cyber security
Bernie Sanders’ AI Sovereign Wealth Fund Plan
Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked: “Will the future...
Smashing Security podcast #471: This AI worm just rewrote its own rules
Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break...
Smashing Security podcast #470: This AI security flaw might be impossible to fix
A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying...
Smashing Security podcast #469: What your Oura ring won’t tell you
CISA, the US government agency whose entire job is keeping America's critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials...
Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers
A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a...
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
Welcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas's...
Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired
Meta's smart glasses promise privacy "designed for you" - but everything they record was being beamed off to workers in Nairobi to label by hand....
AI threats in the wild: The current state of prompt injections on the web
Posted by Thomas Brunner, Yu-Han Liu, Moni PandeAt Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adversarial activity, proactively monitoring emerging...
Bringing Rust to the Pixel Baseband
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the...
Protecting Cookies with Device Bound Session Credentials
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement, Device Bound Session...
Google Workspace’s continuous approach to mitigating indirect prompt injections
Posted by Adam Gavish, Google GenAI Security TeamIndirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications with multiple data...
VRP 2025 Year in Review
Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team2025 marked a special year in the history of vulnerability rewards and bug bounty...