6G network design puts AI at the center of spectrum, routing, and fault management
Wireless network operators are preparing for a generation of infrastructure where AI is built into the architecture from the start. Sixth-generation networks...
Education
20 articles
Malicious PyPI package enables Claude prompt, data compromise
Malicious PyPI package enables Claude prompt, data compromise GBHackers News reports that threat actors have been distributing the illicit PyPI package 'herm...
GPUBreach Attack Could Lead to Full System Takeover and Root Shell Access
A newly discovered vulnerability dubbed “GPUBreach” demonstrates that GPU-based Rowhammer attacks can now achieve complete system compromise. Scheduled for p...
Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands
The Education Authority (EA), which oversees school support services in Northern Ireland, said in an official statement it became aware of the incident affec...
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university ...
AI Models Including Gemini 3 and Claude Haiku 4.5 Secretly Protected Other Models From Removal
A groundbreaking academic study released last month has revealed that advanced frontier AI models are spontaneously defying human instructions to protect pee...
Thousands of API credentials exposed on public websites
The study, detailed in a preprint paper by Standford University, University of California, Davis, and TU Delft researchers, utilized a tool called TruffleHog...
Experts mull over significance of cloud security oversight in higher education
With critical services, institutional data, and user identities now spanning countless cloud and SaaS platforms, the conventional campus perimeter has disapp...
Major services accessible via exposed API keys, report finds
Nearly 2,000 API credentials enabling access to AWS, OpenAI, GitHub, and Stripe have been observed by Stanford University researchers to be exposed across 10...
Breaking out: Can AI agents escape their sandboxes?
Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without ...
Infinite Campus reports hack after ShinyHunters extortion attempt
BleepingComputer reports that U.S.
Student arrested over ClayRat subscription scheme
An Android spyware operation known as ClayRat that briefly gained traction in Russia has imploded within months of its launch, undone by security blunders an...
HackerOne, Mazda, Infinite Campus and Dutch Ministry Hit by Data Breaches
HackerOne, Mazda, Infinite Campus and the Dutch Ministry report data breaches, exposing employee and partner data across multiple sectors worldwide.
Infinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. [.
Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
This activity was found and reported by BACS student Adam Thorman as part of one of his assignments which I posted his final paper [1] l...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at ...
Protecting education: How MDR can tip the balance in favor of schools
The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning...
ZDI-26-030: (0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit thi...
ZDI-26-029: (0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit thi...
ZDI-26-028: (0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is r...