AI
New attack on ChatGPT research agent pilfers secrets from Gmail inboxes
Deep Research is a ChatGPT-integrated AI agent that performs complex, multi-step research on the Internet by tapping into a large array of resources, including a user’s email inbox, documents, and other resources. It can also autonomously browse websites and click on links.
Researchers recently devised an attack that plucked confidential information out of a user’s Gmail inbox and sent it to an attacker-controlled web server, with no interaction required on the part of the victim and no sign of exfiltration.
"ShadowLeak" uses indirect prompt injection, inside content such as documents and emails sent by untrusted people.
ChatGPT Is Blowing Up Marriages as Spouses Use AI to Attack Their Partners
AI can now design functional viruses – not the computer kind, either
Bioengineers have created synthetic bacteriophages using AI-generated designs that not only work in the real world, but are far more infectious than their naturally-occurring counterparts.
The end result of the AI portion of the project was a pool of 302 candidate genomes, 285 of which were able to generate full genomes. Of those, 16 were found to inhibit the growth of E. coli bacteria.
The winner, Evo-Φ69, showed an expansion rate between 16 fold and 65 fold over a six-hour infection period. The original virus, ΦX174, only showed increases between 1.3 fold and fourfold over the same period.
ChatGPT may soon require ID verification from adults, CEO says
OpenAI plans to develop an automated age-prediction system that will determine whether ChatGPT users are over or under 18, automatically directing younger users to a restricted version of the AI chatbot. "In some cases or countries we may also ask for an ID," Altman wrote.
AI firm DeepSeek writes less-secure code for groups China disfavors
DeepSeek often refuses to help programmers or gives them code with major security flaws when they say they are working for the banned spiritual movement Falun Gong or others considered sensitive by the Chinese government.
Russian State TV Launches AI-Generated News Satire Show
A neural network picks the topics, then uses AI to generate that video. It includes putting French President Emmaneul Macron in hair curlers and a pink robe, making Trump talk about golden toilets, and showing EU Commission President Ursula von der Leyen singing a Soviet-era pop song while working in a factory.
Politics
Scientists predict wildfire smoke will be the most costly climate-related health hazard
Wildfire smoke is responsible for tens of thousands of deaths each year and will do more harm to U.S. residents by midcentury than any other threat driven by climate change, including extreme heat.
Trump claims 300 million people died last year from drugs
Right-wing political violence is more frequent, deadly than left-wing violence
Right-wing extremist violence has been responsible for the overwhelming majority of fatalities, amounting to approximately 75 to 80 percent of US domestic terrorism deaths since 2001. Left-wing extremist incidents made up about 10 to 15 percent of incidents and less than 5 percent of fatalities.
DOJ Deletes Its Own Study From Website Showing ‘Far More’ Domestic Terrorism Committed by ‘Far-Right Extremists’
FBI leaders allege in lawsuit they were unlawfully fired over political loyalty
The loyalty test includes: “Who did you vote for?” “When did you start supporting President Trump?” “Have you voted for a Democrat in the last five elections?” “Do you agree that the FBI agents who stormed Mar-a-Lago … should be held accountable?”
America Surrenders in the Global Information Wars
The U.S. is reorienting its foreign policy to protect governments that manipulate and suppress information.
All of America’s foreign broadcasters, includeing Voice of America, Radio Free Europe, and a handful of others, are in grave danger.
California age verification bill backed by Google, Meta, OpenAI heads to Newsom
The proposal would require device makers and app stores to verify user ages. It's supported by Google, Meta, OpenAI and Pinterest. It allows kids to download apps without parental consent, unlike the laws passed in Utah and Texas. It also doesn’t mandate photo ID uploads.
Infosec
Memory Integrity Enforcement: A complete vision for memory safety in Apple devices
Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems. Each memory region is assigned a random secret tag when it is allocated, and every read or write request must provide the correct token. A request with an incorrect token halts the program. This prevents exploitation of buffer overflows, dangling pointers, etc.
Campaigners urge EU to mandate 15 years of OS updates
Nothing says ‘circular economy’ like Microsoft stranding 400 million PCs on International E-waste Day.
Slack threatened to delete nonprofit coding club’s data if it didn’t pay $50k in a week
Two days ago, Slack reached out to us and said that if we don’t agree to pay an extra $50k this week and $200k a year, they’ll deactivate our Slack workspace and delete all of our message history.
Wireless Vulnerabilities in Practice | WPS Pixie-Dust Attack Explained
Most routers fail to use properly randomized nonces, often leaving them at zero, making an offline brute force attack fast and effective.
New VMScape attack breaks guest-host isolation on AMD, Intel CPUs
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs.
The attack breaks the isolation between VMs and the cloud hypervisor, bypassing existing Spectre mitigations and threatening to leak sensitive data by leveraging speculative execution.
However, it is essential to emphasize that attacks like VMScape require advanced knowledge, deep technical expertise, and sustained execution time. Because of this, such attacks, even if possible, do not represent a threat to the larger userbase.
Linux kernel developers released patches that mitigate VMScape, and they have minimal performance impact in common workloads.
Google’s experimental Windows app is better than Microsoft’s built-in search
The new Google app for Windows is available now, allowing you to search the web, Google Drive, and even your local files.
Li-ion roars can predict early battery failure, MIT boffins say
When lithium-ion batteries degrade, they emit acoustic signals that reveal what's going wrong inside. Those sounds can predict problems before things go up in smoke.
Undocumented Radios Found in Solar-Powered Devices
The US Department of Transportation's warned that "solar-powered highway infrastructure including chargers, roadside weather stations, and traffic cameras should be scanned for the presence of rogue devices — such as hidden radios — secreted inside batteries and inverters."
"Many OEMs purchase parts that include cellular modems with no intention to use that functionality." The realistic risk seems small.
FileFix attacks use fake Facebook security alerts to trick victims into running infostealers
FileFix is a variation on ClickFix, a newish type of social-engineering technique first spotted last year that tricks victims into running malware on their own devices using fake fixes and login prompts. These types of attacks have surged by 517 percent in the past six months, making them second most common attack vector behind phishing.
Post-quantum security for SSH access on GitHub
We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as sntrup761x25519-sha512 and sntrup761x25519-sha512@openssh.com, to our SSH endpoints for accessing Git data.
Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation
The threat actors behind SlopAds operate a collection of 224 apps and growing, collectively downloaded from Google Play more than 38 million times. These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks.
Russian hackers target Polish hospitals and city water supply
Russian sabotage attempts targeted hospitals and urban water supplies.
China’s internet watchdog mandates 1-hour reporting for serious cybersecurity incidents
Network operators must report “particularly serious” cybersecurity incidents within one hour to relevant authorities.
|