The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

How ChatGPT's new Lockdown mode protects you from data theft (and what else it does)

The goal is to protect you against attackers who try to steal your personal data through prompt injection. But it does limit ...

CBSE breach scare: What really happens after a cyberattack — and can AI help stop the next one?

The reported cyberattacks on CBSE’s re-evaluation portal have reignited questions about the security of India’s digital ...
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

Coempt gave CBSE cyber certificates that were expired, tied to other client

The cybersecurity certificates submitted to CBSE for its OSM platform were outdated and covered a different client's deployment, raising questions on the platform's actual security. | India News ...

New CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems

CISA warns attackers are targeting internet-exposed Automatic Tank Gauge systems used in fuel storage. Here’s what operators ...

OpenAI rolls out a Lockdown Mode for extra protection against prompt injection attacks

The company says most users don't need to use the feature.
Morning Overview on MSN

Fortinet rushed an emergency fix after attackers turned its own FortiClient security software into a way to run code on the machines it was meant to protect

Fortinet’s FortiClient endpoint management software, meant to harden corporate and government machines, instead exposed them ...
theregister

Microsoft Build: Surface RTX Spark Dev Box, Coreutils for Windows, air-gapped GitHub and more

Microsoft’s Build event is under way in San Francisco, USA, with the expected focus on agentic AI but also a few surprises, such as Unix-style Coreutils for Windows. CEO Satya Nadella presented ...
CSO Online

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...

Instagram Hackers Bypass Two-Factor Authentication Using 'Flawed' Meta AI Support System to Steal Rare Verified Accounts

A flaw in Meta's AI-powered Instagram recovery tool allowed attackers to hijack accounts by redirecting password reset links, ...
Morning Overview on MSN

Cybersecurity researchers just found that ChatGPT implicitly trusts the Markdown links around it — and hackers are already exploiting that trust for phishing

Picture this: you paste a link into ChatGPT and ask for a summary. The model obliges, returning a clean, confident breakdown ...