The vulnerability was discovered by the Cato CTRL research group of cybersecurity company Cato Networks and originates in common AI tools, including Google's Gemini, Microsoft's Copilot, and Perplexity's Comet.

The research demonstrated primary attack scenarios in which attackers direct AI assistants to display fake phone numbers and links to users when they request customer service contact information for various organizations. The scenarios included extracting sensitive user data and sending it to malicious sources without the user's knowledge, stealing login credentials, displaying false information, and creating fake narratives that could influence the user and lead to wrong decisions.

The technique used by attackers is called HashJack. All they need to do is add a prompt – malicious instructions – to a legitimate website address and distribute it. Once a user loads the website address with the malicious addition in the browser, the instructions "communicate" with smart AI assistants, such as Google's Gemini or Microsoft's Copilot, and trigger attack scenarios.

According to Cato Networks, traditional defense systems do not detect the attack because they operate through prompts (instructions) embedded in the website address after the hashtag symbol # in a process that does not leave the browser's work.

The attack exploits users' trust in legitimate websites by using link addresses that appear legitimate. The user has no reason to suspect at any stage of the process, unlike phishing sites that look suspicious. This way, any legitimate site could become an attack tool – with attackers not even needing to breach the site itself. They exploit how AI browsers interpret instructions after the hashtag symbol. This effectively creates a new subcategory of cyber threats in the AI world.

According to the company's statement, the companies whose tools the vulnerabilities were identified in were informed well in advance of the problems so they could address them before users were exposed to threats (a practice known in the cyber field as "white hat hacker" hacking). According to Cato's data, a fix was applied in the Copilot for the Edge browser on October 27, 2025. In the Comet browser, a fix was reported to have been applied on November 18, 2025. In the Gemini for Chrome browser, as of November 25, 2025, the problem has not yet been resolved.

The post Israeli tech firm finds AI vulnerability – Gemini susceptible appeared first on www.israelhayom.com.

This launch grants universal access to the flagship Gemini 3 Pro via the Gemini app immediately, positioning Google to compete aggressively with OpenAI following the rocky debut of GPT-5.

According to The Verge, Tulsee Doshi of Google DeepMind stated that the new model moves the company closer to making information "universally accessible and useful".

"I think the one really big step in that direction is to step out of the paradigm of just text responses and to give you a much richer, more complete view of what you can actually see," Doshi told The Verge.

The system is "natively multimodal," meaning it processes images, text, and audio simultaneously, allowing it to convert recipe photos into cookbooks, The Verge noted.

Users can build "full-featured" programs in the Canvas workspace, while "generative interfaces," in Gemini Labs create dynamic visual layouts tailored to prompts.

The Verge reported that Gemini 3 Pro in AI Mode uses an upgraded "query fan-out technique," to understand intent and "find new content that it may have previously missed,".

Google describes the model as "smart, concise and direct, trading cliche and flattery for genuine insight – telling you what you need to hear, not just what you want to hear."

The company claims the model displays "reduced sycophancy," a direct improvement over issues found in earlier chatbots like ChatGPT, The Verge highlighted.

Enhanced agentic capabilities allow the AI to "reliably plan ahead over longer horizons," enabling experimental features that can book travel or organize emails.

Gemini 3 Pro currently leads the LMArena benchmarking leaderboard, with a more advanced Deep Think mode available exclusively to safety testers, The Verge stated.

The Verge confirmed that Gemini 3 Pro is available in the Gemini app today, while US subscribers to Google AI Pro and Ultra can access it in AI Mode by selecting "Thinking".

The post Google's Gemini 3 Pro arrives: Is it a game-changer? appeared first on www.israelhayom.com.

In afternoon trading, CrowdStrike's shares fell more than 5%, as investors reacted to the weaker outlook. According to Reuters, the outage, which impacted sectors like aviation and healthcare, has sparked legal action, including a Delta Air Lines lawsuit demanding compensation for flight cancellations. Despite these setbacks, CrowdStrike's stock has climbed over 40% this year, building on a 34% rise in 2024. Yet, its valuation – 123.69 times forward earnings, far above Palo Alto Networks' 54.01 – makes it vulnerable to setbacks.

"The steep valuation left little room for any unexpected slip-ups," Russ Mould, investment director at AJ Bell, told Reuters. The company's market value, roughly $122 billion, faced a potential $6 billion drop following the news. On Tuesday, CrowdStrike reported a first-quarter loss, a shift from the prior year's profit.

Still, optimism persists among analysts. Reuters noted that 23 brokerages lifted price targets after the company's first-quarter revenue aligned with expectations and its adjusted profit per share outperformed forecasts. "We believe CrowdStrike is taking share from other vendors across their product offerings," Truist Securities told Reuters, pointing to the firm's strong market position.

The post CrowdStrike's stock takes hit after weak revenue forecast, SEC scrutiny appeared first on www.israelhayom.com.

As the United States prepares for its first presidential election in the age of generative AI, fears are growing about the potential impact of deepfakes and AI-generated content on voter perceptions. Recent incidents involving fabricated images of candidates and foreign disinformation efforts have underscored the challenges to electoral integrity in this new technological landscape.

The devastation wrought by Hurricane Helena in the southeastern United States two weeks ago left a trail of haunting images, but two pictures are likely to linger in the public consciousness more than any others. One depicted former President and Republican candidate Donald Trump in the disaster zone, standing knee-deep in floodwaters alongside rescue workers.

If you look carefully, you can see that this image is AI generated from the distorted hand and the fact that Donald Trump is helping someone other than himself. H/T https://t.co/QNKB4Y3Uyc pic.twitter.com/KWTK2wa3wR

— Simon Chesterman 陈西文 (@ProfChesterman) October 10, 2024

The other showed a small, weeping girl alone in a fragile wooden boat, clutching a tiny puppy. For many in the affected areas, the stark contrast between these images reinforced a sense that the current administration had forsaken them. Trump's picture was widely shared with the caption "hero," while the girl's image was accompanied by comments like "The administration has let us down again." There was just one snag with these powerful images: both were complete fabrications churned out by a rudimentary AI generator.

One surefire way to spot an AI image from the hurricane is if it shows Donald Trump helping people. @jordanklepper pic.twitter.com/THb6BaXtg1

— The Daily Show (@TheDailyShow) October 9, 2024

This marks the first US election unfolding in the era of generative AI (GenAI). Text and image generators like ChatGPT and Midjourney produce content on demand, setting them apart from any previous forgery technology. They can create images that challenge human perception and are accessible to anyone with an internet connection.

The list of AI-related electoral incidents is already growing. In August, Trump shared a series of images showing Taylor Swift fans wearing "Swifties for Trump" shirts, unaware they were AI-generated. This may have prompted the pop star to publicly back his rival, Harris. In an apparently unrelated development, at least one genuine image of a "Swiftie" supporting the Republican candidate surfaced after the incident. Later, Trump shared a photo purporting to show that the crowds at Harris's campaign rallies were "created using AI." An independent fact-check revealed the photo was, in fact, authentic.

(AI) Taylor Swift Endorses Kamala Harris, Challenges Trump's AI Deepfake

Following the first presidential debate, Taylor Swift took to Instagram to endorse Kamala Harris, explicitly calling out Donald Trump for sharing AI-generated deepfake images suggesting her support for him.… pic.twitter.com/ulxl3KfjeX

— tech guru (@technologiaguru) September 18, 2024

Conversely, allegations of AI manipulation have become a convenient excuse for some politicians. Georgia's lieutenant governor, Mark Robinson, attempted to dismiss an exposé of his past controversial statements by claiming it was "AI forgery." Ironically, this led to the broadcast of a campaign ad against Robinson that was itself entirely generated by AI – a first in political advertising.

Is there a technological fix for these forgeries? Israeli firm Revealense has developed AI-powered technology to detect hidden emotions in videos, which can also identify deepfakes. However, Amit Cohen, a VP at the company, tells Israel Hayom that the battle may already be lost when it comes to AI-generated still images. "Given their quality, there's no technological capability to identify a fake image in real-time based on pixel analysis," he explains. "The real challenge lies in videos and deepfakes, which can cause significant damage during sensitive periods like elections. Currently, this capability is primarily in the hands of state actors."

Indeed, US intelligence agencies have sounded the alarm that Russia, Iran, and China will leverage GenAI to undermine electoral integrity. The Cybersecurity and Infrastructure Security Agency (CISA) has also advised avoiding AI-related scams before and during Election Day.

A month ago, Microsoft unveiled evidence that Russian trolls linked to the Kremlin had disseminated two deepfake videos, garnering millions of views, aimed at undermining Harris's campaign. This came even as Russian President Vladimir Putin publicly expressed a preference for the Democratic candidate. One video featured a young woman in a wheelchair recounting a hit-and-run accident allegedly involving Harris in 2011. Fact-checkers discovered that the accident report came from a non-existent TV station, whose website was hastily created just before the fake video's distribution. The supposed victim was revealed to be an actress who was paid for the performance. "Russian actors will ramp up their efforts to spread divisive political content, staged videos, and AI propaganda," Microsoft cautioned.

Chinese operatives are also distributing fabricated video content, aiming to sow division and erode trust in the democratic process. Microsoft's cybersecurity team identified a Beijing-linked hacker group that disseminated anti-Biden administration and anti-Harris campaign videos before vanishing from the web. Groups associated with China are spreading content designed to damage both political camps, masquerading as Trump supporters and progressive organizations alike.

Ultimately, it's unclear whether AI-generated content will significantly sway voter decisions. Mainstream media outlets across the political spectrum have largely refrained from amplifying these fakes. On social media platforms, there are typically enough savvy users to flag suspicious images and neutralize their impact. Nevertheless, in an era of ubiquitous networks and sophisticated fakes, vigilance is paramount. "My advice is to always approach images on social networks with skepticism and verify the source," Cohen concludes.

The post Undetectable AI fakes could determine US election appeared first on www.israelhayom.com.

The FBI, along with two other government agencies, has reported that Iranian hackers sent "unsolicited emails" containing stolen material from Former President Donald Trump's campaign to individuals associated with his Democratic rival's campaign. The information, which was not publicly available, was sent to people linked to President Joe Biden's campaign, according to a statement released on Wednesday, reports NBC News.

The FBI, Office of the Director of National Intelligence, and Cybersecurity and Infrastructure Security Agency jointly stated that there was "currently no information" indicating that recipients associated with Biden's campaign had responded to these emails. The agencies condemned these actions as part of an effort "to stoke discord and undermine confidence in our electoral process."

Last month, the agencies confirmed that Iran was behind efforts this year to compromise the presidential campaigns of both parties. This came after Trump's campaign accused Iran of a hacking attempt in June. The statement also revealed that Iranian hackers have continued to attempt to transmit nonpublic stolen material related to Trump's campaign to media organizations since late June. The FBI is actively tracking this activity.

The agencies warned of increasing foreign efforts to interfere in US elections ahead of November, particularly from Russia, Iran, and China. These countries are "trying by some measure to exacerbate divisions in US society for their own benefit, and see election periods as moments of vulnerability," the statement said.

Karoline Leavitt, a spokeswoman for the Trump campaign, responded to the news in a statement: "Iranians wanted to help Vice President Kamala Harris, who replaced Biden as the Democratic nominee, because they know President Trump will restore his tough sanctions and stand against their reign of terror." Trump himself weighed in on the matter through a Truth Social post, claiming, "Harris and her campaign were illegally spying on me. To be known as the Iran, Iran, Iran case!"

President Trump: Today, three agencies of the Kamala Harris and Joe Biden administration released a report CONFIRMING that Iranian hackers hacked into Trump campaign email accounts and gave the Biden-Harris campaign stolen material.

ELECTION INTERFERENCE AT THE HIGHEST LEVEL! pic.twitter.com/e1K2nv5uJ5

— Trump War Room (@TrumpWarRoom) September 19, 2024

Morgan Finkelstein, a spokesperson for the Harris campaign, stated that the campaign has cooperated with law enforcement since learning about the hacking effort. "We're not aware of any material being sent directly to the campaign; a few individuals were targeted on their personal emails with what looked like a spam or phishing attempt," Finkelstein said.

Three federal law enforcement sources confirmed the accuracy of the Harris campaign's statement. They said law enforcement agencies tracked the stolen information from the Trump campaign and determined that several people linked to Biden's campaign received emails containing the information. The recipients reportedly never responded to the emails and may not have even opened them, as they appeared to be phishing attempts.

Last month, Google's Threat Analysis Group reported that an Iranian hacker group tied to the Islamic Revolutionary Guard Corps targeted both the Trump and Biden-Harris campaigns in a phishing operation in May and June.

The Justice Department plans to file criminal charges in connection with the hacking of Trump's campaign, according to two law enforcement officials. A spokesperson for Iran's mission to the United Nations has denied the country's role in the operation.

This is not the first time Iran has been accused of election meddling. In 2021, the Justice Department indicted two Iranians over a "cyber-enabled" campaign to intimidate and influence American voters during the 2020 presidential election.

The post FBI: Iranian hackers sent Trump data to Biden appeared first on www.israelhayom.com.

Google is reportedly considering its largest startup acquisition to date, with plans to purchase Israeli cloud cybersecurity firm Wiz for an estimated $23 billion, according to reporting from The Wall Street Journal. The potential deal, if successful, would mark a significant expansion of Google's presence in the enterprise security sector.

The Verge reports that the New York City-based Wiz specializes in providing "siloed security tools and scanners" for enterprise clients. The company's technology creates a "normalizing layer between cloud environments," allowing businesses to quickly identify and address critical security risks within their cloud infrastructure. This potential deal comes at a time when competitor Microsoft has faced several high-profile security breaches, potentially giving Google an opportunity to position itself as a more secure alternative in the cloud services market.

The acquisition, which would dwarf Google's previous record $12.5 billion purchase of Motorola Mobility in 2012, appears to be driven by Google Cloud CEO Thomas Kurian. The Wiz acquisition would follow Google's recent investments in cybersecurity, including the $500 million purchase of another cloud security startup in 2022 and the $5.4 billion acquisition of Mandiant, the firm that uncovered the SolarWinds hack. The New York Times cites Kurian as the primary force behind the acquisition attempt, suggesting that the move is part of a broader strategy to bolster Google's reputation as a secure cloud platform provider.

BDS people are going to cry so hard.

Google is nearing a deal to purchase Israeli cybersecurity startup Wiz for $23 billion. pic.twitter.com/hk4FJtLKcV

— Aviva Klompas (@AvivaKlompas) July 14, 2024

 While sources suggest the deal "looks likely," according to The Times, it's not without potential hurdles. The massive price tag and Google's market position could trigger reviews from US regulators, particularly given the Biden administration's increased focus on antitrust actions in the tech sector. The Department of Justice has already filed a lawsuit over Google's search deal with Apple, and the Federal Trade Commission recently attempted to block Microsoft's acquisition of Activision, highlighting the current regulatory climate for major tech acquisitions.

The post Google eyes acquisition of Israeli startup Wiz appeared first on www.israelhayom.com.

Iran is using malware variants in two separate state-sponsored cyber espionage operations around the globe, the XDR (extended detection and response) cybersecurity research company Cybereason announced Tuesday.

Follow Israel Hayom on Facebook, Twitter, and Instagram

According to Cybereason, the Iranian malware cyber espionage is targeting a wide range of organizations in different parts of the world. Researchers identified a previously undocumented remote access trojan (RAT) named "StrifeWater" that the company attributes to Iranian threat actor Moses Staff. This APT (advanced persistent threat) has been noted targeting organizations in the US, Israel, India, Germany, Italy, United Arab Emirates, Chile and Turkey.

After infiltrating an organization and exfiltrating sensitive data, the attackers deploy destructive ransomware to cause operational disruptions and make forensic investigation more difficult.

Cybereason also discovered a new set of tools developed by the Phosphorus group (also known as Charming Kitten, APT35) that includes a novel PowerShell-based backdoor dubbed "PowerLess," as well as an IP address used in the attacks that was previously identified as part of the command and control (C2) for the recently documented Memento ransomware.

Phosphorus is known for attacking medical and academic research organizations, human rights activists, the media, and exploiting known Microsoft Exchange Server vulnerabilities and for attempting to interfere with US elections.

The company observed similar abuse of open-source tools in both Iranian cyberattack operations.

Cybereason co-founder and CEO Lior Div explained that the recently discovered Iranian cyber espionage campaigns "highlight the blurred line between nation-state and cybercrime threat actors, where ransomware gangs are more often employing APT-like tactics to infiltrate as much of a targeted network as possible without being detected, and APTs leveraging cybercrime tools like ransomware to distract, destroy and ultimately cover their tracks."

According to Div, "there is no longer a significant distinction between nation-state adversaries and sophisticated cybercriminal operations. That's why it is crucial for us as [cyber] defenders to collectively improve our detection and prevention capabilities if we are going to keep pace with these evolving threats."

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Iranian cyber espionage exposed by US-Israeli security experts at Cybereason appeared first on www.israelhayom.com.

The Israeli cybersecurity industry raised a record-setting $8.8 billion in 2021, triple the amount raised the year before, the Israel National Cyber Directorate reported on Wednesday. The money was raised in more than 100 deals.

Follow Israel Hayom on Facebook, Twitter, and Instagram

In addition, Israel set a record for overall cyber exports and in the number of companies entering the billion-dollar "unicorn" club. According to the data, one in three cybersecurity unicorns in the world is an Israeli company.

"The Israeli cyber industry … showed that it was not only an economic growth engine in Israel of the highest order, but also a pillar of the global cybersecurity innovation ecosystem," said INCD Economy and Growth director Roi Yarom.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The cybersecurity industry has been growing internationally and is expected to continue to climb over the next decade, reaching as high as $366.10 billion by 2028, according to a report by Fortune Business Insights.

Reprinted with permission from JNS.org.

The post Israel's cybersecurity industry raises $8.8B in 2021 appeared first on www.israelhayom.com.

Quantum Key Distribution (QKD) company QuantLR Ltd, based in Modi'in, has integrated its technology with NVIDIA's suite of networking offerings, paving the way towards a quantum-secured data center, the company announced Tuesday.

Follow Israel Hayom on Facebook, Twitter, and Instagram

QuantLR aims to provide versatile, low-cost quantum cryptographic solutions based on QKD technologies to protect communicated data.

As part of the project, QuantLR's QKD system connected and transferred encryption keys to two NVIDIA ConnectX-6 NICs. The interface was achieved using the ETSI REST-based key delivery API. During the process, different scenarios were tested: using different fiber lengths, attenuations and key distribution rates.

The QuantLR-NVIDIA project was executed as part of a consortium that partially funded by the Israel Innovation Authority (IIA) and the Defense Ministry's Directorate of Defense Research & Development, with support from the Israeli Quantum initiative led by Dr. Tal David.

"We are happy to be supported by NVIDIA in advancing Quantum encryption solutions that are proven to be the only completely secured solutions against any eavesdropping and hacking attempts to communication lines in the present, and in the future," said QuantLR CEO Shlomi Cohen.

"The support of a leading company such as NVIDIA accelerates our development process and enables us to offer the market an affordable solution sooner. The quantum encryption market is predicted to reach sales volumes of more than $7B in 2025, and we plan to be a significant player in this market," Cohen said.

Kevin Deierling, Senior Vice President of Networking at NVIDIA, said, "The growth of game-changing innovations such as AI, 5G and smart devices continues to grow the volume of traffic and sensitive information in today's data centers. NVIDIA's collaboration with QuantLR enables next-generation cybersecurity technologies that stay ahead of emerging threats to the data center."

QuantLR is an OurCrowd Labs/02 portfolio company.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Israeli quantum cryptographic solutions provider QuantLR integrates with NVIDIA appeared first on www.israelhayom.com.

Poland's most powerful politician has acknowledged that the country bought advanced spyware from the Israeli surveillance software maker NSO Group, but denied that it was being used to target his political opponents.

Follow Israel Hayom on Facebook, Twitter, and Instagram

Jaroslaw Kaczynski, the leader of Poland's ruling conservative party, Law and Justice, said in an interview that the software, Pegasus, is now being used by secret services in many countries to combat crime and corruption. He noted that Pegasus represents a technological advancement over earlier monitoring systems, which did not allow the services to monitor encrypted messages.

"It would be bad if the Polish services did not have this type of tool," Kaczynski said in an interview to be published in the Monday edition of the weekly Sieci, excerpts of which were published Friday by the wPolityce.pl news portal.

The interview follows exclusive reports by The Associated Press that Citizen Lab, a cyber watchdog group at the University of Toronto, found that three Polish government critics were hacked with NSO's Pegasus spyware.

On Thursday, Amnesty International independently verified the finding by Citizen Lab that Sen. Krzysztof Brejza had been hacked multiple times in 2019 when he was running the opposition's parliamentary election campaign. Text messages stolen from Brejza's phone were doctored and aired by state-controlled TV as part of a smear campaign in the heat of the race, which the populist ruling party went on to narrowly win.

Brejza now maintains that the election was not fair since the ruling party would have had access to his campaign's tactical thinking and plans.

The revelations have rocked Poland, drawing comparisons to the 1970s Watergate scandal in the United States and eliciting calls for an investigative commission in parliament.

Kaczynski said he sees no reason to set up such a commission, and he denied that the surveillance played any role in the outcome of the 2019 elections.

"There is nothing here, no fact, except the hysteria of the opposition. There is no Pegasus case, no surveillance," Kaczynski said. "No Pegasus, no services, no secretly obtained information played any role in the 2019 election campaign. They lost because they lost. They shouldn't look for such excuses today."

The other two Polish targets confirmed by Citizen Lab were Roman Giertych, a lawyer who represents opposition politicians in a number of politically sensitive cases, and Ewa Wrzosek, an independent-minded prosecutor.

Kaczynski's allies had previously denied that Poland purchased and used Pegasus.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

Polish Prime Minister Mateusz Morawiecki called the Citizen Lab-AP findings "fake news" and suggested a foreign intelligence service could have done the spying – an idea dismissed by critics who said no other government would have any interest in the three Polish targets.

Deputy Defense Minister Wojciech Skurkiewicz in late December said "the Pegasus system is not in the possession of the Polish services. It is not used to track or surveil anyone in our country."

Media reports say Poland purchased Pegasus in 2017, using money from the so-called Justice Fund, which is meant to help the victims of crimes and rehabilitate criminals. According to investigations by the TVN broadcaster and Gazeta Wyborcza daily, it is used by the Central Anti-Corruption Bureau, a special service created to combat corruption in public life that is under the political control of the ruling party.

"The public money was spent on an important public purpose, related to the fight against crime and the protection of citizens," Kaczynski said.

Dozens of high-profile cases of Pegasus abuse have been uncovered since 2015, many by a global media consortium last year, with the NSO Group malware employed to eavesdrop on journalists, politicians, diplomats, lawyers and human rights activists from the Middle East to Mexico.

The Polish hacks are considered particularly egregious because they occurred not in a repressive autocracy but in a European Union member state.

The post Polish leader denies NSO Group's spyware used to hack political opponents appeared first on www.israelhayom.com.