Pulse of Truth

Lila Shroff / The Atlantic: Gemini referencing real-life moments when prompted to write a birthday letter shows how effectively Google is leveraging user data to craft personalized content  —  Google is ushering in an era of custom chatbots.  —  In May, I asked Google's chatbot, Gemini, to write a birthday letter to my best friend.

“C mistakes are vulnerabilities that were caused by a mistake that ‘probably would not have been possible’ had we not been using C for curl. Manually assessed for each case.” Comments

France 24: The Colombian navy says it has seized an unmanned narco-submarine that was equipped with a Starlink terminal, enabling the sub to be controlled remotely  —  The Colombian navy on Wednesday seized its first unmanned narco-submarine, equipped with a Starlink antenna, off the Caribbean coast.

A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework.  The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. The vulnerability centers around the MFGSTAT.zip […] The post Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass appeared first on Cyber Security News.

Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods of just one week, according to a recent technical analysis.  This practice represents a significant departure from industry standards, where certificates typically remain valid for 90 days or longer, suggesting a strategic shift toward enhanced […] The post Instagram Started Using 1-Week Validity TLS Certificates and Changes Them Daily appeared first on Cyber Security News.

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. [...]

EFI from cables is something every ham loves to hate. What if you modulated, that, though, using an ordinary cable as an antenna? If you used something ubiquitous like a …read more

The growth of domestic solar installations opens the possibility of hackers targeting their smart inverter devices as a way to cause widespread power-system failures

Cloudflare, a company that runs 20% of the web, just flipped a switch that could end the open internet as we know it, forcing AI companies to pay for the content they’ve been taking for free.

Border Patrol is commissioning big tech for new tools.

From brain rot to induced psychosis, the psychological cost of generative AI is growing and flying under the radar.

At PyCon US 2025, attendees were in for a treat: activist/blogger/science fiction author Cory Doctorow‘s keynote on the dangers of The post Cory Doctorow Reveals How He’d Fix Big Tech’s Domination appeared first on The New Stack.

To ensure resilience across the internet stack, organizations need to protect and manage four key areas: reachability, availability, reliability, and performance, according to Catchpoint. The negative economic impact of incidents 51% report monthly losses of over $1 million due to internet outages or degradations, up from 43% in 2024. And 1 in 8 now lose over $10 million each month, a noticeable rise since last year. One way to justify the cost of resilience is … More → The post Internet outages are costing companies millions every month appeared first on Help Net Security.

75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), according to Claroty. The post Exposed and unaware? Smart buildings need smarter risk controls appeared first on Help Net Security.

The Spanish police have dismantled a large-scale investment fraud operation based in the country, which has caused cumulative damages exceeding €10 million ($11.8M). [...]

A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. [...]

Comments

The second max score this week for Netzilla - not a good look If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch after someone at Switchzilla made a big mistake.…

More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. [...]

Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors' The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.…

Not long ago, travelers worried about bad weather. Now, they’re worried the rental they booked doesn’t even exist. With AI-generated photos and fake reviews, scammers are creating fake listings so convincing, people are losing money before they even pack a bag. The FTC reported that Americans lost $274 million to vacation and travel fraud in 2024. Why travelers fall for it Travel is expensive and people are doing everything they can to find cheaper deals. … More → The post Scammers are trick­ing travelers into booking trips that don’t exist appeared first on Help Net Security.

Don't leave the door open to disgruntled workers A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.…

During our investigation of an SEO spam infection (spam content designed to manipulate search engine results), we discovered a nicely crafted plugin that named itself after the infected domain, helping it evade detection. While this tactic was simple, it easily blended in with other legitimate plugins, making it harder to spot during the troubleshooting process. The plugin was designed to appear harmless, with a folder name that mimicked the site’s domain. This unique customization made the plugin easy to overlook, as it appeared to be a legitimate component made specifically for the site. Continue reading Fake Spam Plugin Uses Victim’s Domain Name to Evade Detection at Sucuri Blog.

In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.