The Hacker News

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Nine “LeakyLooker” flaws in Google Looker Studio allowed cross-tenant SQL access across GCP services before being patched.
ESPN

Patriots' Maye: Had injection for shoulder before Super Bowl

SANTA CLARA, Calif. -- New England Patriots quarterback Drake Maye said he received a pain-killing injection for his injured right throwing shoulder before the team's 29-13 loss to the Seattle ...
VentureBeat

Infostealers added Clawdbot to their target lists before most security teams knew it was running

Clawdbot's MCP implementation has no mandatory authentication, allows prompt injection, and grants shell access by design. Monday's VentureBeat article documented these architectural flaws. By ...
Jalopnik

Is Fuel Injection Service Worth It Or Just A Rip-Off? Here's When You Actually Need It

You know the drill by now. You're sitting in the purgatory of the service center waiting room. Precisely 63 minutes into your wait, the service adviser walks out with a clipboard and calls your name — ...
TechCrunch

Apple alerts exploit developer that his iPhone was targeted with government spyware

Earlier this year, a developer was shocked by a message that appeared on his personal phone: “Apple detected a targeted mercenary spyware attack against your iPhone.” “I was panicking,” Jay Gibson, ...
ZDNet

This new Android exploit can steal everything on your screen - even 2FA codes

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...
CoinTelegraph

Failed NPM exploit highlights looming threat to crypto security: Exec

Ledger chief technology officer Charles Guillemet said that while the immediate danger had passed, the threat still exists. A recent Node Package Manager (NPM) attack stole just $50 worth of crypto, ...
Searchenginejournal.com

Perplexity Comet Browser Vulnerable To Prompt Injection Exploit

Brave described a vulnerability that can be activated when a user asks the Comet AI browser to summarize a web page. The LLM will read the web page, including any embedded prompts that command the LLM ...
Wired

Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

For likely the first time ever, security researchers have shown how AI can be hacked to create real-world havoc, allowing them to turn off lights, open smart shutters, and more. Each unexpected action ...
CoinTelegraph

How $220M was stolen in minutes: Understanding the Cetus DEX exploit on Sui

When liquidity attracts attackers: What went wrong on Cetus? On May 22, 2025, Cetus Protocol, the primary decentralized exchange (DEX) on the Sui blockchain, suffered a major hack, marking one of the ...
IEEE

Adversarial Threats and Defense Mechanisms in Machine Learning-Based SQL Injection Detection: A Security Analysis

Abstract: QL injection (SQLi) is a type of cyber attack where malicious code is inserted into a SQL query through an input field in a web application. This exploit targets vulnerabilities in the ...