Author: user
May 28, 2025Ravi LakshmananData Privacy/Vulnerability Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive file picker. This allows the website to access the entire user’s cloud storage content, as opposed to only the files selected for uploading via the tool. “This is due to a very broad OAUTH scope and misleading consent screen that cannot clearly explain the extent of access granted,” the report shared with Hacker News states that “cannot clearly explain the scope of access.” “This flaw can have serious consequences, including customer data leaks and violations of compliance regulations.” Several apps, including ChatGpt, Slack, Trello and…
Instacart is making leadership changes. The grocery delivery company announced Wednesday that CEO Chris Rogers will take over as CEO from August 15th. He will also be on the board of directors. Rogers stepped into his role as Fidji Simo, who led Instacart through a vital chapter, heading to Openai to lead the application team. She will chair the board to help her transition. The change in leadership comes in more than a year since Instacart fired 250 employees, about 7% of the workforce, and less than six months after its public debut. Shimo didn’t write any words about the…
Telegram attacked Elon Musk’s partnership with AI company Xai, distributing the latter chatbot Grok via Telegram, and integrated it into the apps available on the chat app platform for a year. Xai will pay $300 million in cash and stocks to the chat app as part of the transaction, Telegram CEO Pavel Durov said Tuesday. Durov said Telegram will earn 50% of revenue from Xai subscriptions purchased through the app. Earlier this year, Xai made GROK chatbot available to premium Telegram users. It appears that Grok is now available to all users. The video that Durov posted to X suggests…
Telegram attacked Elon Musk’s partnership with AI company Xai, distributing the latter chatbot Grok via Telegram, and integrated it into the apps available on the chat app platform for a year. Xai will pay $300 million in cash and stocks to the chat app as part of the transaction, Telegram CEO Pavel Durov said Tuesday. Durov said Telegram will earn 50% of revenue from Xai subscriptions purchased through the app. Earlier this year, Xai made GROK chatbot available to premium Telegram users. It appears that Grok is now available to all users. The video that Durov posted to X suggests…
High-tech companies are betting that nuclear power will help deliver the electricity it needs to make its AI plans come true. However, data centers need electricity tomorrow, and the nuclear industry is not known for its speed. Trey Lauderdale believes that AI can give the nucleus the speed it needs. Lauderdale’s obsession with nuclear power began near the home. In San Luis Obispo, California, where he lives, he continued to run to those who worked at the Diablo Canyon Power Plant. “They’re like coaches on our flag football team,” he said. Speaking to them, he learned that the nuclear power…
May 28, 2025Ravi LakshmananIoT Security/Cryptocurrency Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet called Pumabot. The botnet written in GO is designed to carry out brute force attacks on SSH instances to expand size and scale and provide additional malware to infected hosts. “Malware does not scan the internet, but instead retrieves a list of targets from a command and control (C2) server and forces SSH credentials to force them to force them,” Darktrace said in an analysis shared with Hacker News. “When access is obtained, it receives a remote command and establishes…
Boston (AP) – Harvard University abandons Photo of 175 years old As part of a reconciliation with one of the subject’s descendants, it was believed to be the earliest of those enslaved to the South Carolina Museum, dedicated to African American history.Photos of subjects identified as Rentai, the great great grandfather Tamara Lanier called “Papa Lanti,” and his daughter Delia, will be moved from the Peabody Museum and the Museum of Ethnology to the International Museum of African Americans in South Carolina.This reconciliation marks the end of a 15-year battle between Lanier and the country’s most elite universities, releasing the…
Canadian Innovation Week is back at this week’s 8th annual event. Canadian Innovation Week, held from May 26-30, brings together innovators, partners and communities across Canada to spotlight the real impact of bold ideas, from local projects to global breakthroughs. The event organizer, the Rideau Hall Foundation, is committed to showcasing Canadian innovations that are relevant, accessible and meaningful to everyone. The message behind Canada’s Innovation Week Canada’s Innovation Week is a growing national movement that celebrates the excellence of innovation, amplifies success stories both locally and nationally, and creates conditions for bold ideas to flourish. It combines face-to-face and…
May 28, 2025Hacker NewsIdentity Theft / Enterprise Security Stealer malware doesn’t just steal passwords. In 2025, they steal live sessions and attackers are moving faster and more efficiently than ever before. Many associate accounts have personal services, but the actual threats are being deployed in businesses. Flare’s latest research, Accounts and Session Takeover Economy, analyzed over 20 million steeler logs and tracked attacker activity across telegram channels and the dark web marketplace. The findings reveal how cybercriminals hijack infected employee endpoints into enterprise sessions. This is the real timeline of modern session hijacking attacks. Infection and data theft within an…
May 28, 2025Ravi LakshmananCrypto jacking/vulnerability It has been observed that financially motivated threat actors take advantage of the recently disclosed flaws in remote code execution to influence Craft Content Management Systems (CMS) and deploy multiple payloads, including cryptocurrency miners, loaders known as MIMO loaders, and residential proxyware. The vulnerability in question is CVE-2025-32432, a maximum severity flaw in the craft CMS patched in versions 3.9.15, 4.14.15, and 5.6.17. The existence of security flaws was first disclosed in April 2025 by the orange Cyber Defense Sense Post. According to a new report published by Sekoia, the threat behind the campaign weaponized…