News

Google’s Gemini-powered tools tripped up by image-scaling prompt injection

Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge for machine learning systems.…

Bill would let US President commission white hat hackers to go after foreign threats, seize assets on the online seas

It's been more than 200 years since the United States issued a letter of marque allowing privateers to attack the vessels of foreign nations, but those letters may return to empower cyber operators if a bill introduced in Congress actually manages to pass. …

Everything a criminal needs for targeted attacks exposed, but telco insists 'no critical data compromised'

A significant data theft at Orange Belgium has opened hundreds of thousands of its customers to serious cybersecurity risks.…

Feds say Mirai-spawned botnet blasted 370K attacks before AWS and pals helped yank its servers

RapperBot, a botnet-for-hire blamed for hundreds of thousands of DDoS attacks, has been yanked offline by the Feds, who also hauled in its alleged Oregon-based mastermind.…

Another 'extremely sophisticated' exploit chewing at Cupertino's walled garden

Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.…

Worried about your data? Not to worry, we'll check the dark web for you! Yes really

A week after its services were disrupted by a cyberattack, UK telco Colt Technology Services has gone back on its initial statement to confirm that data has indeed been stolen.…

Researcher claims extension didn't start out by exfiltrating info... while dev says its actions are 'compliant'

Security boffins at Koi Security have warned of a shift in behavior of a popular Chrome VPN extension, FreeVPN.One, which recently appears to have begun snaffling screenshots of users' page activity and transmitting them to a remote server without their knowledge – and Google has yet to take it down.…

One fetcher bot seen smacking a website with 39,000 requests per minute

Cloud services giant Fastly has released a report claiming AI crawlers are putting a heavy load on the open web, slurping up sites at a rate that accounts for 80 percent of all AI bot traffic, with the remaining 20 percent used by AI fetchers. Bots and fetchers can hit websites hard, demanding data from a single site in thousands of requests per minute.…

Took out all traffic to port 443 at a time Beijing didn't have an obvious need to keep its netizens in the dark

China cut itself off from much of the global internet for just over an hour on Wednesday.…

Redmond doesn't bother informing customers about some security fixes

UPDATED  Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.…