ICYMI: Mental Health Apps Could Expose Users' Sensitive Medical Info

by Paul Arnote (parnote)

Microsoft has hit a major milestone in a project that could end the digital dark age, according to an article from TechRepublic. Their researchers have found a way to pack nearly 5 terabytes of data, roughly the equivalent of 2 million printed books, onto a piece of glass about the size of a drink coaster (75 by 75 by 2 millimeters thick). Unlike the hard drives or magnetic tapes used today, which tend to fail or decay within a decade or two, this glass storage is designed to keep information safe for at least 10,000 years. According to the Microsoft Research Blog, “Glass is a permanent data storage material that is resistant to water, heat, and dust.” This durability means that once data is etched inside, it stays there. Richard Black, the research director for Project Silica at Microsoft Research, told Nature: “The nice thing about the glass is, once it’s written, it’s immutable. You’re done.” The real breakthrough here isn’t just the longevity, but the cost. Previously, this tech required incredibly expensive, high-purity silica. Now, the team has successfully moved the technology to borosilicate glass, the same sturdy material used to make Pyrex dishes and oven doors. By switching to a material found in everyday kitchens, Microsoft has cleared a massive hurdle for making this technology affordable enough for actual use. The system has also become much leaner. While older versions required a complex array of cameras to read the data, the new version needs only one. This makes the hardware smaller, faster, and much easier to build at scale.

If you're a fan of chatbots like ChatGPT, Claude, or Gemini, it might seem like a no-brainer to ask the AI to generate passwords for you, according to an article from Lifehacker. You might like how they handle other tasks for you, so it might make sense that something seemingly so high-tech yet accessible could produce secure passwords for your accounts. But LLMs (large language models) are not necessarily good at everything, and creating good passwords just so happens to be among those faults. As highlighted by Malwarebytes Labs, researchers recently investigated AI-generated passwords, and evaluated their security. In short? The findings aren't good. Researchers tested password generation across ChatGPT, Claude, and Gemini, and discovered that the passwords were "highly predictable" and "not truly random." Hackers can use these limitations to their advantage. Bad actors can run the same prompts as researchers (or, presumably, end users) and collect the results into a bank of common passwords. If chatbots repeat passwords in their generations, it stands to reason that many people might be using the same passwords generated by those chatbots — or trying passwords that follow the same pattern. If so, hackers could simply try those passwords during break-in attempts, and if you used an LLM to generate your password, it might match. It's tough to say what that exact risk is, but to be truly secure, each of your passwords should be totally unique. Potentially using a password that hackers have in a word bank is an unnecessary risk.

Protein dominates the grocery shelves: Protein chips. Protein cookies. Protein water. It’s in the headlines, too: January’s new US dietary guidelines raised the recommended amount from 0.8 grams of protein per kilogram body weight to 1.2 to 1.6 grams. Yet there’s a cadre of scientists studying a contrary phenomenon: In critters from single-celled yeast to insects to rodents, cutting protein intake to measly levels makes them live longer, according to an article from Knowable Magazine. Could it work for people? To be clear: The body needs protein to build and repair its parts, and a diet with about 7 percent or less of its calories from protein is a recipe for malnutrition, not centenarian status. But studying protein restriction in lab animals helps scientists learn how animals sense nutrients, how their bodies strategically respond to excess or to shortage, and how all of this affects their health and longevity. And that could carry lessons for human beings.

Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information, according to an article from Bleeping Computer. In one of the apps, security researchers discovered more than 85 medium- and high-severity vulnerabilities that could be exploited to compromise users’ therapy data and privacy. Some of the products are AI companions designed to help people suffering from clinical depression, multiple forms of anxiety, panic attacks, stress, and bipolar disorder. At least six of the ten analyzed apps state that user conversations or chats remain private, or are encrypted securely on the vendor’s servers. “Mental health data carries unique risks. On the dark web, therapy records sell for $1,000 or more per record, far more than credit card numbers,” says Sergey Toshin, founder of mobile security company Oversecured.

At least 25 million people have had their personal information stolen in a major hack on business services company Conduent. The data breach itself isn't new — it was initially disclosed in January 2025, and Conduent has already notified millions of individuals whose data was compromised in the incident. However, the breach is now believed to be larger in scale than previously reported, possibly among the largest to affect healthcare, according to an article from Lifehacker. In January 2025, Conduent suffered an outage that was later confirmed to be the result of a "cybersecurity incident." The disruption lasted several days, during which agencies across the U.S. were unable to process some benefit payments. While the breach was discovered in January, hackers reportedly gained access to Conduent's systems months earlier on October 21, 2024. The Safepay ransomware gang later took credit for the attack. While Conduent confirmed in April 2025 that client information had been stolen in the breach, it didn't begin notifying affected individuals until October. According to those notices, the compromised data included names, Social Security numbers, dates of birth, health insurance policy information, and medical information.

Google has released a security update for its Chrome browser that addresses three high-severity vulnerabilities, which could pose risk to users, according to an article from eSecurityWeek. One of the vulnerabilities, CVE-2026-3061, allows “… a remote attacker to perform an out-of-bounds memory read via a crafted HTML page,” said NIST in its advisory. The security update addresses three High severity vulnerabilities — CVE-2026-3061, CVE-2026-3062, and CVE-2026-3063 — spanning Chrome’s Media component, the Tint WebGPU shader compiler, and Chrome DevTools. Two of the three flaws involve out-of-bounds memory access, a vulnerability class commonly associated with remote code execution (RCE), memory disclosure, and sandbox escape chains when paired with additional weaknesses.

The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform, according to an article from BleepingComputer. CarGurus is a publicly traded automotive research and shopping company that operates in the U.S., Canada, and the U.K. Its website has an estimated 40 million monthly visitors and helps people find, compare, and contact sellers of new and used vehicles. On February 21, the threat group published a 6.1GB archive containing 12.4 million records, saying it was from CarGurus. A day later, the HaveIBeenPwned (HIBP) data breach monitoring and alerting platform added the dataset, listing the following data types as compromised: Email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs, finance pre-qualification application data, finance application outcomes, dealer account details, and subscription information.

New photos captured by NASA's Curiosity rover show that Mars' giant, spiderweb-like "boxwork" features are covered in tiny, never-before-seen nodules that bear a striking resemblance to arachnid eggs, according to an article from LiveSciencePlus. And researchers are struggling to explain them. Over the last 8 months, Curiosity has been closely examining a series of interconnected rocky ridges, dubbed "boxwork," on the slopes of Mount Sharp, in the Gale Crater. These ridges, which cover an area up to 12 miles (20 kilometers) across, were created billions of years ago as ancient Martian groundwater seeped beneath the planet's surface. They were first spotted by orbital spacecraft in 2006, but they have remained largely unexplored until now.

If you are planning spring or summer travel, you may want to slow down and pay close attention to the process. Scammers have a lot to gain by targeting travelers: The Federal Trade Commission tracked more than 58,000 reports of travel, vacation, and timeshare plan fraud in 2024 totaling $274 million in losses, according to an article from Lifehacker. And AI is helping them get away with it. Some of the most common travel scams involve impersonation: of people, brands, and listings. For example, fraudsters will post fake vacation rental listings and collect payment (sometimes by pressuring you to use wire transfers or peer-to-peer apps) and leave you stranded with no place to stay or stuck in accommodations way worse than what you booked and paid for. On the back end of a trip, a dishonest host may try to make fraudulent damage claims and pressure you into paying hundreds or thousands of dollars for something you didn't do. Scammers will also impersonate travel agents and booking platforms, allowing them to collect sensitive personal information and money before you clock the fraud. Booking.com is a common target for scams. Multiple campaigns have used a spoofed version of the site to spread malware — another known as “articlehttps://lifehacker.com/money/hotel-reservation-scam” targeted both Booking.com and Expedia.

Scientists from institutions across the US have now developed a strikingly "universal" vaccine, which has protected mice against a range of viruses, bacteria, and even allergies, according to an article from ScienceAlert. The new GLA-3M-052-LS+OVA vaccine can be delivered as a nasal spray. Three doses protected mice from infection from SARS-CoV-2 and other coronaviruses for three months, and reduced the viral load in their lungs 700-fold, compared to unvaccinated mice. The vaccine also accelerated the mice's immune response to SARS-CoV-2. While their lungs' adaptive immune systems typically take up to two weeks to respond to the virus, those with the vaccine took as little as three days to launch a counter-attack. In follow-up tests, the vaccine was also found to protect the animals against bacterial infections. That included Staphylococcus aureus and Acinetobacter baumannii, both of which are often acquired in hospital settings and are becoming increasingly resistant to antibiotics. Most surprisingly, the vaccine also cut the risk of asthma. When vaccinated mice were exposed to dust mites, their asthmatic responses, such as increased immune cell production and excess lung mucus, were reduced for three months as well.

A simple handful of pecans each day could deliver heart-health benefits, a new study found, according to an article from Fox News. The research, done by the Illinois Institute of Technology and published in the journal Nutrients, analyzed more than 20 years of studies exploring how pecans affect heart and metabolic health. The study was a review of existing research, not a new clinical trial, and examined 52 studies conducted between 2000 and 2025, including trials involving human participants. The most consistent findings related to cholesterol. People who regularly ate pecans showed improvements in total cholesterol and LDL, often referred to as "bad" cholesterol, compared to those who did not include nuts in their diets. Some studies also reported healthier triglyceride levels. Pecans are rich in monounsaturated fats, fiber and antioxidants, which are nutrients commonly associated with improved cardiovascular health, the researchers noted.

Scientists at the University of Waterloo are working on a new cancer treatment that uses specially engineered bacteria to consume tumors from the inside, according to an article from Science Daily. The strategy relies on microbes that naturally thrive in oxygen-free environments, which makes the interior of many solid tumors an ideal target. At the center of this approach is Clostridium sporogenes, a bacterium commonly found in soil. It can survive only in places that contain absolutely no oxygen. The inner core of solid tumors is made up of dead cells and lacks oxygen, creating the perfect conditions for this microbe to multiply and spread.

A Florida woman will spend nearly two years behind bars after being found guilty of fraudulently acquiring Microsoft certificate of authenticity (COA) labels and selling them in bulk, according to an article from The Register. Heidi Richards, 52, operated the company Trinity Software Distribution (Trinity) and, according to court documents, acquired Microsoft COA labels "from a variety of sources" that were separated from the software packages with which they were intended to be paired. Richards, also known as Heidi Hastings, Heidi Shafer, and Heidi Williams, paid more than $5 million for Microsoft COA labels between 2018 and 2023. According to the indictment [PDF], she primarily procured keys for different versions of Windows 10 (Home/Pro) and Microsoft Office (2019/2021/Home/Student). Richards obtained thousands of keys during this time, and instructed employees to take the COA labels and transcribe the product activation codes written on them into a spreadsheet. She then sent the codes to buyers who could redeem them. In plain terms, prosecutors said Richards was illegally obtaining Microsoft software keys and selling them at heavily discounted prices, all while personally profiting.

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to over 15,000 employees and customers after hacking one of its service providers, according to an article from BleepingComputer. Headquartered in Stockholm and founded in 1876, the parent company is a communications tech leader with nearly 90,000 employees worldwide. In data breach notification letters sent to affected individuals and filed with the California Attorney General on Monday, Ericsson said that a service provider who was storing personal data for employees and customers discovered a breach on April 28, 2025. After detecting the incident, the service provider notified the FBI and hired external cybersecurity experts to assess the extent of the breach and its impact. The investigation, which was completed last month, found that a total of 15,661 individuals had their data exposed in the incident. However, Ericsson noted that the compromised provider has yet to find evidence that the data has been misused since the breach.

Another month, another critical flaw found in Google Chrome. Who’d’ve thunk it? Google is pushing an emergency patch for a Google Chrome zero-day vulnerability that has been exploited in the wild, and a second zero-day has been identified and is expected to be fixed in a future update, according to an article from Lifehacker. As a reminder, zero-days are security vulnerabilities that have been actively exploited or publicly disclosed before the developer releases an official fix. These latest Chrome bugs are the second and third zero-days addressed so far in 2026.

When you hit the share button on social media apps such as Instagram, Facebook, or Threads, these sites tack on a tracker to the link you're sharing, according to an article from Lifehacker. This tracker means that Instagram can tell who you've shared the link with, and it likely uses this information to further optimize its algorithm for ads. While the tech here is sneaky, it is easy to remove tracking information from these links. It's actually pretty easy to spot a link that has trackers. To check it out, copy the link to any Instagram post and paste it somewhere safe, like your notes app. A normal Instagram link looks like this: https://www.instagram.com/reel/DVrMKVVAaBi/. The same link with tracking has a bunch of additional characters at the end: https://www.instagram.com/reel/DVrMKVVAaBi/?igsh=cGd5cGx4enJmcThu. Every character after that “?” is used to identify that your profile shared the link. While this example highlights Instagram, the same thing happens on many other apps and websites. Facebook, Threads, Reddit, YouTube, Amazon, and many others use some kind of tracking parameters in links to see how people arrived at a certain post or a page. These trackers have some legitimate use cases, such as tracking affiliate links to pay commissions or keeping tabs on social media traffic. In some cases, however, these tracking links serve no purpose other than to identify who shared the link with you, and who you're sharing links with. That can be used to identify people you're close to, which in turn, helps social media giants deliver targeted ads to you and your friends or loved ones. It can also compromise your privacy, since someone opening your link will see your account was the one to originally share it — even if you don't share that link directly with them.

People with a genetic risk for Alzheimer's disease did not have an expected increase in cognitive decline or dementia if they consumed relatively large amounts of meat, a Swedish cohort study showed, according to an article from MedPage Today. Higher total meat consumption -- comparing the top and bottom quintiles -- was tied to better-than-expected cognitive trajectories and reduced dementia risk in people who were either APOE4 homozygotes (APOE4/4) or had one APOE3 and one APOE4 allele (APOE3/4), said Jakob Norgren, PhD, of the Karolinska Institute in Huddinge, and colleagues. Regardless of APOE genotype, a higher ratio of processed meat to total meat was unfavorably associated with dementia risk (subdistribution HR 1.14, P=0.04). There was no substantial difference between unprocessed red meat and poultry. In post-hoc analyses, all-cause mortality was lower in APOE3/4 and APOE4/4 carriers who ate more unprocessed meat.

Scientific publisher Springer Nature has begun to retract dozens of papers that relied on a dataset fraught with ethical and reliability concerns, according to an exclusive article from The Transmitter. Five papers have been retracted since 16 November, and 33 more retractions are planned, says Tim Kersjes, Springer Nature’s head of research integrity, resolutions. The papers attempted to train neural networks to distinguish between autistic and non-autistic children in a dataset containing photos of children’s faces. Retired engineer Gerald Piosenka created the dataset in 2019 by downloading photos of children from “websites devoted to the subject of autism,” according to a description of the dataset’s methods, and uploaded it to Kaggle, a site owned by Google that hosts public datasets for machine-learning practitioners. The dataset contains more than 2,900 photos of children’s faces, half of which are labeled as autistic and the other half as not autistic. Without identifying each child in the dataset, there is no way to confirm that any of them do or do not have autism, Bishop says.

Older adults with type 1 or type 2 diabetes had a higher risk of dementia, a U.S. prospective cohort study found, according to an article from MedPage Today. Compared with people without diabetes, older adults with type 1 diabetes had a nearly threefold higher risk for incident all-cause dementia over a 2.4-year follow-up period, after adjusting for sociodemographic factors. Those with type 2 diabetes had a roughly twofold increased risk. An estimated 64.5% of dementia cases in people with type 1 diabetes could be attributed to the condition, Jennifer Weuve, MPH, ScD, of Boston University School of Public Health, and colleagues reported in Neurology.

If your browser of choice happens to be Firefox, good news: Your web surfing is about to get a bit more private, according to an article from Lifehacker. On March 17, Mozilla announced a number of upcoming updates to Firefox, all under the theme of user customizability. One such option happens to be a built-in VPN that Mozilla will offer users free of charge. This new VPN option in Firefox rolls out March 24, as part of Firefox 149. There are no downloads required, since the VPN is baked into the update: Once it hits your browser, you'll be able to turn on the VPN and start hiding your IP address and location while you use Firefox. The only caveat here is that Mozilla is capping VPN data usage at 50GB per month. The company doesn't say what happens once you hit that data limit, and I've reached out for clarification, but my guess is that the VPN will simply switch off, sending you back to Firefox's default browsing experience—at least until the next month starts, and your data limit resets. Users in the U.S.A., Germany, U.K., and France should see the feature rolling out starting March 24 (so it *should* be available for users in those countries by the time you read this).

A new immunotherapy drug has demonstrated early promise in a recent prostate cancer clinical trial, according to an article from ScienceAlert. The drug, called VIR-5500, is a "masked T-cell engager". This type of immunotherapy ignites our own immune arsenal to fight cancer. In the trial, which is still in progress and has not yet undergone peer review, patients with advanced prostate cancer who had failed to respond to other treatments were given VIR-5500. Remarkably, initial findings showed that in the patients who received the highest doses, 82% saw reductions in their PSA (prostate-specific antigen) levels – a commonly used measure of prostate cancer. Strikingly, nearly half of the patients within this group also showed tumour shrinkage at both the primary tumour sites as well as in metastatic tumours (tumours which had spread from the prostate into different parts of the body).

Human DNA stores instructions for life in sequences built from just four nucleotides. Those instructions are read in three-letter groups called codons, and each codon tells the cell which amino acid to add when building a protein. Since several codons can specify the same amino acid, these alternative spellings were once thought to be mostly interchangeable. That view has changed. Scientists now know that some of these synonymous codons help messenger RNA, or mRNA, remain stable and get translated efficiently, while others do not, according to an article from SciTechDaily. In effect, two genetic sequences can encode the same protein but still behave differently inside a cell. mRNAs rich in non-optimal codons are translated less efficiently and are often broken down more quickly, but the mechanism human cells used to detect this difference has been unclear. Researchers at Kyoto University and RIKEN, led by Osamu Takeuchi and Takuhiro Ito, set out to solve that puzzle. Their work points to a protein called DHX29 as a key part of the system cells use to read this hidden layer of genetic information.

Imagine landing on Mars and growing your lunch—not with supplies from Earth, but using dust, air, and microbes already there, according to an article from Interesting Engineering. This idea has long sounded like science fiction, mainly because Mars lacks one critical ingredient, fertile soil. Its dusty surface contains minerals, but not the organic nutrients plants need to grow. Now, researchers in Germany have found a clever solution that involves turning Martian-like dust and hardy microbes into a working fertilizer system that can produce edible plants. It’s a small but powerful step toward making Mars missions self-sustaining.

It would be tempting to assume there's nothing much of note happening on Mars, but that dusty rusty planet has a lot of interesting stuff going on. Most of it has to do with rocks. Mars has a lot of rocks. In fact, Mars has so many rocks that have undergone all sorts of weathering over the eons that, occasionally, it manages to produce something that looks a bit like an artificial or biological structure, if you squint. The latest of these fascinating Mars illusions to hit the tabloids is an eye-catching structure, first spotted in 2002, that resembles a three-sided pyramid perched in a wind-scoured valley called Candor Chasma, according to an article from ScienceAlert. The claim appears to have gained traction after being shared on X by filmmaker Brian Cory Dobbs, who has previously promoted the idea that NASA imagery contains evidence of artificial structures on Mars. The post quickly spread, with cropped images of the formation circulating across social media and tabloid sites. The images themselves are real NASA data from orbiters that first photographed the region in 2001. The earliest documented identification of the pyramid-like structure dates back to 2002, when independent researcher Wilmer Faust highlighted a strange feature he spotted in a Mars Global Surveyor (MGS) image, E06-00269.