Hacker News with Generative AI: Cybersecurity

Launch HN: MindFort (YC X25) – AI agents for continuous pentesting (ycombinator.com)
Hey HN! We're Brandon, Sam, and Akul from MindFort (https://mindfort.ai). We're building autonomous AI agents that continuously find, validate, and patch security vulnerabilities in web applications—essentially creating an AI red team that runs 24/7.

Cybersecurity, Artificial Intelligence, Web Development, Startups

60 points by bveiseh 30 days ago | 24 comments

Microsoft Is Spying on Users of Its AI Tools (2024) (schneier.com)
Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities.

Cybersecurity, Artificial Intelligence, Microsoft, China, Russia, Iran

24 points by airhangerf15 31 days ago | 5 comments

CISA loses nearly all top officials as purge continues (cybersecuritydive.com)
Virtually all of the top officials at the Cybersecurity and Infrastructure Security Agency (CISA) have departed the agency or will do so this month, according to an email obtained by Cybersecurity Dive, further widening a growing void in expertise and leadership at the government’s lead cyber defense force at a time when tensions with foreign adversaries are escalating.

Cybersecurity, Government, Leadership, US Government, Departures

16 points by speckx 31 days ago | 0 comments

Data breach exposes 184M passwords, likely captured by malware (zdnet.com)
Yet another data breach has exposed passwords and other sensitive information – but this one is a whopper.

Data Breaches, Cybersecurity, Malware

143 points by taubek 32 days ago | 94 comments

EU plans new mass surveillance law mandating data retention, built-in backdoors (europa.eu)

EU Law, Surveillance, Data Retention, Cybersecurity, Backdoors

42 points by iLoveOncall 32 days ago | 16 comments

Cybercrime orders of magnitude more than state-backed ops: exWhite House advisor (theregister.com)
Uncle Sam's cybersecurity apparatus can't only focus on China and other nation-state actors, but also has to fight the much bigger damage from plain old cybercrime, says former White House advisor Michael Daniel. And the Trump administration's steep cuts to federal government staff are making that a lot harder.

Cybersecurity, Government, Cybercrime, Nation-States

8 points by rntn 34 days ago | 0 comments

Exposed Industrial Control Systems and Honeypots in the Wild [pdf] (gsmaragd.github.io)

Cybersecurity, Honeypots, Security Research

57 points by gnabgib 34 days ago | 1 comments

EU Cyber Resilience Act is about to tell us how to code (berthub.eu)
The EU’s new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online – the Biden administration has just released its National Cybersecurity Strategy that has similar aims.

Cybersecurity, Regulation, Europe, Software Development, United States

11 points by dr_dshiv 35 days ago | 1 comments

MathWorks is experiencing technical issues due to a confirmed cyberattack (news.ki.se)
MathWorks is currently experiencing technical issues due to a confirmed cyberattack. This is affecting the availability of parts of their systems and services.

Cybersecurity, MathWorks, Technical Issues

9 points by allislost 35 days ago | 0 comments

Remote Prompt Injection in Gitlab Duo Leads to Source Code Theft (legitsecurity.com)
A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses. GitLab patched the issue, and we’ll walk you through the full attack chain — which demonstrates five vulnerabilities from the 2025 OWASP Top 10 for LLMs.

Cybersecurity, GitLab, Software Security

214 points by chillax 36 days ago | 54 comments

Mitre ATT&CK: Enterprise Techniques (mitre.org)
Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

Cybersecurity, Threat Intelligence, MITRE ATT&CK, Adversary Tactics, Enterprise Security

3 points by stefankuehnel 36 days ago | 0 comments

Critical Samlify SSO flaw lets attackers log in as admin (bleepingcomputer.com)
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses.

Security, Vulnerability, SAML, Authentication, Cybersecurity

4 points by noleary 36 days ago | 0 comments

More than 1,500 AI projects are now vulnerable to a silent exploit (ycombinator.com)
According to the latest research by ARIMLABS[.]AI, a critical security vulnerability (CVE-2025-47241) has been discovered in the widely used Browser Use framework — a dependency leveraged by more than 1,500 AI projects.

Artificial Intelligence, Cybersecurity, Security Vulnerabilities

6 points by mykytamudryi 36 days ago | 1 comments

Destructive malware available in NPM repo went unnoticed for 2 years (arstechnica.com)
Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face.

Cybersecurity, Malware, Open Source, Software Security

7 points by jaredwiener 36 days ago | 0 comments

Suspected InfoStealer Malware Data Breach Exposed 184M Logins/Passwords (websiteplanet.com)
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 184 million login and password credentials.

Cybersecurity, Data Breaches, Malware, Password Security, Login Credentials

9 points by frizlab 36 days ago | 0 comments

The hidden threats of residential IPs (tirreno.com)
Residential IP proxies are increasingly used for both legitimate purposes and as a mask for malicious activity.

Cybersecurity, IP Addresses, Proxies

5 points by reconnecting 36 days ago | 0 comments

Hacker who breached comms app used by Trump aide stole data from across US govt (yahoo.com)
A hacker who breached the communications service used by former Trump national security adviser Mike Waltz earlier this month intercepted messages from a broader swathe of American officials than has previously been reported, according to a Reuters review, potentially raising the stakes of a breach that has already drawn questions about data security in the Trump administration.

Cybersecurity, Politics, Government, Data Breaches, Trump Administration

6 points by rmason 37 days ago | 1 comments

Russian GRU Targeting Western Logistics Entities and Technology Companies (bund.de)

Cybersecurity, Geopolitics, Russia, Technology

8 points by doener 37 days ago | 0 comments

Coinbase says its data breach affects at least 69k customers (techcrunch.com)
Coinbase said at least 69,461 customers had personal and financial information stolen during a months-long data breach that it disclosed last week.

Data Breaches, Cybersecurity, Cryptocurrency, Coinbase

22 points by Sourabhsss1 37 days ago | 13 comments

Windows 11's most important new feature is post-quantum cryptography. Here's why (arstechnica.com)
Microsoft is updating Windows 11 with a set of new encryption algorithms that can withstand future attacks from quantum computers in a move aimed at jump-starting what’s likely to be the most formidable and important technology transition in modern history.

Cybersecurity, Quantum Computing, Operating Systems, Microsoft

8 points by chha 38 days ago | 0 comments

KrebsOnSecurity Hit with Near-Record 6.3 Tbps DDoS (krebsonsecurity.com)
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

Cybersecurity, DDoS Attacks, Botnets

35 points by todsacerdoti 38 days ago | 2 comments

Coinbase Data Breach Will Lead to People Dying, TechCrunch Founder Says (decrypt.co)
The founder of online news publication TechCrunch has claimed that Coinbase’s recent data breach “will lead to people dying,” amid a wave of kidnap attempts targeting high-net-worth crypto holders.

Cryptocurrency, Cybersecurity, Crime, Data Breaches

20 points by thm 38 days ago | 10 comments

Microsoft blocked the email account of Chief Prosecutor of the ICC (heise.de)
Microsoft is increasingly coming under fire for blocking the email account of the chief prosecutor of the International Criminal Court (ICC), Karim Khan.

Microsoft, Law, Politics, Cybersecurity

76 points by maratumba 38 days ago | 35 comments

Delta Air Lines can sue CrowdStrike over outage (itnews.com.au)
Delta Air Lines can pursue much of its lawsuit seeking to hold CrowdStrike liable for a massive computer outage last July that caused the carrier to cancel 7000 flights, a Georgia state judge ruled.

Cybersecurity, Lawsuits, Aviation, Technology

8 points by Khaine 39 days ago | 2 comments

DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage (micahflee.com)
This morning, Distributed Denial of Secrets published 410 GB of data hacked from TeleMessage, the Israeli firm that makes modified versions of Signal, WhatsApp, Telegram, and WeChat that centrally archive messages. Because the data is sensitive and full of PII, DDoSecrets is only sharing it with journalists and researchers.

Data Leaks, Cybersecurity, Privacy, Journalism, Israel

666 points by micahflee 39 days ago | 188 comments

SEC SIM-swapper who Googled 'signs that the FBI is after you' put behind bars (theregister.com)
An Alabama man who SIM-swapped his way into the SEC's official X account, enabling a fake ETF announcement that briefly pumped Bitcoin, has been sentenced to 14 months in prison and three years of supervised release.

Cybersecurity, Law Enforcement, Cryptocurrency, Social Media

21 points by gslin 39 days ago | 5 comments

Malware Attack and Counterattack (antoineschmitt.com)
This is the story of a phishing, of a hacking, of what I learned, and how I counterattacked

Cybersecurity, Phishing, Hacking, Countermeasures

20 points by todsacerdoti 39 days ago | 4 comments

A Story About Jessica (2014) (harihareswara.net)
The cybersecurity expert SwiftOnSecurity, a decade ago, wrote a parable called "A Story About Jessica" and posted it to their (now-deleted) Tumblr blog. I found it moving and insightful. The consultancy Superbloom pointed to it as one of several "security-focused resources for building empathy".

Cybersecurity, Storytelling, Empathy

10 points by colejohnson66 39 days ago | 2 comments

'Significant amount' of private data stolen in UK Legal Aid hack (bbc.co.uk)
A "significant amount" of private data including details of domestic abuse victims has been hacked from Legal Aid's online system.

Cybersecurity, Data Breaches, Legal Issues, UK News

51 points by neversaydie 39 days ago | 40 comments

Microsoft has disabled the ICC Chief prosecutors email account (twitter.com)
Something went wrong, but don’t fret — let’s give it another shot.

Microsoft, Cybersecurity

23 points by notRobot 40 days ago | 4 comments