AICitizen Is Using AI to Generate Crime Alerts With No Human Review. It’s Making a Lot of MistakesCitizen recently laid off more than a dozen unionized employees, with some sources believing the firings are related to Citizen’s increased use of AI and the shifting of some tasks to overseas workers. It also comes as New York City enters a more formal partnership with the app.We Put Agentic AI Browsers to the Test - They Clicked, They Paid, They Failed PoliticsTrump and RFK Jr. to Ban COVID-19 Vaccine ‘Within Months’The Trump administration will move to pull the COVID vaccine off the U.S. market "within months," because a British cardiologist is more influential than scientific consensus, and he claims the vaccines are more dangerous than the virus.Fourth Amendment Victory: Michigan Supreme Court Reins in Digital Device Fishing ExpeditionsWarrants authorizing searches of cell phones and other digital devices must contain express limitations on the data police can review, restricting searches to data that they can establish is clearly connected to the crime.Nancy Mace Champions Cybersecurity Reform, Puts Skills Ahead Of DegreesThe Cybersecurity Hiring Modernization Act is a bipartisan bill to eliminate unnecessary degree barriers and ensure federal agencies can hire the skilled cybersecurity professionals our country needs.Americans, Be Warned: Lessons From Reddit’s Chaotic UK Age Verification RolloutThe UK's Online Safety Act requires online platforms to check that all UK-based users are at least eighteen years old before allowing them to access broad categories of “harmful” content. This included subreddits for LGBTQ+ identity and support, global journalism and conflict reporting, and even public health-related forums like r/periods, r/stopsmoking, and r/sexualassault. Also, the for-profit vendor Reddit contracts with, Persona, is buggy. It can be fooled easily, and sometimes rejects valid users.Trump, 79, Clasps Both Hands in Desperate Bid to Cover Up BruisesIs it illegal to not buy ads on X? Experts explain the FTC’s bizarre ad fight.Former FTC commissioner Alvaro Bedoya, who joined fellow Democrats who sued Trump for ejecting them from office, flagged the probe as appearing "bizarrely" politically motivated to protect Musk.Swedish startup unveils Starlink alternative — that Musk can’t switch offThe system, named the RU1, is billed as the world’s smallest and lightest mm-Wave radio, a form of communications that offers blazing-fast speeds and huge bandwidth. RU1 can be deployed in minutes to keep units connected in fast-changing environments. The devices can be installed on tripods or drones. Multiple RU1s can then link into a resilient mesh.Phone Searches at the US Border Hit a Record HighCustoms and Border Protection agents searched nearly 15,000 devices from April through June of this year, a nearly 17 percent spike over the previous three-month high in 2022. InfosecAustralian university used Wi-Fi location data to identify student protestorsThe University used CCTV and WiFi location data to identify students who refused to leave a building when ordered to.Weaponizing image scaling against production AI systemsLLMs resize images before processing them. In this attack, a malicioous large image contains commands that only appear after downscaling the image, which the LLM then executes.When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074)There was an unprotected docker API endpoint that allows code execution on the host. This has been fixed.DOM-based Extension Clickjacking: Your Password Manager Data at RiskA single click anywhere on a attacker controlled website could allow attackers to steal users' data (credit card details, personal data, login credentials including TOTP). The products are being fixed.Detecting CVE-2025-43300: A Deep Dive into Apple's DNG Processing VulnerabilityDNG is an image format from Adobe. In this attack, a malicious image claims to contain 2 components, but only has one, leading to out-of-bounds writes. This leads to zero-click RCE, and has already been used in targeted attacks. Apple has patched this vulnerability.The Silent, Fileless Threat of VShellThis Linux attack embeds code in a filename. The code is executed when automated backup or logging routines list filenames.SpyNote Malware Part 2Deceptive websites are mimicking popular Android application install pages on the Google Play Store to lure victims into downloading AndroidOS SpyNote malware, a potent Android RAT used for surveillance, data exfiltration, and remote control.Evaluation: DOE-OIG-25-30The Department of Energy was audited for cybersecurity, finding that only 19 of 63 (30 percent) of recommendations from last year were implemented, and 79 new recommendations were made.Malware-ridden apps made it into Google's Play Store, scored 19 million downloadsMany contained an updated version of the Anatsa banking trojan, with a keylogger for password collection, SMS interception capabilities, and anti-detection tools.Google will block sideloading of unverified Android apps starting next year |