Tech Digest 101

Provider of covert surveillance app spills passwords for 62,000 users

Thu, 03 Jul 2025 21:36:44 +0200

The maker of a phone app that is advertised as providing a stealthy means for monitoring all activities on an Android device spilled email addresses, plain-text passwords, and other sensitive data belonging to 62,000 users, a researcher discovered recently.

A security flaw in the app, branded Catwatchful, allowed researcher Eric Daigle to download a trove of sensitive data, which belonged to account holders who used the covert app to monitor phones. The leak, made possible by a SQL injection vulnerability, allowed anyone who exploited it to access the accounts and all data stored in them.

Unstoppable

Catwatchful creators emphasize the app's stealth and security. While the promoters claim the app is legal and intended for parents monitoring their children's online activities, the emphasis on stealth has raised concerns that it's being aimed at people with other agendas.

Read full article

Comments

AT&T rolls out Wireless Account Lock protection to curb the SIM-swap scourge

Wed, 02 Jul 2025 21:28:27 +0200

AT&T is rolling out a protection that prevents unauthorized changes to mobile accounts as the carrier attempts to fight a costly form of account hijacking that occurs when a scammer swaps out the SIM card belonging to the account holder.

The technique, known as SIM swapping or port-out fraud, has been a scourge that has vexed wireless carriers and their millions of subscribers for years. An indictment filed last year by federal prosecutors alleged that a single SIM swap scheme netted $400 million in cryptocurrency. The stolen funds belonged to dozens of victims who had used their phones for two-factor authentication to cryptocurrency wallets.

Wireless Account Lock debut

A separate scam from 2022 gave unauthorized access to a T-Mobile management platform that subscription resellers, known as mobile virtual network operators, use to provision services to their customers. The threat actor gained access using a SIM swap of a T-Mobile employee, a phishing attack on another T-Mobile employee, and at least one compromise of an unknown origin.

Read full article

Comments

Nothing Headphone (1) - Looks Can Be Deceiving…

Tue, 01 Jul 2025 19:34:24 +0200

Drug cartel hacked FBI official’s phone to track and kill informants, report says

Mon, 30 Jun 2025 21:57:49 +0200

The Sinaloa drug cartel in Mexico hacked the phone of an FBI official investigating kingpin Joaquín “El Chapo” Guzmán as part of a surveillance campaign “to intimidate and/or kill potential sources or cooperating witnesses,” according to a recently published report by the Justice Department.

The report, which cited an “individual connected to the cartel,” said a hacker hired by its top brass “offered a menu of services related to exploiting mobile phones and other electronic devices.” The hired hacker observed “'people of interest' for the cartel, including the FBI Assistant Legal Attache, and then was able to use the [attache's] mobile phone number to obtain calls made and received, as well as geolocation data, associated with the [attache's] phone."

“According to the FBI, the hacker also used Mexico City's camera system to follow the [attache] through the city and identify people the [attache] met with,” the heavily redacted report stated. “According to the case agent, the cartel used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses.”

Read full article

Comments

Lenovo Legion 5 (2025) - Thinner, Lighter, Better

Sat, 28 Jun 2025 18:09:45 +0200

Actively exploited vulnerability gives extraordinary control over server fleets

Fri, 27 Jun 2025 00:52:42 +0200

Hackers are exploiting a maximum-severity vulnerability that has the potential to give them complete control over thousands of servers, many of which handle mission-critical tasks inside data centers, the US Cybersecurity and Infrastructure Security Agency is warning.

The vulnerability, carrying a severity rating of 10 out of a possible 10, resides in the AMI MegaRAC, a widely used firmware package that allows large fleets of servers to be remotely accessed and managed even when power is unavailable or the operating system isn't functioning. These motherboard-attached microcontrollers, known as baseboard management controllers (BMCs), give extraordinary control over servers inside data centers.

Administrators use BMCs to reinstall operating systems, install or modify apps and make configuration changes to large numbers of servers, without physically being on premises and, in many cases, without the servers being turned on. Successful compromise of a single BMC can be used to pivot into internal networks and compromise all other BMCs.

Read full article

Comments

Anthropic summons the spirit of Flash games for the AI age

Thu, 26 Jun 2025 22:33:20 +0200

On Wednesday, Anthropic announced a new feature that expands its Artifacts document management system into the basis of a personal AI app gallery resembling something from the Flash game era of the early 2000s—though these apps run on modern web code rather than Adobe's defunct plugin.

Using plain English dialogue, users can build and share interactive applications directly within Claude's chatbot interface using a new API capability that lets artifacts interact with Claude itself. Claude is an AI assistant similar to ChatGPT.

Claude has been capable of building web apps for some time, but Anthropic has put renewed focus on the feature that many have overlooked. "I'm amused that Anthropic turned 'we added a window.claude.complete() function to Artifacts' into what looks like a major new product launch," wrote independent AI researcher Simon Willison in a blog post, "but I can't say it's bad marketing for them to do that!"

Read full article

Comments

VMware perpetual license holder receives audit letter from Broadcom

Thu, 26 Jun 2025 22:17:54 +0200

After sending cease-and-desist letters to VMware users whose support contracts had expired and who subsequently declined to subscribe to one of Broadcom’s VMware bundles, Broadcom has started the process of conducting audits on former VMware customers.

Broadcom stopped selling VMware perpetual licenses in November 2023 in favor of pushing a small number of VMware SKUs that feature multiple VMware offerings. Since Broadcom is forcefully bundling VMware products, the costs associated with running VMware have skyrocketed, with customers frequently citing 300 percent price hikes and some firms claiming even larger increases. As a result, some VMware users have opted to keep using VMware perpetual licenses, even though Broadcom refuses to renew most of those clients’ support services.

This year, Broadcom started sending such VMware users cease-and-desist letters [PDF], telling organizations to stop using any maintenance releases/updates, minor releases, major releases/upgrades extensions, enhancements, patches, bug fixes, or security patches (except for zero-day security patches) that VMware issued since the user’s support contract ended.

Read full article

Comments

Anthropic destroyed millions of print books to build its AI models

Wed, 25 Jun 2025 22:00:03 +0200

On Monday, court documents revealed that AI company Anthropic spent millions of dollars physically scanning print books to build Claude, an AI assistant similar to ChatGPT. In the process, the company cut millions of print books from their bindings, scanned them into digital files, and threw away the originals solely for the purpose of training AI—details buried in a copyright ruling on fair use whose broader fair use implications we reported yesterday.

The 32-page legal decision tells the story of how, in February 2024, the company hired Tom Turvey, the former head of partnerships for the Google Books book-scanning project, and tasked him with obtaining "all the books in the world." The strategic hire appears to have been designed to replicate Google's legally successful book digitization approach—the same scanning operation that survived copyright challenges and established key fair use precedents.

While destructive scanning is a common practice among smaller-scale operations, Anthropic's approach was somewhat unusual due to its massive scale. For Anthropic, the faster speed and lower cost of the destructive process appear to have trumped any need for preserving the physical books themselves.

Read full article

Comments

Ubuntu disables Intel GPU security mitigations, promises 20% performance boost

Wed, 25 Jun 2025 21:39:19 +0200

Ubuntu users could see up to a 20 percent boost in graphics performance on Intel-based systems under a change that will turn off security mitigations for blunting a class of attacks known as Spectre.

Spectre, you may recall, came to public notice in 2018. Spectre attacks are based on the observation that performance enhancements built into modern CPUs open a side channel that can leak secrets a CPU is processing. The performance enhancement, known as speculative execution, predicts future instructions a CPU might receive and then performs the corresponding tasks before they are even called. If the instructions never come, the CPU discards the work it performed. When the prediction is correct, the CPU has already completed the task.

By using code that forces a CPU to execute carefully selected instructions, Spectre attacks can extract confidential data that the CPU would have accessed had it carried out the ghost instructions. Over the past seven years, researchers have uncovered multiple attack variants based on the architectural flaws, which are unfixable. CPU manufacturers have responded by creating patches in both micro code and binary code that restrict speculative execution operations in certain scenarios. These restrictions, of course, usually degrade CPU performance.

Read full article

Comments

The résumé is dying, and AI is holding the smoking gun

Tue, 24 Jun 2025 19:25:41 +0200

Employers are drowning in AI-generated job applications, with LinkedIn now processing 11,000 submissions per minute—a 45 percent surge from last year, according to new data reported by The New York Times.

Due to AI, the traditional hiring process has become overwhelmed with automated noise. It's the résumé equivalent of AI slop—call it "hiring slop," perhaps—that currently haunts social media and the web with sensational pictures and misleading information. The flood of ChatGPT-crafted résumés and bot-submitted applications has created an arms race between job seekers and employers, with both sides deploying increasingly sophisticated AI tools in a bot-vs-bot standoff that is quickly spiraling out of control.

The Times illustrates the scale of the problem with the story of an HR consultant named Katie Tanner, who was so inundated with over 1,200 applications for a single remote role that she had to remove the post entirely and was still sorting through them three months later.

Read full article

Comments

Canadian telecom hacked by suspected China state group

Mon, 23 Jun 2025 21:21:42 +0200

Hackers suspected of working on behalf of the Chinese government exploited a maximum-severity vulnerability, which had received a patch 16 months earlier, to compromise a telecommunications provider in Canada, officials from that country and the US said Monday.

“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,” officials for the center, the Canadian government’s primary cybersecurity agency, said in a statement. “The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.” The FBI issued its own nearly identical statement.

A major security lapse

Salt Typhoon is the name researchers and government officials use to track one of several discreet groups known to hack nations all over the world on behalf of the People's Republic of China. In October 2023, researchers disclosed that hackers had backdoored more than 10,000 Cisco devices by exploiting CVE-2023-20198, a vulnerability with a maximum severity rating of 10.

Read full article

Comments

Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic

Fri, 20 Jun 2025 21:04:22 +0200

Large-scale attacks designed to bring down Internet services by sending them more traffic than they can process keep getting bigger, with the largest one yet, measured at 7.3 terabits per second, being reported Friday by Internet security and performance provider Cloudflare.

The 7.3Tbps attack amounted to 37.4 terabytes of junk traffic that hit the target in just 45 seconds. That's an almost incomprehensible amount of data, equivalent to more than 9,300 full-length HD movies or 7,500 hours of HD streaming content in well under a minute.

Indiscriminate target bombing

Cloudflare said the attackers “carpet bombed” an average of nearly 22,000 destination ports of a single IP address belonging to the target, identified only as a Cloudflare customer. A total of 34,500 ports were targeted, indicating the thoroughness and well-engineered nature of the attack.

Read full article

Comments

Hollywood studios target AI image generator in copyright lawsuit

Wed, 11 Jun 2025 20:58:22 +0200

On Wednesday, Disney and NBCUniversal filed a lawsuit against AI image-synthesis company Midjourney, accusing the company of copyright infringement for allowing users to create images of characters like Darth Vader and Shrek, reports The Hollywood Reporter. The complaint, filed in US District Court in Los Angeles, marks the first major legal action by Hollywood studios against a generative AI company.

Midjourney is a subscription image-synthesis service and community that allows its users to submit written descriptions called prompts to an AI model that generates new images based on them. It has been well-known for years that AI image-synthesis models such as the ones that power Midjourney have been trained on copyrighted artworks without rights holder permission.

The lawsuit describes San Francisco-based Midjourney as a "bottomless pit of plagiarism" that enables users to generate what the studios call "AI slop"—personalized images of copyrighted characters. Disney Enterprises, Marvel, Lucasfilm, 20th Century, Universal City Studios Productions, and DreamWorks Animation joined forces in the legal filing.

Read full article

Comments

With the launch of o3-pro, let’s talk about what AI “reasoning” actually does

Wed, 11 Jun 2025 18:58:43 +0200

On Tuesday, OpenAI announced that o3-pro, a new version of its most capable simulated reasoning model, is now available to ChatGPT Pro and Team users, replacing o1-pro in the model picker. The company also reduced API pricing for o3-pro by 87 percent compared to o1-pro while cutting o3 prices by 80 percent. While "reasoning" is useful for some analytical tasks, new studies have posed fundamental questions about what the word actually means when applied to these AI systems.

We'll take a deeper look at "reasoning" in a minute, but first, let's examine what's new. While OpenAI originally launched o3 (non-pro) in April, the o3-pro model focuses on mathematics, science, and coding while adding new capabilities like web search, file analysis, image analysis, and Python execution. Since these tool integrations slow response times (longer than the already slow o1-pro), OpenAI recommends using the model for complex problems where accuracy matters more than speed. However, they do not necessarily confabulate less than "non-reasoning" AI models (they still introduce factual errors), which is a significant caveat when seeking accurate results.

Beyond the reported performance improvements, OpenAI announced a substantial price reduction for developers. O3-pro costs $20 per million input tokens and $80 per million output tokens in the API, making it 87 percent cheaper than o1-pro. The company also reduced the price of the standard o3 model by 80 percent.

Read full article

Comments

WWDC 2025 - iOS 26 + Liquid Glass

Tue, 10 Jun 2025 01:45:51 +0200

This is the FIRST Xbox Handheld!

Sun, 08 Jun 2025 20:15:12 +0200

Windows Was The Problem All Along

Sun, 25 May 2025 18:33:55 +0200

Samsung Galaxy S25 Edge - First Impressions

Tue, 13 May 2025 03:00:05 +0200

5070 Ti Laptops are Hiding A Secret.

Sat, 10 May 2025 19:52:29 +0200

HP OMEN MAX 16 - Their Best Gaming Laptop.

Wed, 09 Apr 2025 16:22:01 +0200

RTX 5080 Gaming Laptops ft. Asus Strix 16

Sun, 06 Apr 2025 21:53:22 +0200

We Need To Talk about Nvidia - RTX 5090 Laptops

Thu, 27 Mar 2025 21:30:52 +0100

I Got an RTX 5090 Laptop Early!

Tue, 25 Mar 2025 14:54:55 +0100

M3 Ultra Mac Studio Review

Tue, 11 Mar 2025 14:11:17 +0100

iPhone 16e Review - E is for Expensive

Thu, 27 Feb 2025 12:30:35 +0100

AMD Made Something INCREDIBLE!

Tue, 18 Feb 2025 15:09:43 +0100

PowerBeats Pro 2 Review - Underwhelming

Tue, 11 Feb 2025 16:40:05 +0100

Sling TV Review: The Best Budget Live TV Streaming Service

Thu, 01 Aug 2024 06:00:00 +0200

Sling TV Blue offers cord-cutters a wealth of live channels for an affordable price, but you may need to bring your own antenna.

2022 GMC Hummer EV Pickup Review: One-Trick Pony

Mon, 02 Jan 2023 11:00:01 +0100

After the allure of the Hummer's physics-defying acceleration wears off, there isn't a whole lot left to love.

Amazon Fire TV Stick Lite Review: Capable Streamer, Cheap Price

Mon, 19 Dec 2022 19:01:00 +0100

The first ultrabudget streamer with a voice remote talks circles around Roku.

2023 Land Rover Range Rover Review: Running Out of Room for Improvement

Wed, 14 Dec 2022 11:00:01 +0100

The latest generation of the ubiquitous luxury SUV is damn near perfect.

Roku Streambar Review: Instant Sound and 4K Streaming Upgrade

Sun, 04 Dec 2022 12:00:00 +0100

Editor's Choice: This tiny bar adds great 4K HDR streaming, and solid sound, to any TV.

Anker Nebula Mars II Pro Review: Petite Portable Projector Performs Proficiently

Thu, 01 Dec 2022 16:31:00 +0100

Editor's Choice: This tiny, battery-powered entertainment machine does a lot of things right.

BenQ HT2050A Review: Great (Big) Picture for the Money

Thu, 01 Dec 2022 01:00:00 +0100

Editor's Choice: Excellent contrast, accurate color and solid features make it our favorite sub-$1,000 projector for 2020.

Epson Home Cinema 5050UB: Big, Bold and Beautiful

Wed, 30 Nov 2022 19:21:00 +0100

Editor's Choice: A higher-end projector worthy of the "home cinema" moniker.

2023 BMW iX M60 Review: Electric Excess, Not Necessarily the Best

Thu, 24 Nov 2022 12:00:01 +0100

The more powerful spec of BMW's iX electric SUV is certainly quicker than the base model, but that extra oomph comes at too high a cost.

LG C2 OLED TV Review: Best High-End TV for the Money

Tue, 15 Nov 2022 16:53:00 +0100

The C2 sets the pace for 2022 with superb picture quality, numerous sizes and a track record of success.

Blink Mini Review: A Low-Cost Camera With Pan-Tilt Mount Now Available

Fri, 21 Oct 2022 22:13:00 +0200

Available in black or white, Amazon's Blink Mini sports many features for a reasonable price.

2023 BMW i4 M50 Review: Treat Yo' Self

Fri, 14 Oct 2022 21:33:00 +0200

You don't need to pay more for dual-motor i4 M50 to have a good time, but it's hard to argue with more power and fun.

2022 Toyota Tundra TRD Pro Review: Fierce Looks, Gentle Demeanor

Tue, 11 Oct 2022 11:00:01 +0200

Toyota's off-road-ready pickup is mighty fine in daily driving, too.

2023 Cadillac XT6 Review: Super Cruising Into the Spotlight

Thu, 22 Sep 2022 11:00:00 +0200

The addition of Caddy's hands-free highway driving assistant makes the XT6 one of the most interesting luxury SUVs on the road -- but there's a catch.

2022 Chevy Silverado Trail Boss Review: Diesel Brawn Meets Google Brains

Thu, 15 Sep 2022 11:00:01 +0200

This rough-and-ready pickup is home to Chevy's new Android-based, Google Assistant-powered dashboard tech.

2022 Ford Bronco Raptor Review: The Unstoppable Force

Tue, 06 Sep 2022 11:00:00 +0200

Ford's most powerful, most capable Bronco is an absolute blast to drive anywhere.

2022 Ford Bronco Everglades Review: Form Begets Function

Wed, 31 Aug 2022 11:00:01 +0200

Unique overlanding touches give this Bronco even more capability than normal.

2023 Toyota Sequoia Review: Ups and Downs

Wed, 24 Aug 2022 11:00:00 +0200

There's a lot to like about Toyota's body-on-frame family tank, but there's still plenty of room for improvement.

2022 Bentley Flying Spur Hybrid Review: Your Mileage Will Vary

Fri, 12 Aug 2022 11:00:01 +0200

In some situations, Bentley's plug-in hybrid sedan is blissful. In other situations, it's anything but.

2023 BMW iX xDrive50 Review: Pleasing Performer, Vexing Design

Mon, 08 Aug 2022 11:00:01 +0200

The all-new iX gets the EV fundamentals right -- performance, range, comfort and more. So why don't I love this otherwise excellent machine?

2022 Maserati MC20 Review: Visceral Excitement

Fri, 05 Aug 2022 11:00:01 +0200

The mid-engine MC20 is the halo car Maserati deserves.

2023 Kia Sportage Hybrid Review: Grow Up, Glow Up

Thu, 04 Aug 2022 11:00:01 +0200

Kia's fifth-generation compact SUV is a big improvement over its predecessors, and the new hybrid model is the best configuration to get.