A web hosting company in Taiwan was recently targeted by what appears to be a Chinese state-sponsored actor.

Majority of Allianz Life customers are thought to be affected by recent data breach.

A California suit claims the app is recording private conversations and using them to train its AI.

The United Kingdom will no longer force Apple to provide backdoor access to secure user data protected by the company’s iCloud encryption service, according to US Director of National Intelligence Tulsi Gabbard.

“Over the past few months, I’ve been working closely with our partners in the UK, alongside @POTUS and @VP, to ensure Americans’ private data remains private and our Constitutional rights and civil liberties are protected,” Gabbard posted to X on Monday. “As a result, the UK has agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.”

This announcement follows the UK issuing a secret order in January this year, demanding Apple provide it with backdoor access to encrypted files uploaded by users worldwide. In response, Apple pulled the ability for new users in the UK to sign up to its Advanced Data Protection (ADP) encrypted iCloud storage offering, and challenged the order, winning the right to publicly discuss the case in April. Earlier this year, US officials started examining whether the UK order had violated the bilateral CLOUD Act agreement, which bars the UK and US from issuing demands for each other’s data.

This pressure from the US sparked reports last month that Britain would walk back the demands it issued to Apple, with one unnamed UK official telling the Financial Times that the UK “had its back against the wall,” and was looking for a way out. While it’s unclear if the UK would negotiate new terms with Apple that avoid implicating the data of US citizens, an unnamed US official told The Financial Times that such negotiations would not be faithful to the new agreement.

With the order now reportedly removed, it’s unclear if Apple will restore access to its ADP service in the UK. We have reached out to Apple for comment. The UK Home Office has refused to comment on the situation.

Data breach notification site Have I Been Pwned notified 1.1 million customers of a July data breach, a number not previously reported.

---

Anthropic launches learning modes for Claude AI that guide users through step-by-step reasoning instead of providing direct answers, intensifying competition with OpenAI and Google in the booming AI education market.Read More

More than $2.8 million was seized from suspected ransomware leader Ianis Aleksandrovich Antropenko.

Researchers found malware hiding in npm packages downloaded by Russian crypto developers.

Developers are using AI to generate code for them, but it's creating vulnerabilities that companies are shipping to customers.

Cisco says it patched a 10/10 severity flaw in Secure Firewall Management Center.

Hackers are moving away from delivering malware via email and are focusing on URLs and ClickFix scams, report warns.

Workday plays down effects of attack, but data was taken.

No CVE or severity score has been revealed, but a patch for Plex has already been issued.

Texas solar company EG4 became the poster child for home energy cybersecurity risks this week after federal officials published an advisory detailing how hackers could hijack its inverters.

The Russian hackers used their access to the dam's computer systems to open a floodgate that spilled millions of gallons of water.

In June, headlines read like science fiction: AI models "blackmailing" engineers and "sabotaging" shutdown commands. Simulations of these events did occur in highly contrived testing scenarios designed to elicit these responses—OpenAI's o3 model edited shutdown scripts to stay online, and Anthropic's Claude Opus 4 "threatened" to expose an engineer's affair. But the sensational framing obscures what's really happening: design flaws dressed up as intentional guile. And still, AI doesn't have to be "evil" to potentially do harmful things.

These aren't signs of AI awakening or rebellion. They're symptoms of poorly understood systems and human engineering failures we'd recognize as premature deployment in any other context. Yet companies are racing to integrate these systems into critical applications.

Consider a self-propelled lawnmower that follows its programming: If it fails to detect an obstacle and runs over someone's foot, we don't say the lawnmower "decided" to cause injury or "refused" to stop. We recognize it as faulty engineering or defective sensors. The same principle applies to AI models—which are software tools—but their internal complexity and use of language make it tempting to assign human-like intentions where none actually exist.

Read full article

Comments

© Colin Anderson Productions via Getty Images

Phishing emails are being used to steal account credentials to generate fake jobs and visa schemes.

Many businesses still don't have cyber insurance, despite brokers anticipating a rise in claims.

The new Online Safety Act means that age verification is now a fact of life when you’re browsing from the UK. But are your selfie or ID being stored safely?

Malicious SVG files on adult websites hide JavaScript that hijacks Facebook sessions, secretly liking posts, and potentially exposing victims to identity theft and credential harvesting.