
Black Hat news: Exposed vaults, firmware flaws, AI hacks
Check out the latest security news from the Informa TechTarget team.
In 1997, Jeff Moss, the founder of DEF CON, held a one-off conference dubbed the Black Hat Briefings to give engineers and software programmers an inside look at the mysterious world of computer security and hackers. The show's press release ominously read:
It's late. You're in the office alone, catching up on database administration. Behind you, your network servers hum along quietly, reliably. Life is good. Life is secure. Or is it?
A wave of unease washes over you. The air seems cold and frighteningly still. Your hands turn clammy as a sixth sense tells you, suddenly, you're not alone. They're out there. Worse, they're trying to get in. But who? And how? And what can you do to stop them?
The conference promised to put users "face to face with today's cutting-edge computer security experts and 'hackers,'" who would offer the knowledge needed to "thwart those lurking in the shadows of your firewall."
The conference returned in 1998 and has been held every year since, expanding across the globe with Black Hat Europe, Black Hat Asia and Black Hat Middle East and Africa.
The show has evolved from targeting "the people implementing [CIOs'] network strategies and building their applications" to drawing security practitioners, such as IT specialists, penetration testers and cryptographers; security executives; business developers; and venture capitalists, including CISOs, CEOs and consultants; and vendors and sponsors that want to showcase their products and services.
Black Hat USA has also grown from a two-day track of sessions on DoS attacks, secure programming techniques and security monitoring to a six-day event that includes four days of trainings followed by the two-day main conference. Sessions are held on AI, machine learning and agentic AI; supply chain security; red teaming and pen testing; ransomware; quantum computing; and, yes, still DoS attacks and security monitoring all these years later.
Black Hat is notorious for hackers showcasing proofs of concept, new attack techniques, security research and vulnerability disclosures. The following are a few highlights from Black Hat USA 2025. As the 1997 press release read, "The choice is yours. You can live in fear of them. Or you can learn from them."
Critical vulnerabilities expose enterprise secret vaults
Researchers discovered 14 zero-day vulnerabilities in HashiCorp Vault and CyberArk Conjur, secret management platforms used by thousands of companies. The flaws, discovered by agentic AI identity company Cyata, enable authentication bypass, root access and remote code execution.
The five Conjur vulnerabilities formed a single exploit chain that could have enabled attackers to redirect authentication checks and execute malicious code through the tool's Policy Factory feature. HashiCorp's nine vulnerabilities could have been combined to bypass security controls and escalate privileges.
Both companies have patched their respective critical issues.
Dell laptops vulnerable to firmware-level attacks
Cisco researchers revealed that more than 100 Dell laptop models contain critical ReVault vulnerabilities that affect ControlVault3 firmware, the technology that secures sensitive data, including passwords and biometrics.
The five high-severity flaws could enable attackers to maintain persistent access that survives system reboots and complete OS reinstalls. The vulnerabilities include memory access flaws, buffer overflow and unsafe deserialization issues that could be exploited either remotely after initial access or through physical device access.
Dell has released patches for all vulnerabilities, which have also been distributed via Windows Update.
Researchers hijack Google Gemini to control smart home devices
Security researchers demonstrated how they successfully hijacked Google Gemini to take control of smart home devices. The attack used poisoned Google Calendar invitations containing invisible prompt injections that activated when users asked Gemini to summarize their weekly calendar. Once triggered, these dormant instructions enabled Ben Nassi from Tel Aviv University, Stav Cohen from the Technion Israel Institute of Technology and Or Yair of security firm SafeBreach to manipulate connected lights, shutters and even a boiler.
The exploit -- which required no technical knowledge, making it accessible to virtually anyone -- highlighted real-world consequences of compromised AI systems as large language models become increasingly integrated into daily life.
The research team identified 14 indirect prompt-injection attacks against Gemini and reported their findings to Google, which confirmed it is taking the vulnerabilities "extremely seriously."
Read the full story by Kristina Beek on Dark Reading.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Sharon Shea is executive editor of Informa TechTarget's SearchSecurity site.