All articles tagged with #hacking
Insider Gaming reports a security flaw in PlayStation Network where attackers can hijack PSN accounts using only a public PSN ID and a piece of old transaction data, with Sony support potentially bypassing standard protocols to change the account email and disable 2FA; the revelation follows high-profile hacks like Colin Moriarty’s, underscoring rising risks and prompting calls for Sony to respond and for users to protect their PSN IDs.
Instructure, which runs Canvas, says it has reached a deal with hackers who breached its systems, stole data from almost 9,000 schools and about 275 million people, and threatened to release it unless paid; the company did not disclose whether a ransom was paid but confirmed the stolen data has been returned and that exploited free-teacher accounts have been disabled, with steps ongoing to bolster security.
Google’s threat intelligence group says unnamed cybercrime actors teamed up to weaponize an AI-generated zero-day in a Python script that could bypass two-factor authentication on a popular open-source system; the attack was thwarted and the vulnerability disclosed to the vendor, highlighting that AI-assisted hacking is already underway as criminals and state actors explore AI to find and exploit software flaws, including malware like PromptSpy that uses Gemini to autonomously navigate Android devices.
A data breach on the Canvas education platform exposed personal data from almost 9,000 schools and up to 275 million people, with attackers pressing for ransom. The incident disrupted finals, underscored the vulnerability of school systems to edtech breaches, and adds to ongoing concerns about data privacy and cybersecurity in education.
WIRED’s security roundup this week covers a Yarbo robot lawn mower with remote-hacking flaws, Meta ending end-to-end encryption for Instagram DMs, a Trump administration counterterrorism strategy targeting ‘violent left-wing extremists,’ a Canvas ransomware incident, Chrome’s Gemini Nano AI model, exposed vibe-coded apps, a DHS subpoena of Google, Russia’s elite hacking training, and Poland’s water-utility breaches—along with other notable security and privacy developments.
Pragmata on Nintendo Switch 2 is a strong port that fuses a puzzle-based hacking system with action shooting, driven by the relationship between Hugh and Diana. It runs smoothly on Switch 2 in both handheld and docked modes thanks to VRR, with a striking sci-fi aesthetic and a versatile weapon/hacking loadout. While some boss fights feel tedious and there are a few visual compromises, the game remains momentum-heavy for its 10–15 hour runtime, earning a 9/10 and setting up the potential for a new Capcom franchise.
A pro-Iranian group called Handala claims it hacked FBI Director Kash Patel’s personal email, releasing photos and more than a decade’s worth of personal documents. The FBI says the information is historical and not government data, and it’s unclear when the breach occurred. Handala has previously targeted U.S. entities, and the Justice Department has seized domains tied to Iranian hacking networks; the Trump administration is offering up to $10 million for information identifying Handala members.
A pro-Iranian hacker group claimed credit for hacking the personal account of FBI Director Kash Patel, in a cybersecurity incident linked to ongoing threats against U.S. officials.
The FBI seized four domains linked to actors tied to Iran’s Ministry of Intelligence and Security, including the pro-Iranian group Handala, that were used to conduct psychological operations such as threats and leaked data after the Stryker cyberattack; the DOJ says the campaign aims to coercively shape narratives and intimidate dissidents and journalists, with incidents including death threats and a Handala-linked attack that disrupted Maryland hospitals.
Researchers reveal a new hack called DarkSword that can instantly access data on iPhones running iOS 18.4–18.6.2 simply by visiting a malicious webpage. It’s a fileless attack that can grab sensitive data (including messages, iCloud content, and crypto wallets) and then erase itself. Apple has patched related flaws in newer iOS releases (26 and 18.7) and recommends updating; Safari’s Safe Browsing can block some of the malicious URLs. While about 24% of iPhone users remain on iOS 18, applying available updates mitigates the risk.
Researchers warn that a powerful iPhone-hacking toolkit called DarkSword, linked to Russian operators, is being used on infected websites to instantly compromise iPhones running iOS 18. The fileless attack targets older iOS versions (not iOS 26), can exfiltrate passwords, messages, photos, health data, and crypto wallets, and has already appeared in multiple countries and on Ukrainian sites. Apple has issued security updates and Lockdown Mode provides protection, but the revelation underscores a growing market for easily reusable exploits sold by brokers, risking hundreds of millions of users still on vulnerable iOS versions.
Hackaday details a reverse-engineering project showing that older optical Emergency Vehicle Preemption (EVP) systems can be spoofed. By analyzing Tomar Strobecom and Opticom hardware, the researcher demonstrated that infrared preemption signals can be replicated and, in some cases, a valid vehicle ID can be transmitted with an Arduino-based transmitter, highlighting potential security risks and stressing the legal and safety implications of attempting such exploits.
Italy said it blocked a series of cyberattacks traced to Russia aimed at government and Olympic sites—targeting foreign ministry facilities, the Russian embassy in Washington, Winter Olympic websites, and Cortina hotels—weeks before the opening ceremony, with Russia barred from competing in the Games.
Ubisoft temporarily took Rainbow Six Siege offline over the holidays due to a hacker attack that caused account bans, credit and skin giveaways, and other disruptions. The game was re-launched on December 29 after rollback and investigation, with ongoing connectivity issues still reported. Ubisoft assured players no penalties would result from the hack and clarified that a separate ban wave was unrelated.
A creative project where a receipt printer was modified to display and run the game DOOM, involving OS changes and scripting to print game frames, showcasing an unusual way to play classic games on unconventional hardware.