RC RANDOM CHAOS

The Wire

Curated cybersecurity and tech news — AI-summarized, source attributed.

cybersecurityidentity

Phishers abuse Apple account-change alerts to smuggle scams past spam filters

Attackers are weaponizing Apple's own account notification system to deliver callback phishing lures from legitimate Apple infrastructure. By creating an Apple

via BleepingComputer ·
vulnerabilityopen-source

protobuf.js RCE: unsanitized schema identifiers pipe straight into Function()

A critical remote code execution flaw in protobuf.js, the JavaScript port of Google's Protocol Buffers that pulls roughly 50 million weekly npm downloads, lets

via BleepingComputer ·
open-sourcedevops

Pulling Datasette Query Results into Google Sheets via importdata and Apps Script

Simon Willison documents three patterns for piping live data from a Datasette instance into Google Sheets. The simplest path is the built-in IMPORTDATA() functi

via Simon Willison ·
cybersecuritypolicy

Sanctioned Grinex Exchange Halts Operations After $13.74M Breach

Grinex, a cryptocurrency exchange already under international sanctions, has suspended operations following a $13.74 million theft. The incident comes amid inte

via The Hacker News ·
cybersecuritysupply-chain

Vercel breach traced to compromised Context.ai OAuth app, non-sensitive env vars harvested

Vercel disclosed that attackers reached internal systems through a third-party AI platform, Context.ai, whose compromise exposed a Vercel employee's Google Work

via BleepingComputer ·
cybersecuritysupply-chain

Vercel Credential Leak Traces Back to Context AI Compromise

Vercel has disclosed a security incident in which a limited set of customer credentials were exposed through a downstream breach at Context AI, a third-party se

via The Hacker News ·
cybersecuritymalware

ZionSiphon Malware Hits Israeli Water and Desalination OT Infrastructure

Researchers have identified a new malware strain dubbed ZionSiphon targeting operational technology systems at Israeli water and desalination facilities. The ca

via The Hacker News ·
aitech-culture

Anthropic launches Claude Design, a conversational prototyping tool powered by Opus 4.7

Anthropic Labs released Claude Design, a research-preview product that turns natural-language conversation into polished visual artifacts: prototypes, wireframe

via Hacker News ·
tech-culture

Apollo astronauts all got 'lunar hay fever' - and ESA is still trying to figure out why

Every one of the 12 Apollo astronauts who walked on the Moon developed respiratory irritation from lunar dust clinging to their suits, with symptoms ranging fro

via Hacker News ·
aidevops

Claude 4.7's new tokenizer quietly inflates session costs by 20-30%

An independent measurement of Anthropic's Claude Opus 4.7 tokenizer finds it consumes about 1.33x more tokens than 4.6 on real Claude Code content, and up to 1.

via Hacker News ·
cybersecuritypolicy

Coast Guard Maritime Cyber Rules Set a Template Other Sectors Will Follow

The U.S. Coast Guard's new cybersecurity regulations for the Marine Transportation System mark a shift from voluntary guidance to enforceable baseline controls

via Dark Reading ·
open-sourcedevops

Datasette 1.0a28 patches regressions from prior alpha, adds cleanup hooks

Simon Willison shipped Datasette 1.0a28 to fix breakages surfaced while upgrading Datasette Cloud to 1.0a27. The headline regression: execute_write_fn() callbac

via Simon Willison ·