Hacker News with Generative AI: Hacking

Apple Patches Older iPhones Against 'Sophisticated' Hacker Attacks (bitdefender.com)
Apple is offering a batch of updates across its product lineup this week to address dozens of important security flaws, including some that criminals are already exploiting.
Furry hackers who leaked Heritage Foundation data feared raided by feds (dailydot.com)
Individuals with connections to SiegedSec, the now-defunct group of “gay furry hackers” who leaked data relating to the think tank behind Project 2025, believe their former leader may have been arrested in a raid by law enforcement.
FBI Alert Issued as Time Traveling Hackers Attack –Act Now (forbes.com)
Enable 2FA as time-traveling hackers strike.
We hacked Gemini's Python sandbox and leaked its source code (at least some) (landh.tech)
In 2024 we released the blog post We Hacked Google A.I. for $50,000, where we traveled in 2023 to Las Vegas with Joseph "rez0" Thacker, Justin "Rhynorater" Gardner, and myself, Roni "Lupin" Carta, on a hacking journey that spanned from Las Vegas, Tokyo to France, all in pursuit of Gemini vulnerabilities during Google's LLM bugSWAT event. Well, we did it again …
Gemini hackers can deliver more potent attacks with a helping hand from Gemini (arstechnica.com)
Hacking LLMs has always been more art than science. A new attack on Gemini could change that.
Apple in code search profanity outrage (2006) (theregister.com)
Our chums down at SecurityFocus recently warned that Google's new Code Search facility could allow developers' open source repositories to be "easily mined, allowing attackers to target programs that are likely to be flawed".
Phrack Issue 49, File 14: Smashing the Stack for Fun and Profit (1996) (phrack.org)
Over the last few months there has been a large increase of buffer overflow vulnerabilities being both discovered and exploited.
How I pwned a major New Zealand service provider (mrbruh.com)
On the evening of the 19th February 2025 I had an itch, an itch to do good in the world and to continue to polish my pen testing skills.
I-cant-believe-its-not-webusb: Hacking around lack of WebUSB support in Firefox (github.com/ArcaneNibble)
It turns out that there is a way for a web page to access USB devices without requiring WebUSB and its associated political disagreements!
Show HN: I Made an Escape Room Themed Prompt Injection Challenge (pangea.cloud)
The insecurity of telecom stacks in the wake of Salt Typhoon (soatok.blog)
Towards the end of last year, we learned that a group (allegedly affiliated with the Chinese government, referred to as “Salt Typhoon”) breached T-Mobile and other telecommunications companies and caused all sorts of havoc.
North Korean Lazarus hackers infect hundreds via NPM packages (bleepingcomputer.com)
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus.
Snope's six week odyssey to recover their hacked Twitter account (infosec.exchange)
Feds Link Cyberheist to 2022 LastPass Hacks (krebsonsecurity.com)
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
US charges Chinese hackers who targeted dissidents (bbc.com)
US prosecutors have charged 12 Chinese nationals for being part of an alleged hacking scheme, which sold data of US-based dissidents to the Chinese government.
Exposing Russian EFF Impersonators: The Inside Story on Stealc and Pyramid C2 (hunt.io)
Open directories often expose more than just files--they provide a window into how malicious campaigns operate. In this case, we identified a threat actor impersonating the Electronic Frontier Foundation (EFF) to target the online gaming community. The exposed directory contained decoy documents alongside the malware used in this operation: Steal and Pyramid C2.
Zen and the Art of Microcode Hacking (bughunters.google.com)
I hacked my company's SSO provider (mattsayar.com)
I never thought I'd stumble across a previously-undiscovered vulnerability, much less one in security software.
Show HN: I built a Matrix themed AI hacking game (repello.ai)
Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit (icode4.coffee)
As of today I have a fully working software only hypervisor exploit for the latest xbox 360 retail dashboard 17559 (should work on almost any software version though). Here's what you need to know…
How to gain code execution on hundreds of millions of people and popular apps (kibty.town)
North Korea pulled off a $1.5B crypto heist–the biggest in history (arstechnica.com)
The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.
Breaking into apartment buildings in five minutes on my phone (ericdaigle.ca)
What a place to use default credentials
Bybit sees over $4B 'bank run' after crypto's biggest hack (coindesk.com)
Major cryptocurrency exchange Bybit has seen total outflows of over $5.5 billion after it suffered a near $1.5 billion hack that saw hackers, believed to be from North Korea’s Lazarus Group, drain its ether cold wallet.
The $1.5B Bybit Hack (trailofbits.com)
Two weeks ago at the DeFi Security Summit, Trail of Bits’ Josselin Feist (@Montyly) was asked if we’d see a billion-dollar exploit in 2025. His response: “If it happens, it won’t be a smart contract, it’ll be an operational security issue.”
Bybit loses $1.5B in hack (tradingview.com)
Cryptocurrency exchange Bybit has experienced $1.46 billion worth of "suspicious outflows," according to blockchain sleuth ZachXBT.
Hackers could attack Europes energy grid [video] (dw.com)
Cyber criminals are able to access solar power installations and throw entire electricity grids into chaos. DW talked to some well-minded hackers about the threat and what consumers can do to avoid it.
The Fall of FiveM (fivem.team)
Behind the friendly, smiling, snail mascot of FiveM - you'll find many dark secrets.
All Kindles can now be jailbroken (kindlemodding.org)
All Kindles can now be jailbroken
China's Salt Typhoon Spies Still Hacking Telecoms by Exploiting Cisco Routers (wired.com)
When the Chinese hacker group known as Salt Typhoon was revealed last fall to have deeply penetrated major US telecommunications companies—ultimately breaching no fewer than nine of the phone carriers and accessing Americans' texts and calls in real time—that hacking campaign was treated as a four-alarm fire by the US government.