As reported in Microsoft Blog, the program aims to bolster the European government's ability to repel cyber attacks, especially those driven by generative AI. This cybersecurity enhancement program is said to be free of charge. However, such collaborations could improve Microsoft's relationship with European governments and enhance the company's footprint in European cyber defense programs.

While the surge in weaponizing AI for malicious activities is concerning, Microsoft believes in the potential of AI as a defense tool. The company also proactively monitors and addresses any malicious use of its AI models and tools.

The Microsoft's European Security Program aims to increase AI-based threat intelligence sharing with European governments, bolster cybersecurity capacity and resilience, and expand partnerships to disrupt cyberattacks.

Microsoft also says it has worked with European law enforcement agencies to take down Lumma infostealer malware, which is used to steal passwords, financial data, and crypto wallets. According to Microsoft, Lumma could infect nearly 400,000 devices globally in just two months, and many of its victims were in Europe. The company added the operation could seize or block over 2,300 command-and-control domains.

Over the past few years, there has been a massive surge in AI-driven cyber attacks, with criminals employing generative AI and commercial AI tools to target users and organizations. Large Language Models (LLMs) are modified for malicious purposes, allowing bad actors to exploit vulnerabilities with less effort.

Scammers and criminals even leverage AI tools like ChatGPT to create phishing emails, impersonate companies and individuals, and make deepfake videos. In another case, ChatGPT was used to plan the attack on Trump Hotel.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

Google says its Chrome browser will stop trusting certificates from two certificate authorities after “patterns of concerning behavior observed over the past year” diminished trust in their reliability.

The two organizations, Taiwan-based Chunghwa Telecom and Budapest-based Netlock, are among the dozens of certificate authorities trusted by Chrome and most other browsers to provide digital certificates that encrypt traffic and certify the authenticity of sites. With the ability to mint cryptographic credentials that cause address bars to display a padlock, assuring the trustworthiness of a site, these certificate authorities wield significant control over the security of the web.

Inherent risk

“Over the past several months and years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports,” members of the Chrome security team wrote Tuesday. “When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the internet, continued public trust is no longer justified.”

According to Ryan Hurst, a researcher with over two decades of experience working with certificate authorities, such certificate distrust events occur about once every 15 months. The reasons for the revocations vary widely.

Hurst provided the following graph tracking the frequency of reasons for past events:

Data from Ryan Hurst

Credit: Ars Technica

Google cited no specific incidents. Hurst, however, said past offenses included:

• Netlock failing to disclose an intermediate CA Certificate to the Common CA Database over a span of more than one year.
• Netlock failing to revoke a misissued certificate.
• Netlock failing to provide mandated weekly updates concerning a security incident.
• Chunghwa Telecom delaying revocation of a misissued certificate.
• Chunghwa Telecom misissuing 247 certificates with incorrect subject domain name structures.

Chrome will stop trusting all certificates issued by Chunghwa Telecom and Netlock after July 31. Certificates issued after that date will, by default, display an error page on Chrome. The delay is designed to give those organizations' customers time to find new certificate authorities. Representatives from both organizations didn't respond to emails requesting comment.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

"Google is aware that an exploit for CVE-2025-5419 exists in the wild," the company warned in a security advisory published on Monday.

This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome's V8 JavaScript engine, reported one week ago by Clement Lecigne and Benoît Sevens of Google's Threat Analysis Group.

Google says the issue was mitigated one day later by a configuration change the company pushed to the Stable channel across all Chrome platforms.

On Monday, it also fixed the zero-day with the release of 137.0.7151.68/.69 for Windows/Mac and 137.0.7151.68 for Linux, versions that are rolling out to users in the Stable Desktop channel over the coming weeks.

While Chrome will automatically update when new security patches are available, users can speed up the process by going to the Chrome menu > Help > About Google Chrome, letting the update finish, and clicking the 'Relaunch' button to install it immediately.

While Google has already confirmed that CVE-2025-5419 is being exploited in the wild, the company will not share additional information regarding these attacks until more users have patched their browsers.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

This is Google's third Chrome zero-day vulnerability since the start of the year, with two more patched in March and May.

The first, a high-severity sandbox escape flaw (CVE-2025-2783) discovered by Kaspersky's Boris Larin and Igor Kuznetsov, was used to deploy malware in espionage attacks targeting Russian government organizations and media outlets.

The company released another set of emergency security updates in May to patch a Chrome zero-day that could let attackers take over accounts following successful exploitation.

Last year, Google patched 10 zero-days that were either demoed during the Pwn2Own hacking competition or exploited in attacks.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

According to a recent blog post, Mozilla's new security system creates risk profiles for each submitted wallet extension and triggers automated risk alerts if a pre-defined threshold is exceeded.

These alerts will prompt human reviewers to take a closer look and remove malicious extensions from the store before they're used to drain more victims' crypto wallets.

"To help protect Firefox users, the Add-ons Operations team developed an early detection system designed to identify and stop crypto scam extensions before they find traction with unsuspecting users," Mozilla said.

"The first layer of defense involves automated indicators that determine a risk profile for wallet extensions submitted to AMO. If a wallet extension reaches a certain risk threshold, human reviewers are alerted to take a deeper look. If found to be malicious, the scam extensions are blocked immediately."

Crypto wallet drainers that steal cryptocurrency or other digital assets from a victim's wallets are now being delivered to potential victims' systems via malicious browser extensions designed to masquerade as legitimate add-ons from trusted crypto wallets.

This attack vector ensures that threat actors can quickly empty their targets' crypto wallets after stealing their private keys and credentials, making the lost funds likely impossible to recover.

While not all are directly tied to malicious extensions, cybercriminals stole $494 million worth of cryptocurrency last year in wallet-draining attacks from more than 300,000 wallet addresses.

Andreas Wagner, the Add-ons Operations Manager who also leads addons.mozilla.org (AMO) content security and review efforts, says his team has discovered and removed hundreds of such extensions, including scam crypto wallets, over the last few years.

"It's a constant cat and mouse game, as developers try to work around our detection methods," Wagner explained.

"Check your crypto wallet's website to see if they have an official extension, and only use the one they link to," he added, advising Firefox users to use the official extensions provided by their crypto wallet services whenever possible.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

A blatant violation

“One of the fundamental security principles that exists in the web, as well as the mobile system, is called sandboxing,” Narseo Vallina-Rodriguez, one of the researchers behind the discovery, said in an interview. “You run everything in a sandbox, and there is no interaction within different elements running on it. What this attack vector allows is to break the sandbox that exists between the mobile context and the web context. The channel that exists allowed the Android system to communicate what happens in the browser with the identity running in the mobile app.”

The bypass—which Yandex began in 2017 and Meta started last September—allows the companies to pass cookies or other identifiers from Firefox and Chromium-based browsers to native Android apps for Facebook, Instagram, and various Yandex apps. The companies can then tie that vast browsing history to the account holder logged into the app.

This abuse has been observed only in Android, and evidence suggests that the Meta Pixel and Yandex Metrica target only Android users. The researchers say it may be technically feasible to target iOS because browsers on that platform allow developers to programmatically establish localhost connections that apps can monitor on local ports.

In contrast to iOS, however, Android imposes fewer controls on local host communications and background executions of mobile apps, the researchers said, while also implementing stricter controls in app store vetting processes to limit such abuses. This overly permissive design allows Meta Pixel and Yandex Metrica to send web requests with web tracking identifiers to specific local ports that are continuously monitored by the Facebook, Instagram, and Yandex apps. These apps can then link pseudonymous web identities with actual user identities, even in private browsing modes, effectively de-anonymizing users’ browsing habits on sites containing these trackers.

Meta Pixel and Yandex Metrica are analytics scripts designed to help advertisers measure the effectiveness of their campaigns. Meta Pixel and Yandex Metrica are estimated to be installed on 5.8 million and 3 million sites, respectively.

Meta and Yandex achieve the bypass by abusing basic functionality built into modern mobile browsers that allows browser-to-native app communications. The functionality lets browsers send web requests to local Android ports to establish various services, including media connections through the RTC protocol, file sharing, and developer debugging.

A conceptual diagram representing the exchange of identifiers between the web trackers running on the 

browser context and native Facebook, Instagram, and Yandex apps for Android.

While the technical underpinnings differ, both Meta Pixel and Yandex Metrica are performing a “weird protocol misuse” to gain unvetted access that Android provides to localhost ports on the 127.0.0.1 IP address. Browsers access these ports without user notification. Facebook, Instagram, and Yandex native apps silently listen on those ports, copy identifiers in real time, and link them to the user logged into the app.

A representative for Google said the behavior violates the terms of service for its Play marketplace and the privacy expectations of Android users.

“The developers in this report are using capabilities present in many browsers across iOS and Android in unintended ways that blatantly violate our security and privacy principles,” the representative said, referring to the people who write the Meta Pixel and Yandex Metrica JavaScript. “We've already implemented changes to mitigate these invasive techniques and have opened our own investigation and are directly in touch with the parties.”

Meta didn't answer emailed questions for this article, but provided the following statement: "We are in discussions with Google to address a potential miscommunication regarding the application of their policies. Upon becoming aware of the concerns, we decided to pause the feature while we work with Google to resolve the issue."

In an email, Yandex said it was discontinuing the practice and was also in touch with Google.

"Yandex strictly complies with data protection standards and does not de-anonymize user data," the statement added. "The feature in question does not collect any sensitive information and is solely intended to improve personalization within our apps."

How Meta and Yandex de-anonymize Android users

Meta Pixel developers have abused various protocols to implement the covert listening since the practice began last September. They started by causing apps to send HTTP requests to port 12387. A month later, Meta Pixel stopped sending this data, even though Facebook and Instagram apps continued to monitor the port.

In November, Meta Pixel switched to a new method that invoked WebSocket, a protocol for two-way communications, over port 12387.

That same month, Meta Pixel also deployed a new method that used WebRTC, a real-time peer-to-peer communication protocol commonly used for making audio or video calls in the browser. This method used a complicated process known as SDP munging, a technique for JavaScript code to modify Session Description Protocol data before it’s sent. Still in use today, the SDP munging by Meta Pixel inserts key _fbp cookie content into fields meant for connection information. This causes the browser to send that data as part of a STUN request to the Android local host, where the Facebook or Instagram app can read it and link it to the user.

In May, a beta version of Chrome introduced a mitigation that blocked the type of SDP munging that Meta Pixel used. Within days, Meta Pixel circumvented the mitigation by adding a new method that swapped the STUN requests with the TURN requests.

In a post, the researchers provided a detailed description of the _fbp cookie from a website to the native app and, from there, to the Meta server:

1. The user opens the native Facebook or Instagram app, which eventually is sent to the background and creates a background service to listen for incoming traffic on a TCP port (12387 or 12388) and a UDP port (the first unoccupied port in 12580–12585). Users must be logged-in with their credentials on the apps.
2. The user opens their browser and visits a website integrating the Meta Pixel.
3. At this stage, some websites wait for users' consent before embedding Meta Pixel. In our measurements of the top 100K website homepages, we found websites that require consent to be a minority (more than 75% of affected sites does not require user consent)...
4. The Meta Pixel script is loaded and the _fbp cookie is sent to the native Instagram or Facebook app via WebRTC (STUN) SDP Munging.
5. The Meta Pixel script also sends the _fbp value in a request to https://www.facebook.com/tr along with other parameters such as page URL (dl), website and browser metadata, and the event type (ev) (e.g., PageView, AddToCart, Donate, Purchase).
6. The Facebook or Instagram apps receive the _fbp cookie from the Meta JavaScripts running on the browser and transmits it to the GraphQL endpoint (https://graph[.]facebook[.]com/graphql) along with other persistent user identifiers, linking users' fbp ID (web visit) with their Facebook or Instagram account.

Detailed flow of the way the Meta Pixel leaks the _fbp cookie from Android browsers to it's Facebook and Instagram apps.

The first known instance of Yandex Metrica linking websites visited in Android browsers to app identities was in May 2017, when the tracker started sending HTTP requests to local ports 29009 and 30102. In May 2018, Yandex Metrica also began sending the data through HTTPS to ports 29010 and 30103. Both methods remained in place as of publication time.

An overview of Yandex identifier sharing

A timeline of web history tracking by Meta and Yandex

Some browsers for Android have blocked the abusive JavaScript in trackers. DuckDuckGo, for instance, was already blocking domains and IP addresses associated with the trackers, preventing the browser from sending any identifiers to Meta. The browser also blocked most of the domains associated with Yandex Metrica. After the researchers notified DuckDuckGo of the incomplete blacklist, developers added the missing addresses.

The Brave browser, meanwhile, also blocked the sharing of identifiers due to its extensive blocklists and existing mitigation to block requests to the localhost without explicit user consent. Vivaldi, another Chromium-based browser, forwards the identifiers to local Android ports when the default privacy setting is in place. Changing the setting to block trackers appears to thwart browsing history leakage, the researchers said.

There’s got to be a better way

The various remedies DuckDuckGo, Brave, Vivaldi, and Chrome have put in place are working as intended, but the researchers caution they could become ineffective at any time.

“Any browser doing blocklisting will likely enter into a constant arms race, and it's just a partial solution,” Vallina Rodriguez said of the current mitigations. “Creating effective blocklists is hard, and browser makers will need to constantly monitor the use of this type of capability to detect other hostnames potentially abusing localhost channels and then updating their blocklists accordingly.”

He continued:

While this solution works once you know the hostnames doing that, it's not the right way of mitigating this issue, as trackers may find ways of accessing this capability (e.g., through more ephemeral hostnames). A long-term solution should go through the design and development of privacy and security controls for localhost channels, so that users can be aware of this type of communication and potentially enforce some control or limit this use (e.g., a permission or some similar user notifications).

Chrome and most other Chromium-based browsers executed the JavaScript as Meta and Yandex intended. Firefox did as well, although for reasons that aren't clear, the browser was not able to successfully perform the SDP munging specified in later versions of the code. After blocking the STUN variant of SDP munging in the early May beta release, a production version of Chrome released two weeks ago began blocking both the STUN and TURN variants. Other Chromium-based browsers are likely to implement it in the coming weeks. A representative for Firefox-maker Mozilla said the organization prioritizes user privacy and is taking the report seriously

"We are actively investigating the reported behavior, and working to fully understand its technical details and implications," Mozilla said in an email. "Based on what we’ve seen so far, we consider these to be severe violations of our anti-tracking policies, and are assessing solutions to protect against these new tracking techniques."

The researchers warn that the current fixes are so specific to the code in the Meta and Yandex trackers that it would be easy to bypass them with a simple update.

“They know that if someone else comes in and tries a different port number, they may bypass this protection,” said Gunes Acar, the researcher behind the initial discovery, referring to the Chrome developer team at Google. “But our understanding is they want to send this message that they will not tolerate this form of abuse.”

Fellow researcher Vallina-Rodriguez said the more comprehensive way to prevent the abuse is for Android to overhaul the way it handles access to local ports.

“The fundamental issue is that the access to the local host sockets is completely uncontrolled on Android,” he explained. “There's no way for users to prevent this kind of communication on their devices. Because of the dynamic nature of JavaScript code and the difficulty to keep blocklists up to date, the right way of blocking this persistently is by limiting this type of access at the mobile platform and browser level, including stricter platform policies to limit abuse.”

Got consent?

The researchers who made this discovery are:

• Aniketh Girish, PhD student at IMDEA Networks
• Gunes Acar, assistant professor in Radboud University’s Digital Security Group & iHub
• Narseo Vallina-Rodriguez, associate professor at IMDEA Networks
• Nipuna Weerasekara, PhD student at IMDEA Networks
• Tim Vlummens, PhD student at COSIC, KU Leuven

Acar said he first noticed Meta Pixel accessing local ports while visiting his own university's website.

There's no indication that Meta or Yandex has disclosed the tracking to either websites hosting the trackers or end users who visit those sites. Developer forums show that many websites using Meta Pixel were caught off guard when the scripts began connecting to local ports.

“Since 5th September, our internal JS error tracking has been flagging failed fetch requests to localhost:12387,” one developer wrote. “No changes have been made on our side, and the existing Facebook tracking pixel we use loads via Google Tag Manager.”

“Is there some way I can disable this?” another developer encountering the unexplained local port access asked.

It's unclear whether browser-to-native-app tracking violates any privacy laws in various countries. Both Meta and companies hosting its Meta Pixel, however, have faced a raft of lawsuits in recent years alleging that the data collected violates privacy statutes. A research paper from 2023 found that Meta pixel, then called the Facebook Pixel, "tracks a wide range of user activities on websites with alarming detail, especially on websites classified as sensitive categories under GDPR," the abbreviation for the European Union's General Data Protection Regulation.

So far, Google has provided no indication that it plans to redesign the way Android handles local port access. For now, the most comprehensive protection against Meta Pixel and Yandex Metrica tracking is to refrain from installing the Facebook, Instagram, or Yandex apps on Android devices.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

Later in the same month, Google released its new paid subscription tier called "YouTube Premium Lite." However, this is not a completely ad-free service as users are still served adverts during their YouTube sessions, although the number of ads is far lower than what a user would see on the free app. The idea is quite similar to Netflix's Basic with Ads plan, which was released back in 2022.

Besides a non-ad-free experience, the $7.99 Premium Lite subscription also removed several other cool features like the ability to download videos for offline viewing and background play, which can be quite convenient for listening to music on the app. Speaking of music, YouTube Premium Lite also does not include access to YouTube Music.

Unfortunately, Google is tweaking this plan for the worse, as it will soon add adverts to short videos. The company has seemingly started sending emails to customers who are using the Premium Lite tier, informing them about the change that begins later this month, on 30 June.

Here is what the mail says:

Thank you for being a Premium Lite member. Premium Lite offers fewer interruptions so you can watch more of the YouTube you love.

 

We are writing to let you know that beginning 30 June 2025, ads may appear on Shorts, in addition to music content and when you search or browse. Most videos will continue to remain ad-free.

The above was shared by user big_D on the TWiT.community forum. German outlet Deskmodder also reported on this, which suggests that the rollout might be happening globally on the same June 30, 2025 date.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

Every time I write an article about the escalating advertising and tracking on today's TVs, someone brings up Apple TV boxes. Among smart TVs, streaming sticks, and other streaming devices, Apple TVs are largely viewed as a safe haven.

"Just disconnect your TV from the Internet and use an Apple TV box."

That's the common guidance you'll hear from Ars readers for those seeking the joys of streaming without giving up too much privacy. Based on our research and the experts we've consulted, that advice is pretty solid, as Apple TVs offer significantly more privacy than other streaming hardware providers.

But how private are Apple TV boxes, really? Apple TVs don't use automatic content recognition (ACR, a user-tracking technology leveraged by nearly all smart TVs and streaming devices), but could that change? And what about the software that Apple TV users do use—could those apps provide information about you to advertisers or Apple?

In this article, we'll delve into what makes the Apple TV's privacy stand out and examine whether users should expect the limited ads and enhanced privacy to last forever.

Apple TV boxes limit tracking out of the box

One of the simplest ways Apple TVs ensure better privacy is through their setup process, during which you can disable Siri, location tracking, and sending analytics data to Apple. During setup, users also receive several opportunities to review Apple's data and privacy policies. Also off by default is the boxes' ability to send voice input data to Apple.

Most other streaming devices require users to navigate through pages of settings to disable similar tracking capabilities, which most people are unlikely to do. Apple’s approach creates a line of defense against snooping, even for those unaware of how invasive smart devices can be.

Apple TVs running tvOS 14.5 and later also make third-party app tracking more difficult by requiring such apps to request permission before they can track users.

"If you choose Ask App Not to Track, the app developer can’t access the system advertising identifier (IDFA), which is often used to track," Apple says. "The app is also not permitted to track your activity using other information that identifies you or your device, like your email address."

Users can access the Apple TV settings and disable the ability of third-party apps to ask permission for tracking. However, Apple could further enhance privacy by enabling this setting by default.

The Apple TV also lets users control which apps can access the set-top box's Bluetooth functionality, photos, music, and HomeKit data (if applicable), and the remote's microphone.

"Apple’s primary business model isn’t dependent on selling targeted ads, so it has somewhat less incentive to harvest and monetize incredible amounts of your data," said RJ Cross, director of the consumer privacy program at the Public Interest Research Group (PIRG). "I personally trust them more with my data than other tech companies."

What if you share analytics data?

If you allow your Apple TV to share analytics data with Apple or app developers, that data won't be personally identifiable, Apple says. Any collected personal data is "not logged at all, removed from reports before they’re sent to Apple, or protected by techniques, such as differential privacy," Apple says.

Differential privacy, which injects noise into collected data, is one of the most common methods used for anonymizing data. In support documentation (PDF), Apple details its use of differential privacy:

The first step we take is to privatize the information using local differential privacy on the user’s device. The purpose of privatization is to assure that Apple’s servers don't receive clear data. Device identifiers are removed from the data, and it is transmitted to Apple over an encrypted channel. The Apple analysis system ingests the differentially private contributions, dropping IP addresses and other metadata. The final stage is aggregation, where the privatized records are processed to compute the relevant statistics, and the aggregate statistics are then shared with relevant Apple teams. Both the ingestion and aggregation stages are performed in a restricted access environment so even the privatized data isn’t broadly accessible to Apple employees.

What if you use an Apple account with your Apple TV?

Another factor to consider is Apple's privacy policy regarding Apple accounts, formerly Apple IDs.

Apple support documentation says you "need" an Apple account to use an Apple TV, but you can use the hardware without one. Still, it's common for people to log into Apple accounts on their Apple TV boxes because it makes it easier to link with other Apple products. Another reason someone might link an Apple TV box with an Apple account is to use the Apple TV app, a common way to stream on Apple TV boxes.

So what type of data does Apple harvest from Apple accounts? According to its privacy policy, the company gathers usage data, such as "data about your activity on and use of" Apple offerings, including "app launches within our services...; browsing history; search history; [and] product interaction."

Other types of data Apple may collect from Apple accounts include transaction information (Apple says this is "data about purchases of Apple products and services or transactions facilitated by Apple, including purchases on Apple platforms"), account information ("including email address, devices registered, account status, and age"), device information (including serial number and browser type), contact information (including physical address and phone number), and payment information (including bank details). None of that is surprising considering the type of data needed to make an Apple account work.

Many Apple TV users can expect Apple to gather more data from their Apple account usage on other devices, such as iPhones or Macs. However, if you use the same Apple account across multiple devices, Apple recognizes that all the data it has collected from, for example, your iPhone activity, also applies to you as an Apple TV user.

A potential workaround could be maintaining multiple Apple accounts. With an Apple account solely dedicated to your Apple TV box and Apple TV hardware and software tracking disabled as much as possible, Apple would have minimal data to ascribe to you as an Apple TV owner. You can also use your Apple TV box without an Apple account, but then you won't be able to use the Apple TV app, one of the device's key features.

Data collection via the Apple TV app

You can download third-party apps like Netflix and Hulu onto an Apple TV box, but most TV and movie watching on Apple TV boxes likely occurs via the Apple TV app. The app is necessary for watching content on the Apple TV+ streaming service, but it also drives usage by providing access to the libraries of many (but not all) popular streaming apps in one location. So understanding the Apple TV app’s privacy policy is critical to evaluating how private Apple TV activity truly is.

As expected, some of the data the app gathers is necessary for the software to work. That includes, according to the app's privacy policy, "information about your purchases, downloads, activity in the Apple TV app, the content you watch, and where you watch it in the Apple TV app and in connected apps on any of your supported devices." That all makes sense for ensuring that the app remembers things like which episode of Severance you're on across devices.

Apple collects other data, though, that isn't necessary for functionality. It says it gathers data on things like the "features you use (for example, Continue Watching or Library)," content pages you view, how you interact with notifications, and approximate location information (that Apple says doesn't identify users) to help improve the app.

Additionally, Apple tracks the terms you search for within the app, per its policy:

We use Apple TV search data to improve models that power Apple TV. For example, aggregate Apple TV search queries are used to fine-tune the Apple TV search model.

This data usage is less intrusive than that of other streaming devices, which might track your activity and then sell that data to third-party advertisers. But some people may be hesitant about having any of their activities tracked to benefit a multi-trillion-dollar conglomerate.

Data collected from the Apple TV app used for ads

By default, the Apple TV app also tracks "what you watch, your purchases, subscriptions, downloads, browsing, and other activities in the Apple TV app" to make personalized content recommendations. Content recommendations aren't ads in the traditional sense but instead provide a way for Apple to push you toward products by analyzing data it has on you.

You can disable the Apple TV app's personalized recommendations, but it's a little harder than you might expect since you can't do it through the app. Instead, you need to go to the Apple TV settings and then select Apps > TV > Use Play History > Off.

The most privacy-conscious users may wish that personalized recommendations were off by default. Darío Maestro, senior legal fellow at the nonprofit Surveillance Technology Oversight Project (STOP), noted to Ars that even though Apple TV users can opt out of personalized content recommendations, "many will not realize they can."

Apple can also use data it gathers on you from the Apple TV app to serve traditional ads. If you allow your Apple TV box to track your location, the Apple TV app can also track your location. That data can "be used to serve geographically relevant ads," according to the Apple TV app privacy policy. Location tracking, however, is off by default on Apple TV boxes.

Apple's tvOS doesn't have integrated ads. For comparison, some TV OSes, like Roku OS and LG's webOS, show ads on the OS's home screen and/or when showing screensavers.

But data gathered from the Apple TV app can still help Apple's advertising efforts. This can happen if you allow personalized ads in other Apple apps serving targeted apps, such as Apple News, the App Store, or Stocks. In such cases, Apple may apply data gathered from the Apple TV app, "including information about the movies and TV shows you purchase from Apple, to serve ads in those apps that are more relevant to you," the Apple TV app privacy policy says.

Apple also provides third-party advertisers and strategic partners with "non-personal data" gathered from the Apple TV app:

We provide some non-personal data to our advertisers and strategic partners that work with Apple to provide our products and services, help Apple market to customers, and sell ads on Apple’s behalf to display on the App Store and Apple News and Stocks.

Apple also shares non-personal data from the Apple TV with third parties, such as content owners, so they can pay royalties, gauge how much people are watching their shows or movies, "and improve their associated products and services," Apple says.

Apple's policy notes:

For example, we may share non-personal data about your transactions, viewing activity, and region, as well as aggregated user demographics[,] such as age group and gender (which may be inferred from information such as your name and salutation in your Apple Account), to Apple TV strategic partners, such as content owners, so that they can measure the performance of their creative work [and] meet royalty and accounting requirements.

When reached for comment, an Apple spokesperson told Ars that Apple TV users can clear their play history from the app.

All that said, the Apple TV app still shares far less data with third parties than other streaming apps. Netflix, for example, says it discloses some personal information to advertising companies "in order to select Advertisements shown on Netflix, to facilitate interaction with Advertisements, and to measure and improve effectiveness of Advertisements."

Warner Bros. Discovery says it discloses information about Max viewers "with advertisers, ad agencies, ad networks and platforms, and other companies to provide advertising to you based on your interests." And Disney+ users have Nielsen tracking on by default.

What if you use Siri?

You can easily deactivate Siri when setting up an Apple TV. But those who opt to keep the voice assistant and the ability to control Apple TV with their voice take somewhat of a privacy hit.

According to the privacy policy accessible in Apple TV boxes' settings, Apple boxes automatically send all Siri requests to Apple's servers. If you opt into using Siri data to "Improve Siri and Dictation," Apple will store your audio data. If you opt out, audio data won't be stored, but per the policy:

In all cases, transcripts of your interactions will be sent to Apple to process your requests and may be stored by Apple.

Apple TV boxes also send audio and transcriptions of dictation input to Apple servers for processing. Apple says it doesn't store the audio but may store transcriptions of the audio.

If you opt to "Improve Siri and Dictation," Apple says your history of voice requests isn't tied to your Apple account or email. But Apple is vague about how long it may store data related to voice input performed with the Apple TV if you choose this option.

The policy states:

Your request history, which includes transcripts and any related request data, is associated with a random identifier for up to six months and is not tied to your Apple Account or email address. After six months, you request history is disassociated from the random identifier and may be retained for up to two years. Apple may use this data to develop and improve Siri, Dictation, Search, and limited other language processing functionality in Apple products ...

 

Apple may also review a subset of the transcripts of your interactions and this ... may be kept beyond two years for the ongoing improvements of products and services.

Apple promises not to use Siri and voice data to build marketing profiles or sell them to third parties, but it hasn't always adhered to that commitment. In January, Apple agreed to pay $95 million to settle a class-action lawsuit accusing Siri of recording private conversations and sharing them with third parties for targeted ads. In 2019, contractors reported hearing private conversations and recorded sex via Siri-gathered audio.

Outside of Apple, we've seen voice request data used questionably, including in criminal trials and by corporate employees. Siri and dictation data also represent additional ways a person's Apple TV usage might be unexpectedly analyzed to fuel Apple's business.

Automatic content recognition

Apple TVs aren't preloaded with automatic content recognition (ACR), an Apple spokesperson confirmed to Ars, another plus for privacy advocates. But ACR is software, so Apple could technically add it to Apple TV boxes via a software update at some point.

Sherman Li, the founder of Enswers, the company that first put ACR in Samsung TVs, confirmed to Ars that it's technically possible for Apple to add ACR to already-purchased Apple boxes. Years ago, Enswers retroactively added ACR to other types of streaming hardware, including Samsung and LG smart TVs. (Enswers was acquired by Gracenote, which Nielsen now owns.)

In general, though, there are challenges to adding ACR to hardware that people already own, Li explained:

Everyone believes, in theory, you can add ACR anywhere you want at any time because it's software, but because of the way [hardware is] architected... the interplay between the chipsets, like the SoCs, and the firmware is different in a lot of situations.

Li pointed to numerous variables that could prevent ACR from being retroactively added to any type of streaming hardware, "including access to video frame buffers, audio streams, networking connectivity, security protocols, OSes, and app interface communication layers, especially at different levels of the stack in these devices, depending on the implementation."

Due to the complexity of Apple TV boxes, Li suspects it would be difficult to add ACR to already-purchased Apple TVs. It would likely be simpler for Apple to release a new box with ACR if it ever decided to go down that route.

If Apple were to add ACR to old or new Apple TV boxes, the devices would be far less private, and the move would be highly unpopular and eliminate one of the Apple TV's biggest draws.

However, Apple reportedly has a growing interest in advertising to streaming subscribers. The Apple TV+ streaming service doesn't currently show commercials, but the company is rumored to be exploring a potential ad tier. The suspicions stem from a reported meeting between Apple and the United Kingdom's ratings body, Barb, to discuss how it might track ads on Apple TV+, according to a July report from The Telegraph.

Since 2023, Apple has also hired several prominent names in advertising, including a former head of advertising at NBCUniversal and a new head of video ad sales. Further, Apple TV+ is one of the few streaming services to remain ad-free, and it's reported to be losing Apple $1 billion per year since its launch.

One day soon, Apple may have much more reason to care about advertising in streaming and being able to track the activities of people who use its streaming offerings. That has implications for Apple TV box users.

"The more Apple creeps into the targeted ads space, the less I’ll trust them to uphold their privacy promises. You can imagine Apple TV being a natural progression for selling ads," PIRG's Cross said.

Somewhat ironically, Apple has marketed its approach to privacy as a positive for advertisers.

"Apple’s commitment to privacy and personal relevancy builds trust amongst readers, driving a willingness to engage with content and ads alike," Apple's advertising guide for buying ads on Apple News and Stocks reads.

The most private streaming gadget

It remains technologically possible for Apple to introduce intrusive tracking or ads to Apple TV boxes, but for now, the streaming devices are more private than the vast majority of alternatives, save for dumb TVs (which are incredibly hard to find these days). And if Apple follows its own policies, much of the data it gathers should be kept in-house.

However, those with strong privacy concerns should be aware that Apple does track certain tvOS activities, especially those that happen through Apple accounts, voice interaction, or the Apple TV app. And while most of Apple's streaming hardware and software settings prioritize privacy by default, some advocates believe there's room for improvement.

For example, STOP's Maestro said:

Unlike in the [European Union], where the upcoming Data Act will set clearer rules on transfers of data generated by smart devices, the US has no real legislation governing what happens with your data once it reaches Apple's servers. Users are left with little way to verify those privacy promises.

Maestro suggested that Apple could address these concerns by making it easier for people to conduct security research on smart device software. "Allowing the development of alternative or modified software that can evaluate privacy settings could also increase user trust and better uphold Apple's public commitment to privacy," Maestro said.

There are ways to limit the amount of data that advertisers can get from your Apple TV. But if you use the Apple TV app, Apple can use your activity to help make business decisions—and therefore money.

As you might expect from a device that connects to the Internet and lets you stream shows and movies, Apple TV boxes aren't totally incapable of tracking you. But they're still the best recommendation for streaming users seeking hardware with more privacy and fewer ads.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

The bug has been tagged with the CVE number CVE-2025-5054 and has a CVSS score of 4.7 (MEDIUM). This bug is inherently harder to exploit because it requires local access to the victim’s computer. Furthermore, Qualys, which discovered the fault, showed off a demo where it was able to leak hashed user passwords. While this isn’t great, the real-world impact is limited.

How the vulnerability works

Qualys found that when apport analyzes application crashes, it has a look if the process was running inside a container before performing consistency checks on it. If an attacker can manage to crash a program within a privileged process and quickly replaces it with the same process ID and residing in both a mount and PID namespace, they can get apport to forward the core dump to them via the namespace. The core dump may contain sensitive information from the privileged process.

Aside from the attacker only being able to perform this locally, they must also have significant permissions to carry out the attack, limiting the damage that the issue can cause.

What to do about it

Thankfully, Canonical’s security team has already published updates for apport to fix this issue on all affected Ubuntu releases, including Ubuntu Desktop and Ubuntu Server. If you have unattended upgrades switched on, you may already be patched, but if you’re not sure, just check for and apply the latest updates with this command:

sudo apt update && sudo apt upgrade

If you can’t apply all available updates for whatever reason, then you can run these commands to just update apport:

Ubuntu 20.04 and newer:

sudo apt update && sudo apt install --only-upgrade apport python3-apport

Ubuntu 16.04 and Ubuntu 18.04:

sudo apt update && sudo apt install --only-upgrade apport python3-apport python-apport

Do you need to rush to install this update?

Given the limited impact of this vulnerability, you’re likely to be fine if you don’t patch right away. With that said, it only takes a couple of minutes to perform the update and it’s good for peace of mind. You may also have more critical updates ready to install to that you haven’t noticed so updating promptly is recommended to catch those too.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

Problem was, in its hurry to get the AI feature out in the open, Microsoft forgot security. It turned out, that Recall was set to run by default, that the database that Recall used was not all that well protected. Additionally, despite Microsoft reassuring that Recall would not capture sensitive data, it turned out that it did (and still does).

Third-party developers of security software have started to introduce anti-screenshot functionality into their apps. The latest to introduce such a feature are the developers of VeraCrypt, an open source encryption software.

VeraCrypt 1.26.24, released on May 30th, 2025, introduces several changes and improvements. One of them is the new protection against screenshots and screen recordings on Windows.

Any attempt to capture the VeryCrypt program window after installation of the update hides the program window on the desktop. I have tested this with several screen capturing options, including my favorite tool PicPick, the Snipping Tool, pressing the Print-key, and several more.

This is the new default behavior. Windows users who do not want this may turn it off again. I had to turn the feature off to screenshot the new option in the VeryCrypt settings. Most users may want to keep it turned on, as it may also protect against malware running on the system that is designed to take screenshots.

Here is how you disable the screenshot protection in VeraCrypt:

1. Open the main VeraCrypt interface on the Windows system.
2. Go to Settings > Performance / Driver configuration.
3. Uncheck "Disable protection against screenshots and screen recording".
4. Restart the PC.

A restart is required to complete the process. Similarly, if you want to turn on the protection again, you need to restart the PC after checking the box in the settings to complete the process.

The default behavior, the blocking of screenshots and screen recordings, can be changed with installation parameters. Just run the installer with the parameter DISABLESCREENPROTECTION=1 to disable the security feature.

Closing Words

The new screen protection feature is a welcome addition to VeraCrypt. Most users are not affected by the change, at least not negatively. Those who are can turn off the security feature at any time to restore the old status quo.

Now You: what is your take on apps implementing screenshot protections? Good security feature or something that you do not find useful? Feel free to leave a comment down below.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend  

To prepare users for the end of auto-filling, the app, according to Bleeping Computer, is now showing warnings and explaining how to turn on autofill in Microsoft Edge.

These changes to Microsoft Authenticator are set to affect millions of users around the world. On the Google Play Store, the app has over 100 million downloads and 2.1 million reviews, while on the Apple App Store, it has over 505,000 ratings. In just a few days, according to the plan, no new passwords will be savable in Microsoft Authenticator, making it almost useless as a password manager.

Microsoft’s move to force users over the Edge password manager makes sense and gets it inline with other companies like Google and Mozilla, which offer password managers baked into their browsers. The password manager in Edge also complements Edge’s other security features such as SmartScreen, Password Monitor, and InPrivate search.

Microsoft Authenticator password manager users have a choice to make regarding their passwords. If you're invested in the Microsoft ecosystem and are fine using Microsoft Edge, pressing the “Turn on Edge” button in the Authenticator app notification is the best choice. If this isn’t for you, then head to the Authenticator settings and export your passwords to a CSV file and then import them into your choice browser.

It’s important to note that this change only affects the password manager component of Microsoft Authenticator, not the whole app. You will still be able to use the app for your one-time passwords. Cynics says this is yet another move by Microsoft to foist its Edge browser onto users.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

Discord is further distancing itself from its ad-free beginnings by offering users a new virtual currency for clicking on in-platform advertisements.

Acoording to a blog post this week by Peter Sellis, Discord’s SVP of product, a “small group” of Discord users around the globe can now earn "Orbs" through Play Quests, which Discord announced in March 2024 and let users earn in-game rewards by getting people to watch a stream of them playing a sponsored game. With enough Orbs, Discord users can purchase items in Discord's shop, including customization options for their profiles and credits for Nitro, a subscription add-on that offers features like 500MB uploads and HD resolution streaming.

The goal is to fuel Discord’s advertising business by making clicking on ads more appealing. Advertisers also benefit by associating their ads with the ability to get desirable rewards.

“This means that users will have the flexibility to use Orbs on many different rewards, making Quests even more relevant,” Sellis wrote. "This is particularly great for users who want to try Nitro without a current subscription."

Sellis said that Orbs will be available to “many more” Discord users “soon” but didn’t specify when.

“We will continue to add new ways for users to claim rewards using Orbs in the future and for Nitro subscribers to continue to receive better rewards and deals across our ecosystem,” Sellis wrote.

Sellis also announced that Discord is working with brand measurement firm Kantar to help advertisers track ad success. With Kantar technology, advertisers can measure things like “awareness, recall, and intent,” Sellis said. The partnership further underscores Discord's growing reliance on advertising revenue.

“Our partnership with Discord is helping marketers better understand Discord as an advertising platform for new generations,” Nicole Jones, Kantar’s chief commercial lead, said on Discord’s blog.

Rethinking ads

Discord also announced this week that it will soon sell Play Quests to more advertisers. The announcement follows the company's introduction of video ads to the Discord mobile app in June. Video Quests, as they’re called, allow advertisers to show trailers, announcements, and other types of content.

Overall, Discord’s new ad-friendly approach to business is very different than its previous strategy, which kept Discord ad-free from its 2015 launch until last year. Because the company is expected to go public soon, its leaders have determined that it’s no longer sufficient to rely completely on premium add-ons and subscriptions. Discord isn’t profitable, forcing the firm to reconsider its use of ads, which cofounder and CEO Jason Citron felt were too intrusive as recently as 2021.

Currently, Discord’s ads are limited to clickable sidebars within the platform and offer direct benefits to users. Introducing ads can be a slippery slope, though, especially for social media companies that prioritize ad revenue to please investors. On the other hand, another social media company, Reddit, has seen success by boosting its ad business. Reddit went public in March 2024 and became profitable in October 2024 after reporting a 60 percent year-over-year increase in ad revenue. Reddit has hinted at plans to introduce new and more types of ads, and we can expect Discord to consider the same after its IPO, which a March Bloomberg report suggested could happen as soon as this year.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

The campaign was discovered by GreyNoise security researchers in mid-March 2025, who reports that it carries the hallmarks of a nation-state threat actor, though no concrete attributions were made.

The threat monitoring firm reports that the attacks combine brute-forcing login credentials, bypassing authentication, and exploiting older vulnerabilities to compromise ASUS routers, including the RT-AC3100, RT-AC3200, and RT-AX55 models.

Specifically, the attackers exploit an old command injection flaw tracked as CVE-2023-39780 to add their own SSH public key and enable the SSH daemon to listen on the non-standard TCP port 53282. This modifications allow the threat actors to retain backdoor access to the device even between reboots and firmware updates.

"Because this key is added using the official ASUS features, this config change is persisted across firmware upgrades," explains another related report by GreyNoise.

"If you've been exploited previously, upgrading your firmware will NOT remove the SSH backdoor."

The attack is particularly stealthy, involving no malware, while the attackers also turn off logging and Trend Micro's AiProtection to evade detection.

Characteristically, GreyNoise reports logging just 30 malicious requests associated with this campaign over the past three months, though 9,000 ASUS routers have been infected.

Still, three of those requests were enough to trigger GreyNoise's AI-powered analysis tool that flagged them for human inspection.

The campaign likely overlaps with the activity Sekoia tracks as "Vicious Trap," disclosed last week, though the French cybersecurity firm reported that threat actors leveraged CVE-2021-32030 to breach ASUS routers.

In the campaign seen by Sekoia, the threat actors were observed targeting SOHO routers, SSL VPNs, DVRs, and BMC controllers from D-Link, Linksys, QNAP, and Araknis Networks. 

The exact operational goal of AyySSHush remains unclear, as there are no signs of distributed denial of service (DDoS) or using the devices to proxy malicious traffic through the ASUS routers.

However, in the router breaches observed by Sekoia, a malicious script was downloaded and executed to redirect network traffic from the compromised system to third-party devices controlled by the attacker.

Currently, it appears the campaign quietly builds a network of backdoored routers to create the groundwork for a future botnet.

Protect your ASUS routers

ASUS has released security updates that address CVE-2023-39780 for the impacted routers, though the exact time of availability varies per model.

Users are recommended to upgrade their firmware as soon as possible and look for suspicious files and the addition of the attacker's SSH key (IoCs here) on the 'authorized_keys' file.

Also, GreyNoise lists four IP addresses associated with this activity, which should be added to a block list.

101.99.91[.]151
101.99.94[.]173 
79.141.163[.]179   
111.90.146[.]237

If a compromise is suspected, a factory reset is recommended to clean the router beyond doubt and then reconfigure it from scratch using a strong password.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

Headquartered in Natick, Massachusetts, and founded in 1984, MathWorks now has over 6,500 employees in 34 offices worldwide. MathWorks develops the MATLAB numeric computing platform and the Simulink simulation, which are used by over 100,000 organizations and over 5 million customers.

"MathWorks experienced a ransomware attack. We have notified federal law enforcement of this matter. The attack affected our IT systems," the company disclosed in an incident report published on its official status page.

"Some of our online applications used by customers became unavailable, and certain internal systems used by staff became unavailable, beginning on Sunday, May 18."

While ongoing outages resulting from this incident still affect many of its online services, including the cloud center, file exchange, license center, and MathWorks store, the company has since brought some back online.

For instance, after multiple days of signing issues preventing users from accessing their accounts, MathWorks restored multi-factor authentication (MFA) and account SSO (Single Sign On) on May 21st.

Despite this, since Friday, some customers have continued experiencing issues preventing them from creating new accounts, while others who haven't signed in since 11 October 2024 haven't been able to log in at all.

MathWorks has yet to reveal additional information regarding this incident, including the name of the ransomware operation behind the attack and whether any customer data was stolen during the breach.

Even though the company tagged this incident as a ransomware attack, no ransomware gang has claimed the breach, suggesting that MathWorks has either paid the ransom demanded by the attackers or is still negotiating.

A MathWorks spokesperson was not immediately available for comment when contacted by BleepingComputer.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

"adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the company said on Friday.

"We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts."

Adidas added that the stolen information did not include the affected customers' payment-related information or passwords, as the threat actors behind the breach only gained access to contact.

The company has also notified the relevant authorities regarding this security incident and will alert those affected by the data breach.

"adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law," it added.

"We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident."

Adidas has yet to reveal further details regarding this incident, including the name of the impacted service provider, when the incident was detected, how many individuals were affected, and if its own network was compromised during the attack.

When BleepingComputer reached out to Adidas with questions about the incident, a spokesperson said the company had "no further update" and "the statement from Friday is still valid."

Earlier this month, Adidas disclosed data breaches impacting customers in Turkey and South Korea who contacted the company's customer service center in 2024 or earlier. The stolen information in these breaches includes names, email addresses, phone numbers, birthdates, and addresses.

In June 2018, Adidas disclosed another breach after unknown attackers stole contact information, usernames, and encrypted passwords of "a few million" shoppers who used the sportswear company's U.S. website.

Update May 27, 11:18 EDT: Added Adidas statement.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

The data was not encrypted in any form and stored publicly, which meant that anyone with knowledge of its existence could download the data.

The sheer size of the database, more than 47 gigabytes of data, makes it one of the largest leaks in recent history. In early 2024, a 70 million records password dump was discovered.

A preliminary sampling of the data unveiled emails, usernames, passwords, and also links to login or authorization pages. Fowler found login information and passwords for a wide range of services in the dump. Notable products and services include Facebook, Instagram, Snapchat, Microsoft products, Google, Discord, and NHS.

Fowler discovered the database in early May 2025 and reported it to the web hosting company, which blocked public access shortly after to prevent further spreading of the data. He wrote to several of the email accounts found in the database to verify the authenticity of the data and was able to confirm it based on the replies that he received.

The security researcher suspects that it could be an infostealer's dump. Infostealer malware is designed to copy sensitive information, including passwords, cookies, recovery keys, credit card numbers, on infected systems.

The potential risks

Cybercriminals may use exposed credentials and other sensitive data for various attacks or gains:

• Credential stuffing: this refers to trying found username and password combinations on popular sites. Many Internet users use the same username and passwords on sites. Gain access to one, gain potential access to all.
• Account takeovers: changing the password of the account may block the original owner from signing in, especially if identification information, such as linked email addresses or phone numbers, are also changed.
• Corporate / government espionage: gain access to corporate or government networks through the accounts of employees.
• Phishing and social engineering: attacks may be run against emails or mobile phone numbers found in the dump.

How to protect your accounts

The database is no longer available online and it has not been integrated into a tool like Have I Been Pwned yet. Users may improve the security of their online accounts as a precautionary measure.

Here are our suggestions:

• Make sure that each online account uses a secure, unique password. Avoid dictionary words and names in passwords and combine numbers, upper- and lower-case letters, and special characters. Password managers are your friend.
• Enable two-factor authentication, especially for high-value accounts, e.g., PayPal, your email account, bank accounts and so on.
• Alternative: passkeys or security keys for extra security.
• Protect sensitive data, e.g. financial documents, tax information, medical documents, private photos and videos. Encryption is key.
• Don't store sensitive information in email accounts or online.
• Use good antivirus and keep it up to date to protect against the bulk of threats online.

Now you: have any tips on staying secure online? Feel free to share them with everyone in the comment section below.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

At the Google Marketing Live event last week, Google confirmed it has started rolling out ads to AI mode and AI Overviews in the US, which create new "opportunities for customers."

While I haven't seen ads in AI Overviews, some users spotted them last week, and these ads appear below the AI Overviews, followed by the traditional blue links.

In a support document spotted by SER, Google described ads in AI search results as a new way to find information on the web.

SEO consultant Gagan Ghotra pointed out an interesting excerpt in the document that claims users find ads in these AI search results helpful.

"Google internal data shows that people have been finding the ads within AI Overviews helpful because they can quickly connect with relevant businesses, products, and services to take the next step at the exact moment they need them," the company wrote in the document.

Google won't share the numbers or methodology of its "internal data," but it wants you to believe that ads are helpful, especially in AI search results.

Ads aren't necessarily bad, but they're certainly not helpful when they mislead users or appear above the actual content and disrupt the flow.

Google reported $72.5 billion in advertising revenue in its last quarterly report, and it's expected to increase as ads expand beyond the blue links.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

Once implemented, Ubuntu will use chrony instead of systemd-timesyncd. The trouble with systemd-timesyncd is that it uses the Network Time Protocol (NTP), instead of the improved Network Time Security (NTS). While NTP is good at keeping time, it doesn’t authenticate the time source; this could lead to your system getting the wrong time from a malicious server, which could mess with security checks when visiting a secure website.

Getting a little bit technical, NTP uses port 123/UDP to send and receive data. UDP (User Datagram Protocol) is capable of sending data quickly but it doesn’t guarantee delivery or order. If data is lost, it doesn’t matter since updates are frequent.

With NTS, before the time is fetched, your computer starts by performing a secure handshake with the NTS server, similar to how websites using HTTPS establish a secure connection. NTS does this handshake over a different port, 4460/TCP. TCP, or Transmission Control Protocol, is more reliable for sending data as it ensures all data arrives in the correct order.

Once the connection is established, then the time synchronization happens over the NTP port, but each time, it’s cryptographically signed meaning the time information is authentic and hasn’t been altered.

The switch to chrony will take place on June 5, according to the current schedule. So, if you decide to try the daily image of Ubuntu 25.10 after this date, you should be running Ubuntu with chrony fetching the time securely.

Source: Ubuntu Mailing List

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records—including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments—underscores the risks of recklessly compiling sensitive information in a repository that could become a single point of failure.

In early May, longtime data-breach hunter and security researcher Jeremiah Fowler discovered an exposed Elastic database containing 184,162,718 records across more than 47 GB of data. Typically, Fowler says, he is able to gather clues about who controls an exposed database from its contents—details about the organization, data related to its customers or employees, or other indicators that suggest why the data is being collected. This database, however, didn’t include any clues about who owns the data or where it may have been gathered from.

The sheer range and massive scope of the login details, which include accounts connected to a large array of digital services, indicate that the data is some sort of compilation, possibly kept by researchers investigating a data breach or other cybercriminal activity or owned directly by attackers and stolen by infostealer malware.

“This is probably one of the weirdest ones I’ve found in many years,” Fowler says. “As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal’s dream working list.”

Each record included an ID tag for the type of account, a URL for each website or service, and then usernames and plaintext passwords. Fowler notes that the password field was called “Senha,” the Portuguese word for password.

In a sample of 10,000 records analyzed by Fowler, there were 479 Facebook accounts, 475 Google accounts, 240 Instagram accounts, 227 Roblox accounts, 209 Discord accounts, and more than 100 each of Microsoft, Netflix, and PayPal accounts. That sample—just a tiny fraction of the total exposure—also included Amazon, Apple, Nintendo, Snapchat, Spotify, Twitter, WordPress, and Yahoo logins, among many others. A keyword search of the sample by Fowler returned 187 instances of the word “bank” and 57 of “wallet.”

Fowler, who did not download the data, says he contacted a sample of the exposed email addresses and heard back from some that they were genuine accounts.

Aside from individuals, the exposed data also presented potential national security risks, Fowler says. In the 10,000 sample records there were 220 email addresses with .gov domains. These were linked to at least 29 countries, including the United States, Australia, Canada, China, India, Israel, New Zealand, Saudi Arabia, and the United Kingdom.

While Fowler could not identify who had put the database together or where the login details originally came from, he reported the data exposure to World Host Group, the hosting company it was linked to. Access to the database was quickly shut down, Fowler says, although World Host Group did not respond to the researcher until after it was contacted by WIRED.

Seb de Lemos, CEO of World Host Group, tells WIRED in a statement that the company operates systems for more than 2 million websites. The database Fowler found, though, is “an unmanaged server” hosted on World Host Group’s infrastructure and fully controlled by a customer.

“It appears a fraudulent user signed up and uploaded illegal content to their server,” de Lemos wrote in the statement. “The system has since been shut down. Our legal team is reviewing any information we have that might be relevant for law enforcement.”

De Lemos says that the company is in touch with Fowler and has made improvements to its reporting system. “Whilst we cannot share customer-specific details with WIRED, we will fully cooperate with the appropriate law enforcement authorities and, where appropriate, share all relevant customer data with them.”

Though the database has now been secured—and ultimately taken down entirely—it is not clear whether anyone other than Fowler accessed the trove while it was still live. As with any exposed database, the concern is that sensitive data could be stolen and abused. And in this case, there is a particularly urgent risk of logins being exploited in fraud, to steal additional information, or even to breach other organizations.

Fowler says that while he does not know for certain, he suspects that the data was compiled by attackers using an infostealer.

“It is highly possible that this was a cybercriminal,” he says. “It’s the only thing that makes sense, because I can’t think of any other way you would get that many logins and passwords from so many services all around the world.”

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

National authorities in Europe, South America, Asia, and the United States have also seized over €184 million ($207M) in cash and cryptocurrency, more than 2 tonnes of drugs (including amphetamines, cocaine, ketamine, opioids, and cannabis), and over 180 firearms.

"A global law enforcement operation coordinated by Europol has struck a major blow to the criminal underground, with 270 arrests of dark web vendors and buyers across ten countries," Europol said on Thursday.

"Known as Operation RapTor, this international sweep has dismantled networks trafficking in drugs, weapons, and counterfeit goods, sending a clear signal to criminals hiding behind the illusion of anonymity."

Law enforcement identified the suspects (many linked to thousands of sales on illicit platforms) using intelligence collected after the takedowns of multiple dark web marketplaces, including Nemesis, Tor2Door, Bohemia, and Kingdom Market.

Most of the arrested suspects were apprehended in the United States (130), Germany (42), the United Kingdom (37), France (29), and South Korea (19), while 13 others were detained in the Netherlands, Austria, Brazil, Spain, and Switzerland.

"Operation RapTor shows that the dark web is not beyond the reach of law enforcement," added Edvardas Šileris, the Head of Europol’s European Cybercrime Centre.

"Through close cooperation and intelligence sharing, officers across four continents identified and arrested suspects, sending a clear message to those who think they can hide in the shadows. Europol will continue working with our partners to make the internet safer for everyone."

The U.S. Department of Justice's Joint Criminal Opioid and Darknet Enforcement (JCODE) team and Europol's European Cybercrime Centre (EC3) are still analyzing evidence collected in previous operations to trace and apprehend other suspects linked to dark web crime.

This joint action follows Operation SpecTor in 2023, which led to the arrest of 288 other dark web vendors and buyers and the seizure of €50.8 million ($55.9M) in cash and cryptocurrency.

In 2020, another international sting dubbed "DisrupTor" targeted dark web vendors and led to 179 arrests, while Operation Dark HunTOR resulted in busting 150 more high-volume darknet vendors.

In April 2022, German police and U.S. authorities shut down Hydra, the world's largest dark web marketplace dedicated to selling drugs and money laundering, with over 19,000 seller accounts that were serving more than 17 million customers worldwide.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

We are already used to seeing ads and commercials in services like YouTube, Gmail, and Search. At I/O 2025, the search giant announced it is starting to test ads in AI Mode, its generative AI experience inside Google Search that offers detailed answers to queries in a conversational-style interface. The company said in a blog post that ads may appear below and integrated into AI Mode responses where they are relevant.

Someone using AI Mode to search “how to build a website for a small business with limited resources” will see a detailed answer that includes a step-by-step guide on choosing a product, connecting with their audience, testing, and launching. In this case, Google may insert an advertisement for a related product, such as a website builder.

AI Mode has started rolling out to everyone in the US, powered by a custom version of Gemini 2.5. In the coming weeks and months, the generative AI experience will receive a platter of new features.

Google Ads have been available for AI Overviews since last year, and shopping-related ads show up in Google Lens when it's used to identify products. Revealing some stats during Google I/O 2025 keynote, CEO Sundar Pichai said that AI Overviews now has over 1.5 billion monthly users. In top-performing markets like the US and India, Google usage has increased 10% for queries that show AI Overviews.

According to its internal data from January 2025, the company saw "the volume of commercial queries is increasing," which can lead to "more opportunities for advertisers as people turn to Search to discover new brands and products." It announced that Search and Shopping ads in AI Overviews are now expanding to desktop users in the US. Google will bring ads in AI Overviews (English) to some countries on mobile and desktop.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

Microsoft says that Lumma stealer, also called LummaC2, is a malware-as-a-service (MaaS) developed by Storm-2477. Lumma has been used by cybercriminals as a tool to steal sensitive information from apps like browsers, cryptocurrency wallets, and other places.

The tech giant has explained how Lumma has been distributed via various malicious campaigns including phishing emails, malvertising (fake ads for spreading malware), drive-by downloads on compromised websites, trojanized apps, and misleading fake CAPTCHAs, among others.

In the case of malverts, for example, Microsoft points out that fake “Notepad++ download” or “Chrome update" were used to trick victims. To avoid such traps, users are advised to ensure they only download from official websites. If you are not sure, you can also head over to Neowin software stories pages, where we share authentic official links for Notepad++, Mozilla's Firefox, Google Chrome (offline installer), and more apps.

However, the danger does not end there. Even if you managed to obtain the browser from a secure source, Lumma may still affect you, as it can end up in your system in other ways, as Microsoft noted. After a successful infection, Lumma can steal from Chromium-based browsers like Chrome or Edge, or Gecko-based Firefox.

Microsoft has explained the infection capabilities of Lumma:

• Browser credentials and cookies: Lumma Stealer extracts saved passwords, session cookies, and autofill data from Chromium (including Edge), Mozilla, and Gecko-based browsers.
• Cryptocurrency wallets and extensions: Lumma Stealer actively searches for wallet files, browser extensions, and local keys associated with wallets like MetaMask, Electrum, and Exodus.
• Various applications: Lumma Stealer targets data from various virtual private networks (VPNs) (.ovpn), email clients, FTP clients, and Telegram applications.
• User documents: Lumma Stealer harvests files found on the user profiles and other common directories, especially those with .pdf, .docx, or .rtf extensions.
• System metadata: Lumma Stealer collects host telemetry such as CPU information, OS version, system locale, and installed applications for tailoring future exploits or profiling victims.

In the heat map below, Microsoft shows how far-reaching Lumma's effect has been. As you can see, Europe, eastern USA, and many parts of India show the most activity:

All is not bad, though, as Microsoft ended its blog post on a positive note. The company has confirmed that its Defender antivirus is now capable of detecting LummaC2. It will be flagged under the following Trojans or suspicious behaviour:

• Behavior:Win32/LuammaStealer
• Trojan:JS/LummaStealer
• Trojan:MSIL/LummaStealer
• Trojan:Win32/LummaStealer
• Trojan:Win64/LummaStealer
• TrojanDropper:Win32/LummaStealer
• Trojan:PowerShell/Powdow
• Trojan:Win64/Shaolaod
• Behavior:Win64/Shaolaod
• Behavior:Win32/MaleficAms
• Behavior:Win32/ClickFix
• Behavior:Win32/SuspClickFix
• Trojan:Win32/ClickFix
• Trojan:Script/ClickFix
• Behavior:Win32/RegRunMRU
• Trojan:HTML/FakeCaptcha
• Trojan:Script/SuspDown

The same is true for Defender for Office 365 and Defender for Endpoint. You can find technical details regarding Lumma in the official blog post here and the announcement here.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

In a Wednesday filing with the London Stock Exchange, the company cited losses related to recovery efforts, systems downtime, and significant sales disruptions.

While the full scope of the breach is still under investigation, M&S has confirmed that online retail systems are still disabled and expects the disruptions to last at least until July.

"Since the incident, Food sales have been impacted by reduced availability, although this is already improving. We have also incurred additional waste and logistics costs, due to the need to operate manual processes, impacting profit in the first quarter," the company revealed.

"In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient. We expect online disruption to continue throughout June and into July as we restart, then ramp up operations. This will also mean increased stock management costs in the second quarter," it added.

"Our current estimate before mitigation is an impact on Group operating profit of around £300m for 2025/26, which will be reduced through management of costs, insurance and other trading actions."

Scattered Spider targeting retail chains

BleepingComputer first reported that M&S was breached in an April ransomware attack where threat actors used a DragonForce encryptor to encrypt virtual machines on VMware ESXi hosts, leading to a significant impact on business operations on the retailer's 1,400 stores and forcing it to stop accepting online orders.

The attack was linked to the Scattered Spider, a collective of cybercriminals known for breaching high-profile organizations worldwide, and M&S later confirmed that the attackers stole customer data before encrypting the company's servers.

Since then, the same threat actors have been linked to two other attacks against British retail chains, with all three attacks being claimed by the DragonForce ransomware operation.

Co-op experienced another cyber incident and confirmed that the attackers stole data from many current and former members, while Harrods disclosed that it was forced to restrict internet access to sites after attackers tried to infiltrate its network.

The UK National Cyber Security Centre (NCSC) has also published guidance to help UK organizations strengthen their cybersecurity defenses since Scattered Spider began targeting UK retailers in April and has also cautioned that this wave of cyberattacks should be seen as a "wake-up call", given that any of them could become the next target.

Last week, Google warned that Scattered Spider threat actors are now also targeting retailers in the United States.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

In data breach notifications filed with the Office of Maine's Attorney General, Coinbase said, "a small number of individuals, performing services for Coinbase at our overseas retail support locations, improperly accessed customer information."

While the exposed data did not include the impacted people's passwords, seed phrases, private keys, or other information that could be used to access their funds or accounts, it did include a combination of personal identifiers such as name, date of birth, last four digits of social security numbers, masked bank account numbers and some bank account identifiers, addresses, phone number, and email address.

Depending on the affected customer, the stolen information can also contain images of government identification information (e.g., driver's license number, passport number, national identity card number) and account information (including transaction history, balance, transfers, account opening date).

"Attackers seek out this information because they want to conduct social engineering attacks, using this information to appear credible to try and convince victims to move their funds," Coinbase warned.

The disclosure comes after many have voiced their concern that this incident could lead to serious consequences, including physical harm, after cybercriminals gain access to the account balances and addresses of impacted Coinbase customers affected by this data breach.

Losses could reach up to $400 million

On Thursday, Coinbase disclosed the data breach in a filing with the U.S. Securities and Exchange Commission that the threat actors behind this attack obtained customer data of up to 1% of Coinbase's customer base with the help of support staff or contractors outside the United States.

The attackers also sent an email on May 11 attempting to extort a $20 million ransom payment in exchange for not releasing the stolen information online. However, the crypto exchange said it would not pay the ransom but would establish a $20 million reward fund for tips that could help find the attackers who coordinated this attack and bring them to justice.

While Coinbase is still assessing the breach's financial impact and the number of customers who were tricked into sending funds to the attackers in follow-up social engineering attacks is still unknown, the company said the resulting expenses will likely be "within the range of approximately $180 million to $400 million" for remediation and customer refunds.

"Coinbase will voluntarily reimburse retail customers who mistakenly sent funds to the scammer as a direct result of this incident prior to the date of this post, following a review to confirm the facts," the company said.

Coinbase advises customers to be cautious of scammers impersonating their employees, who may try to obtain funds or sensitive information like passwords or 2FA codes. If approached, hang up, as Coinbase will never ask for account details over the phone. To further boost security and defend against such attacks, activate withdrawal allow-listing and enable two-factor authentication.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

Google is going to let Chrome’s password manager automatically change your password when it detects one that is weak, the company announced at its Google I/O conference.

“When Chrome detects a compromised password during sign-in, Google Password Manager prompts the user with an option to fix it automatically,” according to a blog post. “On supported websites, Chrome can generate a strong replacement and update the password for the user automatically.”

Google is announcing the feature at Google I/O so that developers can start to prepare their websites and apps for the change ahead of when it launches later this year.

Chrome’s password manager can already tell you if you have an unsafe password. “But if we tell you your password is weak, it’s really annoying to actually have to change your password,” Parisa Tabriz, VP and GM of Chrome, said in a briefing ahead of the event. “And we know that if something is annoying, people are not going to actually do it. So we see automatic password change as a win for safety, as well as usability. Overall, that’s a win-win for users.”

I asked if Chrome might automatically change passwords on a regular basis so they’re never outdated, but Tabriz says that Chrome won’t change a bad or compromised password without user consent. “We’re very much focused on keeping the user in control of changing their password.”

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend  

Speaking of economics, Microsoft adds that the Web content filtering feature, which is now hitting public preview, comes at "no additional cost to schools and small businesses that standardize on Edge for Business exclusively.” That is because WCF will come bundled with Microsoft 365 or Office 365 A1/A3/A5 Education and Business Premium licenses and will work on Windows 11 as well as on Windows 10.

The new tool promises to provide a simple method for administrators to control online content. Microsoft has explained how it works: “Web content filtering on Edge for Business is simple. Admins can block millions of inappropriate sites just by selecting categories and the block list updates daily.”

Admins can configure WCF policies via Intune in the Edge management service within the Microsoft 365 admin center portal. As noted by the tech giant, “Configuration is done in the Edge management service in the Microsoft 365 admin center, making the UI simple and deployment quick. Filtering even works when the device is off the organization’s network and includes smart defaults designed for schools, such as age-appropriate content. Clear reporting is available through Power BI.”

Microsoft's website has detailed support documentation regarding Web Content Filtering and how to set it up. The announcement can be found here on the official blog post on Microsoft's site.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend