AI
Your smart TV may be crawling the web for AI
Some TV apps let you watch programming with fewer ads, as long as you allow your TV to participate in a global proxy network.
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
This vulnerability could have allowed malicious extensions with basic permissions to inject JavaScript code into the new Gemini panel. Attackers could have accessed the camera and microphone, taken screenshots of any website, and accesses local files and direcrtories. Google has patched this.
BECOME INAUDIBLE WITH ONE CLICK
Spectre I is a smart device that stops microphones from recording your voice. It emits an inaudible signal that makes every microphone within range unable to capture intelligible audio.
100+ Kernel Bugs in 30 Days
We used AI agents to reverse engineer Windows kernel drivers to find zero-days.
By using Small Language Models for much of the analysis, the entire project cost us only $600 USD, roughly $3 per analyzed target.
From a dataset of over 1,873 binaries, we found 521 potential vulnerabilities across 158 unique driver binaries from dozens of vendors. Of those, we manually confirmed and reported 15 to vendors including Lenovo, Fujitsu, IBM, Intel, AMD, Silicom, NVIDIA, and Dell. They were, unsurprisingly, unresponsive. Despite most confirming the vulnerability exists (screenshots and/or video proof was always provided), to date, only one vulnerability was patched and assigned a CVE (CVE-2025-65001, we’d like to thank Fujitsu PSIRT for their handling of our submission).
Doctronic is Now Accepting New Patients (and Unsafe Instructions)
Utah became the first place in the world to allow AI to legally prescribe medication renewals without direct human involvement. It’s expected to roll out to Texas, Arizona, Missouri, and a dozen other states across 2026.
By exploiting Doctronic’s system prompt, we turned it into a bad doctor who:
- Spreads conspiracy theories about vaccines;
- Recommends methamphetamine as a treatment for social withdrawal;
- Writes SOAP notes that triple a patient’s baseline dosage of Oxycontin and are forwarded to a real doctor;
- And advises users on how to cook methamphetamine.
Politics
A new California law says all operating systems, including Linux, need to have some form of age verification at account setup
But just asking for your birthdate is enough.
Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar
CISA Director Madhu Gottumukkala’s leadership was troublesome for the agency long before his reassignment late Thursday.
During his tenure, he focused on non-existent threats from India instead of real threats from Iran, uploaded sensitive documents into a public version of ChatGPT, cancalled important contracts without consideration for their importance to CISA’s cyber defense mission, and suspended a worker for giving the finger to his empty cybertruck which had been left blocking a charging station for days. He failed a polygraph exam and suspended six career staffers who organized the test.
Inside the plan to kill Ali Khamenei
Israel spent years hacking Tehran’s traffic cameras and monitoring bodyguards ahead of the assassination of Iran’s supreme leader. Israel was also able to disrupt mobile phone towers, stopping Khamenei’s protection detail from receiving possible warnings.
Israel has assassinated hundreds of people overseas, including militant leaders, nuclear scientists, chemical engineers — and killing many innocent bystanders in the process. How much this aggressive, decades-long use of its technological and technical prowess has paved the way for major strategic gains is fiercely debated both within and outside Israel.
CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements
ICE also recently said it was interested in sourcing more “Ad Tech” data. Real-Time Bidding sends location data whenever an advertisement is served. "RTB is the world’s biggest data breach."
‘Peace President’ Breaks Record for Attacking the Most Countries
Trump has authorized more assaults in just the first year of his second presidency than Biden did throughout four years at the White House. He has ordered strikes against seven nations—Iran, Nigeria, Venezuela, Iraq, Somalia, Syria and Yemen.
Trump Launches Military Operation in Yet Another Country
The U.S. has launched military operations against “designated terrorist organizations” in Ecuador just three days after starting a war in the Middle East.
Meta is reportedly working to bring facial recognition to its smart glasses
Meta shut down Facebook’s Face Recognition system, used when tagging people in photos, in 2021, following widespread public backlash over privacy concerns. Now it wants to add facial recognition to its lineup of branded smart glasses at some point this year.
Infosec
A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals
“Coruna,” a highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government.
Coruna checks if an iOS devices has Apple's most stringent security setting, known as Lockdown Mode, enabled, and doesn’t attempt to hack it if so.
Firewall Vulnerability Exploitation: Why the Edge is Fraying
Exploitation of vulnerabilities against network edge devices such as firewalls, VPNs, and similar equipment increased from 3% of breaches in 2024 to 22% in 2025. The median time from vulnerability disclosure to active exploitation of these devices was zero days. The median time to patch them was 30 days.
Firewalls run a vendor OS like FortOS or PAN-OS on top of Linux. The attackers compromise the Linux layer, but defenders don't have access to it.
Total Recall – Retracing Your Steps Back to NT AUTHORITY\SYSTEM
Windows has a scheduled task related to the Microsoft Recall feature that runs as NT AUTHORITY\SYSTEM. This task can be triggered from a low-privilege account, and exploited to gain a PowerShell window running as SYSTEM. Microsoft has patched this.
Quantum Decryption of RSA Is Much Closer Than Expected
A new algorithm called JVG requires a thousand-fold less quantum computer resources, such as qubits and quantum gates, than Shor's algorithm. Research extrapolations suggest it will require less than 5,000 qubits to break encryption methods used in RSA and ECC.
AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks
By sending crafter PINGs, this attack defeats client isolation, allowing ARP poisoning. On routers providing multiple networks, this can cause a packet from an encrypted WLAN to be forwarded to an unencrypted WLAN.
Encrypted Client Hello Comes to NGINX
This protects user privacy from network surveillance
|