Patches land for authencesn flaw enabling local privilege escalation Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw.... [...]
Installation and pre-approval without consent looks dubious under EU law One app should not modify another app without asking for and receiving your explicit consent. Yet Anthropic's Claude Desktop for macOS installs files that affect other vendors' applications without disclosure, even before those applications have been installed, and authorizes …
Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone could react.... [...]
Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting – a method of tracking people online by capturing technical details about their browser.... [...]
The time is maybe Quantum computing exists in a sort of superposition with regard to cryptography – it's both a pending threat and a technology of no immediate consequence for decryption.... [...]
Hasn't released it to the public, because it would break the internet - in a bad way For years, the infosec community’s biggest existential worry has been quantum computers blowing away all classical encryption and revealing the world’s secrets. Now they have a new Big Bad: an AI …
Check Point says outbound controls blocked web traffic but overlooked DNS OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.... [...]
Global bank's devs have some cleaning up to do after cloud creds found in website code Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.... [...]
A proof-of-concept attack on Context Hub suggests there's not much content santization A new service that helps coding agents stay up to date on their API calls could be dialing in a massive supply chain vulnerability.... [...]
Cyber rights org retools for the days of AI and unrestrained government interview The Electronic Frontier Foundation (EFF) on Tuesday appointed Nicole Ozer to succeed Cindy Cohn as the cyber rights group's executive director when Cohn departs this summer.... [...]
Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.... [...]
Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he's been dismissed, ignored, and banned from Rust security channels …
Chocolate Factory describes concession as an attempt to balance openess with safety It turns out you won't be limited to Google-verified apps an developers on Android after all. In the face of sustained community dissatisfaction with its developer verification requirement, Google has given Android users an out.... [...]
Take your YOLO and box it up exclusive NanoClaw, an open source agent platform, can now run inside Docker Sandboxes, furthering the project's commitment to security.... [...]
Now if only device makers would deliver higher quality components Thanks to Anthropic's AI and its bug-detecting abilities, Firefox users can now enjoy stronger security. Unfortunately, if browser crashes rather than security flaws are the problem, Claude probably can't help.... [...]
AI conversations for sale include sensitive health and legal details Your latest chat transcript could be bought and sold. Data brokers are selling access to sensitive personal data captured during chatbot conversations, despite claims that the data is anonymized and obtained with consent.... [...]
AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's Comet browser, until last month you could just schedule the theft by sending your victim a calendar event.... [...]
We can remember it for you wholesale, and sell it back to you for big bucks Web scraping bots are increasing the pressure on the tech supply chain by scouring sites for DRAM, so their minders can snap up increasingly scarce inventory and resell it for a quick profit …
Discovery is getting cheaper. Validation and patching aren’t What good is finding a hole if you can't fix it? Anthropic last week talked up Claude Code's improved ability to find software vulnerabilities and propose patches. But security researchers say that's not enough.... [...]
MIT CSAIL's 2025 AI Agent Index puts opaque automated systems under the microscope AI agents are becoming more common and more capable, without consensus or standards on how they should behave, say academic researchers.... [...]
Businesses are embedding prompts that produce content they want you to read, not the stuff AI makes if left to its own devices Amid its ongoing promotion of AI’s wonders, Microsoft has warned customers it has found many instances of a technique that manipulates the technology to produce …
Add-ons with 37M installs leak visited URLs to 30+ recipients, researcher says They know where you've been and they're going to share it. A security researcher has identified 287 Chrome extensions that allegedly exfiltrate browsing history data for an estimated 37.4 million installations.... [...]
The end isn't nigh after all Chrome's latest revision of its browser extension architecture, known as Manifest v3 (MV3), was widely expected to make content blocking and privacy extensions less effective than its predecessor, Manifest v2 (MV2).... [...]
Your own personal Jarvis. A bot to hear your prayers. A bot that cares. Just not about keeping you safe OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online services, has prompted a wave of malware and is …
BellSoft survey finds 48% prefer pre‐hardened images over managing vulnerabilities themselves Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.... [...]