The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
GitHub

A query string encoding and decoding library for Dart.

Ported from qs for JavaScript. The depth limit helps mitigate abuse when [decode] is used to parse user input, and it is recommended to keep it a reasonably small ...
Bleeping Computer

Malicious NPM packages abuse Adspect redirects to evade security

Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. The purpose ...
The Hacker News

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to ...
Bleeping Computer

CommetJacking attack tricks Comet browser into stealing emails

A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and ...
IEEE

Efficient and Privacy-Preserving Encode-Based Range Query Over Encrypted Cloud Data

Abstract: Privacy-preserving range query, which allows the server to implement secure and efficient range query on encrypted data, has been widely studied in recent ...
InfoQ

Enabling Remote Query Execution through DuckDB Extensions

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Birgitta Böckeler, Distinguished Engineer at ...