Researchers have disclosed a vulnerability in Gemini Command Line Interface (CLI), Google's latest piece of "agentic" AI software for code development. The flaw, which was reported to Google and patched prior to disclosure, would have allowed an attacker to silently execute arbitrary code on a user's machine. In one video demonstration, a researcher interacts with Gemini CLI while setting up a separate listening server to see how the agent was processing a user's command. READ MORE...
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members. The Tea app is a women-only dating safety platform where members can share reviews about men, with access to the platform only granted after providing a selfie and government ID verification. READ MORE...
Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. The compromised system was discovered and isolated from the rest of the network by Orange Cyberdefense, the company's cybersecurity business unit, on July 25. This has led to some operational disruptions, primarily affecting French customers, which are expected to be gradually resolved by Wednesday morning, July 30. READ MORE...
The Raspberry Pi team has released an update to the RP2350 microcontroller with bug fixes, hardening, and a GPIO tweak that will delight retro hardware enthusiasts. The A4 stepping brings several improvements, including remedies for the glitches identified in the company's 2024 hacking challenge (though a spokesperson was quick to note they all required physical access to the hardware), as well as the documented GPIO pull-up issue that required affected customers to use some extra circuitry. READ MORE...
A sophisticated new infostealing malware has burst onto the cybercrime scene with the capability to steal sensitive data from 19 browsers, including even more obscure browsers that are thought to provide advanced privacy. Dubbed "Shuyal" by researchers at Hybrid Analysis, the stealer also demonstrates advanced system reconnaissance and evasion tactics, according to a recent blog post. It also targets information beyond credentials and establishes persistence once loaded onto a victim's machine. READ MORE...
On Friday, OpenAI's new ChatGPT Agent, which can perform multistep tasks for users, proved it can pass through one of the Internet's most common security checkpoints by clicking Cloudflare's anti-bot verification-the same checkbox that's supposed to keep automated programs like itself at bay. ChatGPT Agent is a feature that allows OpenAI's AI assistant to control its own web browser, operating within a sandboxed environment with its own virtual operating system. READ MORE...
The US cybersecurity agency CISA on Monday warned that a two-year-old vulnerability in PaperCut's NG and MF print management products has been exploited in the wild. The flaw, tracked as CVE-2023-2533, is described as a high-severity cross-site request forgery (CSRF) issue that, under certain conditions, allows attackers to modify security settings or execute arbitrary code remotely. READ MORE...
The rise of "vibe coding" platforms that enable developers to build software with minimal traditional coding could create a slew of new security risks for organizations. A recent example is a now-patched vulnerability in the Base44 AI-powered development platform that allowed unauthorized users to gain complete access to private enterprise applications hosted on the service. The authentication flaw was discovered by researchers at cloud security firm Wiz. READ MORE...
Over 200,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers. The Post SMTP plugin is an add-on used by approximately 400,000 WordPress-powered websites to improve the reliability and security of their email delivery. The plugin has proven popular in part because of its marketing that presents it as a more reliable and full-featured replacement to the default email functionality built into WordPress. READ MORE...