AI
Man pleads guilty to $8 million AI-generated music scheme
He inflating streaming numbers for hundreds of thousands of AI-generated songs by deploying thousands of fake accounts across major platforms, including Amazon Music, Apple Music, Spotify and YouTube Music, according to court documents.
Bernie vs. Claude
Wikipedia bans #AI content in articles
Google Search is now using AI to replace headlines
Writer denies it, but publisher pulls horror novel after multiple allegations of AI use
Trump’s federal AI policy framework aims to undercut state laws
555 MCP Servers Have Toxic Data Flows. Here's What We Found.
Approximately 10% of MCP servers run AI processes on untrusted input.
Politics
GrapheneOS refuses to comply with new age verification laws for operating systems — group says it will never require personal information
It will not comply with emerging laws requiring operating systems to collect user age data at setup. "GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account," the project stated. "If GrapheneOS devices can't be sold in a region due to their regulations, so be it."
The statement came after Brazil's Digital ECA (Law 15.211) took effect on March 17, imposing fines of up to R$50 million (roughly $9.5 million) per violation on operating system providers that fail to implement age verification. California's Digital Age Assurance Act (AB-1043), signed by Governor Newsom in October 2025, takes effect on January 1, 2027, and requires every OS provider to collect a user's age or date of birth during account setup and pipe that data to app stores and developers through a real-time API. Colorado's SB26-051 passed the state senate on March 3 with similar requirements.
"US issues worldwide travel alert for American citizens abroad amid Iran escalation
The Department of State advises Americans worldwide, and especially in the Middle East, to exercise increased caution. Americans abroad should follow the guidance in security alerts issued by the nearest US embassy or consulate. Periodic airspace closures may cause travel disruptions. US diplomatic facilities, including outside the Middle East, have been targeted. Groups supportive of Iran may target other US interests overseas or locations associated with the United States and/or Americans throughout the world" the alert said.
Known: New San Francisco Dating App
Uses a 15-minute chat with an AI matchmaker
Top US Fema official claims to have teleported to a Waffle House before
‘Teleporting is no fun,’ Gregg Phillips, picked to lead Fema’s office of response and recovery, has said on a podcast.
Phillips claimed that his car was “lifted up” while he was driving and transported 40 miles (65km) away into a ditch near a church. And in another instance on the same episode, Phillips said he was teleported 50 miles away to a Waffle House in Rome, Georgia,
Seven-year-old Canadian girl with autism and mother detained by ICE in Texas
Mother and child held in notorious Rio Grande Valley detention centre despite presenting visa, family says
FBI links Signal phishing attacks to Russian intelligence services
The attacks rely on tricking users into allowing attackers to add the account to their devices or link attacker-controlled devices to the account. The FBI says the campaign has already led to unauthorized access to thousands of messaging accounts, which were then used to target additional victims.
Trump FCC lets Nexstar buy Tegna and blow way past 39% TV ownership cap
Switzerland adopts SCION: A Secure Alternative to BGP
Palantir extends reach into British state as it gets access to sensitive FCA data
Allowing US tech firm to analyse intelligence in name of tackling fraud raises fresh concerns over privacy
The Financial Conduct Authority (FCA) has awarded Palantir a contract to investigate the watchdog’s internal intelligence data in an effort to help it tackle financial crime, which includes investigating fraud, money laundering and insider trading.
Algebra is back in SF schools. Here’s what that means for your kid
SFUSD eliminated Algebra 1 in middle school in 2014 to reduce academic “tracking,” which sorted students into higher and lower math tiers.
Why more WA utilities want to remotely control your thermostat
“Demand response” programs incentivize customers to shift their electricity use by a few hours.
xxx
Infosec
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
We discovered ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines - and then abandoned. There were requests coming to them for software updates, binaries, VM images, etc.
Risky Bulletin: GitHub is starting to have a real malware problem
Compromises are increasing, up to several per month
Widely used Trivy scanner compromised in ongoing supply-chain attack
Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences for developers and the organizations that use them. If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately.
Trivy is a vulnerability scanner that developers use to detect vulnerabilities and inadvertently hardcoded authentication secrets in pipelines for developing and deploying software updates.
The Resolv Hack: How One Compromised Key Printed $23 Million
The attacker stole a private key and used it to mint tokens.
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
Google frames the Advanced Flow system as a safe compromise between Android’s openness and user protection, needed for a smooth transition to the new developer verification requirements scheme, coming in Aug 2026.
Microsoft Azure Monitor alerts abused for callback phishing attacks
Unlike other phishing campaigns, these messages are not spoofed, but are sent directly by the Microsoft Azure Monitor platform using the legitimate azure-noreply@microsoft.com email address.
The threat actors are conducting this campaign by creating alerts in Azure Monitor for easily triggered conditions, such as new orders, payments, generated invoices, and other billing events.
When creating alerts, you can enter any message you want in the description field, which the attackers use to put their callback phishing message.
xxx
xxx
|