Hacker News with Generative AI: Cybersecurity

Remote Prompt Injection in Gitlab Duo Leads to Source Code Theft (legitsecurity.com)
A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses. GitLab patched the issue, and we’ll walk you through the full attack chain — which demonstrates five vulnerabilities from the 2025 OWASP Top 10 for LLMs.

Cybersecurity, GitLab, Software Security

15 points by chillax 6 hours ago | 4 comments

Mitre ATT&CK: Enterprise Techniques (mitre.org)
Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

Cybersecurity, Threat Intelligence, MITRE ATT&CK, Adversary Tactics, Enterprise Security

3 points by stefankuehnel 12 hours ago | 0 comments

Critical Samlify SSO flaw lets attackers log in as admin (bleepingcomputer.com)
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses.

Security, Vulnerability, SAML, Authentication, Cybersecurity

4 points by noleary 16 hours ago | 0 comments

More than 1,500 AI projects are now vulnerable to a silent exploit (ycombinator.com)
According to the latest research by ARIMLABS[.]AI, a critical security vulnerability (CVE-2025-47241) has been discovered in the widely used Browser Use framework — a dependency leveraged by more than 1,500 AI projects.

Artificial Intelligence, Cybersecurity, Security Vulnerabilities

5 points by mykytamudryi 17 hours ago | 1 comments

Destructive malware available in NPM repo went unnoticed for 2 years (arstechnica.com)
Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face.

Cybersecurity, Malware, Open Source, Software Security

6 points by jaredwiener 18 hours ago | 0 comments

Suspected InfoStealer Malware Data Breach Exposed 184M Logins/Passwords (websiteplanet.com)
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 184 million login and password credentials.

Cybersecurity, Data Breaches, Malware, Password Security, Login Credentials

6 points by frizlab 22 hours ago | 0 comments

The hidden threats of residential IPs (tirreno.com)
Residential IP proxies are increasingly used for both legitimate purposes and as a mask for malicious activity.

Cybersecurity, IP Addresses, Proxies

5 points by reconnecting 23 hours ago | 0 comments

Hacker who breached comms app used by Trump aide stole data from across US govt (yahoo.com)
A hacker who breached the communications service used by former Trump national security adviser Mike Waltz earlier this month intercepted messages from a broader swathe of American officials than has previously been reported, according to a Reuters review, potentially raising the stakes of a breach that has already drawn questions about data security in the Trump administration.

Cybersecurity, Politics, Government, Data Breaches, Trump Administration

6 points by rmason 2 days ago | 1 comments

Russian GRU Targeting Western Logistics Entities and Technology Companies (bund.de)

Cybersecurity, Geopolitics, Russia, Technology

8 points by doener 2 days ago | 0 comments

Coinbase says its data breach affects at least 69k customers (techcrunch.com)
Coinbase said at least 69,461 customers had personal and financial information stolen during a months-long data breach that it disclosed last week.

Data Breaches, Cybersecurity, Cryptocurrency, Coinbase

21 points by Sourabhsss1 2 days ago | 13 comments

Windows 11's most important new feature is post-quantum cryptography. Here's why (arstechnica.com)
Microsoft is updating Windows 11 with a set of new encryption algorithms that can withstand future attacks from quantum computers in a move aimed at jump-starting what’s likely to be the most formidable and important technology transition in modern history.

Cybersecurity, Quantum Computing, Operating Systems, Microsoft

8 points by chha 2 days ago | 0 comments

KrebsOnSecurity Hit with Near-Record 6.3 Tbps DDoS (krebsonsecurity.com)
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

Cybersecurity, DDoS Attacks, Botnets

32 points by todsacerdoti 3 days ago | 2 comments

Coinbase Data Breach Will Lead to People Dying, TechCrunch Founder Says (decrypt.co)
The founder of online news publication TechCrunch has claimed that Coinbase’s recent data breach “will lead to people dying,” amid a wave of kidnap attempts targeting high-net-worth crypto holders.

Cryptocurrency, Cybersecurity, Crime, Data Breaches

20 points by thm 3 days ago | 10 comments

Microsoft blocked the email account of Chief Prosecutor of the ICC (heise.de)
Microsoft is increasingly coming under fire for blocking the email account of the chief prosecutor of the International Criminal Court (ICC), Karim Khan.

Microsoft, Law, Politics, Cybersecurity

73 points by maratumba 3 days ago | 35 comments

Delta Air Lines can sue CrowdStrike over outage (itnews.com.au)
Delta Air Lines can pursue much of its lawsuit seeking to hold CrowdStrike liable for a massive computer outage last July that caused the carrier to cancel 7000 flights, a Georgia state judge ruled.

Cybersecurity, Lawsuits, Aviation, Technology

8 points by Khaine 3 days ago | 2 comments

DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage (micahflee.com)
This morning, Distributed Denial of Secrets published 410 GB of data hacked from TeleMessage, the Israeli firm that makes modified versions of Signal, WhatsApp, Telegram, and WeChat that centrally archive messages. Because the data is sensitive and full of PII, DDoSecrets is only sharing it with journalists and researchers.

Data Leaks, Cybersecurity, Privacy, Journalism, Israel

663 points by micahflee 3 days ago | 185 comments

SEC SIM-swapper who Googled 'signs that the FBI is after you' put behind bars (theregister.com)
An Alabama man who SIM-swapped his way into the SEC's official X account, enabling a fake ETF announcement that briefly pumped Bitcoin, has been sentenced to 14 months in prison and three years of supervised release.

Cybersecurity, Law Enforcement, Cryptocurrency, Social Media

21 points by gslin 4 days ago | 5 comments

Malware Attack and Counterattack (antoineschmitt.com)
This is the story of a phishing, of a hacking, of what I learned, and how I counterattacked

Cybersecurity, Phishing, Hacking, Countermeasures

20 points by todsacerdoti 4 days ago | 4 comments

A Story About Jessica (2014) (harihareswara.net)
The cybersecurity expert SwiftOnSecurity, a decade ago, wrote a parable called "A Story About Jessica" and posted it to their (now-deleted) Tumblr blog. I found it moving and insightful. The consultancy Superbloom pointed to it as one of several "security-focused resources for building empathy".

Cybersecurity, Storytelling, Empathy

10 points by colejohnson66 4 days ago | 2 comments

'Significant amount' of private data stolen in UK Legal Aid hack (bbc.co.uk)
A "significant amount" of private data including details of domestic abuse victims has been hacked from Legal Aid's online system.

Cybersecurity, Data Breaches, Legal Issues, UK News

51 points by neversaydie 4 days ago | 40 comments

Microsoft has disabled the ICC Chief prosecutors email account (twitter.com)
Something went wrong, but don’t fret — let’s give it another shot.

Microsoft, Cybersecurity

23 points by notRobot 5 days ago | 4 comments

M&S hackers believed to have gained access through third party (bbc.co.uk)
The hackers behind a cyber-attack on Marks & Spencer (M&S) managed to gain entry through a third party who had access to its systems, the BBC understands.

Cybersecurity, Data Breaches, Retail, Technology, Business

5 points by mmarian 5 days ago | 0 comments

Hackers Weaponize KeePass Password Manager (gbhackers.com)
Threat actors have successfully exploited the widely-used open-source password manager, KeePass, to spread malware and facilitate large-scale password theft.

Cybersecurity, Malware, Password Security

8 points by mosiuerbarso 5 days ago | 2 comments

Google Chrome data leakage bug confirmed as actively exploited (scworld.com)
A Google Chrome vulnerability allowing the leak of OAuth codes was added to the Known Exploited Vulnerabilities catalog by the Cybersecurity & Infrastructure Security Agency (CISA) on Thursday.

Cybersecurity, Google Chrome, Data Leaks, Vulnerabilities

15 points by Bender 6 days ago | 1 comments

Chinese 'kill switches' found hidden in US solar farms (thetimes.com)

Cybersecurity, Solar Energy, China, United States, Technology

24 points by veqq 6 days ago | 5 comments

Could SSL.com's Latest Vulnerability Lead to Browser Distrust? (trackssl.com)
Earlier this month, we covered the initial report of a critical vulnerability at SSL.com, a widely trusted Certificate Authority (CA).

Cybersecurity, SSL/TLS, Trust, Vulnerability, Certificate Authority

3 points by colinbartlett 6 days ago | 0 comments

Proton threatens to quit Switzerland over new surveillance law (techradar.com)

Privacy, Switzerland, Law Enforcement, Technology, Cybersecurity

490 points by taubek 6 days ago | 219 comments

Procolored printer drivers contained malware (neowin.net)
If you own a Procolored inkjet printer, particularly one of the UV models, you might want to check your system for malware, especially if you downloaded the companion software within the past six months, since Procolored was recently found to be distributing malicious software.

Cybersecurity, Malware, Printers, Software

142 points by bundie 6 days ago | 74 comments

Coinbase says customers' personal information stolen in data breach (techcrunch.com)
Crypto giant Coinbase has confirmed its systems have been breached and customer data, including government-issued identity documents, were stolen.

Data Breaches, Cybersecurity, Crypto, Coinbase

4 points by riffraff 7 days ago | 0 comments

China has reportedly stolen personal data from 80% of Americans (bgr.com)
Current estimates are that 80% of American adults have had all of their personally identifiable information stolen by the Communist Party of China

Cybersecurity, Data Privacy, China, United States, Government

6 points by beeflet 7 days ago | 1 comments