Who needs JavaScript? Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).... [...]

Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.... [...]

Ferrous Systems achieves IEC 61508 (SIL 2) certification for systems that demand reliability Memory-safe Rust code can now be more broadly applied in devices that require electronic system safety, at least as measured by International Electrotechnical Commission (IEC) standards.... [...]

Even AI has doubts about the claim that '80% of ransomware attacks are AI-driven' Do 80 percent of ransomware attacks really come from AI? MIT Sloan has now withdrawn a working paper that made that eyebrow-raising claim after criticism from security researcher Kevin Beaumont.... [...]

Fake views from Moscow's pet media outlets appear in about one in five responses Popular chatbots powered by large language models cited links to Russian state-attributed sources in up to a quarter of answers about the war in Ukraine, raising fresh questions over whether AI risks undermining efforts to …

CVE and CVSS systems suffer from misaligned incentives and inconsistency Aram Hovespyan, co-founder and CEO of security biz Codific, says that the rating systems for identifying security vulnerabilities and assessing threat risk need to be overhauled.... [...]

Microsoft Copilot, not so much Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even …

AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.... [...]

Meta shrugs off allegations of improper dismissal, ignoring privacy and security WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for reporting security failings that violated legal commitments.... [...]

Popular npm packages debug, chalk, and others hijacked in massive supply chain attack Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm account.... [...]

AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.... [...]

Web browsing belongs to the people, not the bots Jon von Tetzchner, CEO of Norway-based browser maker Vivaldi, believes the tech industry's efforts to automate web browsing using generative AI models have gone too far.... [...]

Harvard researchers find model guardrails tailor query responses to user's inferred politics and other affiliations OpenAI's ChatGPT appears to be more likely to refuse to respond to questions posed by fans of the Los Angeles Chargers football team than to followers of other teams.... [...]

AI lowers the bar for cybercrime, Anthropic admits comment Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud.... [...]

Because savvy terrorists always use public internet services to plan their mischief, right? Anthropic says it has scanned an undisclosed portion of conversations with its Claude AI model to catch concerning inquiries about nuclear weapons.... [...]

Google’s Gemini-powered tools tripped up by image-scaling prompt injection Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge for machine learning systems.... [...]

Redmond doesn't bother informing customers about some security fixes UPDATED Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.... [...]

High accuracy scores come from conditions that don't reflect real-world usage Facial recognition technology has been deployed publicly on the basis of benchmark tests that reflect performance in laboratory settings, but some academics are saying that real-world performance doesn't match up.... [...]

Sysadmins, your job is safe Automating IT operations using AI may not be the best idea at the moment.... [...]

Checkbox to make chatbot conversations appear in search engines deemed a footgun OpenAI has removed the option to make ChatGPT interactions indexable by search engines to prevent users from unwittingly exposing sensitive information.... [...]

Boffins insist your deepfake tracking tech won't work Computer scientists with the University of Waterloo in Ontario, Canada, say they've developed a way to remove watermarks embedded in AI-generated images.... [...]

No screenshots for you! In an effort to protect user privacy, Brave browser 1.81 will prevent Microsoft Recall from screenshotting it by default.... [...]

Wi-Fi spy with my little eye that same guy I saw at another hotspot Researchers in Italy have developed a way to create a biometric identifier for people based on the way the human body interferes with Wi-Fi signal propagation.... [...]

Computer scientist Peter Gutmann tells The Reg why it's 'bollocks' The US National Institute for Standards and Technology (NIST) has been pushing for the development of post-quantum cryptographic algorithms since 2016.... [...]

Maintainers struggle to handle growing flow of low-quality bug reports written by bots Daniel Stenberg, founder and lead developer of the open-source curl command line utility, just wants the AI slop to stop.... [...]