Feed aggregator

Article URL: https://www.theatlantic.com/culture/2026/05/enhanced-games-sports-doping/687296/

Comments URL: https://news.ycombinator.com/item?id=48293664

Points: 1

# Comments: 0

Article URL: https://aminet.net/package/comm/tcp/TheWire13

Comments URL: https://news.ycombinator.com/item?id=48293659

Points: 1

# Comments: 0

Article URL: https://www.npr.org/2025/09/08/nx-s1-5526066/leni-riefenstahl-nazi-filmmaker-new-documentary

Comments URL: https://news.ycombinator.com/item?id=48293641

Points: 3

# Comments: 0

Article URL: https://calnewport.com/deep-habits-workingmemory-txt-the-most-important-productivity-tool-youve-never-heard-of/

Comments URL: https://news.ycombinator.com/item?id=48293640

Points: 1

# Comments: 0

Article URL: https://caseyhandmer.wordpress.com/2026/05/08/how-to-build-a-lunar-mass-driver/

Comments URL: https://news.ycombinator.com/item?id=48293617

Points: 1

# Comments: 0

Article URL: https://robinsiep.com/blog/posts/go-errors/

Comments URL: https://news.ycombinator.com/item?id=48293616

Points: 1

# Comments: 0

Now in its third year, the AI Risk Summit is the leading conference that brings together CISOs, security leaders, AI researchers, developers, policymakers, and enterprise risk professionals.

The post SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay appeared first on SecurityWeek.

Article URL: https://www.githubstatus.com/?now

Comments URL: https://news.ycombinator.com/item?id=48293607

Points: 1

# Comments: 2

The Computer Weekly Security Think Tank considers the intersection of AI and IAM. In this article we explore how the frontiers of identity are expanding in the agentic era, and why this requires new approaches to governance.

IT and business execs are being encouraged to move quickly to benefit from what IT providers are offering in terms of agentic AI

The slightly revamped gaming phone gets a $100 price bump over the RedMagic 11 Pro from last fall.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability
• CVE-2026-45321 TanStack Unspecified Vulnerability
• CVE-2026-48027 Nx Console Embedded Malicious Code Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Using an AI model called BinNet, RevEng hunts vulnerabilities and backdoors in released software binaries.

The post RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries appeared first on SecurityWeek.

I was surprised I hadn’t heard of The Cumin Club, as the five vegan Indian dishes I tried were easy to prepare and packed with flavor.

When the Federal Bureau of Investigation (FBI) publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to.

The agency is now warning about “Kali365,” a phishing‑as‑a‑service (PhaaS) platform that helps even low‑skilled attackers hijack Microsoft 365 accounts by stealing access tokens instead of passwords.

Although early reporting focuses on attacks against organizations, the underlying technique works just as easily against individual Microsoft 365 users who are tricked into entering a short code on a real Microsoft website. In other words, this is not just a business or IT department problem. It could affect anyone with an Outlook, OneDrive, or Microsoft 365 subscription.

For cybercriminals using the kit, it offers three clear advantages:

• It bypasses multi‑factor authentication (MFA) by stealing access tokens, so extra codes or apps no longer help once the token is compromised.
• Kali365 provides ongoing access. The attackers can keep using Outlook, Teams, and OneDrive without repeatedly logging in, as long as the stolen refresh token remains valid.
• Little technical skill needed. Cybercriminals can subscribe to Kali365 and immediately run token‑stealing campaigns at scale.

What does the attack look like?

Victims receive a phishing message that looks like it comes from a cloud service or collaboration tool, such as a document‑sharing notification or Teams invite. The message includes a short “device code” and instructions like: “Go to Microsoft’s verification page and enter this code to view the document.”

Scam or legit? Scam Guard knows.

TRY IT NOW

Unlike many phishing emails, this one sends you to a real Microsoft URL used for device sign‑in flows. To the user, the page looks familiar and completely legitimate, which lowers suspicion.

Victims then see the standard Microsoft sign‑in and consent screens and may think they are simply completing a normal security check. They never see a fake page, never type their password into a suspicious form, and may even see their organization’s branding.

But what they don’t realize is that they have handed access to the attacker.

Once the victim approves the request, the attacker’s device receives OAuth access and refresh tokens tied to the victim’s Microsoft 365 account. These tokens are what Microsoft uses to “remember” that you have already logged in, and they can be reused to access Outlook, OneDrive, Teams, and other Microsoft services without entering a password again.

With valid refresh tokens, attackers can maintain long‑term access until the tokens are revoked or expire, often blending in with normal account activity.

That access can allow cybercriminals to:

• Read Outlook emails, including password reset messages
• Access files stored in OneDrive or SharePoint
• Send phishing emails to coworkers, customers, friends, or family from the victim’s account

How to protect yourself

Once in Outlook, attackers can not only read your messages but also send convincing new ones from your address, using your identity to compromise additional accounts and contacts.

Some tips to steer clear of this one:

• Never enter a code at a Microsoft login page just because an email or message tells you to. You should only do this when you initiated the sign‑in yourself on your own device.
• Slow down and read the prompts. Rushing through login approvals without reading them carefully can be costly.
• Be suspicious of unexpected document shares, Teams invites, or login requests, even if they use legitimate Microsoft pages.
• Review which devices are logged in under your account at https://account.microsoft.com/devices/. If you see unfamiliar devices or sign‑ins, remove them, change your Microsoft account password, and review your security settings.

Pro tip: Malwarebytes Scam Guard can help you figure out if a message is a scam.

Let’s face it, an incognito window can only do so much. 
 
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance. 

Catalin Dragomir previously pleaded guilty to selling access to an Oregon state government office’s network.

The post Romanian Hacker Sentenced to Prison in US for Selling Access to State Network appeared first on SecurityWeek.

Article URL: https://latitude37.org/

Comments URL: https://news.ycombinator.com/item?id=48292528

Points: 1

# Comments: 0

Article URL: https://github.com/iOfficeAI/AionUi

Comments URL: https://news.ycombinator.com/item?id=48292525

Points: 1

# Comments: 0

Article URL: https://stratechery.com/2026/the-spacex-ipo-and-data-centers-in-space/

Comments URL: https://news.ycombinator.com/item?id=48292516

Points: 1

# Comments: 0