Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124

Hours of San Francisco Police Department drone videos appear on the Internet heralds a new era of extraordinary urban governance – and its consequences. Meanwhile, the San Francisco City Attorney’s Office sent letters to Apple and Google this week demanding that Tech giants remove 13 AI programs for nudify “face swapping”. from their app stores used to target women and girls.
From WIRED first report in June about Meta’s NameTag face-recognition system, industry executives have made vague and controversial comments about whether the feature exists. We took a step back explain both the claims and the facts about the actual system.
Speaking on Thursday, President Donald Trump continued his push unsubstantiated and well-contested claims about interfering in the 2020 US election. He also promised major revelations in a series of memos posted on the White House website, but the files did not confirm his claims — and sometimes contradicted Trump’s claims.
As the adoption of AI tools expands and their capabilities expand, the tech giant Anthropic continued to push for US states to regulate AI. Speaking about the emergence of AI in California and New York since last year, Anthropic’s head of US government and local governments, Cesar Fernandez, told WIRED this week, “The 2025 transparent security payments were an important start, but the power of AI machines continues to advance rapidly – policy responses must be consistent.”
And there are many. Every week, we create security and privacy stories that we haven’t covered in depth ourselves. Click on the headlines to read all the stories. And be safe out there.
The Stardust tracker sends information about users’ fertility, birth control type, pregnancy status, mood, and symptoms like tender breasts and cramping — to the company’s data privacy policy. according to the BBCwhich first reported on the Mozilla Foundation’s survey of six celebrities conducted in collaboration with Harvard’s Berkman Klein Center.
Stardust has scored 2 out of 10the worst of the bunch. Mozilla researcher Shoshana Wodinsky found the app pings three times from the moment it opens, before the user enters anything; the moment they got the token, the information went to the RudderStack monitoring company along with the user ID, with no internal mechanism to block sharing. RudderStack was designed to improve things that Mozilla couldn’t see. Stardust also provides Facebook with an ad identifier that links app behavior to profiles available on the platform. The company he told TechCrunch has never received legal requests for user data.
Euki, a non-profit researcher, scored a perfect 10: no account required, health information never leaves the phone, and users can set a PIN, configure automatic deletion, or pull a fraud screen if someone force unlocks the phone. Its soft spot is the internal browser of educational sites that populate regular trackers, and also set identifiers between visits.
Russia’s FSB has long been known for its espionage capabilities, leaving disruptive cybercriminals to their hacked colleagues in the country’s GRU military agency. But sanctions from the EU and the UK this week, along with advice from the US Cybersecurity and Infrastructure Security Agency, the FBI, and the NSA, sparked a cyberattack against Poland’s electricity grid at Center 16 of the FSB, a rare example of a Kremlin organization conducting a cyberattack that caused a water crisis. The attack, which the Polish government said was “very close” to a power outage, was first reported by computer security firms Dragos and ESET. Sandwormalso known as Unit 74455 of the GRU, which is also known to be suspected of hacking operational weapons for its role in Russia’s cyber war against Ukraine. But Poland’s cyber emergency response team at the time denied that access was tied to the FSB, a point now supported by a broad coalition of Western governments. The incident suggests that the FSB may have the reckless, aggressive—and targeting—tendencies of GRU operatives.
Over the years, the Russian company Kaspersky has cooperated with the Russian government, including with the US authorities who banned the use of the company’s products in the US government and eventually with all American customers. However, clear evidence of these connections has been limited. Now Reuters is reporting that Denis Obrezko, the Russian man accused of hacking the Boston area and a member of the hacker group known as Void Blizzard or Laundry Bear, spent two years working for Kaspersky. His tenure at the company came before he joined another cybersecurity firm, Yutek-NN, where he allegedly took part in a hacking ring that stole data and communications from dozens of NATO governments and at least 11 US companies, according to US prosecutors. Before Kaspersky, Obrevko also worked for the FSB, punctuating his time at the company with a high-profile job in Russian intelligence.
Obrevko has pleaded not guilty to embezzlement. Kaspersky responded in a statement to Reuters that “the alleged offenses are not related to the person’s position or responsibility during his employment at Kaspersky.”
In a move that may cause concern for anyone charged with monitoring suspicious activity online, DHS officials have ruled—twice—that signals of a privacy breach on its data-sharing platform Homeland Security Information Network were false when they were, in fact, signals of a real intrusion. The HSIN, which is used to share anonymous data between state, local, and federal agencies, as well as foreign partners, was breached by hackers two months ago, according to reports from Nextgov/FCW. Federal Emergency Management Agency investigators saw signs of hacker activity in mid-May—changing files and codes, hijacking an official Internet server, and deleting logs of their behavior—but the findings were dismissed as false.
In the weeks that followed, the thugs returned, found them again, and called them fools. It’s unclear why the breach signals were misinterpreted, but the incident may represent a growing challenge for government officials to identify “in-country” hacking techniques that use legitimate network features to acquire desired assets on the network rather than planting easily visible malware. Although the HSIN only contains anonymous information, the information is “very sensitive,” Senate Intelligence Committee vice chairman Mark Warner said following the report of the breach, and “its disclosure could jeopardize national security.”
AI music startup Suno pulled millions of songs, lyrics, and podcasts from YouTube Music, Deezer, Genius, and several audio libraries to train its models, according to 404 Media, which reviewed internal information provided by the hacker who breached the company. The breach also exposed account information for thousands of customers, including email addresses, phone numbers, and Stripe payment history.
The dataset records in the source code apparently from 2023 and 2024 were 113,879 hours of YouTube Music audio alone, plus thousands more from Pond5, Deezer, and other libraries, spanning decades of music. Other files show Suno browsing YouTube through Bright Data proxies and using PodcastIndex to target nearly 1 million hours of podcasts. The hacker, who goes by ellie.191, is said to have cracked it by confusing a worker with the Shai-Hulud worm.
The files seem to be in line with previous reports that Suno released music directly on YouTube. The company, which claims its training is subject to fair use and settled with Warner Music Group last November, said the breach affected temporary code and contained no personal information – although customers whose data was exposed in the sample shared with 404 Media said they had not been notified.