OpenAI: Chinese agent used ChatGPT for smear ops • The Register - Chinese Gov Agent using ChatGPT to plan smear campaigns, write situation reports. Interesting look into how bad guys are bad guying.
Perplexity Comet browser hole was exploitable via cal invite • The Register - The second thing is that we show that once the 1Password extension is installed in the Comet browser and is unlocked, we can actually instruct Comet to go to the extension URL and then hijack your 1Password account – full takeover of your 1Password account, which is the worst thing that can happen," said Bargury.
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration - “The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing arbitrary shell commands and exfiltrating Anthropic API keys when users clone and open untrusted repositories,”
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket - “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented, So while you’re browsing any website, JavaScript running on that page can silently open a connection to your local OpenClaw gateway. The user sees nothing.”
LLMs can unmask pseudonymous users at scale with surprising accuracy - Ars Technica - “What we found is that these AI agents can do something that was previously very difficult: starting from free text (like an anonymized interview transcript) they can work their way to the full identity of a person,” Simon Lermen, a co-author of the paper, told Ars.
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement - The problem occurs when users enable the Gemini API on a Google Cloud project (i.e., Generative Language API), causing the existing API keys in that project, including those accessible via the website JavaScript code, to gain surreptitious access to Gemini endpoints without any warning or notice.
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute - “This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons,” the company said.
Next.js jobseekers targeted with malicious ‘interview’ repos • The Register - Microsoft said the repositories use different methods to execute on developers’ machines, but all lead to the same outcome: in-memory execution of malicious JavaScript.
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware - The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.
AWS Middle East disrupted after ‘objects struck datacenter’ • The Register - At 9:41 AM the same day AWS said the availability zone “was impacted by objects that struck the datacenter, creating sparks and fire. The fire department shut off power to the facility and generators as they worked to put out the fire.”
Scattered Lapsus$ Hunters seeks women to defraud helpdesks • The Register - “By specifically seeking female voices, the group likely aims to bypass the ’traditional’ profiles of attackers that IT helpdesk staff may be trained to identify, thereby increasing the effectiveness of their impersonation efforts.”
Scammers target Dubai bank accounts amid Iran missile salvo • The Register- Financially motivated cybercriminals are contacting citizens under the guise of Dubai Crisis Management, a fictitious department ostensibly tied to Dubai Police, in attempts to gather information that could be used in SIM-swap attacks.
Phishing campaign targets freight and logistics orgs in the US, Europe - A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains.
Hacktivists claim to have hacked Homeland Security to release ICE contract data | TechCrunch - “Why hack the DHS? I can think of a couple Pretti Good reasons! I’m releasing this because the DHS is killing us and people deserve to know which companies support them and what they’re working on,” the hackers wrote.
Iran’s cyberwar has begun • The Register - Mobile app security firm Approov noted a “significant surge in highly sophisticated probing attacks against APIs and mobile applications that provide critical communication links for regional governments,” according to company CEO Ted Miracco. “We have analytical indications that the presumed Iranian actors were scouting and gauging regional infrastructure vulnerabilities.”
Atlantic Council: Beyond Attribution PDF - The spectrum of state responsibility is a tool to help analysts with imperfect knowledge assign responsibility for a particular attack, or campaign of attacks, with more precision and transparency. This spectrum assigns ten categories, each marked by a different degree of responsibility, based on whether a nation ignores, abets, or conducts an attack. The spectrum starts from a very passive responsibility—a nation having insecure systems that lead to an attack—up to very active responsibility—a national government actually planning and executing an attack.
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises - Ars Technica - New research shows that behaviors that occur at the very lowest levels of the network stack make encryption—in any form, not just those that have been broken in the past—incapable of providing client isolation, an encryption-enabled protection promised by all router makers, that is intended to block direct communication between two or more connected clients.
Google quantum-proofs HTTPS by squeezing 15kB of data into 700-byte space - Ars Technica - “In this model, a Certification Authority (CA) signs a single ‘Tree Head’ representing potentially millions of certificates, and the ‘certificate’ sent to the browser is merely a lightweight proof of inclusion in that tree.”
Author’s Note: The federal government has long held a policy and actively attempted to backdoor attempts at commercial encryption schemes. Snowden’s leaks also showed HNDL activity (Hold now, decrypt later), a technique used when encrypted conversations are thought to possibly be decryptable in the future.
A new app alerts you if someone nearby is wearing smart glasses | TechCrunch- The Android app, aptly named Nearby Glasses, constantly scans for nearby signals that emit from Bluetooth-enabled tech, such as wearable devices made by Meta (and Oakley) and Snap.