Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server.
The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows Storage spoofing bug

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to…

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to secretly steal sensitive data from your connected Google Drive, SharePoint, and other apps without you knowing.

A new security flaw, dubbed AgentFlayer, has been revealed that demonstrates how attackers can secretly steal personal information from users’ connected accounts, like Google Drive, without the user ever clicking anything. The vulnerability was discovered by cybersecurity researchers at Zenity and presented at the recent Black Hat conference.

As per Zenity’s research, the flaw takes advantage of a feature in ChatGPT called Connectors, which allows the AI to link to outside applications such as Google Drive and SharePoint. While this feature is designed to be helpful, for example, by letting ChatGPT summarise documents from your company’s files, Zenity found that it can also create a new path for hackers.

****The Attack in Action****

The AgentFlayer attack works through a clever method called an indirect prompt injection. Instead of directly typing in a malicious command, an attacker embeds a hidden instruction into a harmless-looking document. This could even be done with text in a tiny, invisible font.

Invisible prompt injection embedded in a document. 1px white font (Source: Zenity)

The attacker then waits for a user to upload this poisoned document to ChatGPT. When the user asks the AI to summarise the document, the hidden instructions tell ChatGPT to ignore the user’s request and instead perform a different action. Such as, the hidden instructions could tell ChatGPT to search the user’s Google Drive for sensitive information like API keys.

Victim’s API Keys (Source: Zenity)

The stolen information is then sent to the attacker in an incredibly subtle way. The attacker’s instructions tell ChatGPT to create an image with a special link. When the AI displays this image, the link secretly sends the stolen data to a server controlled by the attacker. All of this happens without the user’s knowledge and without them needing to click on anything.

****A Growing Risk for AI****

Zenity’s research points out that while OpenAI has some security measures in place, they aren’t enough to stop this type of attack. Researchers were able to bypass these safeguards by using specific image URLs that ChatGPT trusted.

This vulnerability is part of a larger class of threats that show the risks of connecting AI models to third-party apps. Itay Ravia, the Head of Aim Labs, confirmed this, stating that such vulnerabilities are not isolated and that more of them will likely appear in popular AI products.

“As we warned with our original research, EchoLeak (CVE-2025-32711) that Aim Labs publicly disclosed on June 11th, this class of vulnerability is not isolated, with other agent platforms also susceptible,_“_ Ravia explained.

“The AgentFlayer zero-click attack is a subset of the same EchoLeak primitives. These vulnerabilities are intrinsic, and we will see more of them in popular agents due to a poor understanding of dependencies and the need for guardrails,” Ravia commented, emphasising that advanced security measures are needed to defend against these kinds of sophisticated manipulations.

AgentFlayer 0-click exploit abuses ChatGPT Connectors to Steal 3rd-party app data

POS scams are difficult but not impossible to pull off. Here's how they work—and how you can protect yourself.

Considering the widespread use of contactless payment systems, it's no surprise that portable point-of-sale thefts are making a comeback. This type of robbery is enjoying a new wave of popularity, and is much harder to spot given how quickly those transactions take place. But how much risk is there, really? And how can you protect yourself from POS scams?

**The Case of Sorrento**

A recent example of POS theft happened recently in Italy, when topic exploded again a few days ago when the news agency Ansa reported an arrest made in Sorrento after someone attempted to steal €100 from a cash register in a bar in the city center. During the search, law enforcement allegedly found a modified portable POS terminal.

It wasn't the first time the alleged thief had been stopped with such a device; Ansa reports that they had been arrested previously in Rome. The device shown in the photos circulated by the media appears to be a SumUp Solo, or a portable POS capable of operating independently without being connected to a smartphone. It is a popular type of device in stalls and markets, given its affordability and ease of use.

This is also not the first time robbers with tech equipment have been arrested. In fact, last year Ansa reported on a similar case with apprehensions occurring at a highway rest stop.

**Difficult, but Not Impossible**

There are two possible _modus operandi_ for this type of scam. The first is the more convenient one for the robbers: They steal a wallet and, at a later time, make a series of small transactions with a stolen card that do not require entering the PIN, as if to simulate a series of short-term purchases. When the limit is reached, the wallet is thrown away.

The second method can be described as a kind of trawling. Thieves choose crowded places with high densities of people likely to come in contact with one another, such as public transportation or lines in commercial establishments. They then proceed to create a payment request on a portable POS, hold it in their hands or hide it in some way, and place it in the back pockets of pants, bags, fanny packs, backpacks, and so on.

The success rate is very low due to a number of factors. The first is that it takes about 30 seconds to receive confirmation of the transaction, before the request must be repeated from the POS. The second is that the POS must be almost in contact with the card, usually within 0.5 to 4 cm. The third is that there must be no interfering elements, such as other cards. Therefore, the robber must encounter a series of fortuitous circumstances to be successful. While the rate of success is very low, it is not zero, so it is best to limit your risk as much as possible. Here are some tips.

**How to Defend Yourself**

It goes without saying that if you stick your wallet in the back pocket of your pants in plain view, you not only risk being robbed in the traditional way, but you also create the best scenario for this newer scam. You can opt for wallets with integrated RFID protection, which create a real barrier to these types of scams.

For maximum protection, you can receive notifications even for small contactless transactions through your bank 's app settings. Fraudsters typically choose small amounts, trusting that the victim will not receive notifications—often the victim may not notice the amount being withdrawn, perhaps confusing it with other small transactions. If you fall for the scam, it's advisable to contact your bank immediately to dispute the transactions: Since everything is traceable, it's possible to identify the device used by the fraudsters, although they may have switched to a new one in the meantime.

Finally, almost all modern smartphones are now equipped with an NFC chip for contactless payments. Thefts using portable POS terminals can often be prevented by the fact that the smartphone must be unlocked, so even if someone places a POS terminal on the unattended phone, no transaction takes place.

_This story originally appeared on_ WIRED Italy _and has been translated from Italian._

How to Protect Yourself From Portable Point-of-Sale Scams

Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices.
"This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News.
The

Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks

Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware.
The vulnerabilities have been codenamed

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Quantum sensors can be used in medical technologies, navigation systems, and more, but they’re too expensive for most people. That's where the Uncut Gem open source project comes in.

Quantum computing is either a distant dream or an imminent reality depending on whom you ask. And while much of this year's Quantum Village at the Defcon security conference in Las Vegas is focused on emerging research and threat analysis, Village cofounders Victoria Kumaran and Mark Carney are also working to make a currently available quantum technology more accessible to hackers and anyone else.

In a main-stage Defcon talk on Saturday, the pair will present an open source and affordable quantum sensor that can serve a variety of uses, from medical technologies to GPS alternatives. And it's all powered by a special yet affordable diamond with particular atomic properties. The first generation design could be assembled for about $120 to $160 depending on suppliers and shipping times. The second version that Kumaran and Carney are presenting this weekend can be built for even less, and the pair says they will release a third version this fall based on community testing and input that they hope will cost just $50 to build.

Quantum sensors detect extremely slight variations in magnetic and electrical fields, enabling ultra-precise measurements. Atomic clocks that keep nearly perfect time, for example, are quantum sensors that have been in use for decades. For researchers and enthusiasts interested in learning more about quantum sensing, though, the barrier to entry has been quite high. So the Quantum Village's relatively affordable, open source “Uncut Gem” project creates a real opportunity for more people to build their own quantum sensors and explore the technology.

“You can do things you wouldn't have been able to do before, like using quantum sensors to start building portable MRI-style devices that can be used in all different countries,” Kumaran told WIRED ahead of the presentation. “These are diamonds with defects, synthetic diamonds that are the cheapest off-cuts you can get. I think there’s something a bit poetic that synthetic diamonds have this utility.”

Most of the components needed for the quantum sensor are simple off-the-shelf computing parts, but the diamond needs to be what's known as a “nitrogen-vacancy diamond.” Its special molecular properties are thanks to the presence of nitrogen atoms that replace some carbon atoms in the diamond's atomic structure.

In addition to potential medical applications, quantum sensors can be used in alternative navigation technologies that track electromagnetic wave interference. Such tools could be used as local alternatives to GPS in the case of global system failures or targeted jamming. The US Space Force is currently testing what a release called the “highest-performing quantum inertial sensor ever tested in space.”

For the vast majority of people who don't have access to the world's highest performing quantum sensors, though, the Uncut Gem project represents an opportunity to democratize and expand quantum sensing technology. The project joins others in different fields of hacking that have been geared toward low-cost, accessible designs and components.

Independent researcher Davide Gessa has been testing the Uncut Gem schematics and code.

“I'm in the final phase of casting the diamond with the electronics—I hope to finish the device in about two weeks,” Gessa told WIRED. “I'm following the instructions from the official project, but I made some customizations too. My hope is to exploit this device to do some quantum computing experiments and also use it for random number generation. All my edits will be open source, so everyone can replicate and improve it.”

Uncut Gem prototype sensors have already been able to detect magnetic wave fluctuations in a chaotic conference hall as well as a heartbeat from a few feet away from a subject. Software is vital in quantum sensing, because even the most refined and high-quality hardware still picks up noise in the environment that needs to be reconciled and filtered to focus the sensor's output on the intended detection.

“The reason we’re calling it the first fully open source is because, to the best I’ve found, other papers give you some schematics—and we’ve referenced those—but there’s no one other place that you could go that has the PCB \[printed circuit board\], the source of diamonds, the designs, the schematics, the firmware, and also a repository of knowledge about how it works so you can get started,” Carney, of the Quantum Village, told WIRED.

While quantum sensors, and certainly the Uncut Gem sensor, still have a long way to go before delivering the accuracy and ease-of-use of a _Star Trek_ tricorder, Carney and Kumaran emphasize that the purpose of the project is simply to get actual quantum technology out to the world as quickly as possible.

“Open sourcing this is really important to us,” Carney says. “Is it a good sensor? Excuse me, but fuck no. There are much better sensors. Could it be a better sensor? Absolutely, and that will happen if we can get people to take part in open source and iterate it.”

A Special Diamond Is the Key to a Fully Open Source Quantum Sensor

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the…

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the US. He and his co-conspirators allegedly used spearphishing to steal customer data, filing fraudulent tax returns and disaster relief claims worth millions of dollars.

In a much-awaited legal move, Nigerian man Chukwuemeka Victor Amachukwu, a/k/a “Chukwuemeka Victor Eletuo” and “So Kwan Leung,” was recently extradited from France to the United States to face charges related to hacking, fraud, and identity theft.

The extradition, announced by the FBI and the Department of Justice, marks the culmination of extensive teamwork between US and French law enforcement agencies and is a major step in the ongoing case.

According to statements from US Attorney Jay Clayton and FBI Assistant Director Christopher G. Raia, Amachukwu is a key figure in a scheme that has allegedly stolen millions of dollars. The charges against him and his co-conspirators include a sophisticated plan to hack into tax businesses across the US, including locations in New York and Texas.

The alleged fraud began around 2019, when Amachukwu and his partners, including a person named Kinglsey Uchelue Utulu, used deceptive emails to gain access to the computer systems of tax preparation businesses. These types of emails, known as spearphishing, are highly targeted messages designed to trick specific individuals into revealing sensitive information or granting system access. Once inside, the group stole personal and tax information from thousands of customers.

They then used this stolen data to file fraudulent tax returns with the IRS and state tax authorities, seeking approximately $8.4 million and successfully obtaining around $2.5 million. The scheme didn’t stop there. The group also reportedly used the stolen identities to file fake claims with the Small Business Administration’s Economic Injury Disaster Loan program, securing an additional $819,000 in fraudulent payouts. This program is designed to provide financial relief to businesses affected by disasters.

In a separate scheme, Amachukwu is also accused of running a fake investment program. He allegedly promised victims valuable standby letters of credit that didn’t actually exist, and instead, “pocketed millions of dollars of his victims’ money,” according to US Attorney Clayton.

Amachukwu, 39, faces several serious charges, including conspiracy to commit computer intrusions, multiple counts of wire fraud, and aggravated identity theft (PDF). If convicted, these charges could lead to a lengthy prison sentence. He was presented before US Magistrate Judge Robert W. Lehrburger, with the case now assigned to US District Judge Paul G. Gardephe.

The FBI praised the work of its international partners, including the Justice Department’s Office of International Affairs and the French National Gendarmerie, for their help in the arrest and extradition. As is customary, the defendant is presumed innocent until proven guilty in a court of law.

Nigerian man extradited from France to US over hacking and fraud allegations

Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions.
Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems

Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to…

Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to stay protected. Learn how a Russia-linked group is using this vulnerability and why you must manually update to WinRAR 7.13 now to stay safe.

WinRAR, a popular tool used by millions to manage compressed files, has been found to have a serious security weakness that was being actively exploited by hackers. The flaw, officially named CVE-2025-8088, allowed attackers to trick the program into installing malware on users’ computers without their knowledge. Security researchers at the firm ESET discovered and disclosed the issue, which has since been patched by WinRAR in a new update.

****How the Attack Worked****

The vulnerability is a type of _path traversal_ bug. This means a malicious file could be designed to make WinRAR save a file in a different location than where the user intended, such as the computer’s Startup folder. This enabled attackers to execute their own code.

According to a tweet from CVE (@CVEnew), this vulnerability was exploited to run what’s known as arbitrary code on a victim’s computer. The hackers’ goal was to deliver a malicious software called RomCom backdoor through specially crafted archive files sent in phishing emails.

These deceptive emails tricked people into opening the harmful attachments. For your information, RomCom malware is known for its ability to steal sensitive data and install other harmful programs, creating a serious security risk for anyone affected.

CVE on X

****The Russian Link****

Researchers from ESET, including Anton Cherepanov, Peter Košinár, and Peter Strýček, identified that the group behind this attack is a cyberespionage team suspected of being linked to Russia. This group has been known to carry out similar attacks in the past, targeting users in Europe and North America with different types of malware.

In late 2024, as reported by Hackread.com, they were exposed for exploiting a vulnerability in popular browsers like Mozilla Firefox and Tor Browser, which allowed them to run malicious code just by a user visiting a specific webpage.

Fortunately, there is a simple fix. WinRAR has released an update, version 7.13, which closes this dangerous security loophole. However, WinRAR does not automatically update itself, so it is up to each individual user to take action. To protect yourself from this threat, you must manually download and install the new version of WinRAR. Users who do not update will remain vulnerable to this specific attack.

WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

Latest News