Security Roundup: Apple’s Hide My Email Fails to Hide Your Email


Politician on The European Parliament’s PEGA committee – created to investigate spyware abuses, including the notorious Pegasus malware –he fought Pegasus himselfaccording to new research findings released this week. Meanwhile, Google’s top security staff warned this week that the law would help the competition proposals in the EU could put Google Search and Android systems at risk vandalism and other abuses.

A WIRED investigation revealed this week that Meta contracts were shown as children and teenagers to see how chatbots work as Gemini and ChatGPT responded to stimuli related to high risk, including suicide, sex and drugs.

And the researcher discovered that he could use Anthropic’s Claude Opus 4.7 to access the Front Gate website and donate tickets to every music festival in the United Statesincluding Lollapalooza and Bonnaroo.

But wait, there’s more! Every week, we create security and privacy stories that we haven’t covered in depth ourselves. Click on the headlines to read all the stories. And be safe out there.

Back in 2021, Apple launched Hide My Email Toolwhich as the name suggests, allows people to sign up for online services using an email address that is not directly linked to them. Privacy creates “unique, randomly selected addresses” that can send incoming messages to a personal email address – reducing the amount of information you need to provide companies.

Reports from 404 Media this week revealed that a system vulnerability has allowed, for a year, people’s real email addresses to be exposed when they use Apple’s privacy policy. “Apple Hide My Email is leaking emails that should be hidden,” security researcher Tyler Murphy, who discovered the bug in June 2025, told the publication. “In our limited testing with volunteers, 100% of Hide My Email addresses were being used,” he said.

The details of the vulnerability and how it works have not been disclosed because the problem has not been fixed. In tests conducted by 404 Media and Murphy, it was possible for a newly created Hide My Email address, which uses the @ icloud.com domain, to be linked back to the original email address of its creator. Murphy said he told Apple about the problem last summer and was told it had been “addressed” by March of this year. However, when the researcher continued to test the issue, it remained useful, Apple told Murphy a few months ago that it was still investigating the issue. Apple did not respond to a request for comment from the publication.

A nineteen-year-old boy was arrested and sent to the United States to face charges related to the infamous Scattered Spider, Department of Justice (DoJ) announced this week. Peter Stokes, a dual Estonian-US citizen, was arrested in Finland in April and charged with computer hacking, conspiracy and fraud, associating with a terrorist organization.

It is so he says that Stokes, along with other members of the hacking group, hacked into an unnamed “high-end jewelry retailer” and demanded a cryptocurrency ransom of $8 million in May 2025. The company did not pay but spent $2 million on the incident, according to the DoJ. Press release. In recent years, the Scattered Spider group, which many believe to be composed of young, English-speaking peopleit has caused chaos around the world by hacking and disrupting many businesses. Stokes’ arrest follows two members of the British Scattered Spider, Thalha Jubair and Owen Flowers, recently. plead guiltyy destroy Transport in London in 2024 and cost millions.

Following the move of the messaging app A symbol last year, WhatsApp has announced that it will soon publish a username for billions of people. This means that it is possible for people to communicate and send messages without sharing phone numbers, increasing privacy protection. However, the authorities in India, one of the largest markets WhatsApp, who previously tried open it privacy protection in the Meta program, has opposed the implementation of usernames. A letter from the Government of India, facts by Reutersasked WhatsApp to temporarily suspend the release of usernames in the country. The letter said the move could increase fraud and cybercrime, citing concerns about online anonymity. The letter was followed by different messages to Signal and Telegram for the use of usernames.

Thousands just license plate reader camerascalled ALPRs, have appeared in the United States in the past few years. The cameras, which can be deployed by police, cities, and businesses, record passing vehicles and record information about their movements. As well as license plate numbers, the machine can record the time and place of the photos, the make and model of the vehicle, and bumper stickers. Billions of photos and details of vehicle movements have been captured in the ALPR database.

However, mounting evidence shows that when cameras go wrong, innocent people can be arrested and charged by law enforcement. A review of court records and media reports, perhaps the tip of the iceberg, is the nonprofit Institute for Justice. this week he found out at least 24 unexplained cases over the past eight years. These reportedly include a family with a baby in their car being held at gunpoint; the camera misreading “O” as “0”, resulting in the grandfather being blocked; and one is being pulled after their license is not removed from the wanted list. The results add a growing list of errors from AI-powered cameras.



Source link

اترك ردّاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *