Forwarded from It's FOSS
An important open source initiative needs your help!
https://news.itsfoss.com/osu-open-source-lab-closure/
https://news.itsfoss.com/osu-open-source-lab-closure/
It's FOSS News
A Critical Moment for OSU's Open Source Lab As It Faces Closure
The Oregon State University Open Source Lab urgently needs funding to continue functioning.
Forwarded from The Hacker News
🛑 Critical Langflow Flaw Actively Exploited!
CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.
• CVSS: 9.8
• Affects most Langflow versions
• Allows remote code execution without login
• PoC exploit published April 9
• 466 servers exposed worldwide
➡️ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html
CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.
• CVSS: 9.8
• Affects most Langflow versions
• Allows remote code execution without login
• PoC exploit published April 9
• 466 servers exposed worldwide
➡️ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html
Forwarded from The Hacker News
🚨 Exploited in the wild. No user click needed.
Google patches 46 Android flaws, including CVE-2025-27363—a critical System bug tied to the FreeType font engine.
Discovered by Meta in March, it's now confirmed active.
🔗 Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html
Google patches 46 Android flaws, including CVE-2025-27363—a critical System bug tied to the FreeType font engine.
Discovered by Meta in March, it's now confirmed active.
🔗 Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html
Forwarded from The Hacker News
🔥 AI agents are the new insider threat—fast, autonomous, and already slipping past security.
Meanwhile, users just want to work—on personal devices, with unsanctioned apps, and now AI tools.
The Access-Trust Gap is real—and growing.
✅ It’s time to move from blocking to governing access, for humans and machines.
👉 Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html
Meanwhile, users just want to work—on personal devices, with unsanctioned apps, and now AI tools.
The Access-Trust Gap is real—and growing.
✅ It’s time to move from blocking to governing access, for humans and machines.
👉 Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html
Forwarded from The Hacker News
This media is not supported in your browser
VIEW IN TELEGRAM
🚨 UPDATE - Darcula’s secret weapon exposed!
NRK & Mnemonic uncover Magic Cat — a phishing toolkit behind 884K+ stolen cards in 7 months.
🔹 13M+ clicked links
🔹 600+ scammers
🔹 Real-time data & PIN capture
🔹 19K+ victims in Norway alone
Dev behind it? A 24-year-old from China.
The company? Claims it’s just “a website builder.”
🔗 Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html
NRK & Mnemonic uncover Magic Cat — a phishing toolkit behind 884K+ stolen cards in 7 months.
🔹 13M+ clicked links
🔹 600+ scammers
🔹 Real-time data & PIN capture
🔹 19K+ victims in Norway alone
Dev behind it? A 24-year-old from China.
The company? Claims it’s just “a website builder.”
🔗 Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html
Forwarded from Hacker News
Bloomberg.com
OpenAI Reaches Agreement to Buy Startup Windsurf for $3 Billion
OpenAI has agreed to buy Windsurf, an artificial intelligence-assisted coding tool formerly known as Codeium, for about $3 billion, according to people familiar with the matter, marking the ChatGPT maker’s largest acquisition to date.
Forwarded from The Hacker News
🚨 Plug-and-play ≠ safe.
Default Helm charts are silently exposing your Kubernetes clusters to attackers.
Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.
Details → https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html
Act now:
✔️ Audit Helm charts & YAMLs
✔️ Lock down network exposure
✔️ Monitor container behavior
Default Helm charts are silently exposing your Kubernetes clusters to attackers.
Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.
Details → https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html
Act now:
✔️ Audit Helm charts & YAMLs
✔️ Lock down network exposure
✔️ Monitor container behavior
Forwarded from The Hacker News
🚨 600 million attacks hit Microsoft Entra ID—every single day.
It’s the heart of your access and identity. If it goes down, everything stops:
❌ No logins
❌ No compliance
❌ No recovery
Built-in tools won’t save you.
You need full backup and fast recovery. Because when identity breaks, so does your business.
Learn more: https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html
It’s the heart of your access and identity. If it goes down, everything stops:
❌ No logins
❌ No compliance
❌ No recovery
Built-in tools won’t save you.
You need full backup and fast recovery. Because when identity breaks, so does your business.
Learn more: https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html
Forwarded from Telegram Info English (bazan.)
Scammers Steal NFT Gifts Using Business Chatbots
A scam is spreading on Telegram involving the theft of NFT gifts by connecting a business chatbot to the victim's account.
How the scheme works:
• Scammers deceive the victim into connecting the chatbot and granting it a set of permissions, including the ability to manage gifts. For example, they may ask the victim to test the bot in exchange for a reward.
• Once access is given, the bot automatically transfers all NFT gifts from the victim's profile to the scammers.
Important security tip:
• Access to your account should only be given to trusted bots from reliable services.
How to protect yourself:
• Never give unknown bots permission to manage accounts.
• Always check what specific permissions the bot is requesting before adding it.
• Do not believe promises of easy money for “simple actions.”
#gifts #hacking
A scam is spreading on Telegram involving the theft of NFT gifts by connecting a business chatbot to the victim's account.
How the scheme works:
• Scammers deceive the victim into connecting the chatbot and granting it a set of permissions, including the ability to manage gifts. For example, they may ask the victim to test the bot in exchange for a reward.
• Once access is given, the bot automatically transfers all NFT gifts from the victim's profile to the scammers.
Important security tip:
• Access to your account should only be given to trusted bots from reliable services.
How to protect yourself:
• Never give unknown bots permission to manage accounts.
• Always check what specific permissions the bot is requesting before adding it.
• Do not believe promises of easy money for “simple actions.”
#gifts #hacking
Forwarded from NoGoolag
https://archive.is/bOOUY "Google plans to roll out its Gemini artificial intelligence chatbot next week for children under 13 who have parent-managed Google accounts, as tech companies vie to attract young users with A.I. products.
“Gemini Apps will soon be available for your child,” the company said in an email this week to the parent of an 8-year-old. “That means your child will be able to use Gemini” to ask questions, get homework help and make up stories.
The chatbot will be available to children whose parents use Family Link, a Google service that enables families to set up Gmail and opt into services like YouTube for their child. To sign up for a child account, parents provide the tech company with personal data like their child’s name and birth date.
Gemini has specific guardrails for younger users to hinder the chatbot from producing certain unsafe content, said Karl Ryan, a Google spokesman. When a child with a Family Link account uses Gemini, he added, the company will not use that data to train its A.I."
“Gemini Apps will soon be available for your child,” the company said in an email this week to the parent of an 8-year-old. “That means your child will be able to use Gemini” to ask questions, get homework help and make up stories.
The chatbot will be available to children whose parents use Family Link, a Google service that enables families to set up Gmail and opt into services like YouTube for their child. To sign up for a child account, parents provide the tech company with personal data like their child’s name and birth date.
Gemini has specific guardrails for younger users to hinder the chatbot from producing certain unsafe content, said Karl Ryan, a Google spokesman. When a child with a Family Link account uses Gemini, he added, the company will not use that data to train its A.I."
archive.is
Google Plans to Roll Out Gemini A.I. Chatbot to Children Under 13 - T…
archived 5 May 2025 02:01:52 UTC
Forwarded from Gizchina.com
Moto G56 Specs and Render Leak Ahead of Launch
https://www.gizchina.com/2025/05/06/moto-g56-specs-and-render-leak-ahead-of-launch/
https://www.gizchina.com/2025/05/06/moto-g56-specs-and-render-leak-ahead-of-launch/
Forwarded from #TBOT: Take Back Our Tech
This media is not supported in your browser
VIEW IN TELEGRAM
⚡️How does Above Phone Protect You Against Exploits?
@takebackourtech
In this clip from Above’s ‘Hidden Signs Your Phone is Compromised’ webinar, we cover all of the ways in which the Above Phone and GrapheneOS protect you against threats from hackers.
Sign up FREE to watch more webinar clips here.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech
@takebackourtech
In this clip from Above’s ‘Hidden Signs Your Phone is Compromised’ webinar, we cover all of the ways in which the Above Phone and GrapheneOS protect you against threats from hackers.
Sign up FREE to watch more webinar clips here.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech
Forwarded from The Hacker News
🔥 Not your typical breach…
Verizon’s 2025 DBIR shows:
➡️ Third-party breaches doubled (15% → 30%)
➡️ Attackers now target machine accounts more than ever
👀 Identity sprawl = rising risk.
Human or machine — if it’s not governed, it’s vulnerable.
🔗 Learn why unified identity security is no longer optional → https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html
Verizon’s 2025 DBIR shows:
➡️ Third-party breaches doubled (15% → 30%)
➡️ Attackers now target machine accounts more than ever
👀 Identity sprawl = rising risk.
Human or machine — if it’s not governed, it’s vulnerable.
🔗 Learn why unified identity security is no longer optional → https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html
Forwarded from The Hacker News
🚨 Cybercrime meets Hollywood glitz — and it's all fake.
Two threat groups, Reckless Rabbit & Ruthless Rabbit, are scamming thousands using AI deepfakes, celebrity endorsements, and fake investment sites via Facebook ads.
Victims? Lured in, validated, then drained.
Meanwhile, Facebook ad slots are being flooded with “mystery box” clearance scams for $2 Apple products — but the only surprise is recurring charges and stolen data.
Read. Verify. Warn others. | Full story ➝ https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html
Two threat groups, Reckless Rabbit & Ruthless Rabbit, are scamming thousands using AI deepfakes, celebrity endorsements, and fake investment sites via Facebook ads.
Victims? Lured in, validated, then drained.
Meanwhile, Facebook ad slots are being flooded with “mystery box” clearance scams for $2 Apple products — but the only surprise is recurring charges and stolen data.
Read. Verify. Warn others. | Full story ➝ https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html