year-old Nisarga Adhikary hack CBSE OSM portal? Claims, counterclaims explained

Nisarga Adhikary claimed he had hacked the CBSE website and identified serious lapses in the agency's On Screen Marking (OSM) ...
Bleeping Computer

Fake Next.js job interview tests backdoor developer's devices

A coordinated campaign targeting software developers with job-themed lures is using malicious repositories posing as legitimate Next.js projects and technical assessment materials, including ...
Bleeping Computer

New attack uses MSC files and Windows XSS flaw to breach networks

A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management ...