ICYMI: N. Korean Hackers Use Fake Identities To Land Remote US Tech Jobs

A bill requiring Apple and Google to verify the age of users on their app stores is poised to become law in Texas, positioning the state at the center of a growing national debate over regulating smartphone use by children and teens, according to an article from FirstPost. Senate Bill 2420, which passed both chambers of the Texas legislature with a supermajority, now awaits Gov. Greg Abbott’s signature. The legislation would require app store operators to verify the age of a device user and, for those under 18, obtain parental consent before allowing app downloads or in-app purchases.

LexisNexis Risk Solutions, a data broker that collects and uses consumers’ personal data to help its paying corporate customers detect possible risk and fraud, has disclosed a data breach affecting more than 364,000 people, according to an article from TechCrunch. The company said in a filing with Maine’s attorney general that the breach, dating back to December 25, 2024, allowed a hacker to obtain consumers’ sensitive personal data from a third-party platform used by the company for software development. Jennifer Richman, a spokesperson for LexisNexis, told TechCrunch that an unknown hacker accessed the company’s GitHub account. The stolen data varies, but includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver license numbers.

Asus' routers are popular and well-reviewed. As such, there's a good chance you have one of its devices powering your home wifi. If you do, you should probably check on it, since thousands of Asus' routers are now compromised, according to an article from Lifehacker. Cybersecurity company GreyNoise published a blog post about this router attack. GreyNoise says attackers used brute-force login attempts (running millions of login attempts until the right match is found) and authentication bypasses (forcing your way in around traditional authentication protocols) to break into these routers. Notably, hackers used authentication bypass techniques that aren't assigned CVEs (common vulnerabilities and exposures). CVEs are labels used to track publicly disclosed security vulnerabilities, which means the security vulnerabilities were either unknown or known only to a limited circle. Once in, hackers exploited the Asus router's CVE-2023-39780 vulnerability to run whatever commands they wanted. Hackers enabled SSH (secure shell) access through Asus' settings, which let them connect to and control the devices. They then stored the configuration—or backdoor—in NVRAM, rather than the disk of the router. The hackers did not leave malware behind, and even disabled logging, which makes their attacks difficult to detect. It's not clear who is behind these attacks.

North Korean hackers operated a “laptop farm” scheme that used fake identities to land remote US tech jobs and illegally collect $17.1 million in wages, according to an article from TechRepublic. The sophisticated scam is part of a broader effort to exploit global labor markets through cybercrime, according to US authorities. Cybersecurity experts described the operation as “something we’d never seen before,” citing sophisticated tactics and custom-built programs that enabled the North Koreans to bypass detection systems and exfiltrate sensitive corporate data.

On June 2, Google released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild, according to an article from The Hacker News. The high-severity flaw is being tracked as CVE-2025-5419 (CVSS score: 8.8), and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. “Out-of-bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” reads the description of the bug on the NIST's National Vulnerability Database (NVD). Google credited Clement Lecigne and Benoît Sevens of Google Threat Analysis Group (TAG) with discovering and reporting the flaw on May 27, 2025. It also noted that the issue was addressed the next day by pushing out a configuration change to the Stable version of the browser across all platforms. So, if you are a Google Chrome user and you haven’t updated recently, now might be a good time to do so.

Mozilla announced on Thursday that it’s shutting down Pocket, a read-it-later app it acquired in 2017, on July 8, according to an article from TechCrunch. The company is also shutting down Fakespot, its browser extension that helps users identify unreliable reviews. “Pocket has helped millions save articles and discover stories worth reading,” Mozilla said in a blog post. “But the way people use the web has evolved, so we’re channeling our resources into projects that better match their browsing habits and online needs.” Users will be able to continue using the app and browser extensions for Pocket until July 8. After that date, Pocket will move into export-only mode. Users have until October 8 to export saved articles, including items in their list, archive, favorites, notes, and highlights.

The latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact to an infected device's contact list to deceive victims when they receive calls from the threat actors, according to an article from BleepingComputer. This feature was introduced along with several others, mostly evasion-focused improvements, as the malware appears to have expanded its targeting scope worldwide. A notable feature in the latest Crocodilus malware version is the ability to add fake contacts on the victim's device. Doing so would cause the device to display the name listed in a caller's contact profile rather than the caller ID when receiving an incoming call. This could allow the threat actors to impersonate trusted banks, companies, or even friends and family members, making the calls appear more trustworthy.

According to an article from Ars Technica, tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities. The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

Scammers are targeting travelers planning their vacations in a new campaign that spoofs popular online travel agency (OTA) Booking.com, according to an article from Lifehacker. The scheme, identified by Malwarebytes Labs, uses malicious CAPTCHA forms to gain remote access to victims' devices, allowing threat actors to harvest personal and financial information. The campaign begins with links posted on social media and gaming sites, including sponsored ads, that redirect to websites posing as Booking.com — an OTA through which users can search and book flights, hotels, rental cars, and other travel experiences. When users click the link, they'll see a fake CAPTCHA pop-up with a checkbox, which gives permission to copy data to the clipboard. The next verification prompt will tell you to execute a Run command on your device with a combination of keystrokes. (FYI: This is never a legitimate CAPTCHA request.) In the background, the malicious CAPTCHA has copied a PowerShell command to your clipboard. And if you follow the instructions, the command will download and execute a series of files that install a backdoor Remote Access Tool (RAT)—identified as Backdoor.AsyncRAT—giving threat actors the ability to remotely monitor and control your machine.

The United States has achieved a remarkable breakthrough in hydrogen aviation technology, addressing three critical challenges that previously hindered the development of hydrogen-powered aircraft, according to an article from the Stewartville Star. This innovative system represents a significant step forward in the quest for zero-emission air travel, potentially transforming the aviation industry’s environmental impact. Engineers at the FAMU-FSU College of Engineering have developed an integrated system that elegantly solves multiple technical barriers facing hydrogen aircraft. Their creation simultaneously handles hydrogen storage, cooling, and propulsion distribution—all from a single reservoir. This represents a fundamental shift in how aircraft can utilize hydrogen fuel. The system achieves an impressive 0.62 gravimetric index, meaning 62% of the total system mass is dedicated to usable hydrogen. This efficiency significantly outperforms conventional hydrogen storage methods that suffer from excessive auxiliary weight components. Engineers accomplished this through meticulous optimization of vent pressures and heat exchanger dimensions. The aviation sector contributes between 1-2% of global CO₂ emissions according to recent IPCC reports. Hydrogen presents a compelling alternative to traditional jet fuel, offering greater energy density than kerosene while producing zero carbon dioxide emissions during combustion. However, the technical challenges of storing hydrogen at cryogenic temperatures (-253°C) have long prevented practical implementation.

You probably have at least 100 apps on your phone — likely more. And there’s plenty of choice, almost 2 million apps on Apple’s App Store and nearer 3 million on Google’s Play Store. You’re urged only to install apps from official stores, but sometimes even that doesn’t keep you safe. So it is with a new list of apps you must delete right now, according to an article from Forbes. This list comes courtesy of Cyble, whose researchers discovered a raft of apps had tricked their way onto the Play Store despite mimicking the names and icons of legitimate digital wallets. Once installed and opened, the apps open a phishing website or an in-app WebView, requesting the mnemonic phrases that can be used to empty the wallet. Cyble found more than 20 apps, “targeting crypto wallet users” by impersonating “popular wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium,” and tricking users into dangerous Play Store installs by using “compromised or repurposed developer accounts.” The targeted wallets (and app names) are listed in the article.

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things, according to an article from The Hacker News. “The [Russian-speaking] actor used our models to assist with developing and refining Windows malware, debugging code across multiple languages, and setting up their command-and-control infrastructure,” OpenAI said in its threat intelligence report. “The actor demonstrated knowledge of Windows internals and exhibited some operational security behaviors.” The Go-based malware campaign has been codenamed ScopeCreep by the artificial intelligence (AI) company. There is no evidence that the activity was widespread in nature.

June 10, 2025 was Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed, according to an article from BleepingComputer. This Patch Tuesday also fixes ten “Critical” vulnerabilities, eight being remote code execution vulnerabilities and two being elevation of privileges bugs. The number of bugs in each vulnerability category is listed as follows: 13 Elevation of Privilege Vulnerabilities, 3 Security Feature Bypass Vulnerabilities, 25 Remote Code Execution Vulnerabilities, 17 Information Disclosure Vulnerabilities, 6 Denial of Service Vulnerabilities, and 2 Spoofing Vulnerabilities. This count does not include Mariner, Microsoft Edge, and Power Automate flaws fixed earlier this month.

Aim Security discovered “EchoLeak”, a vulnerability that exploits design flaws typical of RAG Copilots, allowing attackers to automatically exfiltrate any data from M365 Copilot’s context, without relying on specific user behavior, according to a blog post by Aim Security. The primary chain is composed of three distinct vulnerabilities, but Aim Labs has identified additional vulnerabilities in its research process that may also enable an exploit. You can read Microsoft’s advisory here.

More than 20,000 malicious IP addresses or domains linked to information stealers have been taken down in an INTERPOL-coordinated operation against cybercriminal infrastructure, according to a post from Interpol’s website. During Operation Secure (January – April 2025) law enforcement agencies from 26 countries worked to locate servers, map physical networks and execute targeted takedowns. Ahead of the operation, INTERPOL cooperated with private-sector partners Group-IB, Kaspersky and Trend Micro to produce Cyber Activity Reports, sharing critical intelligence with cyber teams across Asia. These coordinated efforts resulted in the takedown of 79 percent of identified suspicious IP addresses. Participating countries reported the seizure of 41 servers and over 100 GB of data, as well as the arrest of 32 suspects linked to illegal cyber activities.

A bill that allows artificial intelligence models to be trained on copyrighted material without the rights holders’ knowledge has been passed in the UK, according to an article from TechRepublic. This followed a months-long debate about whether it should be amended to force tech companies to disclose information about their training data. The Data (Use and Access) Bill contains a host of new rules around data sharing, but the most contentious relate to AI. In January, Baroness Beeban Kidron, a House of Lords member, filmmaker, and AI ethics expert, proposed an amendment that would require operators of AI models “to disclose information regarding text and data used in the pre-training, training, and fine-tuning of general-purpose AI models.” She argued that artists and other rights holders deserve transparency and accountability from AI developers, particularly when their work is used without consent to train systems that may later compete with them creatively or commercially. Nevertheless, many members of the House of Commons disagreed. They claimed that the amendment would discourage companies from developing and releasing AI products in the UK, as disclosure requirements would add an undue burden and force them to reveal their proprietary data sources.

We’re living in a post-privacy world. Every time you leave the house you’re probably on camera. Every time you turn on your television, your viewing habits are being logged. And using the internet in any way is basically just spraying a firehose of your personal information at data brokers — companies that compile your personal information and sell it to marketing companies, people search sites, and anyone else who wants to use it to sell you something, according to an article from Lifehacker. The phrase “data brokers” might conjure up a bunch of shady companies located in countries with loose privacy laws, but some of the biggest are actually familiar companies like Experian, LexisNexis, and Equifax. The data they gather can include your name, address, birthday, phone numbers, income, known associates (like your family members), and everything you do on social media platforms. Anyone with that info can use it to blast you with endless advertisements and spam emails and texts—and if bad actors get a hold of it in a data leak, they can use it maliciously to steal your identity. If you want to beef up your online privacy and help protect yourself from spam and scams, one of the main things you need to do is get your personal data out of the data brokers’ servers. You can opt out manually (a tedious, never-ending game of whack-a-mole), or you can pay a service to do it for you.

CAPTCHA — short for “Completely Automated Public Turing test to tell Computers and Humans Apart” — is a form of verification online that helps distinguish human users from bots on login, account sign-up, and e-commerce checkout pages. If you can correctly identify distorted letters or all of the photos that include objects like stop signs to prove you are not a robot, you are permitted to interact with the site or app. But just because CAPTCHA and reCAPTCHA tests are ubiquitous doesn't mean they're always innocuous. Internet users are accustomed to engaging with CAPTCHA without much thought, so naturally, cybercriminals have found ways to spoof these tests for spreading malware, according to an article from Lifehacker.

Astronomers using the James Webb Space Telescope (JWST) have taken a fresh look at the distant edges of our solar system — and found that, once again, Pluto is defying expectations, according to an article from LiveScience. When NASA's New Horizons spacecraft flew past Pluto in 2015, it shattered the notion that the dwarf planet was a dormant ball of ice, instead revealing it to be rich with icy plains and jagged mountains. But one of the biggest surprises floated above it all: a bluish, multi-layered haze blanketing the world's sky, stretching more than 185 miles (300 kilometers) above the surface — far higher and more intricate than scientists had predicted. Now, nearly a decade later, new data from JWST confirm that Pluto's haze isn't just a visual oddity, it also controls the dwarf planet's climate.

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud, according to an article from BleepingComputer. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others use official branding to drive traffic outside of the platform to look-alike illicit domains that are not affiliated with banks.

It’s a familiar story: your email inbox is bursting with newsletters, sales promos, and spam you don’t remember signing up for. However, attempting to remove it may put your personal information at risk, according to an article from eSecurity Planet. Cybersecurity experts are now warning that clicking the familiar “unsubscribe” button at the bottom of unwanted emails could lead to phishing scams or malware attacks. According to a DNSFilter report cited by The Wall Street Journal, at least one out of every 644 unsubscribe links leads to a malicious website. This small percentage becomes particularly concerning when multiplied by the billions of spam emails sent daily. Tim Keanini, chief technology officer at DNSFilter, told The Wall Street Journal: “Trust is relative. I trust my email client, but I don’t trust what’s inside the email.” When you click an unsubscribe link, you leave the safe environment of your email app and open a browser, a place where hackers have far more tools to exploit users.

One-time SMS codes are widely used as the second checkpoint in two-factor authentication (2FA) to sign into everything from banking apps to email accounts. However, SMS is one of the least secure 2FA methods, as it can be phished relatively easily. It turns out these codes may also be visible to other parties besides the sender (the service generating the code) and the recipient (you), increasing the risk that your accounts can be compromised by bad actors, according to an article from Lifehacker. As reported by Bloomberg Businessweek, an obscure third-party telecom service had access to at least one million 2FA codes that passed through its network. An investigation led by Bloomberg and Lighthouse Reports — based on data received from an industry whistleblower—found that more than a million text messages containing 2FA codes were visible to Swiss company Fink Telecom Services during June 2023. As an intermediary between the companies that generate authentication codes and the users logging into their accounts, Fink handled the messages and had access to their content. While this is a weakness in SMS—which is unencrypted and relatively easy to intercept—the Fink incident is particularly concerning due to the company's involvement in the surveillance industry and alleged infiltration of user accounts. According to the reporting, the messages came from senders like Google, Meta, Amazon, Tinder, Snapchat, Binance, Signal, WhatsApp, and several European banks and went to recipients in more than 100 countries.

16 billion passwords were exposed in a record-breaking data breach, opening access to Facebook, Google, Apple, and any other service imaginable, according to an article from CyberNews. Unnecessarily compiling sensitive information can be as damaging as actively trying to steal it. For example, the Cybernews research team discovered a plethora of supermassive databases, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned. Their team has been closely monitoring the web since the beginning of the year. So far, they’ve discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records. None of the exposed datasets were reported previously, bar one: in late May, Wired magazine reported a security researcher discovering a “mysterious database” with 184 million records. It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is.

Insurance giant Aflac Incorporated has confirmed it was hit by a cybersecurity breach this month, making it one of the latest casualties in a growing wave of cyberattacks targeting US insurance companies, according to an article from eSecurity Planet. The company says it contained the attack within hours and continues to operate normally, but warns that sensitive customer information may have been exposed. Aflac said it detected “suspicious activity” on its US network on June 12 and quickly activated its cyber incident response protocols. “We promptly initiated our cyber incident response protocols and stopped the intrusion within hours,” the company stated in its official disclosure. Importantly, Aflac noted that “our systems were not affected by ransomware,” and business operations, including underwriting, claims processing, and customer support, remain uninterrupted.

What are Cats’ meows communicating? AI might have the answer, according to an article from eWEEK. For generations, cat owners have puzzled over what exactly their pets are communicating. Artificial intelligence might be able to help. Scientists and developers are using artificial intelligence to decode feline communication, as reported recently in Scientific American. The AI-driven tools analyze everything from pitch and duration to body movement and even vital signs to detect a cat’s intent. This technology can allegedly decipher whether a cat is hungry, annoyed, affectionate, or something in between.

According to a 23andMe press release, the bankrupt company's holding company reached an agreement with a nonprofit called TTAM for TTAM to buy the company, says an article from Lifehacker. The sale is for "all of the Company’s assets, including the Personal Genome Service (PGS) and Research Services business lines and the Lemonaid Health business, for a purchase price of $305 million." Anne Wojcicki, former CEO of 23andMe, is also at the helm of TTAM. So, in a sense, a company much like the old one is buying its (your) data back. The last-minute bid was supervised by a bankruptcy court, and was deemed to be in keeping with the company's duty to provide the most value to its shareholders. Regeneron told CNN that they did not submit a higher bid “based on our assessment of 23andMe’s remaining value.”

Malwarebytes Labs has identified a tech support scam that uses malicious URLs to embed fake phone numbers within legitimate site searches, according to an article from Lifehacker. This scam begins, as many do, with a sponsored ad on Google. If you search for a company's tech support phone number, you may see several (fake) results near the top of the page. Often, clicking these links will take you to a fake phishing website that you can identify by checking the URL, but in some cases, you'll actually land on the legitimate support page with little cause for suspicion. However, the number displayed may be fraudulent, and if you call, you'll reach scammers rather than tech support. This type of attack allows cybercriminals to embed phone numbers within an authentic site, where they are prominently displayed. Once on the phone, scammers will request login credentials, financial account information, or even remote access to your device. Because the URL is legitimate and the page layout authentic, you may not think twice about calling the number. Malwarebytes has found this attack on sites that include Netflix, PayPal, Apple, Microsoft, Facebook, Bank of America, and HP.

Distributed-denial-of-service (DDoS) attacks usually use a network of compromised devices to bombard a server with an unusually large amount of data in order to render a service unusable. But Cloudflare says it recently blocked a monumental DDoS attack which attempted to dump almost 38TB worth of data in just 45 seconds — making it the largest such attack in history, according to an article from TechRadar. For comparison, 38TB is the equivalent of downloading 9,350 full-length HD movies, or 9.35 million songs, or 7,480 hours of high-definition video.

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps, according to an article from Bleeping Computer. These malicious apps are executed inside a controlled virtual environment on the device, enabling real-time spying, credential theft, and transaction manipulation while maintaining perfect visual deception. The tactic resembles that seen in the FjordPhantom Android malware in late 2023, which also used virtualization to execute SEA bank apps inside containers to evade detection. However, Godfather's targeting scope is much broader, targeting over 500 banking, cryptocurrency, and e-commerce apps worldwide using a full virtual filesystem, virtual Process ID, intent spoofing, and StubActivity.

Astronomers have revealed a nearby spiral galaxy in all its brilliant glory, shining in thousands of colors, according to an article that appeared on Audacy, from the Associated Press. The dazzling panoramic shot released Wednesday of the Sculptor galaxy by a telescope in Chile is so detailed that it's already serving as a star-packed map. Scientists used the European Southern Observatory's Very Large Telescope to observe the galaxy for some 50 hours, stitching together more than 100 exposures to create the picture. The image spans 65,000 light-years, almost the entire galaxy. A light-year is 5.8 trillion miles. Sculptor — officially labeled NGC 253 — is considered a starburst galaxy, one heavy with stellar action. It's located 11 million light-years away in the Southern Hemisphere's constellation Sculptor, and easy to view with binoculars or small telescopes.

Your phone buzzing nonstop? You’re not alone, according to an article from Cord Cutters News. Americans are drowning in a deluge of robocalls, with nearly 5 billion hitting phones last month alone, according to YouMail, a call screening and blocking service. That’s an eye-watering average of over 1,803 robocalls per second in May, marking an 11% spike in the first five months of 2025 compared to the same period in 2024. The data paints a grim picture for those hoping for a quieter phone line, with smaller and mid-sized cities bearing the brunt of this relentless wave.

Google has introduced Gemini CLI, a free, open-source AI tool designed to work directly in the developer’s terminal, according to an article from TechRepublic. The company says it wants to bring the power of Gemini into the hands of coders in the most native way possible: through the command line. The Gemini CLI is powered by the Gemini 2.5 Pro model, which features an impressive 1 million-token context window, allowing for the easy analysis of large codebases or documents. It’s all built under the Apache 2.0 license, meaning developers can freely inspect, modify, or extend the software. The tool can read files, execute commands, edit scripts, and even invoke Google Search results in real time to assist with context-sensitive tasks. For those who prefer hands-on control, the agent is extensible via the Model Context Protocol (MCP) and can integrate with external tools and data sources.

Microsoft's iconic Blue Screen of Death (BSOD) is dead after 40 years. RIP to the most panic-inducing screen a Windows user can encounter, according to an article from Lifehacker. Now, get ready to fear the Black Screen of Death. In a blog post on its website today, the company revealed it's ready to go live with an error screen redesign it's been testing since March. In an update to all Windows 11, version 24H2 devices coming "later this summer," the BSOD will finally be put out of its misery. It's likely to be a bittersweet moment for Windows users, who will undoubtedly have mixed feelings about the warning's fate. Despite its ominous name, getting a BSOD wasn't always as serious as it seemed—a simple crash could trigger it, and restarting could easily fix it. It could be worse than that, too, but in many cases, the old BSOD simply added a bit of personality to the most annoying interruptions to your workflow. Especially in recent years, when you would see a sideways frowning emoticon alongside your error message. By the way, did you notice that the ONLY thing that changed is the color of the screen? The acronym remains the same: BSOD.