Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
Cybernews

Security researcher hacks PS5 to run Linux and Steam games, releases code publicly

A public Linux loader has been released by security engineer Andy Nguyen, turning PS5 consoles into highly capable Linux PCs ...

OpenAI Codex system prompt includes explicit directive to “never talk about goblins”

The system prompt for OpenAI’s Codex CLI contains a perplexing and repeated warning for the most recent GPT model to “never ...

32 Claude Code Hacks for Smarter Development : Stop Wasting Tokens

Discover 32 practical Claude Code hacks to optimize your AI development workflow, from basic context management to advanced ...
SecurityWeek

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.

There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

There appears to be a recent epidemic of users hijacking companies’ AI-powered customer service bots to turn them into ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...
Windows Report

Microsoft Warns of Teams Attacks Abusing External Chats to Breach Enterprises

Microsoft warns of rising Teams attacks abusing external chats to impersonate IT staff, gain remote access, and steal ...
GitHub

Hacking: Merging GitHub Pull Requests

At the bottom of the pull-request is Review command line instructions. Those instructions say to branch mainline and then pull the changes onto it. That just seems to create a mess. Below are ...
The Hacker News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities ...
ZDNet

How I set up Claude Code in iTerm2 to launch all my AI coding projects in one click

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...