The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could ...

Hybrid work prompts Brinks to cut HQ size 80%

"We needed less space, but more value per square foot in the space," said Dinesh Kalwani, senior vice president and chief ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Knife attack prompts fiery, violent anti-immigrant protests in Belfast

A wave of violent anti-immigration protests in Belfast has renewed concerns about the open border between Ireland and ...
The Hacker News

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...
Infosecurity Magazine

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...

The head of Claude Code hasn’t ‘written a line of code by hand’ in 8 months

The man who built the tool that’s rewriting how software gets made hasn’t touched a keyboard to write code in the better part ...

Datadog expands observability platform to autonomous AI team colleague

At the DASH conference, Datadog presents new features for autonomous IT operations and AI security with Bits AI SRE, AI Guard ...
The Indiana Lawyer

Law firms cheated in filing claims with NFL’s $1B concussion settlement fund, report says

One of the firms identified in the report is facing a lawsuit from Indianapolis-based law firms Cohen Malad LLP and Riley Bennett Egloff LLP, who say the firm failed to pay them part of a fee-sharing ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...