Hackers breached Brazil’s emergency alert system and used the government’s civil defense platform to send millions of highest-level alerts across multiple regions.
Starting next year, developers may need to demonstrate their security products are quantum-safe to receive a certification from France's lead cybersecurity agency.
A API vulnerability documented by independent security blogger "bobdahacker" created a path to replacing the FIFA World Cup matches playing out on televisions and devices all over the world with any video of the attacker's choosing.
A data breach affecting Madison Square Garden Sports and the New York Knicks has leaked the personal information of customers, celebrities, athletes, and their representatives.
With a digital ID, the actions of automated AI agents could be tracked, verified and audited. Agents that work as digital assistants and coding partners now often have broad permissions, from potentially opening an organization's gate to attackers to being trusted with individual purchases and financial moves. This act by Estonia is the first concrete government proposal of its nature.
The new “agentjacking” attack takes almost no real hacking ability to pull off. It's predicated on pulling a public credential that can readily be found in a web site's JavaScript source code, which can be used by anyone to get Sentry to accept an error event full of malicious instructions that is passed on to AI coding agents.
Kodak has confirmed a data breach after the notorious hacking group ShinyHunters claimed responsibility for the attack and threatened to leak the stolen information on the dark web.
The Copilot vulnerability chain requires three steps, two of which are old-fashioned injections and request forgeries. But they are kicked off by using a P2P injection that convinces Copilot it is OK to serve up malicious links. The end result is that the AI assists with data theft from across the target’s Microsoft ecosystem.
Chinese hackers linked to the advanced persistent threat actor UNC6508 breached North American research facilities via web applications and evaded detection for over a year.
A supposed data breach prompted coverage from a number of national media sources, as it claimed to involve popular social platform VRChat and some 2.5 million of its users. The fake notice went so far as to make up an accompanying fake disclosure statement from VRChat themselves.
