Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: attack Clear Filter

Claude for Chrome

news.ycombinator.com Unknown 2025-10-27 06:01:56

We've spent recent months connecting Claude to your calendar, documents, and many other pieces of software. The next logical step is letting Claude work directly in your browser. We view browser-using AI as inevitable: so much work happens in browsers that giving Claude the ability to see what you're looking at, click buttons, and fill forms will make it substantially more useful. But browser-using AI brings safety and security challenges that need stronger safeguards. Getting real-world feedb

Topics: attack browser chrome claude safety
Read More
Shop Amazon

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

bleepingcomputer.com Unknown 2025-10-27 11:12:53

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. Salesloft's SalesDrift is a third-party platform that connects the Drift AI chat agent with a Salesforce instance, allowing organizations to sync conversations, leads, and support cases into their CRM. Acc

Topics: access attacks data salesforce threat
Read More
Shop Amazon

New AI attack hides data-theft prompts in downscaled images

bleepingcomputer.com Unknown 2025-10-29 11:34:57

Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering them to a large language model. The method relies on full-resolution images that carry instructions invisible to the human eye but become apparent when the image quality is lowered through resampling algorithms. Developed by Trail of Bits researchers Kikimora Morozova and Suha Sabi Hussain, the attack builds upon a theory presented in a 2020 USENIX

Topics: ai attack image model researchers
Read More
Shop Amazon

Farmers Insurance data breach impacts 1.1M people after Salesforce attack

bleepingcomputer.com Unknown 2025-10-29 19:48:51

U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. Farmers Insurance is a U.S.-based insurer that provides auto, home, life, and business insurance products. It operates through a network of agents and subsidiaries, serving more than 10 million households nationwide. The company disclosed the data breach in an advisory on its website, saying that its da

Topics: attacks breach data farmers salesforce
Read More
Shop Amazon

2.5B Gmail users endangered after Google database hack

news.ycombinator.com Author 2025-10-31 05:22:26

How the phishing attacks work Initial reports of attempted attacks have already been seen on Reddit, which are likely related to the data leak. Users describe how alleged Google employees have contacted them by phone to inform them of a security breach in their accounts. In these scam attempts, attackers are trying to take over Gmail accounts by triggering alleged “account resets” and then intercepting passwords to subsequently lock out the account holders. Another attack method involves “dang

Topics: account accounts attacks cloud google
Read More
Shop Amazon

APT36 hackers abuse Linux .desktop files to install malware in new attacks

bleepingcomputer.com Unknown 2025-10-31 23:35:11

The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. The activity, documented in reports by CYFIRMA and CloudSEK, aims at data exfiltration and persistent espionage access. APT 36 has previously used .desktop files to load malware in targeted espionage operations in South Asia. The attacks were first spotted on August 1, 2025, and based on the latest evidence, are still ongoing. Desktop file abuse Altho

Topics: attacks cloudsek desktop file files
Read More
Shop Amazon

Arch Linux remains under attack as DDoS enters week 2 - here's a workaround

zdnet.com Steven Vaughan-Nichols 2025-10-31 23:52:19

atese/iStock/Getty Images Plus via Getty Images Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways All Arch Linux sites are under attack. No one knows why Arch is getting smacked around. You can get Arch Linux files and programs from GitHub. Although not well-suited for new users, Arch Linux is a popular distro with a passionate fan base. So, why has someone been knocking down the Arch Linux site repeatedly for over a week now with an ongoing distributed denial-o

Topics: arch attack cloudflare ddos linux
Read More
Shop Amazon

Weaponizing image scaling against production AI systems

news.ycombinator.com Unknown 2025-11-04 11:20:53

Picture this: you send a seemingly harmless image to an LLM and suddenly it exfiltrates all of your user data. By delivering a multi-modal prompt injection not visible to the user, we achieved data exfiltration on systems including the Google Gemini CLI. This attack works because AI systems often scale down large images before sending them to the model: when scaled, these images can reveal prompt injections that are not visible at full resolution. In this blog post, we’ll detail how attackers c

Topics: attacks downscaling image prompt scaling
Read More
Shop Amazon

Major password managers can leak logins in clickjacking attacks

bleepingcomputer.com Unknown 2025-11-07 03:49:53

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. Threat actors could exploit the security issues when victims visit a malicious page or websites vulnerable to cross-site scripting (XSS) or cache poisoning, where attackers overlay invisible HTML elements over the password manager interface. While users believe they are interacting with h

Topics: attack manager password tóth users
Read More
Shop Amazon

Onimusha: Way of the Sword might be a more forgiving kind of samurai epic

engadget.com Unknown 2025-11-07 23:00:20

Capcom’s Onimusha series has been on a long hiatus. Combining Resident Evil-style rendered backgrounds with more agile characters, adding in demons, magic and a feudal Japan setting, the series span multiple sequels — and consoles — til the fourth entry in 2006. Roughly two decades (and console eras) later, Capcom has returned to the series, even getting the definitive samurai actor, Tom Cruise Mifune Toshiro, to play the hero, the legendary swordsman Miyamoto Musashi. At Gamescom, the company

Topics: advertisement attacks onimusha sword way
Read More
Shop Amazon

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

krebsonsecurity.com Unknown 2025-11-08 11:51:06

A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online extortionists, and tried to stay off the radar of law enforcement by ensuring that their botnet was never pointed at KrebsOnSecur

Topics: attacks bot botnet foltz rapper
Read More
Shop Amazon

Prosecutors charge man who allegedly used botnet to take down X this spring

engadget.com Unknown 2025-11-08 17:23:13

An Oregon man has been charged in a federal complaint today on allegations of operating a botnet for hire that conducted cyberattacks beginning at least in 2021. Ethan Foltz has been accused of running Rapper Bot, also known as Eleven Eleven Botnet and CowBot, and using it to execute coordinated distributed denial of service (DDoS) attacks. The complaint claims that Rapper Bot was used to target victims in more than 80 countries, and since April 2025, it has reportedly conducted more than 370,00

Topics: 000 attacks bot botnet rapper
Read More
Shop Amazon

Denshattack! is a blend of Tony Hawk, trains and shonen anime

engadget.com Unknown 2025-11-09 08:41:06

Denshattack! is what happens when Tony Hawk trades in his skateboard for a high-speed Japanese train. Yes, you read that correctly. Denshattack! is the latest game from Barcelona indie studio Undercoders, and it's a delirious, high-speed action experience complete with flow states, a banging original soundtrack, flamboyant characters and coming-of-age drama. Players attempt to keep their train moving while jumping, wall riding, spinning, landing tricks and nailing combos. Between the rail-hoppi

Topics: action denshattack game high japanese
Read More
Shop Amazon

Critical Cache Poisoning Vulnerability in Dnsmasq

news.ycombinator.com Unknown 2025-11-10 02:56:47

[Dnsmasq-discuss] [Security Report] Critical Cache Poisoning Vulnerability in Dnsmasq Dear Dnsmasq Security Team, We would like to responsibly disclose a critical cache poisoning vulnerability affecting the Dnsmasq DNS software. The issue allows attackers to inject arbitrary malicious DNS resource records and poison domain names without requiring advanced techniques, only by leveraging a single special character. Report Summary Vulnerability Type: Logic flaw in cache poisoning defense Affected

Topics: attack cache dnsmasq https poisoning
Read More
Shop Amazon

XenoRAT malware campaign hits multiple embassies in South Korea

bleepingcomputer.com Unknown 2025-11-10 05:38:29

A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. According to Trellix researchers, the campaign has been running since March and is ongoing, having launched at least 19 spearphishing attacks against high-value targets. Although infrastructure and techniques match the pllaybook of North Korean actor Kimsuky (APT43), there are signs that better match China-based operatives, the researchers say. Multi

Topics: attacks campaign email korean trellix
Read More
Shop Amazon

HR giant Workday discloses data breach after Salesforce attack

bleepingcomputer.com Unknown 2025-11-13 09:53:49

Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. Headquartered in Pleasanton, California, Workday has over 19,300 employees in offices across North America, EMEA, and APJ. Workday's customer list comprises over 11,000 organizations across a diverse range of industries, including more than 60% of the Fortune 500 companies. As the company revealed in a Fr

Topics: attacks data engineering information workday
Read More
Shop Amazon

HR giant Workday discloses data breach amid Salesforce attacks

bleepingcomputer.com Unknown 2025-11-13 15:53:49

Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. Headquartered in Pleasanton, California, Workday has over 19,300 employees in offices across North America, EMEA, and APJ. Workday's customer list comprises over 11,000 organizations across a diverse range of industries, including more than 60% of the Fortune 500 companies. As the company revealed in a Fr

Topics: attacks engineering information social workday
Read More
Shop Amazon

Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities

news.ycombinator.com Unknown 2025-11-09 12:42:11

OpenReview Anonymous Preprint Submission696 Authors Keywords : Cloud computing security; Hardware security; Systems security TL;DR : Leaking memory across virtual machine boundaries at a public cloud provider, bypassing mitigations against these types of attacks. Abstract : Given their vital importance for governments and enterprises around the world, we need to trust public clouds to provide strong security guarantees even in the face of advanced attacks and hardware vulnerabilities. While t

Topics: attacks clouds end security vulnerabilities
Read More
Shop Amazon

Colt Telecom attack claimed by WarLock ransomware, data up for sale

bleepingcomputer.com Unknown 2025-11-14 16:25:34

UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online, and Voice API platforms. The British telecommunications and network services provider disclosed that the attack started on August 12 and the disruption continues as its IT staff works around the clock to mitigate its effects. Founded in 1992 as City of London Telecommunications (CO

Topics: attack colt company services telecommunications
Read More
Shop Amazon

The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived

wired.com Lily Hay Newman 2025-11-16 23:20:00

The second Trump administration has its first federal cybersecurity debacle to deal with. A breach of the United States federal judiciary’s electronic case filing system, discovered around July 4, has pushed some courts onto backup paper-filing plans after the hack compromised sealed court records and possibly exposed the identities of confidential informants and cooperating witnesses across multiple US states. More than a month after the discovery of the breach—and in spite of recent reports

Topics: attack breach case cm says
Read More
Shop Amazon

Hackers leak Allianz Life data stolen in Salesforce attacks

bleepingcomputer.com Unknown 2025-11-21 16:03:47

Hackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business partners and customers in ongoing Salesforce data theft attacks. Last month, Allianz Life disclosed that it suffered a data breach when the personal information for the "majority" of its 1.4 million customers was stolen from a third-party, cloud-based CRM system on July 16th. While the company did not name the provider, BleepingComputer first repor

Topics: attacks data salesforce shinyhunters threat
Read More
Shop Amazon

Russia reportedly implicated in hack on US federal courts' databases

engadget.com Unknown 2025-11-22 02:40:30

Databases used by US federal courts for sharing and managing case documents have been hacked. Politico first reported on the hack last week on August 6; today, an investigation from The New York Times states that Russia is suspected to be involved in the attack. The Administrative Office of the US Courts initially identified the severity of the cyberattack in July, although the extent of the breach by "persistent and sophisticated cyber threat actors" has not been disclosed and may still not be

Topics: attack case cases courts hack
Read More
Shop Amazon

Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

bleepingcomputer.com Unknown 2025-11-23 06:31:49

Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. Tracked as CVE-2025-5777 and referred to as CitrixBleed 2, this out-of-bounds memory read vulnerability results from insufficient input validation, enabling unauthenticated attackers to access restricted memory regions remotely on devices configured as a Gateway (VPN virtual server, ICA Pro

Topics: 2025 attacks citrix cve vulnerability
Read More
Shop Amazon

High-severity WinRAR 0-day exploited for weeks by 2 groups

news.ycombinator.com Unknown 2025-11-23 16:19:47

A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached to phishing messages, some of which are personalized. Security firm ESET said Monday that it first detected the attacks on July 18, when its telemetry spotted a file in an unusual directory path. By July 24, ESET determined that the behavior was linked to the exploitation of an unknown vulnerability

Topics: attacks eset group vulnerability winrar
Read More
Shop Amazon

Don't fall for AI-powered disinformation attacks online - here's how to stay sharp

zdnet.com Dan Patterson 2025-11-24 04:29:38

JuSun/Getty Images ZDNET's key takeaways AI-powered narrative attacks, or misinformation campaigns, are on the rise. These can create real business, brand, personal, and financial harm. Here are expert tips on how to spot and protect yourself against them. Last month, an old friend forwarded me a video that made my stomach drop. In it, what appeared to be violent protesters streaming down the streets of a major city, holding signs accusing the government and business officials of "censoring

Topics: attacks content information media narrative
Read More
Shop Amazon

High-severity WinRAR 0-day exploited for weeks by 2 groups

arstechnica.com Unknown 2025-11-24 02:13:14

A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached to phishing messages, some of which are personalized. Security firm ESET said Monday that it first detected the attacks on July 18, when its telemetry spotted a file in an unusual directory path. By July 24, ESET determined that the behavior was linked to the exploitation of an unknown vulnerability

Topics: attacks eset group vulnerability winrar
Read More
Shop Amazon

The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks

bleepingcomputer.com Unknown 2025-11-25 15:17:28

Attackers don’t need exploits; they need TRUST. Changes in attack methods reflect changes in generations. Gen Z, a generation known for prioritizing ease and efficiency, is now entering the cybersecurity landscape on both sides. Some are protecting data, and others are stealing it. With the rise of AI and no-code platforms in attackers’ phishing toolkits, building trust and deceiving users has never been easier. Threat actors are blending default-trusted tools with free, legitimate services to

Topics: attackers file phishing user varonis
Read More
Shop Amazon

M&S click and collect returns 15 weeks after cyber attack

feeds.bbci.co.uk Unknown 2025-11-26 20:09:15

M&S click and collect returns 15 weeks after cyber attack 3 hours ago Share Save Charlotte Edwards Technology reporter, BBC News Share Save Getty Images Marks & Spencer has resumed its click and collect service 15 weeks after it stopped the service following a hugely damaging cyber attack. The retailer stopped taking orders on its website and app for clothing and home deliveries and also paused its in store collection service on 25 April. Online orders resumed on 10 June and the company has n

Topics: attack click collect cyber orders
Read More
Shop Amazon

Google Calendar invites let researchers hijack Gemini to leak user data

bleepingcomputer.com Unknown 2025-11-25 21:12:22

Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and leak sensitive user data. The attack unfolded without requiring any user involvement beyond typical interactions with the assistant, which occur daily for users of Gemini. Gemini is Google's large language model (LLM) assistant integrated into Android, Google web services, and Google's Workspace apps, having access to Gmail, Calendar, and Google Hom

Topics: attack calendar gemini google prompt
Read More
Shop Amazon

Connex Credit Union data breach impacts 172,000 members

bleepingcomputer.com Unknown 2025-11-26 18:18:56

Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June. Founded in 1940, this member-owned organization is a non-profit with over $1 billion in assets, providing banking, insurance, and credit card services to more than 70,000 members across eight branches throughout the greater New Haven area, including New Haven, Hartford, Middlesex, and Fairfie

Topics: attacks connex data june members
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3628 apple 3003 new 2386 google 2021 content 1726
Popular
like 1490 company 1420 pro 1313 iphone 1147 app 1123 zdnet 1106 said 1060 data 1047 does 904 reviews 890
Emerging
editorial 869 amazon 856 game 808 samsung 774 phone 760 pixel 756 android 741 just 717 users 683 available 682
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]