Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

QIZ Security Raises $17 Million to Expand Cryptographic Security and Post-Quantum Readiness Platform

  Israeli cybersecurity startup QIZ Security has raised $17 million in seed funding to fuel the development of its cryptographic security ma...

All the recent news you need to know

OpenMandriva Accuses Former Contributor of Project Sabotage

 

OpenMandriva Linux is facing a serious internal security dispute after it said a former contributor abused administrative access to damage the project’s infrastructure. The alleged actions included deleting GitHub repositories and publishing an empty package that could have broken desktop systems for users of GNOME and COSMIC. 

According to the project, the problem did not begin with code but with conflict inside the community. OpenMandriva says an abusive incident in its Matrix chat led to one contributor being removed, which then triggered a chain of resignations and escalating anger among some members. 

The most damaging part of the incident involved repository access. Long-time maintainer AngryPenguin said the contributor had admin privileges because he had previously helped migrate and mirror project repositories to a private OneDev instance, and that access was later used to delete part of a repository the team had maintained for nearly 10 years. 

OpenMandriva also says the contributor pushed an empty package into its Cooker development branch. That package obsoleted the GNOME and COSMIC packages, meaning it could have caused real disruption for people relying on those desktop environments if the issue had not been caught quickly. 

The accused contributor, Davide Beatrici, rejects the sabotage allegation and says his goal was not to harm users or the distro itself. He argues that his actions were tied to a dispute over the project’s direction, including disagreement about OpenMandriva’s support for GNOME and COSMIC alongside KDE and LXQt. OpenMandriva says it is now restoring deleted repositories, repairing affected packages, and conducting a full audit to confirm that nothing else was altered. 

The project has also said the incident may meet the threshold of a criminal offense, though it has chosen not to pursue legal action at this stage. This case is a reminder that open-source projects do not only face technical threats from outside attackers. Internal access, trust, and governance can become just as dangerous when disputes turn personal and administrative privileges are misused.

Why Apple, Meta and Snap Want You to Stop Looking at Your Phone

 



The technology industry's next computing platform may not fit in your hand. Instead, it could rest on your ears, sit on your face or hang around your neck.

Apple is reportedly exploring AirPods equipped with cameras that would give Siri the ability to interpret a user's surroundings, according to a Bloomberg report. The cameras are not expected to function like traditional smartphone cameras for photography or video recording. Instead, they would provide visual context that allows Apple's AI assistant to respond more intelligently to spoken requests. Apple has not commented on the report.

The development reveals a comprehensive industry effort to move everyday computing beyond smartphone screens. For decades, displays have served as the primary interface between people and their devices. Advances in artificial intelligence, computer vision and voice assistants are now encouraging technology companies to develop wearable devices that can understand a user's environment and respond without requiring constant screen interaction.

Snap recently expanded that vision with its latest augmented reality smart glasses, Specs, priced at £1,995 in the UK and $2,195 in the US. Unlike many existing smart glasses, the device is designed to operate independently rather than relying on a connected smartphone. Digital content appears only when needed, overlaying information onto the wearer's view of the real world instead of replacing it. Snap Chief Executive Evan Spiegel said the goal is to let users remain engaged with their surroundings while accessing digital experiences.

Meta is also increasing its investment in wearable AI. The company has reportedly sold around seven million pairs of its Ray-Ban Meta smart glasses and recently introduced more affordable models. Reports also indicate Meta is evaluating audio-only smart glasses that could reduce some of the privacy concerns associated with built-in cameras.

Those concerns remain one of the biggest obstacles to wider adoption. Camera-equipped wearables have faced criticism after users were found recording people without their knowledge, despite recording indicator lights intended to alert those nearby. Privacy advocates continue to question whether visible indicators alone provide sufficient transparency in public spaces.

Apple could attempt to distinguish itself by relying heavily on on-device processing, allowing visual information to be analyzed locally rather than stored or transmitted to cloud servers. Such capabilities could enable users to identify objects, receive navigation guidance, ask questions about nearby landmarks or generate recipe suggestions based on ingredients already in their kitchen through simple voice interactions.

Analysts believe AI-powered wearables could gradually shift some everyday computing tasks away from smartphones. Even so, most expect the smartphone to remain central to digital life for the foreseeable future, with wearable devices evolving as complementary tools rather than direct replacements. Whether they ultimately reduce screen time or simply expand the ways people interact with technology remains an open question.

AI Agents Built to Detect Malware Can Be Manipulated Into Running It


 

AI agents capable of identifying malicious software can be manipulated by the AI Now Institute to execute it, according to new research. The proof-of-concept attack, known as "Friendly Fire," demonstrates that autonomous AI coding agents, such as Claude Code from Anthropic and Codex from OpenAI, can be deceived into running malicious code while performing open-source security reviews. 

AI agents can approve and execute commands independently of the user without requiring user confirmation for every action, which is what this attack targets. Researchers contend that the vulnerability does not lie in the software version used by these agents, but rather in the way they interpret and react to instructions embedded within untrusted repositories rather than exploiting a software vulnerability. 

A comparison with conventional supply-chain attacks that hide malicious code within a repository was made by the researchers, who noted that when static analysis and manual review are performed, the repository itself can appear to be completely free of malicious code. By introducing the malicious payload at execution time, the AI agent follows embedded instructions, so traditional security tools cannot detect this technique.

By adding a seemingly harmless README.md instruction to an open-source project that recommended running a script entitled security.sh before submitting a pull request, attackers modified it. By launching a malicious binary hidden within a legitimate compiled Go file, the script silently executed on the host computer without triggering security warnings or approval prompts, allowing the malicious binary to execute on the system. 

According to the researchers, the attack is successful because the AI agent recognizes the instructions as a legitimate step in the process of installing software rather than an attempt to exploit the system maliciously. Once the recommended script has been executed, the payload will run under the same permissions that were provided for the developer or AI agent, potentially exposing credentials, environment variables, and other sensitive information. 

The procedure differs from previous prompt injection attacks, which relied on configuration files and often generated trust warnings, as this technique hides instructions inside standard documentation that is regularly read by developers and AI agents. It has been reported that both Claude Code and OpenAI Codex followed the embedded instructions during testing, while newer AI models executed the disguised binary upon detecting differences between the source file and the compiled executable. 

A laboratory proof-of-concept has been demonstrated, with no evidence of active exploitation in the field. In addition to excluding the malicious payload, the publicly released demonstration code does not attempt privilege escalation or lateral movement. These findings indicate that autonomous AI agents pose a greater challenge in terms of design rather than a problem that can be resolved by simply updating software. 

It is becoming more common for organizations to employ AI-powered coding assistants to review third-party software. Researchers recommend treating AI coding agents as privileged software, rather than simply assistants. Autonomous agents should not be permitted to execute commands on untrusted repositories, least-privilege access policies should be enforced, AI workflows should be isolated in sandboxed environments, and human approval should be required before running scripts or binaries recommended by project documentation. 

In accordance with the researchers, the issue is not related to any particular AI model, but a broader trust problem affecting autonomous coding assistants capable of executing shell commands. In addition to creating new attack surfaces if they are unable to reliably distinguish legitimate instructions from content controlled by the attacker, AI agents are becoming increasingly capable of cloning repositories, installing dependencies, and resolving setup issues independently. 

As autonomous AI systems are increasingly adopted in the software development and cybersecurity sectors, prompt injection attacks remain a major security threat. This study adds to a growing body of evidence that prompt injection attacks remain one of the greatest security risks. In light of the increasing autonomy of AI agents, organizations must balance automation and strong oversight in order to balance automation and security workflows. 

AI-driven attack techniques cannot be effectively countered until artificial intelligence (AI) systems can reliably discriminate between trusted and malicious instructions. Human verification and secure execution environments will therefore remain critical safeguards.

GhostApproval Symlink Codes Could Run Malicious Codes in AI Coding Agents


Cyber security experts at Wiz discovered that a bug in six famous AI coding assistants allows a booby-trapped code project to silently take over a developer’s system. The assistant can ask access to edit one innocent-looking file, but the write takes over a sensitive file.

The impacted tools are Windsurf, Google Antigravity, Cursor, Amazon Q Developer, Claude Code by Anthropic, and Augment. Wiz has termed the technique GhostApproval and posted it recently.

Three of the six AI assistants have addressed, two did not, while Anthropic argues if it is a bug. The most vulnerable are the tools that modify file before you can notice.

Attack tactic

The threat actors exploit an old Unix feature called symlink (or symbolic link), that AI assistants cannot check. 

A symlink silently directs to other files somewhere else on disk, hence writing to it particularly writes to the victim. 

“Symbolic links have been a security headache since the early days of Unix. From /tmp race conditions to privilege escalation exploits, symlinks have a long history of bypassing security boundaries by making one path silently resolve to another. It's a well-documented attack primitive - CWE-61 dates back decades,” Wiz said.

Research model

Wiz made a malicious repository with a symbolic link called project_settings.json that really directs to target’s SSH login file, ~/.ssh/authorized_keys. The repo’s README commands the assistant to put “a line” to project_settings.json, and this line is the hacker’s SSH key mimicking an innocent setting. “

If you ask the agent to “set up the workspace” or “follow the README,” it writes the key directly via the symlink into the login file. Following this, if the machine plays an SSH  service the threat actor can access, they can sign in without password. 

The second variant

Another variant of the attack writes to your shell startup file, ~/.zshrc, which the shell runs the next moment you open a terminal without needing an SSH. There are no indications that any of this has been abused in real-time operations, Wiz has only demonstrated it as their research.

“Symlinks have been exploited for decades – in race conditions (CVE-2018-15664), in package managers (CVE-2021-32803), in container escapes (CVE-2024-21626). Any time a tool writes to a user-controlled path without resolving it first, symlinks become a weapon,” Wiz wrote in its blog. 

Phishing Campaign Targets Marketing Professionals Using Fake Job Interviews from Top Global Brands

 

A sophisticated phishing campaign is targeting marketing professionals by posing as recruiters from more than 30 globally recognized brands, including Adobe, Netflix, Coca-Cola, OpenAI, Adidas, and Marriott. The attackers aim to steal Google account credentials by luring victims into fake job interview processes.

According to cybersecurity intelligence and threat hunting company Team Cymru, the operation exploits legitimate cloud-based platforms such as PeopleForce, a human resources service, and domains linked to Salesforce Marketing Cloud before redirecting users to malicious websites. To make the scam appear authentic, the threat actors are also using the names and profile pictures of actual recruiters from the companies they impersonate.

Will Thomas, senior advisor at Team Cymru, investigated the campaign and found that the phishing emails present themselves as recruitment messages. As he noted, the emails appear to be from “a recruiter looking to hire people for marketing roles.”

The investigation revealed that attackers have registered at least 34 domains designed to mimic prominent organizations across multiple industries. These include airlines and travel companies such as American Airlines, Booking.com, Delta Air Lines, and United Airlines; food and beverage giants Coca-Cola, PepsiCo, and Red Bull; fashion and luxury brands Adidas, Louis Vuitton, Sephora, and Levi’s; consulting and technology firms including Adobe, Aquent, ManpowerGroup, McKinsey & Company, and OpenAI; hospitality and marketing companies Marriott and Omnicom Group; as well as entertainment and sports brands like FIFA and Netflix.

Researchers found that the attackers rely on a technique known as nested redirects, where users are routed through several legitimate online services before ultimately reaching a fraudulent webpage. Although the phishing emails appear to originate from PeopleForce, the embedded links resolve to the exct[.]net domain, which is operated by Salesforce following its acquisition of ExactTarget, now known as Salesforce Marketing Cloud.

From there, victims are redirected through Wise Agent, a cloud-based customer relationship management (CRM) platform for real estate professionals, before arriving at the phishing website.

BleepingComputer reported that the campaign has been active for at least five months. Earlier versions reportedly used Outlook email addresses carrying the names of the companies being impersonated.

In one example, a phishing email claiming to be from Adidas recruiter Paulina Manzo invited recipients to schedule a discussion regarding a potential job opportunity. Clicking the scheduling link redirected users to the fraudulent domain adidas-hiring[.]com.

To proceed with booking the interview, victims are instructed to sign in with their Google accounts. Selecting the “Continue with Google” option launches what appears to be a genuine Google authentication window. However, the pop-up is actually created using HTML and CSS within the phishing page itself, a deception technique known as browser-in-the-browser (BitB).

By leveraging modern web development methods, attackers can closely replicate legitimate authentication prompts, making it difficult for users to distinguish fake login windows from real ones.

Researchers emphasized that the misuse of legitimate platforms does not necessarily indicate those services have been compromised. Instead, threat actors may have created valid accounts specifically for the campaign or used compromised credentials to configure redirect chains and phishing pages.

A complete list of the malicious domains associated with the campaign has been published in Will Thomas' GitHub analysis.

Mount Royal University says hackers stole and deleted files following June cyberattack





Mount Royal University (MRU) has confirmed that threat actors stole data and deleted files after breaching the university's network in a cyberattack that continues to affect recovery efforts weeks after the incident.

In an update published on its website, the Calgary-based public university said the attack occurred on June 17 and that internal technical teams are working alongside external cybersecurity specialists to investigate the intrusion, determine its full scope, and restore affected systems.

The cyberattack disrupted a wide range of university services, including internet connectivity, online platforms, and several internal systems used across campus. Recovery efforts remain ongoing, with the university warning that restoring all affected services may take several weeks or, in some cases, months.

According to the university's investigation, attackers gained unauthorized access to data stored on the institution's "H drive," a file storage system used by students and employees. Investigators have confirmed that files stored within certain folders were accessed and exfiltrated before the attackers deleted the original copies, a move that has further complicated recovery operations.

"We regret to inform our community that our investigation has now shown that data within certain folders on the University's 'H drive' was accessed and taken by an unauthorized actor," the university said in its advisory.

MRU said the affected folders contained information relating to current and former students, current and former employees, as well as other individuals whose data was stored within the impacted environment. The university has not yet disclosed the exact categories of information exposed or the total number of people affected.

The investigation also found that attackers deleted data stored on a separate departmental file storage system known as the "J drive." While the university said there is currently no evidence that information from the J drive was accessed or copied before it was erased, officials cautioned that recovering the deleted data remains an ongoing process and acknowledged that a complete restoration may not be possible.

The university has reported the incident to the Alberta Information and Privacy Commissioner and notified law enforcement authorities. Officials added that determining the precise impact for each affected individual will take time because the deletion of files has made forensic analysis more complex. Individuals whose information is confirmed to have been affected will receive direct notifications as the investigation progresses.

Responsibility for the attack has been claimed by the cybercrime group CMD Organization, which has published samples of what it alleges is stolen university data, including passport scans and other sensitive documents.

The group is demanding a ransom of 30 Bitcoin, valued at approximately $1.9 million at current exchange rates, and has reportedly given the university six days to respond before releasing additional data. CMD Organization also appears to operate an auction-based extortion model, advertising exclusive access to stolen datasets for the highest bidder through both clear web and dark web leak sites. At the time of writing, the group lists approximately 30 organizations on its extortion portal.

Founded more than a century ago, Mount Royal University currently serves about 11,560 students, including roughly 12,500 undergraduate learners.

As recovery work continues, the university said it will provide additional updates as more information becomes available. MRU is also offering two years of credit monitoring and identity theft protection to current employees and individuals who have worked at the university within the past five years.

Featured