Warning: file_put_contents(/opt/frankenphp/design.onmedianet.com/storage/proxy/cache/308535855ded19a98299cae54e18bff1.html): Failed to open stream: No space left on device in /opt/frankenphp/design.onmedianet.com/app/src/Arsae/CacheManager.php on line 36

Warning: http_response_code(): Cannot set response code - headers already sent (output started at /opt/frankenphp/design.onmedianet.com/app/src/Arsae/CacheManager.php:36) in /opt/frankenphp/design.onmedianet.com/app/src/Models/Response.php on line 17

Warning: Cannot modify header information - headers already sent by (output started at /opt/frankenphp/design.onmedianet.com/app/src/Arsae/CacheManager.php:36) in /opt/frankenphp/design.onmedianet.com/app/src/Models/Response.php on line 20
Cybersecurity | The Verge
Skip to main content

Security

Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.

D
External Link
Dominic Preston
The $2 million bug.

Apple has updated its bug bounty program, doubling the top reward to $2 million, plus bonuses that could take payouts over $5 million, for “exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks.” Apple says that’s “the largest payout offered by any bounty program” it’s aware of.

J
External Link
Jay Peters
An update from Discord on its customer service data breach.

Discord updated its press release to name the third-party vendor that was compromised:

This was not a breach of Discord, but rather a breach of a third party service provider, 5CA, that we used to support our customer service efforts.

The breach may have leaked government IDs of 70,000 users.

T
External Link
Terrence O'Brien
Crisis averted: Asahi starts shipping Super Dry again.

Japan’s weekend is saved now that shipments of Asahi Super Dry have resumed following a ransomware attack that shutdown Japan’s most popular brewery last week. (Russian-speaking hacking group Qilin claimed responsibility.) There were concerns that the nation’s supply could evaporate in just a few days, but things are slowly returning to normal:

Asahi Breweries resumed production at all six of its domestic factories from October 2 and partial shipments of Asahi Super Dry has resumed. Beginning October 15, partial shipments of products including Asahi Draft Beer and Asahi Dry Zero will also resume, as part of ongoing recovery efforts.

E
Emma Roth
Gmail’s end-to-end encryption for organizations now works across email providers.

With this update, Gmail users with client-side encryption can send E2EE emails to people using other providers, like Outlook. The recipient will receive a notice about the encrypted message, and can view it using a guest Gmail account.

This feature is only available to Google Workspace subscribers with an Enterprise Plus plan.

Image: Google
R
Quote
Richard Lawler
Benjamin Netanyahu says Israeli intelligence caused his UN speech to stream live directly to Gaza cellphones.

Despite families of hostages protesting against previously announced plans to broadcast the audio from speakers pointed at Gaza, Israeli Prime Minister Benjamin Netanyahu said his speech was also pushed to cellphones. We haven’t found any reports about how it would’ve worked, or that it was seen as he said:

Ladies and gentlemen, thanks to special efforts by Israeli intelligence, my words are now also being carried. They’re streamed live through the cell phones of Gaza.

R
External Link
Richard Lawler
BreachForums founder resentenced to three years in prison.

Conor Brian Fitzpatrick, aka PomPompurin, is linked to crimes including the 2021 breach that sent out fake cybersecurity warning emails from the FBI. After pleading guilty to one count of access device conspiracy, one count of access device solicitation, and one count of possession of child sexual abuse material, he was originally sentenced to 20 years of supervised release.

E
External Link
Elissa Welle
AI chatbots can help perfect a phishing scam, despite being trained not to.

Six of the major AI chatbots - Grok, ChatGPT, Meta AI, Claude, DeepSeek, and Gemini - effectively guided a team of Reuters reporters through the steps of simulating a phishing scam, down to describing a good time to send a message intended to trick older adults into clicking on a fraudulent link.

E
External Link
Emma Roth
No, Gmail did not send out a mass security warning.

In a blog post, Google addresses several recent reports that incorrectly state it sent out a widespread security notification about Gmail, calling them “entirely false:”

Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual.

E
External Link
Emma Roth
Coinbase attempts to thwart North Korean hackers with in-person worker orientation.

During the Cheeky Pint podcast, Coinbase CEO Brian Armstrong said the new safeguard comes in response to the wave of North Korean hackers who are snapping up remote IT jobs around the US, allowing them to obtain sensitive company information and funnel paychecks to the North Korean regime.

E
External Link
Emma Roth
Apple issues a security patch for the iPhone, iPad, and Mac.

A vulnerability (CVE-2025-43300) stemming from Apple’s image processing framework, “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” according to Apple.

Apple has rolled out a patch for iOS 18.6.2, iPadOS 18.6.2, macOS Sequoia 15.6.1, and other OS versions listed here.

E
Elizabeth Lopatto
Server farm experiences party fowl.

This is just a fun little series of Mastodon posts about a security breach at a “highly secure” data center... by a female mallard.

Pepijn@Pepijn@mastodon.onlineI’m on the server floor of a “highly secure data center with 24/7/365 surveillance, direct access control and robust perimeter security”.An actual duck just walked by. 🦆 The panic is absolutely glorious. I think this just became one of the highlights of my life.
D
External Link
Dominic Preston
Federal courts hit by hack.

Politico reports that the courts’ case filing system was accessed. The breach was discovered last month, but its full extent is still unknown — one fear is that hackers may have accessed the identities of confidential informants, while a source told Politico that court dockets may have been tampered with.

L
External Link
Lauren Feiner
Another “tea” app is reportedly leaking users’ personal information.

After 404 Media reported that an app meant to help women exchange dating information for safety purposes was breached, TechCrunch reports that a rival app targeted at men has been exposing users’ personal data including government IDs. “The security lapse will likely affect any user who signed up or shared identity documents with the app,” TechCrunch writes about TeaOnHer, adding that the app has about 53,000 users.

R
Youtube
Richard Lawler
This is how malicious hackers could exploit Gemini AI to control a smart home.

This Wired article shows how an indirect prompt injection attack against a Gemini-powered AI assistant could cause the bot to curse in responses and take over smart home controls by turning on the heat unexpectedly or opening blinds in response to saying “thanks.”

In a report dubbed “Invitation is all you need” (Sound familiar?), their Google Calendar invite passed instructions to the AI bot that were triggered by asking for a summary. Google was informed of the vulnerabilities they found in February and said it has already introduced “multiple fixes.”