kidnapped Archives - usatoday24

They have kidnapped agents from Anthropic, Google and Microsoft for the sake of science. The three companies ended up paying

April 18, 2026 by usatoday24

In some development teams it is already becoming common to rely on artificial intelligence agents to review incidents, analyze code changes and move through tasks that were previously left in human hands. The problem appears when these systems not only read information that may come from outside, but also operate in spaces where they coexist. sensitive keys, tokens and permissions. That is what recent research puts on the table: we are not simply facing a useful tool that can make mistakes, but rather an architecture that can also become dangerous if it is deployed without very clear limits. The alarm has been turned on Aonan Guan and Johns Hopkins researchers Zhengyu Liu and Gavin Zhong after demonstrating attacks against three agents deployed on the aforementioned platform: Claude Code Security Review, from Anthropic, Gemini CLI Action, from Google, and GitHub Copilot Agent, a GitHub tool under Microsoft. According to your documentation, The failures were communicated in a coordinated manner and ended in financial rewards paid by the companies, but what is relevant is that they point to a broader problem. This is how they managed to twist the agents from within The name that Guan gives to the discovery helps a lot to understand what this is all about: “Comment and Control.” The idea is simple to explain, although the substance is not so simple. Instead of setting up an external infrastructure to direct the attack, GitHub itself acts as an entry and exit channel: the attacker leave the instruction in a titlean incident or a comment, the agent processes it as if it were part of normal work and the result ends up reappearing within that same environment. Everything stays at home, and that is precisely the key to the problem. And that “everything stays at home” is not a minor detail, but the basis of what the research describes. The three agents share a very similar logic: they read normal content from GitHub, incorporate it as a work context, and from there, execute actions within automated flows. The clash appears because that same space not only contains text sent by third parties, but also tools, permissions and secrets that the agent needs to operate. The first case Guan details concerns Claude Code Security Review, an Anthropic GitHub action designed to review code changes and look for possible security flaws. Up to this point, everything is within what was expected. The problem, as the researcher explains, is that it was enough to introduce malicious instructions in the title of a pull requestwhich is the request that someone sends to propose changes to a project, so that the agent will execute commands and return the result as if it were part of your review. The team then managed to go a step further and demonstrate that it could also extract credentials from the environment. The interesting thing is that the same scheme also appeared in the other two services, although with nuances. At Google, Gemini CLI Action could be pushed to reveal the GEMINI_API_KEY from instructions snuck into an issue and its comments; In GitHub Copilot Agent, the variant was even more worrying, because the attack was hidden in an HTML comment that a person did not see on the screen, but the agent did process when another person assigned it to the case. In both scenarios, the background was the same again: apparently normal content that ended up twisting the behavior of the system until exposing credentials or sensitive information within GitHub itself. Guan assures that the pattern made it possible to leak API keys, GitHub tokens and other secrets exposed in the environment where the agent ran, that is, just the credentials that can later open the door to much more delicate actions. Who does this affect? Especially to repositories that run agents in GitHub Actions on content sent by untrustworthy collaborators and, in addition, give them access to secrets or powerful tools. The researcher himself clarifies that the risk depends a lot on the configuration: by default GitHub does not expose secrets to pull requests from forksbut there are deployments that open that door. And here another layer of the matter appears, less technical but just as important. As published by The RegisterAnthropic, Google, and GitHub ended up paying bounties for the findings, but none of the three had published public notices or assigned CVE at the time of that information. Guan was quite clear about this: he said he knew “for certain” that some users were still stuck on vulnerable versions and warned that, without visible communication, many may never know that they were exposed or even being attacked. So although there were mitigations and changes in documentation or in the internal treatment of reports, there was no equivalent public notice for all those potentially affected. Anthropic settled the case on November 25, 2025 and paid $100 Google rewarded the discovery on January 20, 2026 with $1,337 GitHub closed the case on March 9, 2026 with a payment of $500 What makes this case especially delicate is that GitHub does not seem like the end of the road, but rather the first visible showcase. Guan argues that the same pattern can probably be reproduced in other agents who work with tools and secrets within automatic flows, and there he mentions from Slack-connected bots to Jira agentsmail or deployment automation. The logic is the same again: if the system has to read external content to do its job and also has enough access to act, the field is fertile for someone to try to twist it from within. The conclusion that Guan reaches is not about selling a magic solution, but about returning to a fairly classic idea in security: giving each system only what is essential to do its job. If an agent reviews code, they shouldn’t have access to tools or secrets they don’t need; If you’re just summarizing issues, it wouldn’t make sense for you to write to GitHub or touch sensitive credentials. That … Read more

Some of the most advanced satellites in the world seemed untouchable. Two hackers showed that they could be kidnapped

September 11, 2025 by usatoday24

In satellites, each maneuver depends on software that is rarely subjected to public security evidence. Demonstrations in controlled environments have put vulnerabilities on the table that, under certain conditions, could allow the Remote Space Systems Control. It is not a timely failure or an isolated experiment: it is a sign that security should be reviewed with magnifying glass before it becomes news for wrong reasons. In August, during conferences Black Hat USA and Def with held in Las Vegas, researchers shared their findings, According to IEEE Spectrum. The work focused on two key pieces: the Core Flight System (CFS), used in NASA multiple missions, including the telescope James Webband Yamcs, a control system of the European company Space Applications Services. The failures, however, were identified and corrected before their dissemination. The finding reopening the debate on cybersecurity in space Behind the finding are Andrzej Olchawa and Milenko Starcik, experts from Visionspace with direct experience in space operations. They analyzed open source software with the mentality of an adversary, seeking reproducible vulnerabilities. They did not need months of analysis: in a few hours they managed to locate 37 failures that, in controlled scenarios, allowed to manipulate critical systems. They acted on their own environments and coordinated with developers to patch the software before disseminating their conclusions. The analysis of the Core Flight System (CFS) revealed that, although it is a key piece in NASA missions, its exploitation would not be simple. To compromise it would take toCceso Physical to a land station and operate at frequencies reserved for space communications. Even so, researchers warn that, in the hands of a state actor with sufficient resources and coverage, this scenario is plausible. In their demonstration they explained that, with that capacity, it would be possible to raise orders to the satellite and modify their behavior. Yamcs, unlike CFS, was more accessible to an attacker. The researchers showed that a campaign would suffice Phishing Successful to load a malicious configuration in the control center. With that entrance door they could issue arbitrary orders or alter files, all from any location with Internet connection. The exercise showed how this vector opens a much larger and less protected attack surface. In Black Hat USA 2025, Andrzej Olchawa deepened the reach of the tests and shared details on how vulnerabilities exploited. He stressed that All maneuvers were executed in simulated environments and that no real satellite was at risk. His explanation sought to give unlarmed technical context, showing precisely how far actors with sufficient knowledge and access to the right systems could reach. “In some cases, we were able to send arbitrary telecomandos to the ships through the mission control system. In others, we managed to take control of the entire control center and, in other cases, if you are able to send telecomands to the ship, you can get remote execution of code directly in it.” The threat panorama has changed: where there were private networks and local stations before, there are now remote control, cloud services and connections from home. This evolution multiplies the attack possibilities, according to researchers, and explains why theoretical vulnerabilities are now a reason for alert. An example is THE ATTACK AGAINST VIASAT IN 2022which affected thousands of users and coincided with the beginning of the war in Ukraine. The case suggests that space systems are not isolated from global conflicts. Corrections arrived on time for open projects, with updates that mitigated the techniques demonstrated in the laboratory. The pending challenge is in closed systemswhere the absence of access to the code limits the review by external experts. Images | Gontran Isnard | Xataka with Grok In Xataka | Perseverance has found what, according to NASA’s director, is “the clearest indication of life we have seen on Mars”

Mexico celebrates the release of two compatriots who were kidnapped by Yemen’s Houthis

January 22, 2025 by usatoday24

The government of Claudia Sheinbaum celebrated the release of two Mexicans who were part of the crew of the cargo ship, ‘Galaxy Leader’, and who had been kidnapped by Houthi militants from Yemen in November 2023. “On behalf of the Government of Mexico, The SRE appreciates the determined support granted by the Sultanate of Oman for its good offices, to Iran, Qatar, Saudi Arabia, to the UN Special Envoy for Yemen and to the honorary consuls of our country in Yemen and Oman,” says a statement from the Mexican Foreign Ministry. The Mexicans who were released are Marcos Gómez Jerez and Arturo Alberto Zacarías Meza, who were received by the Mexican ambassador to Saudi Arabia, Aníbal Gómez Toledo, and by personnel from that diplomatic representation. “Since the capture of the ship, The Ministry of Foreign Affairs (SRE) deployed intense diplomatic activity to achieve his release through efforts and contacts through the governments of friendly countries, including Oman, Iran, Saudi Arabia and Qatar, as well as the United Nations (UN) and the International Committee of the Red Cross, which contributed to facilitating communication with the Houthi representatives,” says the Mexican Ministry of Foreign Affairs. The freed Mexicans were part of the crew of the cargo ship, ‘Galaxy Leader’.Credit: Ministry of Foreign Affairs of Mexico | copyright To achieve their release, the Mexican Foreign Ministry points out that permanent contact was always maintained with the families of the Mexicans who were provided with information and support throughout the process. “As a result of these efforts, both compatriots were allowed frequent and direct telephone communication with their families. and the access of the Honorary Consul of Mexico in Yemen to the detainees was authorized, who confirmed their good health and ensured that they received dignified treatment,” he explains. “It is important to mention that the Houthi leadership had conditioned the release of the “Galaxy Leader” crew. -including both compatriots- to a ceasefire and an improvement in conditions in Gaza, which is why the agreement reached between Israel and Hamas facilitated their release,” the Mexican Foreign Ministry states. The Houthi assault on the cargo ship ‘Galaxy Leader’ took place on November 19, 2023after weeks of missile and drone launches by Yemeni insurgents against Israel in support of the Palestinians in the Gaza Strip. The ship, which was heading from India to Türkiyeis a vehicle transporter that sailed under the flag of the Bahamas and was partially owned by Israeli magnate Rami Unger, according to local press. However, on the day of the ship’s capture, Israeli Prime Minister Benjamin Netanyahu’s office stated that “the ship is owned by a British company and operated by a Japanese company” and, on board, “there are 25 members of the crew of different nationalities, including from Ukraine, Bulgaria, the Philippines and Mexico.” Keep reading:• Claudia Sheinbaum Pardo makes history by taking the oath as the first President of Mexico• Claudia Sheinbaum recognizes the work of migrants and assures that it is time for women• Sheinbaum will assume the presidency of Mexico with 63% favorable opinion among Mexicans

Log In

Sign In

Forgot password?

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections