The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
SecurityWeek

Chinese Cybercrime Group in Spotlight for Record Campaign Pace

The Chinese-speaking cybercrime group TA4922 has been escalating its malicious activities, expanding to Europe and Africa.

CreativeのBluetoothスピーカーを使ってPCに触れることなく攻撃する ...

セキュリティ研究者のRasmus Moorats氏はCreativeのサウンドシステムであるKatana V2Xの解析を通じ、攻撃者が約15m圏内からBluetooth経由で同機器に不正なファームウェアを書き込める可能性を示しました。Katana ...
The Hacker News

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

VerdantBamboo used BRICKSTORM, PLENET, and AGENTPSD after an 18-month breach, enabling stealthy Linux appliance access.

Should You Hijack a Corporate AI Chatbot for Free Tokens?

A developer went viral for reconfiguring Chipotle’s customer support bot into a coding assistant, and providing the playbook ...

Not a whistleblower, just a student asking why: Story of Sarthak Sidhant who raised concerns about CBSE's discrepancies

Eighteen-year-old Sarthak Siddhant, a student, used basic tools to look closely at CBSE's new on-screen marking system. He ...
International Business Times

Chinese Threat Group Hid Inside Microsoft 365 Networks for 18 Months Using Secret Malware ...

Chinese hacking group UNC5221 secretly accessed Microsoft 365 environments for 18 months using Brickstorm, Plenet and AgentPSD malware, researchers found. Freepik A sophisticated Chinese ...
thearabianpost

Fake coding tests expose crypto developers

Software developers across close to 100 organisations have been targeted by a likely North Korea-linked hacking operation that used fake recruitment and code-review tasks to steal cryptocurrency, ...

AIブームに便乗した犯罪が急増、ChatGPTやClaudeの名前で認証情報を盗む手口をMicrosoftが分析

Microsoftが、ChatGPT、Claude、DeepSeek、Microsoft CopilotなどのAIブランドをかたるフィッシング攻撃や、不正広告を使った誘導であるマルバタイジングが増えていると警告しています。