A security flaw in “Claude in Chrome” enables any Chrome extension, including those without permissions, to execute privileged commands, steal data, and perform agentic actions.
A 23-year-old Taiwanese student halted four high-speed rail trains using software-defined radio equipment to trigger emergency braking by sending a high-priority signal.
Video hosting platform Vimeo has confirmed a data breach stemming from a third-party performance metrics platform, Anodot, affecting approximately 119,000 users and customers.
Though it is not yet a matter of official policy, inside sources indicate CISA is weighing a three-day deadline for fixing critical vulnerabilities in federal government systems that have been observed being exploited elsewhere.
A ransomware attack on a healthcare IT solutions provider has disrupted access to patients’ electronic health records (EHRs) across numerous Dutch hospitals.
Red Dead Redemption 2 and GTA 5 game maker Rockstar Games confirms a data breach stemming from a third-party cloud provider after hackers threatened to leak stolen information.
A data breach at Booking.com has leaked the personal information of customers across multiple countries after unauthorized third parties accessed reservation details.
The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require users to update their macOS certificates.
The U.K.’s NCSC warns that Russian hackers linked to the country’s GRU Military Intelligence Unit are using compromised routers for DNS hijacking to enable credential theft.
Microsoft has banned the developer accounts of high-profile open-source projects, leaving them unable to publish software updates, exposing Windows users to various cyber threats.
