Developers build the best tools for developers – and are now defanging the AI menace
Fear and even grief are natural reactions to machines that do your job. The next reactions – acceptance and innovation – are more useful
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known…
Cyberattack sees crops kept in the ground
Bitter harvest for Australia's Mackay Sugar, attacked in peak cane crushing season
Fileless Phantom Stealer Targets Browser Credentials
In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection.
AMD's Mext buy shows how AI could solve the RAM shortage it created
Running low on memory, can't afford more? The House of Zen's latest acquisition puts an AI spin on flash-based memory expansion
Security Community Slams US Ban on Exporting Mythos, Fable
An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models.
Malicious JetBrains Marketplace plugins steal AI API keys from developers
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...]
The new Siri makes one of Apple's most convenient OS features a cumbersome mess
Goodbye, useful Spotlight; hello force-fed Apple intelligence bloatware that feels distressingly like Google AI Overviews
Python dev saved from disaster by intuition... and AI
I'm sorry, Dave. I can't install that repo that will totally hose your system
New Rokarolla Android malware targets 217 banking, crypto apps
A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. [...]
Intel-born networking tech resurfaces as InfiniBand alternative for DoE supers
Omni-Path lights up Lawrence Livermore system at 400 Gbps
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Googl…
AI and brain-computer interface allow speechless ALS patient to work a full-time job
The hardware isn't new, but a UC Davis research team's machine learning-powered method of translating brain activity in an ALS patient into sentences with 92% accuracy is
Steam Workshop abused to spread malware via Wallpaper Engine app
Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. [...]
Three critical Fortinet sandbox bugs splattered by unknown attackers
All have patches, so make sure you upgrade to a fixed version
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan.
Commodore gets into the phone biz with Sailfish-powered retro 'Callback'
Ships sans email, web, or socials, but with plenty of beige plastic
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent repo…
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence
The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with extensive device surveillance and remote control.
HPE product barrage targets AI networks, agents, management
HPE has rolled out a super-sized package of hardware and software aimed at helping enterprise customers build and manage large AI infrastructures from the data center to the edge. …
HS135: AI Spyware in Chrome Spotlights Attractions of DaaS
VDI (Virtual Desktop Infrastructure) and Desktop as a Service (DaaS) have been arriving “real soon now” for the past couple of decades. Will the advent of vendors’ AI spyware (as G…
There's no such thing as an agentic CPU
AI agents are a general-purpose workload no different from any other
PP114: MACsec Overview
MACsec (IEEE 802.1AE) encrypts Ethernet frames hop-by-hop at Layer 2 — before traffic even hits IP — making it one of the strongest protections you can put on wire. It’s been in th…
Firefox 152 understands 'Sssh!'
As Google continues crippling Chrome ad-blockers, it's a good time to try Firefox
'Lorem Ipsum' Malware Pivots to ClickFix Delivery
New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society.
iRhythm Confirms Data Stolen in Hack
The digital health company said it learned of the breach on June 8 and the attackers demanded a ransom. The post iRhythm Confirms Data Stolen in Hack appeared first on SecurityWeek…
Microsoft faces down sueball, capacity problems in series of challenges
Misleading statements about Copilot and AI? Surely not!
Crooks found a new way to collaborate using Teams – by hiding command-and-control traffic
Custom malware routed communications through legitimate Microsoft services, making malicious activity look like routine corporate collaboration
UK to require ID or face scan before you can make social media accounts
Opening a new social media account in the UK will soon mean proving you're over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spri…
Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker
From building LED bulbs to graduating college and buying a house with money earned from bug bounties. The post Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hack…