Security

Sources told Axios that the agency was among the roughly 40 organizations granted access. This, despite the Pentagon arguing that Anthropic is a threat to national security. The NSA has reportedly been using it primarily to identify vulnerabilities in its own network, but considering its track record, it’s understandable if you’re wary.

A new Wired investigation details the lengths Jim Dolan, owner of the New York Knicks and venues like MSG and the Las Vegas Sphere, goes to to spy on perceived enemies, fans, and critics. The vast surveillance apparatus includes dossiers, social media posts, and facial recognition tech.

Despite Anthropic’s ongoing battle with the Pentagon, Bloomberg reports that the White House Office of Management and Budget’s CIO told government officials that it is preparing for their agencies to use Anthropic’s cybersecurity-focused AI model.

When hackers got access to an account belonging to the maintainer of Axios, they inserted a script that granted remote access to users’ Windows, macOS, and Linux devices. This malicious version potentially compromised ChatGPT’s macOS apps, so OpenAI is issuing an update and new certificates to mitigate any risks.

Starting this week, enterprise users will be able to send encrypted messages from Gmail’s Android and iOS apps if their organization has the feature enabled. Gmail’s version of E2EE, which uses client-side encryption, has been available since last year, but is still limited to users with enterprise accounts.

Google is officially rolling out Device Bound Session Credentials (DBSC) to Windows users in Chrome 146. The new security feature cryptographically binds your login cookies to your device’s hardware. So, even if malware steals your browser cookies, they should be useless to remote hackers. MacOS support is coming soon.

The AI-powered compliance startup is no longer listed on YC’s directory after an anonymous report alleged Delve “fakes compliance” and leaked audit reports, as reported by TechCrunch. Delve responded by claiming a bad actor “maliciously exfiltrated data” as part of a “coordinated, targeted cyberattack.”

Meta has paused work with the company, Mercor (which The Verge has profiled), while OpenAI is investigating the security incident, Wired reports.

The update adds protections against DarkSword, a security vulnerability that can steal information from your phone if you visit an infected link. Apple previously released iOS 18.7.7 to the iPhone XS and XR, but if you have a newer phone and don’t want to download iOS 26, now you can install the patch without worrying about getting Liquid Glass.

A disclosure spotted by TechCrunch says the incident prompted the toymaker to activate “its security response protocols.” Hasbro says it’s currently working to determine the impact of the breach, but it will continue to “take orders, ship product and conduct other key operations.”

iOS 26 devices are already protected against the hacking tool that targets iPhones when visiting malicious links, and today Apple is pushing out a new security update for older, vulnerable versions of iOS. That means iOS 18 users can protect their phones and avoid the Liquid Glass design update.

A hacker took over an account belonging to the lead maintainer of the JavaScript library, Axios, which is used to handle HTTP requests, as reported by Cybernews. Security researchers found that versions 1.14.1 and 0.30.4 contained the script for a remote access trojan capable of giving hackers access to a user’s Windows, macOS, or Linux device.

The bundle, Proton Workspace, includes a new end-to-end encrypted video chat service called Proton Meet. But even encryption can’t guarantee the company will keep your payment info private from government requests.

According to “I Decompiled the White House’s New App,” the Android version has some odd choices for a government app that mostly shows content from the White House website.

An Iran-linked group claimed responsibility for the breach and posted documents stolen from Patel’s inbox online, according to Reuters.

A newer version of the DarkSword exploit that targets devices running iOS 18.4 to 18.6.2 has appeared on GitHub. About 34 percent of iPhone and 43 percent of iPad users are still running iOS 18 or earlier, according to Apple, which issued an emergency patch on March 11th. Update your devices, folks!

Some Lloyds Bank, Halifax, and Bank of Scotland app users reported they were briefly able to view charges and payments made by other people on their accounts. Lloyds Banking Group, which owns all three banks, says the issue was “quickly identified and resolved,” and that it’s “reviewing what happened to ensure this cannot occur again.”

”The hacker expressed disgust at the presence of child abuse images on the device and left a message threatening to turn its owner over to the FBI, the person said.” Apparently they didn’t realize they were on an FBI server.

While end-to-end encryption can keep an account’s data private and hidden even from a service provider, the name of who paid for the account and other metadata is harder to hide.

LeakBase had more than 142,000 members and a database containing “hundreds of millions” of stolen account credentials, according to the DOJ. US law enforcement worked with Europol to seize LeakBase’s data and take over two of its domains.

Home security company ADT has acquired Origin Wireless, which can use Wi-Fi signals to detect where people and objects are. An appropriately named commenter recognizes there might be some cause for concern.

Lockdown Mode is “not necessary” for most people and “tightly constrains how ChatGPT can interact with external systems to reduce the risk of prompt injection–based data exfiltration,” according to OpenAI.

Yes, Wyze has had its own issues, but this video is pretty funny.