Sam Altman's World brings iris-scanning digital ID to the US
Orb scanners promise "proof of humanity"
After studying 19 billion passwords, one big problem: Over 90% are terrible
TL;DR: A new study analyzing more than 19 billion passwords from relatively recent data breaches between April 2024 and 2025 has found that the vast majority are weak. Alarmingly, only six percent of the leaked passwords were unique, leading researchers to describe a widespread epidemic of weak password reuse.
FCC moves to ban Chinese labs from testing electronics sold in the US
75% of all electronics are tested at labs located inside China
Cutting corners: Not content with banning sales of high-end AI chips to China and imposing 145% tariffs on many imports from the country, the US government is now trying to stop companies from using Chinese labs to test electronic devices available in the United States.
Google Play shrinks by 47 percent following Android's store policy overhaul
Last year Google blocked 2.36 million apps that violated store policies
Microsoft brings hot patching to Windows Server, reboot-free updates
Greedy patching: Hot patching is a way to quickly install security updates without requiring an OS reboot. Microsoft has offered the feature for years through its Azure cloud platform, but it's soon coming to non-cloud versions of Windows Server. It won't be free, but Microsoft's target audience is enterprise customers.
Google research exposes ongoing global risk from zero-day vulnerabilities
Traditional targets are becoming more secure, while government-backed hackers are feasting
New York wants to use AI and cameras to detect subway crime before it happens
Ten people were murdered in NYC subways last year
FBI warns China is using AI to sharpen cyberattacks on US infrastructure
Federal authorities are beginning to see AI signs in every step of an attack chain
Researchers find numerous Apple AirPlay vulnerabilities allowing "wormable" exploits over Wi-Fi
Apple already issued patches, so be sure to update your systems immediately
In brief: Security researchers have uncovered a wide-ranging set of vulnerabilities in Apple's AirPlay protocol that could allow attackers to hijack Apple and third-party devices remotely without user interaction. The exploit chain, dubbed "AirBorne," includes 23 individual bugs – 17 with official CVEs – and enables zero-click remote code execution on vulnerable systems.
WorkComposer employee monitoring app leak exposes 21 million screenshots online
A misconfigured Amazon S3 storage bucket was the culprit
TP-Link router pricing and China ties under US government investigation
12 of the 20 top-selling routers on Amazon are TP-Link models
Blue Shield of California shared private health data of 4.7 million members with Google without consent
A lot of personal details were used for targeted advertising
AI is enabling cybercriminals to act quickly - and with little technical knowledge, Microsoft warns
Fake stores, deepfakes, and chatbots: AI fuels new wave of scams
New study reveals cybersecurity threats in next-gen DNA sequencing
Researchers have identified multiple cyberthreats in every stage of the DNA sequencing process
ChatGPT gets scarily good at guessing photo locations, sparking doxxing concerns
Simple photos could reveal real-world locations
Mass phone tracking via cell tower dumps ruled unconstitutional
Phone dragnet violates Fourth Amendment, says court
Microsoft deprecates "revolutionary" virtualization-based security feature in older Windows 11 versions
All things considered, the decision should not affect that many customers
Discord begins experimenting with face scanning for age verification
The test is limited to the UK and Australia where limitation to online platforms is pretty strict already
Apple's latest iPhone update fixes two zero-day security flaws exploited in targeted attacks
The vulnerabilities also affect iPads, Macs, Apple TVs, and Vision Pros
The US almost let the CVE system die - the cybersecurity world's universal bug tracker
A last-minute funding extension saved the system–but only for 11 months
New approach from DeepMind partitions LLMs to mitigate prompt injection
Secure interpreter tracks data flow to block unsafe actions triggered by manipulated text
EU provides burner phones to officials traveling to US amid espionage concerns
Washington isn't Beijing, but you can never be too careful
Android phones will auto-reboot after 3 days of inactivity
Frustrating criminals and law enforcement
Microsoft's latest Windows security update creates an empty folder you should not delete
It's unclear how an empty folder helps prevent security flaws
Apple to analyze on-device data for AI training, vows to uphold user privacy
User data stays private with synthetic training methods