MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You

Attackers repeatedly trigger the prompt, attempting to trick the target or wear them down to approve the request. Sometimes, attackers will pair prompt bombing with a vishing call pretending to be from IT, where they will try to socially engineer the target. The danger is that these methods only need to work once.

The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlist | TechRadar

The GRU could be snooping on unsecured routers to intercept sensitive internet traffic, including credentials and authentication tokens that can be used to compromise personal and work accounts. In particular, GRU has been targeting routers belonging to workers in the military, government, and critical infrastructure industries.

Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic’s Claude goes rogue | Tom’s Hardware

The AI agent was set to complete a routine task in the PocketOS staging environment. However, it came up against a barrier “and decided — entirely on its own initiative — to ‘fix’ the problem by deleting a Railway volume,” writes Crane, as he starts to describe the difficult-to-believe series of unfortunate events.

Hackers Bypass Phishing Emails and Target Okta Identity Systems Instead

As email security tools became stronger, threat actors started looking for easier ways in — and they found one. Targeting identity providers like Okta through voice-based social engineering, a method known as vishing, proved far more effective than any email campaign

Hacker Uses Claude and ChatGPT to Breach Multiple Government Agencies

The integration of artificial intelligence allowed the attacker to turn unfamiliar networks into mapped targets in hours rather than days. Recovered materials showed the attacker possessed over 400 custom attack scripts.

Facebook worker investigated by police after download of 30,000 private images | UK News | Sky News

Court records state that the employee is accused of having “accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta” and that he created a special computer script in order to do so.

32% of top-exploited vulnerabilities are over a decade old – Help Net Security

Long-term exposure also appeared in broader vulnerability trends. Nearly 40% of the top-targeted vulnerabilities affected end-of-life devices, and 32% of vulnerabilities were at least 10 years old. These figures point to persistent gaps between vendor lifecycle timelines and enterprise patching practices.

North Korean workers are taking remote U.S. jobs. This company set a trap to expose one.

The stakes are high. In one case, a North Korean worker stole sensitive information related to U.S. military technology, according to the Justice Department. In another, an American accomplice obtained an ID that enabled access to government facilities, networks and systems.

FBI investigating ‘suspicious’ cyber activities on critical surveillance network | CNN Politics

“The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the bureau said in a statement to CNN on Thursday, declining to elaborate.

AI Hallucination Example

By now, you have been told that you cannot always trust AI. One reason is due to AI Hallucinations. This is where AI tools / chats completing alter or create…