Your Period Tracker Is (Probably) Spying on You

17 hours ago 5

Hours of San Francisco Police Department drone video footage exposed connected the unfastened web illustrates a caller epoch of incredibly granular—and consequential—urban surveillance. Meanwhile, the San Francisco City Attorney’s Office sent cease-and-desist letters to Apple and Google this week demanding that the tech giants delete 13 AI nudifying “face-swap” apps from their app stores that are astir exclusively utilized to people women and girls.

Since WIRED archetypal reported successful June astir Meta’s NameTag face-recognition system, institution executives person made opaque and conflicting comments astir whether the diagnostic adjacent exists. We took a measurement backmost to laic retired some the claims and the facts astir the precise existent system.

In a code connected Thursday, President Donald Trump continued to propulsion unsubstantiated and thoroughly debunked claims astir interference successful the 2020 US election. He adjacent promised monolithic revelations successful a trove of documents posted to the White House website, but the files did not beryllium his assertions—and successful immoderate cases really contradicted Trump’s claims.

As adoption of AI tools rapidly expands and their capabilities increase, the tech elephantine Anthropic continued a propulsion to get US states to modulate AI. Speaking astir AI transparency requirements successful California and New York from past year, Anthropic’s caput of US authorities and section authorities relations, Cesar Fernandez, told WIRED this week, “The transparency-focused information bills of 2025 were a truly important start, but arsenic the capabilities of AI systems proceed to beforehand quickly—the argumentation responses request to match.”

And there’s more. Each week, we circular up the information and privateness quality we didn’t screen successful extent ourselves. Click the headlines to work the afloat stories. And enactment harmless retired there.

Mozilla Graded Period Trackers connected Privacy. Only One Aced It

The astrology-themed play tracker Stardust sends users’ reproductive wellness details—birth power type, gestation status, moods, and symptoms arsenic circumstantial arsenic tender breasts and tummy cramps—to a information steadfast not named successful its privateness policy, according to the BBC, which archetypal reported a Mozilla Foundation audit of six fashionable trackers produced successful concern with Harvard's Berkman Klein Center.

Stardust scored 2 retired of 10, the worst of the group. Mozilla researcher Shoshana Wodinsky recovered the app pings third-party trackers from the infinitesimal it opens, earlier a idiosyncratic enters anything; the instant she logged a symptom, the details went to analytics steadfast RudderStack alongside a persistent idiosyncratic ID, with nary in-app mode to unopen the sharing off. RudderStack is built to way information onward to destinations Mozilla couldn't observe. Stardust besides hands Facebook an advertisement identifier that ties in-app behaviour to the platform's existing profiles. The institution told TechCrunch it has ne'er received a ineligible request for idiosyncratic data.

Euki, a nonprofit-run tracker, earned a cleanable 10: nary relationship required, wellness information ne'er leaves the phone, and users tin acceptable a PIN, docket automatic deletion, oregon propulsion up a decoy surface if idiosyncratic forces the telephone open. Its 1 brushed spot is an in-app browser for acquisition pages that loads the accustomed web trackers, but it besides resets identifiers betwixt visits.

Russia’s FSB Sanctioned for Cyberattack connected Polish Infrastructure

Russia’s FSB has agelong had a estimation for highly blase cyberespionage, leaving disruptive cyberattacks to its chap hackers successful the country’s GRU subject quality agency. But sanctions from the EU and UK this week, on with an advisory from the US Cybersecurity and Infrastructure Security Agency, the FBI, and the NSA, pinned a cyberattack against the Polish electrical grid connected Center 16 of the FSB, a uncommon illustration of the Kremlin bureau carrying retired a cyberattack that astir caused outages successful the country’s electrical and h2o utilities. The attack, which the Polish authorities has said came “very close” to causing a blackout, was initially attributed by cybersecurity firms Dragos and ESET to Sandworm, besides known arsenic Unit 74455 of the GRU, a much accustomed fishy successful infrastructure hacking fixed its progressive relation successful Russia’s long-running cyberwar against Ukraine. But the Polish machine exigency effect squad astatine the clip disputed that uncovering and tied the onslaught to the FSB, a decision present supported by a wide statement of Western governments. The incidental suggests that the FSB whitethorn beryllium taking connected immoderate of the reckless, highly assertive tendencies—and targeting—of its GRU coworkers.

An Alleged Russian State-Sponsored Hacker Worked for Kaspersky

For years, the Russian cybersecurity steadfast Kaspersky has been alleged to person ties to the Russian government, including by US officials who banned usage of the company’s products wrong the US authorities and yet by each American customers. Yet overt grounds of those connections has been scarce. Now Reuters reports that Denis Obrezko, a Russian antheral facing hacking charges successful Boston and an alleged subordinate of a hacker radical known arsenic Void Blizzard oregon Laundry Bear, spent 2 years moving astatine Kaspersky. His stint astatine the institution took spot conscionable earlier helium joined different cybersecurity company, Yutek-NN, wherever helium allegedly took portion successful the group’s hacking run that stole information and communications from galore NATO governments and astatine slightest 11 US companies, according to US prosecutors. Prior to Kaspersky, Obrevko besides allegedly worked astatine the FSB, neatly bookending his clip astatine the institution with evident enactment for Russia’s quality services.

Obrevko has pleaded not blameworthy to the hacking charges. Kaspersky responded successful a connection to Reuters that “the offenses charged cannot beryllium related to the individual’s relation oregon responsibilities during the employment astatine Kaspersky.”

A Real DHS Breach Was Twice Ruled a False Positive

In an incidental that volition induce anxiousness successful anyone liable for assessing suspicious web activity, DHS officials ruled—twice—that signs of a hacker breach successful its data-sharing Homeland Security Information Network level were mendacious positives erstwhile they were, successful fact, signs of a precise existent intrusion. HSIN, utilized for sharing unclassified information betwixt state, local, and national agencies, arsenic good arsenic overseas partners, was breached by hackers 2 months ago, according to reporting from Nextgov/FCW. Analysts astatine the Federal Emergency Management Agency spotted signs of hacker enactment successful mid-May—altering files and code, hijacking a morganatic web server, and deleting logs of their behavior—but the findings were dismissed arsenic a mendacious positive.

In the weeks that followed, the hackers returned, were again detected, and were again dismissed arsenic a mirage. It’s not wide wherefore the signs of the breach were misjudged, but the incidents whitethorn correspond national analysts’ expanding challenges successful detecting “living disconnected the land” hacking techniques that usage morganatic features of networks to entree people assets connected a web alternatively than planting much easy spotted malware. While the HSIN houses lone unclassified data, the accusation is “highly sensitive,” Senate Intelligence Committee vice seat Mark Warner said successful a connection pursuing the study of the breach, and “its vulnerability risks nationalist security.”

Hack Exposes an AI Music Generator’s Scraping Secrets

The AI euphony startup Suno scraped millions of songs, lyrics, and podcasts from YouTube Music, Deezer, Genius, and a drawstring of stock-audio libraries to bid its models, according to 404 Media, which reviewed interior information provided by a hacker who breached the company. The intrusion besides exposed relationship accusation for hundreds of thousands of customers, including emails, telephone numbers, and Stripe outgo records.

Dataset notes successful root codification seemingly from 2023 and 2024 tally 113,879 hours of YouTube Music audio alone, positive tens of thousands much from Pond5, Deezer, and different libraries—decades of euphony successful total. Other files amusement Suno routing its YouTube scraping done Bright Data proxies and utilizing PodcastIndex to people astir 1 cardinal hours of podcasts. The hacker, who goes by ellie.191, says they broke successful by compromising an worker with the Shai-Hulud worm.

The files seemingly corroborate the grounds industry’s cardinal allegation that Suno pulled songs straight from YouTube. The company, which argues that its grooming qualifies arsenic just usage and settled with Warner Music Group past November, said the breach progressive outdated codification and nary delicate idiosyncratic information—though customers whose information appeared successful a illustration shared with 404 Media said they were ne'er notified.

Read Entire Article