Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
Home security company ADT has acquired Origin Wireless, which can use Wi-Fi signals to detect where people and objects are. An appropriately named commenter recognizes there might be some cause for concern.
PerpetuallySkeptical:
I’m sure that paying a company to see exactly where I am in my house at all times won’t be used against me in the future.
Get the day’s best comment and more in my free newsletter, The Verge Daily.
Lockdown Mode is “not necessary” for most people and “tightly constrains how ChatGPT can interact with external systems to reduce the risk of prompt injection–based data exfiltration,” according to OpenAI.
Yes, Wyze has had its own issues, but this video is pretty funny.
Researchers raised alarms when over 400 malicious skills were uploaded to ClawHub and GitHub in just one week. That prompted an outcry, so OpenClaw partnered with VirusTotal to scan third-party skills. The company acknowledges it’s not a “silver bullet,” but it should provide at least some reassurance to concerned users.
404 Media reports that security researcher Jamieson O’Reilly found a vulnerability that allows humans to control OpenClaw’s AI agents on Moltbook — the network that recently went viral for hosting “discussions” between supposed AI bots.
Wiz dug into the misconfiguration as well, uncovering 1.5 million exposed API keys and 35,000 email addresses. Moltbook has since secured the database.
Two days after Nick Benson asked for donated dashcams in order to document the behavior of federal immigration agents flooding his city, Renee Nicole Good was shot and killed by federal agent Jonathan Ross.
”It was immediately clear that ICE was lying about it,” Benson told 404 Media. Donations have jumped since then, and Benson distributes the cameras to local community organizers and whoever wants them.
The company says an “unauthorized individual gained access to certain Betterment systems through social engineering” to send the message on Friday. Betterment believes the individual accessed information like “certain names, email addresses, physical addresses, phone numbers, and birthdates,” though so far, its investigation has shown that no passwords were compromised.
[Betterment]
Seems a lot of people got password reset requests from Instagram over the last few days, including several Verge staffers and members of their family. The email might look legit. It might even have that little blue checkmark in Gmail. But, it probably came from a scammer. Honestly, it’s best practice to never click links in emails anyway.
In June, Aflac disclosed a data breach involving a “sophisticated cybercrime group” that stole names, social security numbers, contact information, health data, and more from its systems. The insurance provider has now revealed just how many people are affected, adding that it is currently “not aware of any fraudulent use of personal information.”
[SecurityWeek]
On Thursday, Trust Wallet announced a “security incident” affecting version 2.68 of its Chrome extension. Binance founder Changpeng Zhao confirmed that Trust Wallet “will cover” the losses and that the team is investigating the hack.
The feature was first piloted in the UK earlier this year, and works by automatically warning users when they launch eligible financial apps while screen sharing during calls with numbers that aren’t in the device’s contact list. The warning forces a 30-second pause period that aims to “break the spell of the scammers’ social engineering,” according to Google.
An exposed dataset from the license plate surveillance company Flock, which is known to work with the US Border Patrol and ICE via local police, showed that some of the AI annotators paid to classify American license plates are located in the Philippines.
After 404 Media contacted Flock for comment, the dataset disappeared.
The infrastructure buildout will add nearly 1.3 gigawatts of capacity for AI and cost up to $50 billion, the company said. US government customers will have access to both AWS Trainium AI chips and NVIDIA chips, and Amazon said it plans to start building the data centers in 2026.
