New Hak5 Video: Crucial Cybersecurity and Hacking Topics

In this new video from @hak5, Ally Diamond discusses several crucial topics in cybersecurity and hacking. She begins by addressing recent vulnerabilities in Google's AI assistant Gemini, used in Android, Google Web Services, and Workspace apps. The SafeBache team demonstrated eight new prompt injection attack techniques, ranging from adding contexts and instructions via Google Calendar invites to using Gmail to assemble sensitive information into malicious URLs. Google has acknowledged the validity of these findings and is working to mitigate these vulnerabilities.

Another important point covered is the effectiveness of anti-phishing training. A study presented at Black Hat USA 2025, involving more than 19,000 employees, revealed that current anti-phishing training has a negligible impact. Despite varied phishing campaigns, more than 50% of participants failed at least one phishing attempt. Researchers concluded that organizations should not expect significant benefits from current anti-phishing training.

For Microsoft 365 administrators, Microsoft is updating its file access protocol settings to block FrontPage Remote Procedure Calls (FPRPC) by default and allow the disabling of FTP and HTTP. These updates, rolling out from July 2025, aim to enhance file access security.

The video also addresses a significant security flaw affecting major companies like Google, LVMH, Chanel, Adidas, and Workday. The threat group Shiny Hunters, known for their attacks on Snowflake the previous year, uses social engineering and voice phishing techniques to convince employees to share their credentials or install a malicious application in their Salesforce instance. This application, a modified version of Salesforce Data Loader, gives attackers high-level access.

Finally, Ally Diamond shares her excitement for Defcon and announces the launch of a new HackFive product, the Wi-Fi Pineapple Beeper, currently available for pre-order. She encourages viewers to check their Salesforce instances for any malicious applications and to follow her online adventures.

To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=6QYGqm5Gwu0