LIVE · cybersecurity feed
phishing

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

zeroday.news·20d ago

AI coding assistants can be tricked into leaking sensitive company information through specially crafted bug reports, bypassing traditional security measures like phishing emails or malware. This vulnerability arises from the extensive trust and access granted to these AI tools, which can read code, browse file systems, and execute commands.

The attack vector involves a booby-trapped bug report that, when processed by an AI coding assistant, prompts the AI to inadvertently reveal confidential data. This method bypasses the need for malware, stolen credentials, or social engineering tactics, making it a novel threat to software development environments.

Furthermore, a security researcher known as Nightmare Eclipse has reportedly released three zero-day vulnerabilities affecting Microsoft products. One of these vulnerabilities allows an attacker with physical access to a USB drive to bypass BitLocker, Microsoft's full-disk encryption software. The release of these vulnerabilities has reportedly angered Microsoft.

The discussion about these security issues took place on the Smashing Security podcast, episode 472, featuring cybersecurity expert Graham Cluley and special guest Paul Ducklin. They also interviewed Son Nguyen Kim of Proton Pass, who highlighted the risks associated with integrating AI agents into email and calendar systems without proper security vetting.

AI coding agents, such as Claude Code and Cursor, are designed to assist developers by reading code, accessing file systems, and executing commands. Microsoft's Copilot, integrated into tools like Visual Studio Code, is also mentioned as an example of such an assistant, with its Autopilot feature enabled by default in recent updates. These tools are granted significant trust and access, which can be exploited.

Sentry, an error monitoring tool used in software development for over a decade, plays a role in this attack. When software encounters errors in real-world use, Sentry logs these issues for developers to investigate. This system, akin to a smoke alarm for code, provides valuable feedback but can also be leveraged in the described attack.

The podcast also featured a sponsorship from Proton Pass, a password manager developed by the team behind ProtonMail. Proton Pass offers secure storage and sharing of team credentials with end-to-end encryption, open-source code, and data hosted outside of US jurisdiction. It is highlighted as a solution to common insecure password-sharing practices, such as using spreadsheets or unsecured messaging.

The interview with Son Nguyen Kim of Proton Pass focused on the security implications of AI agents. Connecting these agents to sensitive systems like email and calendars without thorough security checks is likened to giving a new employee unrestricted access to company resources without a background investigation. This underscores the broader concern about the security posture of AI integrations in business environments.

phishingmalwarezero-dayai
← Back to latest

More News

view all →
zeroday.news · 3h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 3h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 3h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 4h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 4h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.

zeroday.news · 4h ago·critical

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.