Politics
Has Google's Gemini AI been reading your private emails? A new lawsuit says so
Google activated Gemini by default last month without alerting users or asking for consent
US ‘disappointed’ that Rolls-Royce will build UK’s first small modular reactors
Wylfa on the island of Anglesey, or Ynys Môn, will be home to three small modular reactors (SMRs) to be built by British manufacturer Rolls-Royce SMR. The government said it will invest £2.5bn.
SMRs are a new – and untested – technology aiming to produce nuclear power stations in factories to drive down costs and speed up installation. Rolls-Royce plans to build reactors, each capable of generating 470 megawatts of power, mainly in Derby.
Exclusive: Wild form of polio found in German sewage sample, health institute says
Whooping cough cases skyrocket to record high in Texas
Venezuelans sent by Trump to El Salvador endured systematic torture, report finds
Judge Rules Flock Surveillance Images Are Public Records That Can Be Requested By Anyone
Flock’s AI license plate-scanning cameras are public records that can be requested as part of normal public records requests.
Shutdown deal lets senators sue for $500,000 over data seizures like those in Jan. 6 probe
In October, Senate Republicans revealed an FBI document that showed investigators had obtained phone record data from eight senators and one congressman for calls they made in the days before and after the Jan. 6, 2021, attack on the Capitol.
The new legislation requires service providers to alert Senate offices and the Senate sergeant at arms if federal law enforcement requests senators' data, and says a court cannot delay the notification unless the senator is the target of a criminal investigation.
Senators distance themselves from controversial payout provision
Of the eight known Senate Republicans whose phone records were subpoenaed as part of Smith’s probe into Trump’s 2020 election interference, only one so far — Sen. Lindsey Graham of South Carolina — has announced definitive plans to sue the federal government for $500,000.
This flu season looks grim as H3N2 emerges with mutations
Health officials in the United Kingdom are warning that this year’s flu season for the Northern Hemisphere is looking like it will be particularly rough—and the US is not prepared.
Exclusive: UK suspends some intelligence sharing with US over boat strike concerns in major break
Colombia to suspend intelligence sharing with US over boat strikes
Shooting at Laney College leaves John Beam, legendary football coach, in critical condition
Police said the shooting suspect is still at large. The incident comes the day after a nonfatal shooting at Oakland’s Skyline High School.
Infosec
Tiny chips hitch a ride on immune cells to sites of inflammation
Microscopic electronic devices hybridized with living cells are injected into the circulatory system with a standard syringe and will travel the bloodstream before implanting themselves in target brain areas.
New ‘IndonesianFoods’ worm floods npm with 100,000 packages P
A self-spreading package published on npm spams the registry by spawning new packages every every seven seconds, creating large volumes of junk.
“Amazon Inspector is flagging these packages through OSV advisories, triggering a massive wave of vulnerability reports. Sonatype’s database alone saw 72,000 new advisories in a single day.”
The researcher commented that IndonesianFoods does not appear to focus on infiltrating developer machines, but rather to stress the ecosystem and disrupt the world’s largest software supply chain.
Fortinet FortiWeb flaw with public PoC exploited to create admin users P
The flaw is a path traversal issue affecting the following Fortinet endpoint:
/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi
Threat actors are sending HTTP POST requests to this path containing payloads that create local admin-level accounts on the targeted device.
Windows 11 now supports 3rd-party apps for native passkey management P
Passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden.
Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns P
Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an exploitation campaign that began in September, the Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday.
Unit 42 attributed the targeting of Cisco ASA devices to Storm-1849 — a China-based threat group that Cisco previously said has been attacking the tools since 2024.
Ransomed CTO falls on sword, refuses to pay extortion demand
Checkout.com will instead donate the amount to fund cybercrime research
RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk. P
The ImunifyAV malware scanner for Linux servers, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment. The root cause of the flaw is AI-bolit's deobfuscation logic, which executes attacker-controlled function names and data extracted from obfuscated PHP files when trying to unpack malware for scanning it. Patched versions are available.
|