Tridium Niagara flaws expose critical infrastructure to takeover if misconfigured, affecting security and system uptime.
Category: security – Page 3
Flaw in Gemini CLI AI coding assistant allowed stealthy code execution
A vulnerability in Google’s Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers’ computers using allowlisted programs.
The flaw was discovered and reported to Google by the security firm Tracebit on June 27, with the tech giant releasing a fix in version 0.1.14, which became available on July 25.
Gemini CLI, first released on June 25, 2025, is a command-line interface tool developed by Google that enables developers to interact directly with Google’s Gemini AI from the terminal.
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data.
TCC is a security technology and a privacy framework that blocks apps from accessing private user data by providing macOS control over how their data is accessed and used by applications across Apple devices.
Apple has fixed the security flaw tracked as CVE-2025–31199 (reported by Microsoft’s Jonathan Bar Or, Alexia Wilson, and Christine Fossaceca) in patches released in March for macOS Sequoia 15.4 with “improved data redaction.”
Pushing the limits of chip design
Khalifa University is building the foundation for a smarter, more secure and more connected world, one silicon chip at a time.
In the rapidly evolving world of artificial intelligence and smart devices, the System-on-Chip Lab (SoCL) at Khalifa University is emerging as a regional hub of innovation. Led by Baker Mohammad, a professor of Computer and Information Engineering and a veteran with 15 years of experience at tech giants Intel and Qualcomm, the lab is uniquely positioned to bridge the gap between fundamental research and market-ready solutions.
“We’re the only facility in the region with comprehensive expertise across the full electronics design stack, from devices to circuits to systems,” Mohammad explains. This distinctive capability allows the lab to address critical challenges in energy-efficient, high-performance edge devices for data-intensive AI applications, while also integrating hardware security to protect sensitive user data.
Hackers breach Toptal GitHub account, publish malicious npm packages
Hackers compromised Toptal’s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index.
The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims’ systems.
Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also maintains internal developer tools and design systems, most notably Picasso, which they make available through GitHub and NPM.
OpenAI CEO Sam Altman warns of an AI ‘fraud crisis’
OpenAI CEO Sam Altman says the world may be on the precipice of a “fraud crisis” because of how artificial intelligence could enable bad actors to impersonate other people.
“A thing that terrifies me is apparently there are still some financial institutions that will accept a voice print as authentication for you to move a lot of money or do something else — you say a challenge phrase, and they just do it,” Altman said. “That is a crazy thing to still be doing… AI has fully defeated most of the ways that people authenticate currently, other than passwords.”
The comments were part of his wide-ranging interview about the economic and societal impacts of AI at the Federal Reserve on Tuesday. He also told the audience, which included, representatives of large US financial institutions, about the role he expects AI to play in the economy.
Windows KB5064489 emergency update fixes Azure VM launch issues
Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled.
The bug impacted Windows Server 2025 and Windows 11 24H2 and was introduced during the July Patch Tuesday security updates.
“This update addresses an issue that prevented some virtual machines (VMs) from starting when Virtualization-Based Security (VBS) was enabled,” explains Microsoft.
A chaos-modulated metasurface for physical-layer secure communications
With so many people using devices that can be connected to the internet, reliably securing wireless communications and protecting the data they are exchanging is of growing importance. While computer scientists have devised increasingly advanced security measures over the past decades, the most effective techniques rely on complex algorithms and intensive computations, which can consume a lot of energy.
Researchers at Peking University, Southeast University, University of Sannio and other institutes recently introduced a new approach for securing communications both effectively and energy-efficiently, which relies on a reconfigurable metasurface with properties that are modulated by chaotic patterns.
This approach, outlined in a paper published in Nature Communications, is based on an idea conceived by the senior authors Vincenzo Galdi, Lianlin Li and Tie Jun Cui, who oversaw the project. The idea was then realized at Peking University and Southeast University by junior authors JiaWen Xu Menglin Wei and Lei Zhang.