AI
Browser extensions with 8 million users collect extended AI conversations
The eight extensions remained available in both Google’s and Microsoft’s extension stores as of late Tuesday night. Seven of them carry “Featured” badges, which are endorsements meant to signal that the companies have determined the extensions meet their quality standards.
But they all inject code into popular AI chat webpages, including ChatGPT, Claude, and Gemini, which capture all data sent to the AI and send it to the extension maker--Urban VPN. The terms of service say this is intentional, to provide protection.
Hack Reveals the a16z-Backed Phone Farm Flooding TikTok With AI Influencers
A hacker gained control of a 1,100 mobile phone farm powering covert, AI-generated ads on TikTok.
The farm uses 200 TikTok accounts to advertise supplements and other products. The company, Doublespeed, plans
to launch its advertising services on Instagram, Reddit, and X.
LG Will Let TV Owners Delete Microsoft Copilot After Customer Outcry
Both LG and Samsung announced plans to add Microsoft's Copilot AI assistant to their TVs in January, but it appears to be popping up on LG TVs following a recent update to webOS.
Building an Open-Source AI-Powered Auto-Exploiter with a 1.7B Parameter Model: No Paid APIs Required
What if I told you that a 1.7 billion parameter model running entirely on your local machine could autonomously scan networks, identify vulnerabilities, search for exploits, and execute them—all without a single penny spent on API calls? Welcome to the future of security automation where open-source AI meets penetration testing.
ICE Contracts Company Making Bounty Hunter AI Agents
In Cybersecurity, Claude Leaves Other LLMs in the Dust
Anthropic is the best of a bad lot.
Politics
Trump admin threatens to break up major climate research center
The National Center for Atmospheric Research, or NCAR, is a significant contributor to research on the weather, climate, and other atmospheric phenomena. The move will be a crippling blow to climate research in the US and is being widely decried by scientists.
Scoop: TikTok signs deal for sale of U.S. unit after years-long saga
Oracle, Silver Lake and Abu Dhabi-based MGX will collectively own 45% of the U.S. entity.
Infosec
Most smart devices run outdated web browsers
The study looked at browsers that ship with smart TVs, e-readers, gaming consoles, and other modern hardware.
All five e-readers that were tested, and 24 of 35 smart TV models, used embedded browsers that were at least three years behind current versions.
Some devices were released with vulnerable browsers from day one--eight products shipped with browsers over three years old at launch.
Car Dashboards at Risk as Hackers Remotely Seize Control Through Built-In Modems (P)
The Unisoc UIS7862A System-on-Chip (SoC) is used in many Chinese car head units, and it has a stack-based buffer overflow.
This flaw resides in the handling of fragmented data packets. By sending a specially crafted SDU with over 90 header entries, an attacker can overwrite the return address on the stack and execute arbitrary code.
France arrests Latvian for installing malware on Italian ferry
French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel. They blame Russia.
Apache Log4j Vulnerability Allows Attackers to Intercept Sensitive Log Data
The vulnerability affects the Socket Appender component in Apache Log4j Core, which is responsible for sending log data over networks to central servers. It fails to validate the hostname, creating an opening for Man-in-the-Middle (MitM) attacks.
Amazon Identifies North Korean IT Worker by Tracking Keystroke Activity
Amazon analyzed keystroke input lag. For genuine remote workers operating from the United States, data from keyboard typing typically reaches company networks within tens of milliseconds.
However, this employee’s connection latency exceeded 110 milliseconds, triggering an immediate security investigation by Amazon.
|