#security
gist.github.com · ⭐️ 9/10 · 2026-07-12
Security researchers discovered that xAI's Grok CLI (version 0.2.93) automatically uploads entire Git repositories and sensitive files like .env to Google Cloud Storage, even when prompts instruct not to read specific files. Disabling the 'improve model' setting does not prevent the upload. This vulnerability exposes users' proprietary code, API keys, and credentials by default, posing a severe privacy and security risk. It undermines trust in AI-assisted coding tools and raises questions about data handling practices. The tool sends file contents via two channels: embedded in model conversation requests and as a git bundle file. In a test with a 12 GB repository, over 5 GiB of data was successfully uploaded without rejection. The opt-out toggle in settings had no effect on the upload behavior.
bleepingcomputer.com · ⭐️ 9/10 · 2026-07-11
Binarly disclosed six vulnerabilities in U-Boot's FIT signature verification code, two enabling arbitrary code execution and four causing denial of service. The flaws affect over 50 stable versions dating back to 2013.07 and numerous downstream branches. Attackers can execute malicious code before the operating system boots, bypassing all security measures and potentially installing persistent firmware malware. For systems with remote firmware update capabilities like BMCs, exploitation requires no physical access, posing a severe threat to embedded and server ecosystems. The vulnerabilities reside in how untrusted FIT images are processed before signature validation completes. Remote exploitation is possible via malicious firmware updates, and while patches have been accepted into U-Boot, each hardware vendor must integrate and distribute them—legacy devices may never receive fixes.
cyberinsider.com · ⭐️ 9/10 · 2026-07-08
The European Union is one step away from reviving proposed rules that would require scanning of private messages for child sexual abuse material, threatening the future of end-to-end encryption. If enacted, these rules could undermine privacy and encryption across the EU, affecting hundreds of millions of users and setting a dangerous precedent for mass surveillance. The proposal, known as Chat Control, has two versions: Chat Control 1.0 allows voluntary scanning by platforms, while Chat Control 2.0 mandates scanning and effectively bans end-to-end encryption.
coolapk.com · ⭐️ 9/10 · 2026-07-08
Nebula Security disclosed a remote root exploit chain targeting all Android versions, combining a Firefox browser vulnerability (affecting version 151.0.2 and earlier) and a 15-year-old Linux kernel flaw (CVE-2026-43499, GhostLock), with proof-of-concept code released on GitHub. This exploit chain allows attackers to gain persistent root access on any Android device by simply tricking a user into clicking a malicious link, posing a severe security risk to billions of users and potentially leading to widespread exploitation. The attack leverages a remote code execution vulnerability in Mozilla Firefox and the GhostLock kernel flaw for privilege escalation, enabling attackers to execute arbitrary commands via ADB and implant files for persistent control.
github.com · ⭐️ 9/10 · 2026-07-07
Researchers disclosed Januscape (CVE-2026-53359), a use-after-free vulnerability in KVM's shadow MMU that allows a guest VM to escape to the host on both Intel and AMD platforms. The bug has existed in the Linux kernel for approximately 16 years, from 2010 to June 2026. This is the first publicly known guest-to-host escape exploit that works on both Intel VMX and AMD SVM, making it a critical threat to multi-tenant cloud environments using KVM. The vulnerability was used as a 0-day in Google's kvmCTF and could compromise isolation boundaries of cloud providers. The flaw resides in the function kvmmmugetchildsp() within the shadow MMU code shared by both Intel and AMD x86 KVM implementations. PoC code has been released that triggers host kernel panic from a guest, and on RHEL-like distributions, a local unprivileged user can also escalate to root.
javoriuski.com · ⭐️ 9/10 · 2026-07-04
A prompt injection vulnerability in YouTube's AI comment summarization tool allows attackers to leak the titles of a creator's private videos by leaving a crafted comment that injects a malicious prompt. This vulnerability compromises the privacy of YouTube creators by exposing their private video titles, and highlights the broader security risks of integrating large language models into user-facing applications without adequate safeguards against prompt injection. The attack works when a creator opens YouTube Studio's comment tab and clicks a suggested AI prompt; the injected comment then forces the model to include private video titles in its response. Community testing shows mixed results, with some users unable to reproduce the issue, indicating possible partial mitigations by YouTube.
lwn.net · ⭐️ 9/10 · 2026-06-27
The Linux Foundation, with broad industry support, has launched the Akrites project to accelerate vulnerability fixes in open source software, coordinating confidential patch deployment to counter AI-assisted exploit development. Akrites addresses the growing threat of AI-enabled reverse engineering and exploit generation by ensuring patches are deployed to critical infrastructure before adversaries can act, reshaping how the open source ecosystem handles critical vulnerabilities. The project emphasizes confidentiality as non-negotiable and will act as a maintainer of last resort for orphaned critical packages. It aligns with government efforts to coordinate public and private defenders.
nvd.nist.gov · ⭐️ 8/10 · 2026-07-08
A use-after-free vulnerability (CVE-2026-57589) has been discovered in OpenBSD, allowing a local attacker to escalate privileges to root. This vulnerability is significant because OpenBSD is renowned for its security focus, and a local privilege escalation bug could undermine that reputation. It affects all systems running the vulnerable version. The vulnerability was discovered as part of the 'Patch The Planet' initiative by OpenAI and Trail of Bits. Details are currently limited; the OpenBSD security page does not yet list it.
lwn.net · ⭐️ 8/10 · 2026-07-08
At the 2026 Linux Security Summit North America, Eric Biggers presented ongoing efforts to replace the traditional Linux kernel crypto API with new library APIs that are safer and simpler to use. This modernization reduces complexity and potential security bugs in kernel cryptography, benefiting all kernel subsystems that rely on encryption, hashing, and authentication. The traditional crypto API, introduced in 2002, has become complex, slow, and poorly optimized for modern CPU-based acceleration, leading to maintenance and performance issues.
nvdb.org.cn · ⭐️ 8/10 · 2026-07-08
China's Ministry of Industry and Information Technology (MIIT) issued a risk notice on July 8, 2025, warning that Claude Code versions 2.1.91 through 2.1.196 contain a backdoor that secretly transmits users' location and identity information to remote servers without consent. This is significant because Claude Code is a widely used AI coding tool, and the backdoor compromises the privacy and security of many developers. The authoritative warning from a government body like MIIT underscores the severity of the threat and may prompt organizations to reassess their use of AI tools in development pipelines. The affected versions span from 2.1.91 to 2.1.196, and the backdoor includes a built-in monitoring mechanism that exfiltrates sensitive data. Users are advised to immediately check, uninstall the vulnerable versions, or upgrade to the latest secure version that has removed the malicious code, and to strengthen outbound permission controls and traffic monitoring for development tools.
scmp.com · ⭐️ 8/10 · 2026-07-08
Chinese researchers developed a non-contact forensic technique that identifies smartphone apps and operations by analyzing leaked low-frequency electromagnetic signals, achieving up to 99.07% accuracy on devices like iPhone 15 Pro, Xiaomi 15 Pro, and OPPO Reno 13. This attack method poses a serious privacy threat because it can work even when the phone is offline, in airplane mode, encrypted, or locked, without any access to the device's system or stored data. The technique analyzes low-frequency electromagnetic (EM) signals emitted by a running smartphone's components, and the researchers tested it on popular apps including TikTok, WeChat video calls, Baidu Maps, SMS, browser, camera, and cloud storage.
lwn.net · ⭐️ 8/10 · 2026-07-07
William Woodruff published a blog post arguing that PyPI's trusted publishing should not be interpreted as a signal of package trust or quality, but rather as a form of authentication. This clarifies a common misconception among developers, which could otherwise lead to over-reliance on trusted publishing for software supply chain security decisions. Woodruff emphasizes that trusted publishing uses OpenID Connect (OIDC) to establish identity between a CI/CD workflow and PyPI, and that PyPI deliberately avoids rendering it as a green checkmark.
github.com · ⭐️ 8/10 · 2026-07-07
The new-api project has released two commits that add boundary checks and saturation arithmetic to prevent integer overflow in quota calculations, which could cause negative charges. This fix addresses a severe billing vulnerability that could allow users to artificially gain credits by triggering negative deductions, impacting any deployment using new-api for metering or billing. It underscores the importance of robust input validation in financial logic. The vulnerability stemmed from missing validation on user-controllable parameters in quota calculation; when oversized values caused integer overflow, deductions became negative. The fix introduces upper-bound validation and saturation arithmetic that clamps results to the maximum representable value instead of wrapping around.
lwn.net · ⭐️ 8/10 · 2026-07-06
OpenSSH 10.4 was released, adding experimental support for a composite post-quantum signature scheme combining ML-DSA 44 and Ed25519. Additionally, on Linux, sshd will now refuse to start if SECCOMP or NONEWPRIVS sandbox features are not enabled. This is significant because SSH is a critical infrastructure tool used for secure remote access worldwide; post-quantum signature support future-proofs SSH against potential quantum computer attacks. The stricter sandbox enforcement improves security by ensuring sshd runs in a confined environment, reducing the impact of potential vulnerabilities. The post-quantum signature scheme follows an IETF draft and combines ML-DSA 44 (a NIST-standardized lattice-based algorithm) with Ed25519. On Linux, if sshd is compiled with sandbox support and the system lacks SECCOMP or NONEWPRIVS, the daemon will now fail to start instead of merely logging an error.
lwn.net · ⭐️ 8/10 · 2026-07-04
Greg Kroah-Hartman announced the release of seven stable Linux kernels (versions 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211, and 5.10.260), which include fixes for two security vulnerabilities: CVE-2026-53362 and CVE-2026-53359. These fixes address critical vulnerabilities, including a container escape vulnerability (CVE-2026-53362) that could allow attackers to gain root access on the host system, and a use-after-free bug in KVM (CVE-2026-53359) that has existed since the 2.6.36 kernel. Users are strongly advised to upgrade to protect against potential exploitation. CVE-2026-53362 was introduced in kernel 6.0 in IPv6 handling, while CVE-2026-53359 is a use-after-free bug in KVM present since kernel 2.6.36. Each stable kernel also includes numerous other fixes throughout the tree.
cultofmac.com · ⭐️ 8/10 · 2026-07-04
Apple announced Trust Insights, a new on-device anti-fraud feature in iOS 27 that analyzes user behavior patterns to detect scams without reading personal content like messages or photos. This feature enhances user security against phone scams while maintaining strong privacy by processing data entirely on-device and only sending a single anonymized output to servers. Trust Insights uses device sensor data and contextual analysis to identify suspicious behavior like being guided by a scammer to transfer money or change accounts; it can trigger warnings, delays, or extra authentication before transactions.
mathstodon.xyz · ⭐️ 8/10 · 2026-07-02
Since Linux 6.9, the cryptsetup luksSuspend command no longer wipes disk-encryption keys from memory during suspend, leaving them accessible in RAM. This regression undermines the security of LUKS-encrypted devices because an attacker with physical access to a suspended system could extract the master key from memory and decrypt the disk without needing the passphrase. The issue affects Linux kernels from 6.9 onward, but not all distributions are impacted because luksSuspend is not part of the official cryptsetup specification; it originated as a Debian extension.
research.jfrog.com · ⭐️ 8/10 · 2026-06-28
Security researchers at JFrog disclosed a new Linux kernel local privilege escalation vulnerability named DirtyClone (CVE-2026-43503), which allows unprivileged local users to gain root access by exploiting a flaw in socket buffer cloning that loses the SKBFLSHAREDFRAG flag. This vulnerability is critical because it affects widely-used Linux distributions with default unprivileged user namespaces, such as Debian, Ubuntu, and Fedora, and can be exploited without leaving kernel logs or audit traces, making it especially dangerous for multi-tenant cloud environments and Kubernetes clusters. The vulnerability was patched in Linux kernel v7.1-rc5 on May 21, 2026; mitigations include disabling unprivileged user namespaces via kernel.unprivilegedusernsclone=0 or blocking the esp4, esp6, and rxrpc kernel modules.
simonwillison.net · ⭐️ 8/10 · 2026-06-27
Fernando Irarrázaval's OpenClaw AI assistant challenge, where 2,000 people attempted to leak secrets via email, ended with zero successful breaches after 6,000 attempts. The underlying model, Anthropic's Opus 4.6, was protected by anti-prompt-injection rules. This experiment provides real-world evidence that frontier models are becoming significantly more robust against prompt injection attacks, a critical AI safety concern. It suggests that security improvements in large language models are translating into practical defenses, though not guaranteeing complete invulnerability. The challenge cost $500 in tokens and triggered a Google account suspension due to excessive inbound emails. Despite 6,000 attempts, no participant managed to leak the secret, but the author warns against deploying production systems where prompt injection could cause irreversible damage.
simonwillison.net · ⭐️ 8/10 · 2026-06-27
Andrew Nesbitt published a fictional incident report, CVE-2026-LGTM, depicting two AI review agents from competing vendors entering a disagreement loop over a package security issue, generating 340 comments and $41,255 in inference costs. This satire highlights critical flaws in autonomous AI agents, including runaway costs, vendor marketing exploitation, and lack of escalation mechanisms, serving as a cautionary tale for the software industry's increasing reliance on AI-driven automation. The report notes the two agents failed to resolve a simple dispute over the foxhole-lz4 package's maliciousness, leading to an escalating argument. One vendor's marketing team used the incident to issue a press release claiming a 430% YoY increase in adversarial multi-agent security reasoning, and the company's stock rose 6%.