Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Top EdTech Apps Delivering AI Skills

“AI isn’t coming, it’s already here. The question is, are you ready?” That’s the brutal reality of a…

HackRead
Open in Source
#mac#google#intel#pdf
The Mysterious Shortwave Radio Station Stoking US-Russia Nuclear Fears

A popular shortwave Russian radio station dubbed “UVB-76” has been an enigma for decades. But its recent messages have turned it into a tool for Kremlin saber-rattling.

Fake CoinMarketCap Journalists Targeting Crypto Executives in Spear-Phishing Campaign

Fake CoinMarketCap journalist profiles used in spear-phishing target crypto execs via Zoom interviews, risking malware, data theft, and…

US Government Seeks Medical Records of Trans Youth

Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere.

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds

Music tastes, location information, even encrypted messages — Apple's servers are gathering a "surprising" amount of personal data through Apple Intelligence, Lumia Security's Yoav Magid warns in his new analysis.

Cherry pie, Douglas firs and the last trip of the summer

Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures.

AI Browsers Can Be Tricked Into Paying Fake Stores in PromptFix Attack

The PromptFix attack tricks AI browsers with fake CAPTCHAs, leading them to phishing sites and fake stores where…

GHSA-8hmm-4crw-vm2c: @musistudio/claude-code-router has improper CORS configuration

### Impact Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data. ### Patches The issue has been patched in v1.0.34.

GHSA-79j6-g2m3-jgfw: vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

### Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. ### Details vLLM's [Qwen3 Coder tool parser](https://github.com/vllm-project/vllm/blob/main/vllm/entrypoints/openai/tool_parsers/qwen3coder_tool_parser.py) contains a code execution path that uses Python's `eval()` function to parse tool call parameters. This occurs during the parameter conversion process when the parser attempts to handle unknown data types. This code path is reached when: 1. Tool calling is enabled (`--enable-auto-tool-choice`) 2. The qwen3_coder parser is specified (`--tool-call-parser qwen3_coder`) 3. The parameter type is not explicitly defined or recognized ### Impact Remote Code Execution via Python's `eval()` function.

Google settles YouTube lawsuit over kids’ privacy invasion and data collection

Google has settled a lawsuit against YouTube for $30 million but did not admit collecting the data of minors for targeted advertising.