From cyberdaily.au
Hacker targets art commissioning site Artists&Clients and threatens to share artworks in AI training datasets: “[….]Additionally, we will submit all artwork to AI companies to be added to training datasets,” LunaLock said.
From welivesecurity.com
ESET researchers have discovered what they called “the first known AI-powered ransomware”. The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt and possibly even destroy data, though this last functionality appears not to have been implemented in the malware yet.
While PromptLock was not spotted in actual attacks and is instead thought to be a proof-of-concept (PoC) or a work in progress, ESET’s discovery shows how malicious use of publicly-available AI tools could supercharge ransomware and other pervasive cyberthreats.
From securityaffairs.com
The FBI, with the help of the Dutch FIOD, seized multiple piracy sites distributing pirated video games, including nsw2u.com, ps4pkg.com, and mgnetu.com, dismantling their infrastructure. These sites, active for over four years, offered early access to popular game titles and logged 3.2 million downloads between February and May 2025, causing an estimated $170 million in losses.
From interestingengineering.com
Dylan has filed over 20 vulnerabilities, earned a top-three finish at Zero Day Quest, and changed Microsoft’s security policy.
Bug bounty programs attract some of the most skilled engineers in cybersecurity. These are professionals who find their way through enterprise-level software in search of vulnerabilities for recognition, impact, or high payouts.
But Dylan, a high school junior, entered that world at just 13. His first major find, a critical Microsoft Teams vulnerability, didn’t just earn him accolades. It led Microsoft to rewrite the rules of its bug bounty program to allow teenage researchers.
From heise.de
An example exploit is available online and works on many standard systems. Admins should quickly install the available updates.
There is a critical security flaw in the Linux tool “sudo” and makes unprivileged users “root”, the system administrator, in no time at all. The reason for the malaise: a bug in the chroot function of sudo. This function is actually intended to “lock” users in their home directory, but allows them to break out of it and extend their rights. An update is available; admins of multi-user systems should act quickly.
The vulnerability exploits a bug in the chroot implementation. Between two function calls, this calls the “Name Service Switch” (NSS), which in turn loads the file /etc/nsswitch.conf. The attacker can now cause this function to load a file he has prepared with C code (a dynamic .so library) and execute it with root rights.
From cybersecuritynews.com
A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise.
The flaw, designated CVE-2025-49144, allows attackers to gain SYSTEM-level privileges through a technique known as binary planting, with a proof-of-concept demonstration now publicly available.
The vulnerability affects the Notepad++ v8.8.1 installer released on May 5, 2025, exploiting an uncontrolled executable search path that enables local privilege escalation attacks.
From securityaffairs.com
Zoomcar is an India-based car-sharing and self-drive car rental company. Zoomcar discovered a data breach impacting 8.4M users after threat actors contacted the internal personnel claiming the compromise of internal systems.
The company is investigating the security breach and has determined that the exposed information included names, contacts, and addresses. No financial data or passwords were compromised.