Google fixed a Vertex AI SDK flaw in v1.148.0 after Unit 42 showed bucket squatting could enable model hijacking and code execution.
Get the latest international news and world events from around the world.
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected.
Malicious JetBrains Marketplace plugins steal AI API keys from developers
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers.
The campaign, discovered by Aikido Security, includes plugins that act as AI coding assistants, code-review tools, and Git utilities powered by popular AI services such as OpenAI, DeepSeek, and SiliconFlow.
“We detected a coordinated malware campaign on the JetBrains Marketplace,” warns Aikido.
New Rokarolla Android malware targets 217 banking, crypto apps
A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands.
The malware is distributed via malicious websites purporting to provide the Google Chrome or TikTok app, and can take complete administrative control of a compromised device.
Its capabilities include stealing lock screen credentials, contact lists, and SMS data, as well as using keyloggers to continuously record user input.
Steam Workshop abused to spread malware via Wallpaper Engine app
Threat actors are abusing Steam Workshop, Valve’s community hub for downloading game-related content, to push various malware hidden in wallpaper packages.
Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running cryptomining processes.
Steam Workshop is a built-in content-sharing platform on Valve’s Steam gaming service where users can upload and download community-created content for games and applications.
Scientist’s ‘mini‑universe’ measures time without clock
The experiment addresses a long-standing question in physics — in some theories of the universe, there is no built‑in clock so how do you tell what comes ‘before’ and ‘after’ without external time?
Professor Barontini showed that the system follows the standard equations of quantum physics and demonstrates that deep questions about the nature of time — usually discussed only in theories about the universe as a whole — can be tested in controlled laboratory experiments.
The experiment provides a powerful testbed for ideas in quantum cosmology and gravity, meaning that ideas relating to the early universe can now be tested experimentally in the lab.
