Politics
All childhood vaccines in question after first meeting of RFK Jr.’s vaccine panel
A federal vaccine panel entirely hand-selected by health secretary and anti-vaccine activist Robert F. Kennedy Jr. gathered for its first meeting Wednesday—and immediately announced that it would re-evaluate the entire childhood vaccination schedule, as well as the one for adults.
Kyle Kulinski calls his Congressional representative at 8:00
Understand the gaslighting response you'll get.
Visiting students can't hide social media accounts from Uncle Sam anymore
The US State Department last week said foreign nationals seeking to study in the US must make their social media profiles public, prompting some students to delete their social media posts. "Every visa adjudication is a national security decision," the State Department said, adding that under the new guidance, the online presence of those seeking study and exchange visas will be scrutinized.
South Korean and Indian students seeking to study in the US are scrubbing or deleting their social media accounts posts. Ironically, the State Department on May 28 said it would deny visas to foreign officials deemed to have censored social media posts of American citizens.
After a week, Trump Mobile drops claim that Trump phone is “made in the USA”
The website now says the T1 is "designed with American values in mind," that it is "brought to life right here in the USA," and that there are "American hands behind every device."
When contacted by Ars today, a Trump Mobile spokesperson said, "The T1 phones are proudly being made in America. Speculation to the contrary is simply inaccurate. We're excited to launch the phones later this year." Trump Mobile did not explain why it removed the "made in the USA" claim from its website. We also contacted the Trump organization and will update this article if we get a response.
California’s Corporate Cover-Up Act Is a Privacy Nightmare
S.B. 690, what we’re calling the Corporate Cover-Up Act, is a brazen attempt to let corporations spy on us in secret, gutting long-standing protections without a shred of accountability. It would:
- Gut California’s Invasion of Privacy Act (CIPA)—a law that protects us from being secretly recorded or monitored
- Legalize corporate wiretaps, allowing companies to intercept real-time clicks, calls, and communications
- Authorize pen registers and trap-and-trace tools, which track who you talk to, when, and how—without consent
- Let companies use all of this surveillance data for “commercial business purposes”—with zero notice and no legal consequences
Europe placates Trump with NATO pledges it can ill afford
NATO's European members have promised to more than double the amount of wealth they set aside for military spending.
FTC approves $126 million in Fortnite refunds over ‘dark patterns’
These so-called patterns included:
- Displaying confusing purchase prompts
- Promoting misleading offers
- Allowing underage account holders to make purchases without parental consent
- Charging players unintentionally by waking the game from sleep mode, during the loading screen, or while they attempted to preview an in-game items
Infosec
Scale AI exposed sensitive data about clients like Meta and xAI in public Google Docs, BI finds
Scale AI is an American company that provides data labeling and model evaluation services to develop applications for artificial intelligence.
Scale AI routinely uses public Google Docs for work with Google, Meta, and xAI.
This exposed thousands of files — some marked confidential, others exposing contractor data.
Scale AI says it's conducting a "thorough investigation."
My question is: where were compliance standards? How can such huge, important companies have no management of third-party risk?
This German startup lands €10M to turn cockroaches and other insects into AI-enabled, controllable bio-robots for high-risk zones
Founded in 2024, SWARM Biotactics is a German bio-robotics company pioneering “a new category of robotics” using controllable living insects. The company’s technology consists of cockroaches equipped with custom-built backpacks that enable control, sensing, and secure communication.
Researchers say AI hacking tools sold online were powered by Grok, Mixtral
“WormGPTs” are usually cobbled together from open-source models and other toolsets and can generate code, search for and analyze vulnerabilities, and are then marketed and sold online. But two of them appear to be just using jailbreak prompts on top of Grok and Mistral. These products dramatically demonstrate the fundamental insecurity of LLMs, which are all persistently vulnerable to prompt injection.
One of the Best Hackers in the Country is an AI Bot
Xbow's AI product topped HackerOne’s US leaderboard, finding security bugs from more than a dozen well-known companies, including Amazon, Walt Disney, PayPal, and Sony. While Xbow’s algorithm does well in finding things like common coding errors and security issues, it does poorly at realizing when a flaw results from product design logic. It also requires human supervision to filter out AI hallucinations.
Pornhub to introduce 'government approved' age checks in UK
Pornhub and a number of other major adult websites have confirmed they will introduce enhanced age checks for users from next month. Parent company Aylo says it is bringing in "government approved age assurance methods" but has not yet revealed how it will require users to prove they are over 18.
Student allegedly hacked Western Sydney University to get discounted parking and alter academic results
No technical details, but she gradually progressed from getting cheaper parking, altering academic results, and finally threatening to sell confidential student data on the dark web.
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA has confirmed that a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks. It's used by several vendors (including HPE, Asus, and ASRock) that supply equipment to cloud service providers and data centers. Exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop.
Hackers turn ScreenConnect into malware using Authenticode stuffing
ConnectWise ScreenConnect is remote monitoring and management (RMM) software. Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's Authenticode signature. This technique, called authenticode stuffing, allows for the insertion of data into a certificate table while keeping the digital signature intact.
When a ScreenConnect installer is built, it can be customized to include the remote server the client should connect to, what text is shown in the dialog boxes, and logos that should be displayed. This configuration data is saved within the file's authenticode signature.
Microsoft is moving antivirus providers out of the Windows kernel
Microsoft is ready to test Windows changes to prevent another CrowdStrike incident.
The new Windows endpoint security platform is being built in cooperation with CrowdStrike, Bitdefender, ESET, Trend Micro, and many other security vendors.
Back in black: Microsoft Blue Screen of Death is going dark
The infamous Windows Blue Screen of Death (BSOD) will be replaced later this summer by a new black screen as part of Microsoft's Windows Resiliency Initiative (WRI).
Ubuntu disables Intel GPU security mitigations, promises 20% performance boost
The change that will turn off security mitigations for blunting a class of attacks known as Spectre.
At this point, Spectre has been mitigated in the kernel. so Spectre mitigations in Compute Runtime no longer offer enough security impact to justify the current performance tradeoff.
Hack Turns Nissan Leaf Into Giant RC Car
By jamming the 2.4 GHz spectrum, the attacker can nudge the driver to open the Bluetooth connection menu on the vehicle to see why their phone isn’t connecting. If this menu is open, pairing can be completed without further user interaction.
Once the attacker gains access, they can control many vehicle functions, such as steering, braking, windshield wipers, and mirrors. It also allows remote monitoring of the vehicle through GPS and recording audio in the cabin.
Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content
In these attacks, the attacker starts with something innocuous and then progressively asks a model a series of increasingly malicious questions that ultimately trick it into producing harmful content. This attack is referred to as Crescendo.
Weak passwords banned in California from 2020
Default passwords such as "admin" and "password" will be illegal for electronics firms to use in California from 2020.
Multiple Brother Devices: Multiple Vulnerabilities (FIXED)
In total, 748 models across 5 vendors are affected. The most serious of the findings is the authentication bypass--Brother calculates the default administrator password from its serial number, which can be discovered through various means.
|