❌

Reading view

Just like phishing for gullible humans, prompt injecting AIs is here to stay

Aren't we all just prompting tokens of linguistic meaning and hoping the other person isn't bullshitting us?

kettleΒ  It's a week of the year, which means there's been the discovery of yet another prompt injection attack that will force supposedly well-guarded AI bots to spill secrets by asking the right way. …

  •  

Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker

Or, how public information and a €5 tracker exposed an avoidable opsec lapse

Militaries around the world spend countless hours training, developing policies, and implementing best operational security practices, so imagine the size of the egg on the face of the Dutch navy when journalists managed to track one of its warships for less than the cost of some hagelslag and a coffee.…

  •  

Lightning-fast exploits make it essential to patch fast, ask questions later

Here's where you ought to spend your security billable hours budget this year

Strengthen your MFA policies, double-down on anti-phishing training, and for Jobs' sake, patch all your vulns right away. The past year of intelligence collected by Cisco's Talos threat hunters suggests that attackers are moving faster to exploit vulns, and fooling more staff than ever into giving up their credentials. …

  •  

RSAC 2026: Uncle Sam backs out, and AI agents are everywhere

Infosec pros descend on San Francisco

kettleΒ  When El Reg cybersecurity editor Jessica Lyons joins infosec industry colleagues in San Francisco for RSAC 2026 this week, she's expecting agentic AI to be on everyone's lips - at least those who aren't busy gossiping about the lack of presence from any representatives of the US federal government.…

  •  

AI agents spill secrets just by previewing malicious links

Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn

AI agents can shop for you, program for you, and, if you're feeling bold, chat for you in a messaging app. But beware: attackers can use malicious prompts in chat to trick an AI agent into generating a data-leaking URL, which link previews may fetch automatically.…

  •  

McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords

Your favorite menu item might be easy to remember but it will not secure your account

Change Your Password Day took place over the weekend, and in case you doubt the need to improve this most basic element of cybersecurity hygiene, even McDonald's – yes, the fast food chain – is urging people to get more creative when it comes to passwords. …

  •  

Open-source AI is a global security nightmare waiting to happen, say researchers

Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and more

Infosec in BriefΒ  As if AI weren't enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers. …

  •  

CrowdStrike shareholders lose battle to recoup losses from 2024 outage

Investors didn't present a valid claim, says judge, but they're welcome to try again

A group of CrowdStrike shareholders who sued the company over losses sustained following its 2024 global outage will have to head back to the drawing board if they hope to recoup losses, as a Texas judge has deemed they failed to adequately state a claim.…

  •  

Mandiant releases quick credential cracker, to hasten the death of a bad protocol

PLUS: Navy spy sent to brig for 200 months; Black Axe busted again; Bill aims to crimp ICE apps; and more

Infosec In BriefΒ  PLUS: Google’s security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol.…

  •  

Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork

Office workers without AI experience warned to watch for prompt injection attacks - good luck with that

Anthropic's tendency to wave off prompt-injection risks is rearing its head in the company's new Cowork productivity AI, which suffers from a Files API exfiltration attack chain first disclosed last October and acknowledged but not fixed by Anthropic.…

  •  
❌