Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
In response, Link updated the 1.10.0 release notes to disclose the verbatim prompt injection in its entirety. The section now reads: This project is not…
Category: ArsTechnica
Websites have a new way to spy on visitors: analyzing their SSD activity
While each file system is sandboxed, meaning it’s isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions.…
Millions of AI agents imperiled by critical vulnerability in open source package
Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running…
Police boast of hacking VPN where criminals “believed themselves to be safe”
European law enforcement say they hacked into a VPN (virtual private network) service used for ransomware attacks and other crimes, and identified thousands of users…
Texas AG sues Meta over claims that WhatsApp doesn’t provide end-to-end encryption
The Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger, used by more than 3 billion people, doesn’t provide the end-to-end…
Google publishes exploit code threatening millions of Chromium users
Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and…
Secret CISA credentials found in public GitHub repo
Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private…
Bug bounty businesses bombarded with AI slop
He added there was a “third cohort” of “experienced AI builders” who had developed automated “end-to-end scanning and submission systems” that were “creating absolute carnage.”…
Zero-day exploit completely defeats default Windows 11 BitLocker protections
A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to…
Linux bitten by second severe vulnerability in as many weeks
Both privilege escalation vulnerabilities stem from bugs in the kernel’s handling of page caches stored in memory, allowing untrusted users to modify them. They target…
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Chaos erupted at schools and colleges throughout the US on Thursday as a cyberattack disrupted online learning platform Canvas just as students were due to…
Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”
As noted earlier, Mozilla’s characterization of AI-assisted vulnerability discovery as a game changer has been met with massive, vocal skepticism in many quarters. Critics initially…