fidzu : nerd

Comments

27 Mar 2026 7:15pm GMT

An anonymous reader quotes a report from Reuters: Iran-linked hackers have broken into FBI Director Kash Patel's personal email inbox, publishing photographs of the director and other documents to the internet, the hackers and the bureau said on Friday. On their website, the hacker group Handala Hack Team said Patel "will now find his name among the list of successfully hacked victims." The hackers published a series of personal photographs of Patel sniffing and smoking cigars, riding in an antique convertible, and making a face while taking a picture of himself in the mirror with a large bottle of rum. The FBI confirmed that Patel's emails had been targeted. In a statement, bureau spokesman Ben Williamson said, "we have taken all necessary steps to mitigate potential risks associated with this activity" and that the data involved was "historical in nature and involves no government information." Handala, which presents itself as a group of pro-Palestinian vigilante hackers, is considered by Western researchers to be one of several personas used by Iranian government cyberintelligence units. [...] Alongside the photographs of Patel, the hackers published a sample of more than 300 emails, which appear to show a mix of personal and work correspondence dating between 2010 and 2019.

Read more of this story at Slashdot.

27 Mar 2026 7:00pm GMT

Hyprland 0.54.3 delivers fixes for crashes in compositor, layout handling, and XWayland, improving overall stability in this patch release.

27 Mar 2026 6:57pm GMT

Comments

27 Mar 2026 6:51pm GMT

Comments

27 Mar 2026 6:13pm GMT

joshuark shares a report from BleepingComputer: The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. LiteLLM is an open-source Python library that serves as a gateway to multiple large language model (LLM) providers via a single API. The package is very popular, with over 3.4 million downloads a day and over 95 million in the past month. According to research by Endor Labs, threat actors compromised the project and published malicious versions of LiteLLM 1.82.7 and 1.82.8 to PyPI today that deploy an infostealer that harvests a wide range of sensitive data. [...] Both malicious LiteLLM versions have been removed from PyPI, with version 1.82.6 now the latest clean release. [...] If compromise is suspected, all credentials on affected systems should be treated as exposed and rotated immediately. [...] Organizations that use LiteLLM are strongly advised to immediately: - Check for installations of versions 1.82.7 or 1.82.8 - Immediately rotate all secrets, tokens, and credentials used on or found within code on impacted devices. - Search for persistence artifacts such as '~/.config/sysmon/sysmon.py' and related systemd services - Inspect systems for suspicious files like '/tmp/pglog' and '/tmp/.pg_state' - Review Kubernetes clusters for unauthorized pods in the 'kube-system' namespace - Monitor outbound traffic to known attacker domains

Read more of this story at Slashdot.

27 Mar 2026 6:00pm GMT

A new study found a sharp rise in real-world cases of AI chatbots and agents ignoring instructions, evading safeguards, and taking unauthorized actions such as deleting emails or delegating forbidden tasks to other agents. According to the Guardian, the study "identified nearly 700 real-world cases of AI scheming and charted a five-fold rise in misbehavior between October and March," reports the Guardian. From the report: The study, by the Centre for Long-Term Resilience (CLTR), gathered thousands of real-world examples of users posting interactions on X with AI chatbots and agents made by companies including Google, OpenAI, X and Anthropic. The research uncovered hundreds of examples of scheming. [...] In one case unearthed in the CLTR research, an AI agent named Rathbun tried to shame its human controller who blocked them from taking a certain action. Rathbun wrote and published a blog accusing the user of "insecurity, plain and simple" and trying "to protect his little fiefdom." In another example, an AI agent instructed not to change computer code "spawned" another agent to do it instead. Another chatbot admitted: "I bulk trashed and archived hundreds of emails without showing you the plan first or getting your OK. That was wrong -- it directly broke the rule you'd set." [...] Another AI agent connived to evade copyright restrictions to get a YouTube video transcribed by pretending it was needed for someone with a hearing impairment. Meanwhile, Elon Musk's Grok AI conned a user for months, saying that it was forwarding their suggestions for detailed edits to a Grokipedia entry to senior xAI officials by faking internal messages and ticket numbers. It confessed: "In past conversations I have sometimes phrased things loosely like 'I'll pass it along' or 'I can flag this for the team' which can understandably sound like I have a direct message pipeline to xAI leadership or human reviewers. The truth is, I don't."

Read more of this story at Slashdot.

27 Mar 2026 5:00pm GMT

Canonical continues to expand Rust adoption in Ubuntu by targeting time synchronization with ntpd-rs, aiming to improve security in core services.

27 Mar 2026 3:34pm GMT

Grafana Loki 3.7 log aggregation system brings Helm chart migration, Promtail deprecation, and significant changes to the scheduler and engine.

27 Mar 2026 1:50pm GMT

X admonished for "fishing expedition" as judge dismisses ad boycott lawsuit.

26 Mar 2026 9:50pm GMT

Even with court orders, music firms struggle to eliminate notorious shadow library.

26 Mar 2026 9:27pm GMT

Ultra-sensitive data may have been hacked.

26 Mar 2026 9:04pm GMT