A Disney employee's download of an AI image generation tool from GitHub led to a massive data breach in July 2024, exposing over 44 million internal Slack messages. The software contained infostealer malware that compromised Matthew Van Andel's computer [non-paywalled source] for five months, giving hackers access to his 1Password manager.

The attackers used the stolen credentials to access Disney's corporate systems, publishing sensitive information including customer data, employee passport numbers, and revenue figures from Disney's theme parks and streaming services. The breach also devastated Van Andel personally. Hackers exposed his Social Security number, financial login details, and even credentials for his home's Ring cameras. Shortly after the incident, Disney fired Van Andel following a forensic analysis of his work computer, citing misconduct he denies. Security researchers believe the attacker, who identified as part of a Russia-based hacktivist group called Nullbulge, is likely an American individual.

British iPhone users have shown minimal reaction to Apple's decision to disable end-to-end encryption for UK iCloud customers, challenging the company's assumption about privacy priorities, a Bloomberg columnist notes. Rather than create a government-accessible backdoor demanded under Britain's Investigatory Powers Act, Apple chose to eliminate its Advanced Data Protection feature entirely for UK customers, effectively giving both authorities and potential hackers easier access to stored emails, photos and documents.

The near absence of public outcry from British consumers points to what researchers call the "privacy paradox," where stated concerns about data security rarely translate to action. According to cited research, while 92% of American consumers believe they should control their online information, only 16% have stopped using services over data misuse. The quiet reception suggests Apple's principled stand against backdoors may have limited impact if customers don't understand or value encrypted protection, potentially undermining privacy's effectiveness as a marketing differentiator for the tech giant.

North Korean hackers have executed the largest cryptocurrency theft in history, draining $1.5 billion from Dubai-based exchange Bybit by compromising its multisignature cold wallet system. The attackers stole over 400,000 ethereum and staked ethereum coins without exploiting code vulnerabilities or infrastructure.

Security researchers from Elliptic identified North Korean signatures in the subsequent laundering operations, consistent with the nation's ongoing cryptocurrency theft operations that fund its weapons programs. Investigators determined the hackers manipulated the user interfaces on multiple Bybit employees' devices simultaneously, tricking authorized personnel into approving what appeared to be legitimate transactions. This sophisticated attack "altered the smart contract logic and masked the signing interface," according to Bybit's disclosure.

"The Bybit hack has shattered long-held assumptions about crypto security," noted researchers at Check Point. "No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link."

An anonymous reader quotes a report from TorrentFreak: In France, rightsholders have taken legal action to compel large VPN providers to support their pirate site blocking program. The aim is to reinforce existing blocking measures, but VPN providers see this as a dangerous move, leading to potential security issues and overblocking. As a result, some are considering leaving France altogether if push comes to shove. [...] Earlier this month, sports rightsholders Canal+ and LFP requested blocking injunctions that would require popular VPNs to start blocking pirate sites and services. The full requests are not public, but the details available show that Cyberghost, ExpressVPN, NordVPN, ProtonVPN, and Surfshark are listed as respondents. [...]

The blocking request has yet to be approved and several of the targeted VPN providers have reserved detailed commentary, for now. That said, the VPN Trust Initiative (VTI), which includes ExpressVPN, NordVPN and Surfshark as members, has been vocal in its opposition. VTI is part of the i2Coalition and while it doesn't speak directly for any of the members, the coalition's Executive Director Christian Dawson has been in regular discussions with VPN providers. From this, it became clear that VPN providers face difficult decisions. If VPN providers are ordered to block pirate sites, some are considering whether to follow in the footsteps of Cisco, which discontinued its OpenDNS service in the country, to avoid meddling with its DNS resolver.

Speaking with TorrentFreak, VTI's Dawson says that VPNs have previously left markets like India and Pakistan in response to restrictive requirements. This typically happens when privacy or security principles are at risk, or if the technical implementation of blocking measures is infeasible. VTI does not rule out that some members may choose to exit France for similar reasons, if required to comply with blocking measures. "We've seen this before in markets like India and Pakistan, where regulatory requirements forced some VPN services to withdraw rather than compromise on encryption standards or log-keeping policies," Dawson says. "France's potential move to force VPN providers to block content could put companies in a similar position -- where they either comply with measures that contradict their purpose or leave the market altogether." "This case in France is part of a broader global trend of regulatory overreach, where governments attempt to control encrypted services under the guise of content regulation. We've already seen how China, Russia, Myanmar, and Iran have imposed VPN restrictions as part of broader censorship efforts."

"The best path forward is for policymakers to focus on targeted enforcement measures that don't undermine Internet security or create a precedent for global Internet fragmentation," concludes Dawson. "As seen in other cases, blanket blocking measures do not effectively combat piracy but instead create far-reaching consequences that disrupt the open Internet."

Microsoft has quietly launched a new version of Microsoft Office for Windows that can be used to edit documents for free, no Microsoft 365 subscription or Office license key required. From a report: This free version of Office is based on the full desktop apps, but has most features locked behind the Microsoft 365 subscription. The free version of Office for Windows includes ads that are permanently on screen when within a document in Word, PowerPoint, and Excel. Additionally, this new free version of Office also only allows you to save files to OneDrive, meaning no support for editing local files. To access the free version of Office, just skip the prompt to sign-in when you first run an Office app. From there, you will be given the choice to continue to use Office for free in exchange for ads and limited features. In this mode, you can open, view, and even edit documents, just like you can with the web version of Office.

Google is preparing to abandon SMS verification codes for Gmail authentication in favor of QR codes, Gmail spokesperson Ross Richendrfer told Forbes. The move aims to address significant security vulnerabilities inherent in SMS-based verification while combating fraudulent exploitation of Google's messaging infrastructure, he said.

"Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication," Richendrfer said. The transition will target "rampant, global SMS abuse" that undermines security and enables criminal schemes. SMS verification currently serves dual purposes at Google: confirming user identity and preventing service abuse. However, these codes are vulnerable to phishing, dependent on carrier security practices, and frequently exploited in "traffic pumping" scams where fraudsters profit from artificially triggered SMS messages.

The forthcoming implementation will display QR codes that users scan with their phone cameras instead of entering six-digit codes. This approach eliminates shareable verification codes and reduces dependency on telecom carriers. The changes will roll out "over the next few months," the company said.

An anonymous reader shared this report from the Telegraph: Workers with an axe to grind against their employer are using AI to bombard businesses with costly and inaccurate lawsuits, experts have warned.

Frustration is growing among employment lawyers who say they are seeing a trend of litigants using AI to help them run their claims, which they say is generating "inconsistent, lengthy, and often incorrect arguments" and causing a spike in legal fees... Ailie Murray, an employment partner at law firm Travers Smith, said AI submissions are produced so rapidly that they are "often excessively lengthy and full of inconsistencies", but employers must then spend vast amounts of money responding to them. She added: "In many cases, the AI-generated output is inaccurate, leading to claimants pleading invalid claims or arguments.

"It is not an option for an employer to simply ignore such submissions. This leads to a cycle of continuous and costly correspondence. Such dynamics could overburden already stretched tribunals with unfounded and poorly pleaded claims."
There's definitely been a "significant increase" in the number of clients using AI, James Hockin, an employment partner at Withers, told the Telegraph. The danger? "There is a risk that we see unrepresented individuals pursuing the wrong claims in the UK employment tribunal off the back of a duff result from an AI tool."

America's Labor Department includes the fact-finding Bureau of Labor Statistics — and they recently explained how AI impacts their projections for the next 10 years. Their conclusion, writes Investopedia, was that "tech workers might not have as much to worry about as one might think." Employment in the professional, scientific, and technical services sector is forecast to increase by 10.5% from 2023 to 2033, more than double the national average. According to the BLS, the impact AI will have on tech-sector employment is highly uncertain. For one, AI is adept at coding and related tasks. But at the same time, as digital systems become more advanced and essential to day-to-day life, more software developers, data managers, and the like are going to be needed to manage those systems. "Although it is always possible that AI-induced productivity improvements will outweigh continued labor demand, there is no clear evidence to support this conjecture," according to BLS researchers.
Their employment projections through 2033 predict the fastest-growing sector within the tech industry will be computer system design, while the fastest-growing occupation will be data scientist.

And they also project that from 2023 through 2033 AI will "primarily affect occupations whose core tasks can be most easily replicated by GenAI in its current form." So over those 10 years they project a 4.7% drop in employment of medical transcriptionists and a 5.0% drop in employment of customer service representatives. Other occupations also may see AI impacts, although not to the same extent. For instance, computer occupations may see productivity impacts from AI, but the need to implement and maintain AI infrastructure could in actuality boost demand for some occupations in this group.
They also project decreasing employment for paralegals, but with actual lawyers being "less affected."

Five days ago on Patch Tuesday, Microsoft released patch KB5051987 for Windows 11 version 24H2, writes the XDA Developers site.

But "As reported by Windows Latest and various communities like Reddit and Microsoft's help forum, many users have encountered a major issue..."

Some have reported that, in addition to File Explorer failing to launch, they're unable to open folders from the desktop, save Office files, or even download files. Clicking on a folder icon may display its subfolders, but the contents within remain inaccessible... Some users on Microsoft's help forum and Reddit have also reported that the KB5051987 patch fails to install entirely. The update gets stuck at a certain percentage for hours before eventually displaying an error code. While these are among the most widely reported issues, others have surfaced as well, including problems with Taskbar preview animations, the camera, and more.
"Microsoft keeps running into brick walls with the 2024 version of Windows 11," writes ZDNet. "Each new update designed to fix the outstanding bugs ends up introducing other problems..." Among the glitches resolved were ones that affected digital audio converters, USB audio drivers, USB cameras, and passkeys. The update also patched several security vulnerabilities, including some that were deemed critical....

Other glitches that may pop up include a stuttering mouse, an undetectable camera, .NET apps that cannot be installed inside the Windows Sandbox, and the Taskbar's new preview animation that does not work properly. You may also encounter other roadblocks. One person in the Windows Feedback Hub said that after installing the update, the battery life shows only 2.5 hours versus 6 hours previously. Another person found that the clipboard history no longer copies items from Microsoft Word...

Each annual Windows update can suffer from bugs, especially after being rolled out to millions of users. However, Windows 11 24H2 has been more problematic than usual. Since its official launch last October, the 2024 version has carried with it a host of known issues, many of which still haven't been resolved.

Google's Threat Intelligence Group notes "the growing threat to secure messaging applications." While specifically acknowledging "wide ranging efforts to compromise Signal accounts," they add that the threat "also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques.

"In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats."

Computer Weekly reports: Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram. Dan Black, principal analyst at Google Threat Intelligence Group, said he would be "absolutely shocked" if he did not see attacks against Signal expand beyond the war in Ukraine and to other encrypted messaging platforms...

Russia-backed hackers are attempting to compromise Signal's "linked devices" capability, which allows Signal users to link their messaging account to multiple devices, including phones and laptops, using a quick response (QR) code. Google threat analysts report that Russia-linked threat actors have developed malicious QR codes that, when scanned, will give the threat actor real-time access to the victim's messages without having to compromise the victim's phone or computer. In one case, according to Black, a compromised Signal account led Russia to launch an artillery strike against a Ukrainian army brigade, resulting in a number of casualties... Google also warned that multiple threat actors have been observed using exploits to steal Signal database files from compromised Android and Windows devices.
The article notes that the attacks "are difficult to detect and when successful there is a high risk that compromised Signal accounts can go unnoticed for a long time." And it adds that "The warning follows disclosures that Russian intelligence created a spoof website for the Davos World Economic Forum in January 2025 to surreptitiously attempt to gain access to WhatsApp accounts used by Ukrainian government officials, diplomats and a former investigative journalist at Bellingcat."

Google's Threat Intelligence Group notes there's a variety of attack methods, though the "linked devices" technique is the most widely used. "We are grateful to the team at Signal for their close partnership in investigating this activity," Google's group says in their blog post, adding that "the latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features."

HP has ended its controversial practice of imposing mandatory 15-minute wait times for customer support calls in several European countries, following internal pushback and customer complaints.

The company confirmed the reversal and said it will "continue to prioritize timely access to live phone support."

Cryptocurrency exchange Bybit has experienced $1.46 billion worth of "suspicious outflows," according to blockchain sleuth ZachXBT. From a report: The wallet in question appears to have sent 401,346 ETH ($1.1 billion) as well as several other iterations of staked ether (stETH) to a fresh wallet, which is now liquidating mETH and stETH on decentralized exchanges, etherscan shows. The wallet has sold around $200 million worth of stETH so far. Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."

WinRAR 7.10 now lets users remove potentially sensitive metadata from downloaded files while preserving core Windows security features. The file compression tool's latest release introduces a "Zone value only" setting that strips download locations and IP addresses from Windows' Mark-of-the-Web security flags during file extraction.

The new privacy control, enabled by default, maintains only the basic security zone identifier that triggers Windows' safety prompts for downloaded files. This change prevents recipients of shared archives from accessing metadata that could reveal where files originated. The update from win.rar GmbH, whose compression software claims 500 million users worldwide, also adds performance improvements through larger memory page support and introduces a dark mode interface.

Apple is removing its most advanced, end-to-end encrypted security feature for cloud data in the United Kingdom [alternative source], in a stunning development after the government ordered the company to build a backdoor for accessing user data. From a report: The company said Friday that Advanced Data Protection, an optional feature that adds end-to-end encryption to a wide assortment of user data is no longer available in the UK for new users.

This layer of security covers iCloud data storage, device backups, web bookmarks, voice memos, notes, photos, reminders and text message backups. "We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy," the company said in a statement. "ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices."

Mirnotoriety shares a report from The Register: The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency. The Feds warned orgs to beware of this spectral menace, which is known to have infected critical infrastructure and entities in every sector of a typical economy, and which has been observed scoring ransoms as recently as January. It is said to have racked up victims in more than 70 countries, including some in its China homeland.

Ghost first appeared in 2021, and according to the Feds, the gang will "rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time." The Chinese group has therefore been identified as Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture over time. The group's favored tactics, however, remain consistent: It targets unpatched systems to exploit known vulnerabilities that allow it to infect targets. [...]

Using apps and websites in dark mode can actually use more energy than standard mode, according to researchers, as it causes people to crank up the brightness. From a report: This counterintuitive finding is claimed by BBC Research & Development (R&D), which says that despite the popular energy saving recommendation to cut electricity consumption by switching to dark mode, doing so might actually make things worse. "Dark mode is a popular dark-theme colour content scheme and research has found that, for some devices, switching to dark mode can reduce device power consumption. Energy conscious internet users are therefore encouraged to browse in dark mode," say the authors of a BBC R&D blog post.

"The catch is that the advertised energy savings haven't been tested in the wild, where user behavior can cause unexpected consequences." So the BBC's R&D engineers put participants in front of the BBC Sounds home page and asked them to adjust the device brightness until they were comfortable with it, repeating this for both light and dark mode versions of the page.

HP will impose a minimum 15-minute wait time for consumer PC and printer support calls in five European countries, seeking to push customers toward digital channels, according to internal documents seen by The Register. The policy, implemented February 18, affects retail customers in Britain, Ireland, France, Germany and Italy. The outlet added that it anticipates "more countries could be added."

Microsoft will strip several features from Windows 11's File Explorer for European users to comply with privacy regulations, the company says. The changes, affecting Entra ID accounts in the European Economic Area, remove Recent, Favorites, Details Pane, and Recommended content sections that previously tracked user activity.

These features relied on collecting user data to display recently accessed files and personalized recommendations. The privacy-focused update, part of Windows 11 preview build 26120.3281, results in a streamlined File Explorer interface.

A recently patched Palo Alto Networks vulnerability (CVE-2025-0108) is being actively exploited alongside two older flaws (CVE-2024-9474 and CVE-2025-0111), allowing attackers to gain root access to unpatched firewalls. The Register reports: This story starts with CVE-2024-9474, a 6.9-rated privilege escalation vulnerability in Palo Alto Networks PAN-OS software that allowed an OS administrator with access to the management web interface to perform actions on the firewall with root privileges. The company patched it in November 2024. Dark web intelligence services vendor Searchlight Cyber's Assetnote team investigated the patch for CVE-2024-9474 and found another authentication bypass.

Palo Alto (PAN) last week fixed that problem, CVE-2025-0108, and rated it a highest urgency patch as the 8.8/10 flaw addressed an access control issue in PAN-OS's web management interface that allowed an unauthenticated attacker with network access to the management web interface to bypass authentication "and invoke certain PHP scripts." Those scripts could "negatively impact integrity and confidentiality of PAN-OS."

The third flaw is CVE-2025-0111 a 7.1-rated mess also patched last week to stop authenticated attackers with network access to PAN-OS machines using their web interface to read files accessible to the "nobody" user. On Tuesday, US time, Palo A lot updated its advisory for CVE-2025-0108 with news that it's observed exploit attempts chaining CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces. The vendor's not explained how the three flaws are chained but we understand doing so allows an attacker to gain more powerful privileges and gain full root access to the firewall. PAN is urging users to upgrade their PAN-OS operating systems to versions 10.1, 10.2, 11.0, 11.1, and 11.2. A general hotfix is expected by Thursday or sooner, notes the Register.

Cameron John Wagenius pleaded guilty to hacking AT&T and Verizon and stealing a massive trove of phone records from the companies, according to court records filed on Wednesday. From a report: Wagenius, who was a U.S. Army soldier, pleaded guilty to two counts of "unlawful transfer of confidential phone records information" on an online forum and via an online communications platform.

According to a document filed by Wagenius' lawyer, he faces a maximum fine of $250,000 and prison time of up to 10 years for each of the two counts. Wagenius was arrested and indicted last year. In January, U.S. prosecutors confirmed that the charges brought against Wagenius were linked to the indictment of Connor Moucka and John Binns, two alleged hackers whom the U.S. government accused of several data breaches against cloud computing services company Snowflake, which were among the worst hacks of 2024.