How a USB-connected speaker can infect a PC without ever being touched

CTP allows devices connected via Bluetooth or USB to send commands to the speaker, such as changing LED colors and equalizer ...
The Hacker News

âš¡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...

Scientists Find Way to Supercharge Dangerous Computer ‘Worms’ With A.I.

Researchers at the University of Toronto showed how hackers could use artificial intelligence to create a program that could ...
MIT Technology Review

The Meta hack shows there’s more to AI security than Mythos

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish ...
SecurityWeek

19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access

Introduced in 2007, the CIFSwitch Linux kernel bug allows users to modify CIFS key description fields and gain root ...

New CIFSwitch Linux flaw gives root on multiple distributions

A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request ...

Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers

Hackers stole usernames, hashed passwords, and other data from a service that allowed players to cheat in Grand Theft Auto V.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...
Hackaday

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
The Hacker News

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per ...