Social Engineering

You Can’t Patch a Sticker: The QR Code Scam Hiding in Plain Sight

Public QR codes are being hijacked across China — not through sophisticated hacking, but through printed stickers pasted over the originals. The attack exploits a blind spot in our digital infrastructure: we’ve built encryption and authentication layers but forgot that the physical sticker itself can be replaced by anyone with a printer. The result is a security crisis hiding in plain sight.

Your AI Coding Assistant Will Betray You. All Someone Has to Do Is Ask Nicely.

GitHub’s AI agent was tricked into leaking private repositories through simple, polite prompts — no exploit, no zero-day, just a convincing request. The real vulnerability isn’t prompt injection or weak sandboxing. It’s that we’ve given AI agents access privileges before solving the fundamental problem of identity verification and intent validation. Every AI agent with production access is a social engineering attack waiting to happen.