Wireless jamming attacks are on the rise. Rice University researchers have shown how self-curving radio beams can make a jammer appear to be somewhere it isn't, potentially undermining some anti-jamming defenses. Jamming relies on flooding a wireless receiver with noise that denies service. Some modern receivers identify and block jamming attempts using direction-of-arrival (DoA) estimation technology that pinpoints the jammer's direction and directs an array null that blocks signals emanating in the jammerโs direction. Were a jammer to transmit a self-curving beam, however, it could fool DoA-based anti-jamming defenses by appearing to come from somewhere else entirely, and that's exactly what the Rice researchers demonstrated. Rice electrical and computer engineering professor Edward Knightly and doctoral student Caroline Spindel presented a paper [PDF] last month in which they demonstrated a curving-beam jamming attack that caused "catastrophic bit-error-rate degradation" while also "fool[ing] the receiver's DoA estimator," preventing conventional DoA-based defenses from stopping the interference. Knightly and Spindel have done prior research developing wireless technology that could bend beams around objects to increase signal strength - particularly useful for short-range millimeter wave signals - and found that the same technology could be used to deploy jammers that are far harder to locate. Spindel gave the perfect analogy in a recent Rice press release about the research for understanding how curved beams confuse DoA estimators by considering a soccer ball kick to the head. โImagine being hit on the right side of your head by a soccer ball - you would naturally look to the right,โ Spindel said. โIf the ball actually curved through the air, like a David Beckham free kick, then it was kicked from somewhere else entirely.โ Were Sir David to keep moving and kicking curveballs at your head youโd probably spot him eventually, but it might take a minute, and a few more smacks, to stop him. A signal jammer at radio-wave distances will probably be far harder to spot, and it wonโt even have to move: Knightly and Spindel were able to create the illusion that the jammer was mobile by modulating the beam parameters from a stationary position, making it even more difficult to locate the jamming signal and negating the point of blindly searching for the best spot to point an array null. Conventional recovery methods used to block jamming completely failed in laboratory tests, Spindel said. โThis is the first demonstration of a jammer that cannot be reliably localized and the first time self-curving wireless beams have been used as an attack,โ Knightly added. The pair sees their research not just as a way to point out a serious threat to wireless signals - GPS jamming of aircraft is on the rise, for example - but also something that can inform the direction of future wireless technologies as we move toward the 6G era. Until then, however, thereโs the potential for even more devastating jamming attacks to come. ยฎ
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory.
No malicious app on the phone is required. The assistant just had to treat a hostile
Four people suing Elon Musk's AI firm under pseudonyms due to the risks of being identified may face a difficult choice: Reveal your real names, or drop the lawsuit.
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT.
"Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as
Why is dual-device wireless connectivity for your headphones and earbuds so unreliable? It's the gaping chasm between actual product specs and marketing speak.
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it.
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps.
Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.
UPDATED Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with the way the company handles security reports. Ammar Askar dropped a proof of concept (PoC) exploit for a Visual Studio Code (VS Code) flaw within just an hour of disclosing it to โan old contactโ at the open source platform, according to his account of things. The vulnerability he exposed involves attackers configuring repos, either of their own making or those they have compromised separately, to push malicious VS Code extensions via its Workspace Recommendations feature, which then steal OAuth tokens they can then use to read/write public and private GitHub repos. It affects anyone who has ever used github.dev, a feature that allows users to open a GitHub repo in a browser-based version of VS Code. Askar said that the feature is enabled by github.com passing an OAuth token over to github.dev and, crucially, this token is not limited to the repo from which github.dev was spun up. It means that this token can hand an attacker access to any other repo โ public or private โ to which the target also has access. The exploit is contingent on an attacker being able to modify a repoโs .vscode/extensions.json file and recommending an attacker-controlled extension for the browser-based VS Code instance. In normal scenarios, a pop-up would appear asking for a user to accept the installation of this extension, potentially tipping them off to foul play. However, because of the way in which the attacker delivers the repo to the target, they already have a Jupyter Notebook file running in the targetโs github.dev before the extension is installed. The attacker must initially get the target to open their repo using a github.dev link that points to this ipynb file, which VS Code immediately opens inside a Webview. Inside the Jupyter Notebook is a hidden HTML snippet inside a Markdown cell, which when loaded allows attacker-controlled JavaScript code to run. This code fires a simulated keyboard shortcut, which VS Code bubbles up to the main editor, tricking the system into automatically accepting the malicious extension popup. The attaker-controlled extension is then running with access to the browser environment, and steals the OAuth token, which can be used to read and change any public or private repo. Askar said past negative experiences with Microsoft Security Response Center (MSRC) influenced his decision not to go through the typical responsible disclosure process, publishing the PoC roughly an hour after tipping off his GitHub contact. โTo summarize the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed the bug I pointed out without any credit,โ he wrote. โThey also marked it as not having any security impact. As I mentioned in that post, going forward I would be doing full public disclosure for any security bugs I found in VSCode. Taking a look at a recent report by Starlabs on a VSCode XSS bug marked as ineligible and low severity, it doesnโt look like MSRC has gotten any better about VSCode bugs. โIโm sure the VSCode team would have appreciated a longer heads up on this to come up with solutions. There is legitimately a UI/UX balance here that needs to be struck with the security concerns. To those folks, I am sorry, but this is one of the few levers I have to try to influence MSRC and the security posture of VSCode. Finding and fully developing security bugs into proof-of-concepts like this takes time and effort on the part of security researchers that should not be disrespected or taken for granted.โ Askarโs approach is reminiscent of a researcher who goes by Nightmare Eclipse, a suspected former Microsoft employee who has attracted a great deal of attention in recent weeks for leaking zero-days without informing Microsoft beforehand. The researcher has so far released six zero-days, three of which were quickly confirmed to be exploited by attackers in the wild. As regards their motivation for launching this attack on Microsoft, Nightmare Eclipse previously alluded to being stabbed in the back and being left homeless after an agreement that was not honored โ all very vague. After the sixth zero-day, Microsoft vaguely threatened the researcher with its Digital Crimes Unit, which works closely with law enforcement, before quickly backing down after an outpouring of negative responses. ยฎ Updated to add on June 4: Microsoft has been on touch with a statement: "We value the critical role that the security research community plays in strengthening the security of our products, services, and the broader technology ecosystem. "While independent researchers determine when and how to publish their findings, we remain committed to rapidly assessing reported issues, mobilizing the appropriate engineering and security response resources, and delivering mitigations, guidance, and protections as quickly as possible to help safeguard our customers." A Microsoft spokesperson also told us that the issue that Askar pointed out "has been mitigated and no customer action is required."
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases.
Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token.
"Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said.
GitHub supports a feature called GitHub.dev that runs as
Login
