August 2025

Infosec hounds spot prompt injection vuln in Google Gemini apps

Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed Black hat  A trio of researchers has disclosed a major prompt injection vulnerability in Google's Gemini large language model-powered applications.…

UK secretly allows facial recognition scans of passport, immigration databases

Campaigners brand Home Office’s lack of transparency as ‘astonishing’ and ‘dangerous’ Privacy groups report a surge in UK police facial recognition scans of databases secretly stocked with passport photos lacking parliamentary oversight.…

UK proxy traffic surges as users consider VPN alternatives amid Online Safety Act

It's 'more than a temporary trend,' Decodo claims Amid the furor around surging VPN usage in the UK, many users are eyeing proxies as a potential alternative to the technology.…

Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’

No reported in-the-wild exploits…yet Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange to the cloud.…

Black Hat’s network ops center brings rivals together for a common cause

The Reg goes behind the scenes of the conference NOC, where volunteers 'look for a needle in a needle stack' Black Hat  Neil "Grifter" Wyler is spending the week "looking for a needle in a needle stack," a task he'll perform from the network operations center (NOC) that…

CISA releases malware analysis for Sharepoint Server attack

Indications of compromise and Sigma rules report for your security scanners amid ongoing 'ToolShell' blitz CISA has published a malware analysis report with compromise indicators and Sigma rules for "ToolShell" attacks targeting specific Microsoft SharePoint Server versions.…

KLM, Air France latest major organizations looted for customer data

Watch out, the phishermen are about, customers told European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers' data stolen by way of a break-in at a third party org.…

Meta training AI on social media posts? Only 7% in Europe think it’s OK

Privacy campaigner Max Schrem's NOYB is back on Zuck's back Updated  Meta's enthusiasm for training its AI on user data is not shared by the users themselves – at least for some Europeans – according a study commissioned by Facebook legal nemesis Max Schrems and his privacy advocacy…

Google says the group behind last year’s Snowflake attack slurped data from one of its Salesforce instances

ShinyHunters suspected in rash of intrusions Google confirmed that criminals breached one of its Salesforce databases and stole info belonging to some of its small-and-medium-business customers.…

Vibe coding tool Cursor’s MCP implementation allows persistent code execution

More evidence that AI expands the attack surface Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a previously approved Model Context Protocol (MCP) configuration, silently swapping it for a…

Copyright © 2026 Lugapel