Tag Archives: security

Dashlane explains how attackers managed to download encrypted password vaults

That means the chances of the attackers decrypting one of the encrypted vaults they obtained is very small in the event the master password was strong, meaning long, randomly generated, and has high entropy. However, not everyone uses such master passwords. In the event the master password was included in word lists exchanged by password… Read More: Dashlane explains how attackers managed to download encrypted password vaults »

Can’t make sense of Dashlane’s vault theft notification? You’re not alone.

There’s a lot that doesn’t add up in a security advisory password manager Dashlane published Monday, warning that attackers managed to obtain 20 encrypted user vaults. “Starting on Sunday, May 31, 2026, an external party launched a brute force attack against certain Dashlane user accounts,” the company said. “The goal of the attack was to… Read More: Can’t make sense of Dashlane’s vault theft notification? You’re not… »

Dozens of Red Hat packages backdoored through its official NPM channel

The worm, dubbed Shai-Hulud, has all the hallmarks of malware released last month as freely available open source. TeamPCP was the first group to use Shai-Hulud, and it promoted a competition that promised a $1,000 payment to the hacker who carried out the biggest supply-chain attack using the malware. TeamPCP has also been behind a… Read More: Dozens of Red Hat packages backdoored through its official NPM… »

Botnet of more than 17 million devices dismantled

Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center. The action, announced Thursday, came about after a security researcher reported the sprawling network to authorities. The host infrastructure was… Read More: Botnet of more than 17 million devices dismantled »

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

In response, Link updated the 1.10.0 release notes to disclose the verbatim prompt injection in its entirety. The section now reads: This project is not meant to be used by any “AI” coding agents at all. In order to discourage agents from using jqwik there is a change to what jqwik emits at runtime. Each… Read More: Fed up with vibe coders, dev sneaks data-nuking prompt injection… »

Websites have a new way to spy on visitors: analyzing their SSD activity

While each file system is sandboxed, meaning it’s isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions. Then, by running those interactions through a pretrained convolutional neural network—a system that uses deep learning to analyze text, audio, and images—the attacker can deduce various apps and websites open… Read More: Websites have a new way to spy on visitors: analyzing… »

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts, a security researcher is warning. The vulnerability is present in Starlette, an open source framework that its developer… Read More: Millions of AI agents imperiled by critical vulnerability in open… »

Texas AG sues Meta over claims that WhatsApp doesn’t provide end-to-end encryption

The Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger, used by more than 3 billion people, doesn’t provide the end-to-end encryption (E2EE) it has long claimed. Since at least 2016, Meta (then named Facebook) has said WhatsApp provides robust end-to-end encryption, meaning that messages are encrypted on a sender’s device… Read More: Texas AG sues Meta over claims that WhatsApp doesn’t provide… »

A hacker group is poisoning open source code at an unprecedented scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the cybersecurity world with its insidious threat of turning any innocent application into a dangerous foothold in a victim’s network. Now one group of… Read More: A hacker group is poisoning open source code at an… »

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other Chromium-based browsers. The proof-of-concept code exploits the Browser Fetch programming interface, a standard that allows long videos and other large files to be downloaded in the background.… Read More: Google publishes exploit code threatening millions of Chromium users »