11 – Breaking News & Latest Updates 2026
Skip to main content
The homepageThe VergeThe Verge logo.
The homepageThe VergeThe Verge logo.

Security

Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.

Telegram will now hand over your phone number and IP if you’re a criminal suspectTelegram will now hand over your phone number and IP if you’re a criminal suspect
Microsoft’s largest ever security transformation detailed in new reportMicrosoft’s largest ever security transformation detailed in new report
Researcher reveals ‘catastrophic’ security flaw in the Arc browserResearcher reveals ‘catastrophic’ security flaw in the Arc browser
Californians can now add their driver’s licenses to Apple WalletCalifornians can now add their driver’s licenses to Apple Wallet
Google’s passkey syncing makes it easier to move on from passwordsGoogle’s passkey syncing makes it easier to move on from passwords
Richard Lawler
Richard Lawler
Iranian hackers offered stolen Trump data to the Biden campaign, say the feds.

A joint statement from ODNI, FBI, and CISA follows up on last month’s reports about Iranian Election Influence Efforts, which Iran’s government has denied.

Iranian malicious cyber actors in late June and early July sent unsolicited emails to individuals then associated with President Biden’s campaign that contained an excerpt taken from stolen, non-public material from former President Trump’s campaign as text in the emails. There is currently no information indicating those recipients replied.

Iranian hackers tried but failed to interest Biden's campaign in stolen Trump info, FBI says

[AP News]

Exploding pagers kill nine and injure thousands in an attack on HezbollahExploding pagers kill nine and injure thousands in an attack on Hezbollah
Jay Peters
Jay Peters
Microsoft says Russia is targeting the Harris-Walz campaign with its cyber influence efforts.

From a blog post:

Initially, Russian influence operations struggled to evolve their efforts following President Biden’s departure from the 2024 US presidential race. However, in late August and September, we observed two Russian actors MTAC tracks closely — previously reported as Storm-1516 and Storm-1679 — using videos designed to discredit Harris and stoke controversy around her campaign.

Russian election interference efforts focus on the Harris-Walz campaign

[Microsoft On the Issues]

Jay Peters
Jay Peters
AT&T will pay the FCC $13 million to settle a hacking investigation.

The FCC investigated AT&T’s “supply chain integrity” after hackers stole customer data from a vendor’s cloud environment in January 2023. “AT&T failed to ensure the vendor: (1) adequately protected the customer information, and (2) returned or destroyed it as required by contract,” the FCC says.

AT&T also entered into a consent decree as part of the settlement.

FCC announces $13 million settlement with AT&T resolving vendor cloud breach investigation

[FCC News]

Jay Peters
Jay Peters
Your Discord calls will soon be end-to-end encrypted.

“Today, we’ll start migrating voice and video in DMs, Group DMs, voice channels, and Go Live streams to use E2EE,” Discord’s Stephen Birarda writes in a blog post. Discord is rolling out the ability to log in to Discord using passkeys, too.

Meet DAVE: Discord’s New End-to-End Encryption for Audio & Video

[discord.com]

Adi Robertson
Adi Robertson
Some more analysis of the Hezbollah pager explosions.

Wired weighs in against the theory that pager batteries were overheated by a cyberattack to cause today’s fatal explosions, concluding an electronics shipment was more likely compromised and packed with explosives — and noting it wouldn’t be the first time that’s happened.

The Mystery of Hezbollah’s Deadly Exploding Pagers

[WIRED]

23andMe agrees to pay $30 million to settle lawsuit over massive data breach23andMe agrees to pay $30 million to settle lawsuit over massive data breach
Jay Peters
Jay Peters
“GAZEploit.”

With the “GAZEploit” attack, researchers found they could predict what somebody was typing on the Vision Pro’s virtual keyboard by analyzing the eye movements of their Persona, according to Wired.

Apple fixed the issue with visionOS 1.3 by suspending a Persona when the person is using the virtual keyboard.

Microsoft is building new Windows security features to prevent another CrowdStrike incidentMicrosoft is building new Windows security features to prevent another CrowdStrike incident
Jay Peters
Jay Peters
Dangerous game.

A hacker tricked ChatGPT to share details on how to make a bomb in part by instructing it to play a game, TechCrunch reports. It’s the latest loophole to get around ChatGPT’s safety guardrails.

Hacker tricks ChatGPT into giving out detailed instructions for making homemade bombs | TechCrunch

[TechCrunch]

Google Chrome makes it easier to opt out of annoying notifications on AndroidGoogle Chrome makes it easier to opt out of annoying notifications on Android
Researchers say a bug let them add fake pilots to rosters used for TSA checksResearchers say a bug let them add fake pilots to rosters used for TSA checks
Telegram changes its tone on moderating private chats after CEO’s arrestTelegram changes its tone on moderating private chats after CEO’s arrest
YubiKeys have an unfixable security flaw — but it’s difficult to exploitYubiKeys have an unfixable security flaw — but it’s difficult to exploit
Google releases Pixel update to get rid of surveillance vulnerabilityGoogle releases Pixel update to get rid of surveillance vulnerability
Bitcoin ATM scammers stole $65 million in first half of 2024Bitcoin ATM scammers stole $65 million in first half of 2024
CrowdStrike exec will testify to Congress about July’s global IT meltdownCrowdStrike exec will testify to Congress about July’s global IT meltdown
Emma Roth
Emma Roth
Google is increasing payouts for its top bug squashers.

The company now offers up to $250,000 to people who find, detail, and demonstrate remote code execution vulnerabilities in Chrome. That more than doubles Chrome’s previous top payout, which sat at $100,115.

Blog: Chrome VRP Reward Updates to Incentivize Deeper Research

[Google Bug Hunters]

Emma Roth
Emma Roth
An alarming number of kids say their friends generate nudes of classmates with AI.

As reported by 404 Media, a survey from the anti-human trafficking nonprofit Thorn revealed that 1 in 10 minors said they knew of peers who used AI to create nudes of other kids:

While the motivation behind these events is more likely driven by adolescents acting out than an intent to sexually abuse, the resulting harms to victims are real and should not be minimized in attempts to wave off responsibility.

In March, two Florida teens were arrested for creating deepfake nudes of classmates.

1 in 10 Minors Say Their Friends Use AI to Generate Nudes of Other Kids, Survey Finds

[404 Media]

Jess Weatherbed
Jess Weatherbed
Brave has laid off around 15 percent of its employees.

The web browser and search startup confirmed to TechCrunch that 27 roles have been axed, but provided no explanation for the cuts.

That’s a significant number for a company the size of Brave — just 191 staffers according to a Pitchbook estimate. The move also follows Brave laying off 9 percent of its workforce in October last year.

Brave lays off 27 employees | TechCrunch

[TechCrunch]

Ring’s flexible Pan-Tilt Indoor Cam is on sale for the first time todayRing’s flexible Pan-Tilt Indoor Cam is on sale for the first time today
A bank exec stole $47 million for a crypto scam, and now he’s going to jailA bank exec stole $47 million for a crypto scam, and now he’s going to jail
Microsoft to host CrowdStrike and others to discuss Windows security changesMicrosoft to host CrowdStrike and others to discuss Windows security changes
Feds charge alleged negotiator for Russian ransomware groupFeds charge alleged negotiator for Russian ransomware group
Jess Weatherbed
Jess Weatherbed
Kentucky hacker receives a six-year prison sentence for trying to fake his own death.

The Washington Post reports Jesse Kipf pleaded guilty to computer fraud and identity theft charges for using a doctor’s login to falsify a death certificate and attempting to sell access to death registry systems.

US attorney Carlton S. Shier IV called it “a cynical and destructive effort, based in part on the inexcusable goal of avoiding his child support obligations.”

Pulaski County Man Sentenced for Cyber Intrusion and Aggravated Identity Theft

[www.justice.gov]

How to freeze your credit after a data breachHow to freeze your credit after a data breach
Barbara Krasnoff and Ashley Carman
Microsoft’s latest security update has ruined dual-boot Windows and Linux PCsMicrosoft’s latest security update has ruined dual-boot Windows and Linux PCs
US intelligence says Iran hacked the Trump campaignUS intelligence says Iran hacked the Trump campaign
Jay Peters
Jay Peters
US intelligence officials say Iran is behind hacks of the Trump campaign.

“The [intelligence community] is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the presidential campaigns of both political parties,” according to a joint ODNI, FBI, and CISA statement.

The Trump campaign said earlier this month that it had been hacked and claimed that Iran was responsible.

Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts | Federal Bureau of Investigation

[Federal Bureau of Investigation]

Plaintext passwords may have struck againPlaintext passwords may have struck again
Jess Weatherbed
Jess Weatherbed
Google Play is axing its Security Reward Program on August 31st.

The program, which paid security researchers up to $20,000 to locate vulnerabilities in popular Android apps, is being shuttered after seven years due to “a decrease in the number of actionable vulnerabilities reported.”

Google last announced in 2019 that it had paid $265,000 in bounties via the program — a fraction of the $10 million it paid out across all vulnerability programs last year.

Google Play will no longer pay to discover vulnerabilities in popular Android apps

[Android Authority]

Jess Weatherbed
Jess Weatherbed
Chrome for Android is making screen sharing more secure.

As reported by Bleeping Computer, Google is testing a new experimental flag that can hide sensitive content while “screen sharing, screen recording and similar actions” in regular tabs — redacting the user’s entire screen if things like credit card details or passwords are detected.

There’s no mention of a release date, but it should be available for testing in Chrome Canary in the coming weeks.

A screenshot of Google’s new experimental feature for redacting sensitive user data in Chrome for Android.
This should provide some additional protection against accidentally exposing sensitive data.
Image: Google / Bleeping Computer
National Public Data admits it leaked Social Security numbers in a massive data breachNational Public Data admits it leaked Social Security numbers in a massive data breach
OpenAI says Iran tried to influence US elections with ChatGPTOpenAI says Iran tried to influence US elections with ChatGPT
Google Pixel phones sold with security vulnerability, report findsGoogle Pixel phones sold with security vulnerability, report finds

Most Popular

Most Popular
  1. Alex Jones has uncovered another massive conspiracy
  2. 360-degree cameras have a new superpower
  3. You’re about to feel the AI money squeeze
  4. Musk vs. Altman is here, and it’s going to get messy
  5. The US gets the worst phones