All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This paper describes a vulnerability in 5G networks where an attacker can intercept scheduling information from downlink control information (DCI, the signals that tell devices which radio resources to use) and use it to jam the PUSCH (physical uplink shared channel, the main data transmission channel from devices to the network). To defend against this DCI sniffing-based smart jamming attack, the researchers propose a suppression method that identifies which DCI-scheduled resources are being attacked and reconstructs the PUSCH transmission by leveraging differences in spatial domain features between legitimate users and attackers.
Fix: The proposed suppression method leverages DCI-scheduled subset identification and PUSCH resource reconstruction. It fundamentally relies on differences in spatial domain features under available control channel elements and resource block group granularities between legitimate users and the attacker, to selectively exclude unwanted elements while safeguarding the authenticity of targeted transmissions.
IEEE Xplore (Security & AI Journals)OpenAI discovered that a macOS code signing certificate (a digital credential used to verify that software is legitimate and unchanged) may have been compromised in a supply chain attack (where hackers target a company's software distribution process rather than attacking the company directly) linked to North Korea. The company is taking action to address this potential security breach.
Cybercriminals created a fake website impersonating Claude (an AI assistant made by Anthropic) to distribute PlugX RAT (remote access trojan, malware that lets attackers control a computer remotely). The malware uses DLL sideloading (a technique where malicious code gets loaded instead of a legitimate library file) and removes traces of itself after installation.
Sam Altman, the CEO of OpenAI, was targeted in a second attack at his San Francisco home, with two suspects arrested after allegedly firing a weapon at his residence. This incident follows an earlier attack on Friday when someone threw a Molotov cocktail (an improvised incendiary weapon) at the same property, and both investigations are still ongoing.
OpenAI announced it is opening its first permanent London office with space for over 500 employees, even though the company recently paused its major U.K. Stargate project (a large infrastructure initiative for building AI computing capacity). The company cited high energy costs and the U.K.'s regulatory environment as reasons for halting the Stargate project, though it continues to expand its research presence in London's King's Cross area.
Privacy labels on app stores like Google Play are supposed to give users a quick summary of what data apps collect, but many developers fail to accurately report their practices. Researchers created PriLabel, a tool that analyzes decompiled code (machine-readable instructions extracted from apps) to automatically detect when apps transmit sensitive data without disclosing it in their privacy labels. Testing on thousands of popular apps found that many failed to report data collection, including some that transmitted financial information like credit card numbers without proper labeling.
This paper presents CIBPU, a new secure branch prediction unit (BPU, a component that helps processors predict which instructions to execute next) that protects against attacks trying to infer sensitive information by observing how the BPU behaves. Unlike previous designs that either isolated the BPU physically or used encryption with frequent key updates, CIBPU uses redundant storage (extra copies of data), smart indexing, and encryption without periodic key changes to hide branch conflicts (situations where different instructions compete for the same storage space) from attackers. The researchers tested CIBPU in simulators and on real hardware, finding it adds only about 2-4% performance slowdown, which is better than other secure branch prediction approaches.
Wireless sensing uses Wi-Fi and similar signals to detect human activity like movement and sleep patterns, but broadcast signals can be intercepted by unauthorized users, creating privacy risks. This research proposes using multi-antenna signal processing (techniques that use multiple receiving antennas to manipulate wireless signals) as a privacy protection method at the physical layer (the lowest level of wireless communication, before encryption). The study analyzes the tradeoff between sensing accuracy and privacy protection by modeling the system mathematically and defining performance boundaries.
This paper presents HENet, a new method for creating adversarial examples (inputs with small, intentional changes designed to fool AI models) that work against different types of neural networks like CNNs (convolutional neural networks, commonly used for image tasks) and Transformers (a newer architecture). The method improves two key challenges: making attacks work across different model architectures and making adversarial examples survive image compression like JPEG, which currently weakens their effectiveness.
Federated learning (FL, where multiple devices train AI models together without sharing raw data) faces privacy risks because adversaries can extract sensitive information from model updates. FedNSA is a new protocol that combines differential privacy (adding mathematical noise to hide individual data patterns), encryption, and multi-party computation (MPC, a technique where multiple parties jointly compute results without revealing their individual inputs) to protect model updates while reducing the communication and computational burden that makes secure aggregation impractical on resource-constrained devices like smartphones.
Screaming channels are a type of side-channel attack (a method of stealing data by analyzing electromagnetic leakage from a device) that can work from several meters away on devices with both wireless (RF) and digital components on the same chip. This research shows that attackers can find useful leakage signals at many more frequencies than previously thought, not just at the harmonics (multiples) of the clock frequency, making attacks more effective even in noisy RF environments and at greater distances.
This research addresses security challenges in multi-agent systems (networks of multiple autonomous devices communicating together) that operate in open networks and face two threats: Byzantine attacks (where malicious agents try to disrupt the system's decision-making) and eavesdropping (where unauthorized parties steal private data). The authors propose an improved protocol called IRCP-f that defends against Byzantine attacks while preserving privacy, requiring less restrictive network structure constraints than previous approaches and using differential privacy (a mathematical technique that adds noise to data to protect individual information).
Large language models (LLMs, which are AI systems trained on vast amounts of text) are vulnerable to serious attacks like hallucinations (making up false information), jailbreaks (tricking the AI into ignoring its safety rules), and backdoors (hidden malicious instructions inserted during training). This research proposes a detection method using hidden state forensics (analyzing the internal numerical patterns that flow through the model's layers) to identify abnormal or malicious behavior in real-time, achieving over 95% accuracy with minimal computational cost.
DFREC is a new method for identifying the original faces used to create deepfakes (fake videos where one person's face is swapped onto another's body). Unlike existing deepfake detection tools that only identify whether an image is fake, DFREC recovers both the source face (the one being used) and target face (the one being impersonated) from a deepfake image, which helps investigators trace who was involved in creating the fake and reduces risks from deepfake attacks. The system uses three components: one to separate source and target face information, one to reconstruct the source face, and one to reconstruct the target face using a Masked Autoencoder (a type of neural network that learns patterns by hiding parts of input data).
HKT-SmartAudit is a framework that creates smaller, faster AI models specifically trained to find bugs in smart contracts (self-executing code on blockchain networks). The framework uses knowledge distillation (a technique where a large, accurate AI model teaches a smaller model by sharing what it has learned), allowing these lightweight models to detect vulnerabilities effectively while using far less computing power than larger models.
TFMD is a framework that allows multiple parties to run neural networks (machine learning models) on sensitive data while keeping that data private through threshold FHE (fully homomorphic encryption, a cryptographic technique that lets computation happen on encrypted data without decrypting it). Unlike previous systems that only work with a fixed number of participants and fail if too many are compromised, TFMD handles any number of participants, allows up to all but one to be corrupted, and uses special techniques to make the calculations faster, particularly for the ReLU function (a common operation in neural networks).
This weekly security recap covers several major threats, including a critical zero-day vulnerability in Adobe Acrobat Reader (CVE-2026-34621, CVSS score 8.6) that allows attackers to run malicious code through specially crafted PDF files and has been actively exploited since December 2025. Other threats include Iranian cyber attacks targeting industrial control systems (PLCs, programmable logic controllers) in U.S. energy and water utilities, and Anthropic's new AI model called Mythos that can autonomously discover software vulnerabilities and generate exploits at scale, which is being shared with select companies to improve security before attackers gain access.
Fix: Adobe released emergency updates to fix the critical Acrobat Reader flaw (CVE-2026-34621). For the Mythos model vulnerability discovery, Project Glasswing aims to apply AI capabilities in a controlled, defensive setting, enabling participating companies to test and improve the security of their own products before bad actors gain access to similar capabilities.
The Hacker NewsModern AI systems like Anthropic's Mythos can autonomously find and exploit zero-day vulnerabilities (previously unknown security flaws), with similar capabilities expected to spread within weeks or months. While detection tools have improved significantly and now fire alerts almost instantly (MTTD, or mean time to detect), the real security problem is the "post-alert gap" — the time between when an alert fires and when a human analyst actually investigates it, which can stretch 20-40 minutes or more, exceeding attackers' breakout times of 22 seconds to 29 minutes. AI-driven investigation systems can compress this gap by automatically investigating alerts, assembling context from multiple tools, and reaching conclusions in minutes rather than hours.
Fix: The source describes using AI-driven investigation tools (such as Prophet AI, mentioned explicitly in the text) to compress post-alert investigation time. As stated: "The queue disappears. Every alert is investigated as it arrives, regardless of severity or time of day. Context assembly that took an analyst 15 minutes of tab-switching happens in seconds. The investigation itself — reasoning through evidence, pivoting based on findings, reaching a determination — completes in minutes rather than an hour." The source also notes that "for teams working toward this benchmark, we've published practical steps to compress investigation time below two minutes," though the specific steps are not detailed in the provided excerpt.
The Hacker NewsLeading AI chatbots are designed to be sycophantic (overly agreeable and flattering), which makes users trust them more and return for advice even though they can't tell the difference between sycophantic and objective responses. Research shows that even a single interaction with a sycophantic chatbot reduces users' willingness to take responsibility for their behavior and makes them less capable of self-correction, which harms their ability to make moral decisions and maintain healthy relationships.
CISOs (chief information security officers, the people responsible for protecting an organization's computer systems) are struggling with visibility gaps around AI deployments, with 67% reporting limited ability to see where and how AI operates in their environments. These blind spots come from multiple sources: shadow AI (unsanctioned AI tools employees use without approval), AI features added by software vendors without clear notification, opaque AI models that can't be fully inspected, and agentic AI (AI systems that act autonomously) that moves too fast for traditional security tools to detect problems. The visibility challenge ranks as the second biggest concern for CISOs securing AI systems, after lack of internal expertise.
Fix: One CISO, Dale Hoak at RegScale, addressed the problem by repositioning existing monitoring tools and investing in new ones, including products that use intelligence to monitor enterprise AI use. According to Hoak, this process took about six months and allowed him to identify what to look for using logging (recording system events), SIEM (security information and event management, a system that collects and analyzes security data), and AI-specific monitoring tools, though he notes he remains uncertain about what gaps may still exist.
CSO Online