InjectiveLabs/SDK-TS, a widely used package, was briefly published on Node Package Manager (npm) as a malicious version after attackers ga...
The technology industry's next computing platform may not fit in your hand. Instead, it could rest on your ears, sit on your face or hang around your neck.
Apple is reportedly exploring AirPods equipped with cameras that would give Siri the ability to interpret a user's surroundings, according to a Bloomberg report. The cameras are not expected to function like traditional smartphone cameras for photography or video recording. Instead, they would provide visual context that allows Apple's AI assistant to respond more intelligently to spoken requests. Apple has not commented on the report.
The development reveals a comprehensive industry effort to move everyday computing beyond smartphone screens. For decades, displays have served as the primary interface between people and their devices. Advances in artificial intelligence, computer vision and voice assistants are now encouraging technology companies to develop wearable devices that can understand a user's environment and respond without requiring constant screen interaction.
Snap recently expanded that vision with its latest augmented reality smart glasses, Specs, priced at £1,995 in the UK and $2,195 in the US. Unlike many existing smart glasses, the device is designed to operate independently rather than relying on a connected smartphone. Digital content appears only when needed, overlaying information onto the wearer's view of the real world instead of replacing it. Snap Chief Executive Evan Spiegel said the goal is to let users remain engaged with their surroundings while accessing digital experiences.
Meta is also increasing its investment in wearable AI. The company has reportedly sold around seven million pairs of its Ray-Ban Meta smart glasses and recently introduced more affordable models. Reports also indicate Meta is evaluating audio-only smart glasses that could reduce some of the privacy concerns associated with built-in cameras.
Those concerns remain one of the biggest obstacles to wider adoption. Camera-equipped wearables have faced criticism after users were found recording people without their knowledge, despite recording indicator lights intended to alert those nearby. Privacy advocates continue to question whether visible indicators alone provide sufficient transparency in public spaces.
Apple could attempt to distinguish itself by relying heavily on on-device processing, allowing visual information to be analyzed locally rather than stored or transmitted to cloud servers. Such capabilities could enable users to identify objects, receive navigation guidance, ask questions about nearby landmarks or generate recipe suggestions based on ingredients already in their kitchen through simple voice interactions.
Analysts believe AI-powered wearables could gradually shift some everyday computing tasks away from smartphones. Even so, most expect the smartphone to remain central to digital life for the foreseeable future, with wearable devices evolving as complementary tools rather than direct replacements. Whether they ultimately reduce screen time or simply expand the ways people interact with technology remains an open question.
The impacted tools are Windsurf, Google Antigravity, Cursor, Amazon Q Developer, Claude Code by Anthropic, and Augment. Wiz has termed the technique GhostApproval and posted it recently.
Three of the six AI assistants have addressed, two did not, while Anthropic argues if it is a bug. The most vulnerable are the tools that modify file before you can notice.
The threat actors exploit an old Unix feature called symlink (or symbolic link), that AI assistants cannot check.
A symlink silently directs to other files somewhere else on disk, hence writing to it particularly writes to the victim.
“Symbolic links have been a security headache since the early days of Unix. From /tmp race conditions to privilege escalation exploits, symlinks have a long history of bypassing security boundaries by making one path silently resolve to another. It's a well-documented attack primitive - CWE-61 dates back decades,” Wiz said.
Wiz made a malicious repository with a symbolic link called project_settings.json that really directs to target’s SSH login file, ~/.ssh/authorized_keys. The repo’s README commands the assistant to put “a line” to project_settings.json, and this line is the hacker’s SSH key mimicking an innocent setting. “
If you ask the agent to “set up the workspace” or “follow the README,” it writes the key directly via the symlink into the login file. Following this, if the machine plays an SSH service the threat actor can access, they can sign in without password.
Another variant of the attack writes to your shell startup file, ~/.zshrc, which the shell runs the next moment you open a terminal without needing an SSH. There are no indications that any of this has been abused in real-time operations, Wiz has only demonstrated it as their research.
“Symlinks have been exploited for decades – in race conditions (CVE-2018-15664), in package managers (CVE-2021-32803), in container escapes (CVE-2024-21626). Any time a tool writes to a user-controlled path without resolving it first, symlinks become a weapon,” Wiz wrote in its blog.