The Hacker News

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Nine “LeakyLooker” flaws in Google Looker Studio allowed cross-tenant SQL access across GCP services before being patched.

The New Turing Test: How Threats Use Geometry to Prove 'Humanness'

Malware is evolving to evade sandboxes by pretending to be a real human behind the keyboard. The Picus Red Report 2026 shows 80% of top attacker techniques now focus on evasion and persistence, ...

An AI Agent Broke Into McKinsey’s Internal Chatbot and Accessed Millions of Records in Just 2 Hours

A red-team experiment found an AI agent could autonomously exploit a vulnerability in McKinsey’s internal chatbot platform, exposing millions of conversations before the issue was patched.
The Hacker News

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Modified AuraInspector scans misconfigured Salesforce Experience Cloud sites, extracting CRM data and enabling targeted vishing campaigns.