惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Security Latest

British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos World Cup Scams Are Getting Harder to Spot A Critical Deadline Is Approaching for Windows and Linux Security Hackers Claim to Leak Stolen Madison Square Garden Data How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members How to Watch the Knicks Parade on NYC Traffic Surveillance Cameras The UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the Tech Is Flawed Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society ‘Dangerous’ AI Models Are Coming No Matter What Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses The FCC Wants to Kill Burner Phones Grok Is Still Hosting Sexualized Deepfakes of Famous Women Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US Soccer Fans, You’re Being Watched Mapping Every Flock License Plate Reader Near US World Cup Stadiums Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report All the Ways Europe Is Ditching American Technology Crypto-Funded Chinese Peptide Labs Are Booming Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones xAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of Anonymity Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests The Romance Scammer Who Made a Small Fortune Posing as a WWE Superstar Websites Can Now Spy on You Through Your Hard Drive Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks Internet Starts to Return in Iran After 3-Month Blackout US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows The AI Era Is Creating a Bug-Hunting Arms Race The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers ‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC Says A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale The EU Is Going Through a Trump-Fueled Breakup With Big Tech A Bipartisan Amendment Would End Police License Plate Tracking Nationwide Madison Square Garden Bans Lawyer Representing New York Cop Injured at a Boxing Match Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds You Can Get Some of Your Nudes Removed From the Internet Under a New Law An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording Your iPhone Gets Stolen. Then the Hacking Begins DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private Foxconn Ransomware Attack Shows Nothing Is Safe Forever Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz Hackable Robot Lawn Mower Unlocks a New Nightmare You Can Disable Gemini in Chrome if It’s Freaking You Out Cybercriminals Are Complaining About AI Slop Flooding Their Forums DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts Disneyland Now Uses Face Recognition on Visitors OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards California Engineer Identified in Suspected Shooting at White House Correspondents Dinner Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet AI Tools Are Helping Mediocre North Korean Hackers Steal Millions Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox Meta Is Sued Over Scam Ads on Facebook and Instagram They Built a Legendary Privacy Tool. Now They’re Sworn Enemies The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance The Shocking Secrets of Madison Square Garden’s Surveillance Machine Europe’s Online Age Verification App Is Here The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market The FCC Has a Fast Lane for Complaints About Trump’s Media Critics Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators The Dumbest Hack of the Year Exposed a Very Real Problem Your Push Notifications Aren’t Safe From the FBI How the Internet Broke Everyone’s Bullshit Detectors Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think Politicians Are Spending More Money on Security as They Increasingly Become Targets ‘We Were Not Ready for This’: Lebanon's Emergency System Is Hanging by a Thread Men Are Buying Hacking Tools to Use Against Their Wives and Friends Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything Border Patrol Agents Sold Challenge Coins With ‘Charlotte’s Web’ Characters in Riot Gear Hackers Are Posting the Claude Code Leak With Bonus Malware Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards ‘Uncanny Valley’: Iran’s Threats on US Tech, Trump’s Plans for Midterms, and Polymarket’s Pop-up Flop What Happens When a Nuclear Site Is Hit? Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool Iran Threatens to Start Attacking Major US Tech Firms on April 1 The US Military’s GPS Software Is an $8 Billion Mess The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s How Trump’s Plot to Grab Iran's Nuclear Fuel Would Actually Work
It Takes 2 Minutes to Hack the EU’s New Age-Verification App
Dell Cameron · 2026-04-18 · via Security Latest

Planning a big night out at Madison Square Garden? Have fun—but don’t say we didn’t warn you.

A WIRED investigation this week revealed new details about the private surveillance state instituted by MSG owner Jim Dolan and his head of security, John Eversole. According to court records and WIRED sources, visitors to the Garden and some other Dolan-owned venues have been subjected to face recognition, social media monitoring, in-person surveillance, and more.

The US government’s warrantless wiretap powers hit a roadblock this week. Despite a push from President Donald Trump for a long-term reauthorization of the so-called Section 702 spy program, 20 Republican lawmakers in the House of Representatives voted against a full reauthorization, forcing Speaker Mike Johnson to merely extend the program for an additional 10 days.

Meta’s Ray-Ban and Oakley AI smartglasses have an image problem—for good reason. More than 70 civil society groups, including the ACLU and the National Organization for Women, sent a letter to the company this week, demanding that it abandon any plans it may have to equip its AI glasses with face-recognition features. The groups argue that including face recognition in the wearable devices, which can already surreptitiously record videos of people, would further erode any semblance of privacy and potentially facilitate stalkers, domestic abusers, and federal agents.

Nonconsensual deepfake nudes are a scourge at schools around the world, according to an analysis by WIRED and Indicator. By tracking publicly reported incidents of deepfake “nudify” tech used against middle- and high-school-aged girls, we were able to identify more than 600 victims in 28 countries around the world.

You might think banning a $20 billion black market for scammers from your platform would be a no-brainer. But not if you’re Telegram. A WIRED investigation found that the messaging app continued to host Xinbi Guarantee despite the UK government’s designating it a facilitator of human trafficking and sanctioning the largest-ever online marketplace of its kind. Crypto-tracing firm Elliptic says that Xinbi carried out another $505 million in transactions in the 19 days after the UK issued its sanction.

The AI race has finally entered the cybersecurity lap. After Anthropic revealed its new model, Mythos, as a unique risk to the security status quo, OpenAI announced that it, too, has a new cybersecurity strategy, and a new model to go with it—GPT-5.4-Cyber.

That’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The European Commission this week released its free, open source app for verifying the ages of visitors to social networks and pornography websites. At a press conference on Wednesday, European Commission president Ursula von der Leyen proclaimed that, with the release of the app, “there are no more excuses” for platforms that fail to check users’ ages. That, however, was before experts found the app to be a security disaster.

As reported by Politico, security consultant Paul Moore claimed on X to have found a series of security issues with the app that allowed him to hack it “in less than 2 minutes.” The issues include how the app reportedly stores a user-created PIN that could allow an attacker to easily take over that person’s app profile. (Baptiste Robert, a whitehat hacker, confirmed the vulnerability to Politico.) Tagging von der Leyen in his post, Moore concluded, “This product will be the catalyst for an enormous breach at some point. It's just a matter of time.”

A Gym Chain and a Hotel Giant Disclose Major Data Breaches

Europe's largest gym chain, Basic-Fit, confirmed a major data breach on Monday, revealing that the bank details of roughly a million customers were compromised. Around 200,000 members in the Netherlands alone were affected. The stolen data includes bank details along with customers' names, home and email addresses, phone numbers, and dates of birth. A spokesperson told The Register that members in Belgium, France, Germany, Luxembourg, and Spain were also similarly hit through a single system that records member visits to clubs. No passwords, which Basic-Fit says it does not store, were reportedly compromised.

The same day, global travel and hotel reservation giant Booking.com confirmed that hackers may have extracted customer data including names, emails addresses, phone numbers, and booking details. The company informed TechCrunch that it “noticed some suspicious activity” and “took action to contain the issue.” Company notices posted by purported customers on Reddit appear to disclose a breach touching on “anything” the users “may have shared with the accommodation.” TechCrunch reported that Booking.com had declined to share details about the scope of the breach, but did separately tell The Guardian that no “financial information” was lost.

Bluesky Buckles Under DDoS Attack

Bluesky’s site and app struggled through Thursday after what the company confirmed was a distributed denial-of-service attack. Chief operations officer Rose Wang said the “sophisticated” attack began April 15 around 8:40 pm ET and caused intermittent failures across feeds, notifications, and search. The company said it has not seen any evidence of unauthorized access to user data.

The outages hit Bluesky’s own infrastructure but spared communities like Blacksky that run their own instances on the underlying AT Protocol. Blacksky told TechCrunch it has seen a significant spike in migration requests over the past 12 hours, as users and rival ATmosphere operators promote alternatives. As of Friday afternoon, its status page shows the service fully operational.

ICE Offered Jobs to Applicants With Dubious Backgrounds

The Trump administration has been on a hiring spree. A Department of Homeland Security press release from January says that ICE hired over 12,000 officers and agents in less than a year. As part of their job applications, immigration officers are supposed to go through extensive background checks that probe everything from what arrests they might have had, the debts they’ve racked up, and foreign nationals they’ve interacted with in the past seven years. The Associated Press did its own background checks on 40 ICE agents and found three that had faced lawsuits because of alleged misconduct in their previous law enforcement jobs, and several that reportedly faced legal actions because of their histories of unpaid debt. DHS didn’t comment on specific hiring choices, but acknowledged to the AP that it had given some applicants “temporary selection letters” and offers to start working before their full background checks had been completed.

Russian Crypto Exchange Grinex Hacked, Blames Foreign Spies

The Russian cryptocurrency exchange Grinex, widely reported to have aided Russia’s sanctions evasion, abruptly announced Thursday that it would be suspending its operations following a breach that it says allowed a hacker to steal more than a billion rubles’ worth of its users’ funds, equivalent to more than $13 million dollars. In its announcements on its social accounts, Grinex blamed the “special services” of a foreign country, writing that the “digital traces and the nature of the attack indicate an unprecedented level of resources and technologies available exclusively to structures of unfriendly states” and seemed to be aimed at “causing direct damage to Russia's financial sovereignty.” Grinex, which was itself sanctioned by US financial authorities, had served as the successor to Garantex, another Russian exchange that had been sanctioned for enabling sanctions evasion and other alleged financial crimes. According to crypto-tracing firm Elliptic, Grinex was likely created by the same owners and inherited Garantex funds and customers. Grinex didn’t provide any public evidence to back its claim that the theft of its funds was carried out by state-sponsored hackers.