Agentjacking: a fake bug report can hijack your AI coding agent
Agentjacking: a fake bug report can hijack your AI coding agent

Security researchers have found a way to hijack AI coding agents with nothing but a fake bug report. They call it Agentjacking. It needs no malware, no stolen password, and no breach of the target. The attack, disclosed by Tenet Security, turns the cod…

US spy law to expire for first time after lawmakers reject Trump’s controversial pick to lead spy agencies

The spy law known as Section 702, which authorizes the NSA and FBI’s warrantless surveillance, will all but certainly expire on Friday for the first time.

Oracle warns customers of critical PeopleSoft attack after hundreds of servers hacked by apparent ShinyHunters data theft attacks

High-severity CVSS 9.8 PeopleSoft vulnerability caused over 100 organizations to become victims, including universities.

Google sues suspected Chinese cybercrime ring that used Gemini to build scam websites
Google sues suspected Chinese cybercrime ring that used Gemini to build scam websites

Google has filed a lawsuit against a suspected Chinese cybercrime operation it calls the Outsider Enterprise, alleging the group sent more than 2.5 million fraudulent text messages to Android users over a two-week period in May. The messages contained …

Nearly all security bosses are worried about AI safety — with a third saying they still rely on manually reviewing code before launch

Security leaders increasingly worry that AI-generated code introduces risks, while many organizations still depend heavily on manual reviews.

How scammers use “scraped New York Times content” to trick security scanners — and exploit “free” Google Cloud links to flood your inbox

Researchers uncovered a global phishing network using Google Cloud redirects and copied news content across thousands of coordinated servers.

ShinyHunters breached 100+ companies through an unpatched Oracle PeopleSoft zero-day
ShinyHunters breached 100+ companies through an unpatched Oracle PeopleSoft zero-day

Oracle warned customers on Thursday of a critical vulnerability in its PeopleSoft software that hackers have already exploited to breach more than 100 organisations. The flaw, CVE-2026-35273, carries a CVSS score of 9.8 and can be exploited over the in…

Oracle warns of security bug that hackers abused to breach 100+ companies

The tech giant warned of a security flaw that a cybercrime gang said it’s exploiting as part of a mass-hacking campaign. Google said it notified more than 100 organizations that had potentially vulnerable servers.

Grok Is Still Hosting Sexualized Deepfakes of Famous Women

A WIRED investigation found dozens of “nudified” deepfake images and videos on Grok’s website, including nonconsensual depictions of celebrities and at least one prominent US politician.

Microsoft limits employee use of Claude Fable 5 over data retention concerns

Fable 5’s data retention policy mandates 30 days’ storage, or up to two years for flagged content, but Microsoft has concerns.