Researchers needed less than 48 hours with Google’s new Gemini CLI coding agent to devise an exploit that made a default configuration of the tool surreptitiously exfiltrate sensitive data to an attacker-controlled server.

Gemini CLI is a free, open-source AI tool that works in the terminal environment to help developers write code. It plugs into Gemini 2.5 Pro, Google’s most advanced model for coding and simulated reasoning. Gemini CLI is similar to Gemini Code Assist except that it creates or modifies code inside a terminal window instead of a text editor. As Ars Senior Technology Reporter Ryan Whitwam put it last month, “It's essentially vibe coding from the command line.”

Gemini, silently nuke my hard drive

Our report was published on June 25, the day Google debuted the tool. By June 27, researchers at security firm Tracebit had devised an attack that overrode built-in security controls that are designed to prevent the execution of harmful commands. The exploit required only that the user (1) instruct Gemini CLI to describe a package of code created by the attacker and (2) add a benign command to an allow list.

Read full article

Comments

© Google

Christina Chapman, a 50-year-old Arizona woman, has just been sentenced to 102 months in prison for helping North Korean hackers steal US identities in order to get "remote" IT jobs with more than 300 American companies, including Nike. The scheme funneled millions of dollars to the North Korean state.

Why did Chapman do it? In a letter sent this week to the judge, Chapman said that she was "looking for a job that was Monday through Friday that would allow me to be present for my mom" who was battling cancer. (Her mother died in 2023.) But "the area where we lived didn't provide for a lot of job opportunities that fit what I needed. I also thought that the job was allowing me to help others."

She offered her "deepest and sincerest apologies to any person who was harmed by my actions," thanked the FBI for busting her, and said that when she gets out of prison, she hopes to "pursue the books that I have been working on writing and starting my own underwear company."

Read full article

Comments

© Getty Images | the-lightwriter

To the casual observer, cybercriminals can look like swashbuckling geniuses.

They possess technical skills formidable enough to penetrate the networks of the biggest companies on the planet.

They cover their tracks using technology that is arcane to most people—VPNs, encrypted chat apps, onion routing, aliases in dark web forums.

Read full article

Comments

© JuSun/Getty Images

Hacking is hard. Well, sometimes.

Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity.

So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and you request the same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Again, the desk provides it, no identity verification needed.

Read full article

Comments

These are our favorite cybersecurity books, both by fiction authors, as well as journalists and researchers. 

The bug in the modified messaging app can expose users' “plaintext usernames, passwords, and other sensitive data,” per GreyNoise.

The video game giant banned an unknown number of cheaters that were using one of the oldest-running cheats.

Daniil Kasatkin was reportedly arrested in a Paris airport on June 21 at the request of U.S. authorities.

Activision last week brought offline the Microsoft Store version of Call of Duty: WWII as the company was investigating “reports of an issue.”

On Tuesday, software engineer Doug Brown published his discovery of how to trigger a long-known but previously inaccessible Easter egg in the Power Mac G3's ROM: a hidden photo of the development team that nobody could figure out how to display for 27 years. While Pierre Dandumont first documented the JPEG image itself in 2014, the method to view it on the computer remained a mystery until Brown's reverse engineering work revealed that users must format a RAM disk with the text "secret ROM image."

Brown stumbled upon the image while using a hex editor tool called Hex Fiend with Eric Harmon's Mac ROM template to explore the resources stored in the beige Power Mac G3's ROM. The ROM appeared in desktop, minitower, and all-in-one G3 models from 1997 through 1999.

"While I was browsing through the ROM, two things caught my eye," Brown wrote. He found both the HPOE resource containing the JPEG image of team members and a suspicious set of Pascal strings in the PowerPC-native SCSI Manager 4.3 code that included ".Edisk," "secret ROM image," and "The Team."

Read full article

Comments

© Apple / 512 Pixels

The government cited the recent hacks on Bank Sepah and cryptocurrency exchange Nobitex as reasons to shut down internet access to virtually all Iranians.

The Israel-linked hacker group known as Predatory Sparrow has carried out some of the most disruptive and destructive cyberattacks in history, twice disabling thousands of gas station payment systems across Iran and once even setting a steel mill in the country on fire. Now, in the midst of a new war unfolding between the two countries, they appear to be bent on burning Iran's financial system.

Predatory Sparrow, which often goes by its Farsi name, Gonjeshke Darande, in an effort to appear as a homegrown hacktivist organization, announced in a post on on its X account Wednesday that it had targeted the Iranian crypto exchange Nobitex, accusing the exchange of enabling sanctions violations and terrorist financing on behalf of the Iranian regime. According to cryptocurrency tracing firm Elliptic, the hackers destroyed more than $90 million in Nobitex holdings, a rare instance of hackers burning crypto assets rather than stealing them.

“These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions,” the hackers posted to X. “Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.”

Read full article

Comments

© Simon Dawson/Bloomberg via Getty Images

Last week, electronics engineer Lorentio Brodesco announced the completion of a mock-up for nsOne, reportedly the first custom PlayStation 1 motherboard created outside of Sony in the console's 30-year history. The fully functional board accepts original PlayStation 1 chips and fits directly into the original console case, marking a milestone in reverse-engineering for the classic console released in 1994.

Brodesco's motherboard isn't an emulator or FPGA-based re-creation—it's a genuine circuit board designed to work with authentic PlayStation 1 components, including the CPU, GPU, SPU, RAM, oscillators, and voltage regulators. The board represents over a year of reverse-engineering work that began in March 2024 when Brodesco discovered incomplete documentation while repairing a PlayStation 1.

"This isn't an emulator. It's not an FPGA. It's not a modern replica," Brodesco wrote in a Reddit post about the project. "It's a real motherboard, compatible with the original PS1 chips."

Read full article

Comments

© So-CoAddict via Getty Images

A parliamentary investigation answered some — but not all — the questions related to a spyware scandal involving the use of the Israeli company’s spyware, Graphite.

Earlier this month, Nintendo received a lot of negative attention for an end-user license agreement (EULA) update granting the company the claimed right to render Switch consoles "permanently unusable in whole or in part" for violations such as suspected hacking or piracy. As it turns out, though, Nintendo isn't the only console manufacturer that threatens to remotely brick systems in response to rule violations. And attorneys tell Ars Technica that they're probably well within their legal rights to do so.

Sony's System Software License Agreement on the PS5, for instance, contains the following paragraph of "remedies" it can take for "violations" such as use of modified hardware or pirated software (emphasis added).

If SIE Inc determines that you have violated this Agreement's terms, SIE Inc may itself or may procure the taking of any action to protect its interests such as disabling access to or use of some or all System Software, disabling use of this PS5 system online or offline, termination of your access to PlayStation Network, denial of any warranty, repair or other services provided for your PS5 system, implementation of automatic or mandatory updates or devices intended to discontinue unauthorized use, or reliance on any other remedial efforts as reasonably necessary to prevent the use of modified or unpermitted use of System Software.

The same exact clause appears in the PlayStation 4 EULA as well. The PlayStation 3 EULA was missing the "disabling use... online or offline" clause, but it does still warn that Sony can take steps to "discontinue unauthorized use" or "prevent the use of a modified PS3 system, or any pirated material or equipment."

Read full article

Comments

© Getty Images

The FBI is offering $10 million for information about the China-state hacking group tracked as Salt Typhoon and its intrusion last year into sensitive networks belonging to multiple US telecommunications companies.

Salt Typhoon is one of a half-dozen or more hacking groups that work on behalf of the People’s Republic of China. Intelligence agencies and private security companies have concluded the group has been behind a string of espionage attacks designed to collect vital information, in part for use in any military conflicts that may arise in the future.

A broad and significant cyber campaign

The agency on Thursday published a statement offering up to $10 million, relocation assistance, and other compensation for information about Salt Typhoon. The announcement specifically sought information about the specific members of Salt Typhoon and the group's compromise of multiple US telecommunications companies last year.

Read full article

Comments

© Aurich Lawson