Dark Reading

LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly

Threat actors in Latin America have begun to use AI agents to facilitate their entire attack chains, from assisting with initial access to generating penetration tools on the fly — and organizations ...
Bleeping Computer

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. Microsoft tracks the actor as Storm ...
The New York Times

Google Says Criminal Hackers Used A.I. to Find a Major Software Flaw

The company said that it had identified, for the first time, hackers using artificial intelligence to discover an unknown bug. The attempted attack represents “a taste of what’s to come,” one expert ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Verge

Google stopped a zero-day hack that it says was developed with AI

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...

Dashlane explains how attackers managed to download encrypted password vaults

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...
Memeburn

Grok Hack Explained: How Prompt Injection Drained Nearly $200K

A trader did not need to hack Grok, steal a password, or break a smart contract. A hidden Morse code prompt inside a public X reply was enough to trigger a nearly $200K crypto transfer from Grok’s ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
MobileSyrup

Ontario police using spyware to hack phones, trying to keep it secret

Ontario police have reportedly been using spyware to hack into phones without alerting their users. In a new report, The Toronto Star reveals that Ontario Provincial Police (OPP) and Windsor Police ...
The New York Times

Tired of Hacked Passwords? Help Is on the Way.

Apps from Apple, Google and others can assist in making your online accounts more secure, even as new ways of logging in continue to take off. By J. D. Biersdorfer J.D. Biersdorfer writes about how to ...
Indiatimes

Researchers use Anthropic Mythos to find flaws in Apple security; ‘hack’ MacOS

Anthropic’s Mythos AI, a tool that has already rattled the tech and financial sectors by exposing widespread software vulnerabilities, has now successfully 'hacked' macOS, which is regarded as one of ...