Google: China's APT31 used Gemini to plan cyberattacks against US orgs

Meanwhile, IP-stealing 'distillation attacks' on the rise A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, ...

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.
GovInfoSecurity

Breach Roundup: CISA Flags OT Risks After Polish Grid Hack

This week, a CISA warning, Nest footage in Nancy Guthrie case, Signal phishing. Spanish hacker, Russian asylum. Spanish ...

Google says hackers are abusing Gemini AI for all attacks stages

Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access to ...
Decrypt

That 'Summarize With AI' Button May Be Brainwashing Your Chatbot, Says Microsoft

Microsoft researchers said some companies are hiding promotional instructions in "Summarize with AI" buttons, poisoning ...

Critical BeyondTrust RCE flaw now exploited in attacks, patch now

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access ...
The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

LLM Security Isn’t Just Theoretical—It’s A QA Problem You Can Test

As a QA leader, there are many practical items that can be checked, and each has a success test. The following list outlines what you need to know: • Source Hygiene: Content needs to come from trusted ...