Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
With this update, Gmail users with client-side encryption can send E2EE emails to people using other providers, like Outlook. The recipient will receive a notice about the encrypted message, and can view it using a guest Gmail account.
This feature is only available to Google Workspace subscribers with an Enterprise Plus plan.
Despite families of hostages protesting against previously announced plans to broadcast the audio from speakers pointed at Gaza, Israeli Prime Minister Benjamin Netanyahu said his speech was also pushed to cellphones. We haven’t found any reports about how it would’ve worked, or that it was seen as he said:
Ladies and gentlemen, thanks to special efforts by Israeli intelligence, my words are now also being carried. They’re streamed live through the cell phones of Gaza.
Conor Brian Fitzpatrick, aka PomPompurin, is linked to crimes including the 2021 breach that sent out fake cybersecurity warning emails from the FBI. After pleading guilty to one count of access device conspiracy, one count of access device solicitation, and one count of possession of child sexual abuse material, he was originally sentenced to 20 years of supervised release.
[Department of Justice]
Six of the major AI chatbots - Grok, ChatGPT, Meta AI, Claude, DeepSeek, and Gemini - effectively guided a team of Reuters reporters through the steps of simulating a phishing scam, down to describing a good time to send a message intended to trick older adults into clicking on a fraudulent link.
In a blog post, Google addresses several recent reports that incorrectly state it sent out a widespread security notification about Gmail, calling them “entirely false:”
Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual.
During the Cheeky Pint podcast, Coinbase CEO Brian Armstrong said the new safeguard comes in response to the wave of North Korean hackers who are snapping up remote IT jobs around the US, allowing them to obtain sensitive company information and funnel paychecks to the North Korean regime.
A vulnerability (CVE-2025-43300) stemming from Apple’s image processing framework, “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” according to Apple.
Apple has rolled out a patch for iOS 18.6.2, iPadOS 18.6.2, macOS Sequoia 15.6.1, and other OS versions listed here.
[BleepingComputer]
This is just a fun little series of Mastodon posts about a security breach at a “highly secure” data center... by a female mallard.
Politico reports that the courts’ case filing system was accessed. The breach was discovered last month, but its full extent is still unknown — one fear is that hackers may have accessed the identities of confidential informants, while a source told Politico that court dockets may have been tampered with.
[politico.com]
After 404 Media reported that an app meant to help women exchange dating information for safety purposes was breached, TechCrunch reports that a rival app targeted at men has been exposing users’ personal data including government IDs. “The security lapse will likely affect any user who signed up or shared identity documents with the app,” TechCrunch writes about TeaOnHer, adding that the app has about 53,000 users.
This Wired article shows how an indirect prompt injection attack against a Gemini-powered AI assistant could cause the bot to curse in responses and take over smart home controls by turning on the heat unexpectedly or opening blinds in response to saying “thanks.”
In a report dubbed “Invitation is all you need” (Sound familiar?), their Google Calendar invite passed instructions to the AI bot that were triggered by asking for a summary. Google was informed of the vulnerabilities they found in February and said it has already introduced “multiple fixes.”
If you also use 1Password and have an Android device, you may have also been dealing with autofill problems lately. However, updating to version 8.11.4 or higher and following the instructions to make sure Chrome is set to use third-party autofill seems to have worked on my phone to make the app more reliable again.
According to 1Password, the need to update its app and an uneven update rollout from Google caused a gap as Chrome switched from the old compatibility mode approach to the new native autofill experience.
[1password.community]
As well as class schedules, scholarship disbursements, and student loan information. Neat! At least Bloomberg finally got around to telling its audience that the alleged hacker’s X account “includes a racist handle and racist remarks.” I wonder what a Nazi can accomplish with all this sensitive information? I guess we’ll find out.
Microsoft is announcing Project Ire today, an autonomous AI agent that can analyze and classify malware without assistance. Developed by Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum, Project Ire is the first agent at Microsoft to independently author a conviction case “strong enough to justify automatic blocking” of an APT malware sample.
[microsoft.com]
Microsoft’s hacking event, Zero Day Quest, is back and accepting nominations today until October 4th. This year there is up to $5 million in bounty awards, up $1 million on last year’s figure. Microsoft is even offering multiplied bounty awards for the most critical issues in products like Azure, Copilot, and Microsoft 365. Security researchers will also get a chance to qualify for a live hacking event at Microsoft’s headquarters in spring 2026.
