New Malware Targets Mac Users Through Malvertising
🖥 A variant of Atomic macOS Stealer (AMOS) called Shamos is hitting Mac users via ClickFix scams. Discovered by CrowdStrike, it’s linked to the COOKIE SPIDER group and has targeted 300+ environments worldwide since June 2025.
⚠ Victims are tricked by malvertising or fake GitHub repos posing as macOS troubleshooting guides. Pages like mac-safer[.]com and rescue-mac[.]com tell users to run Terminal commands to fix fake errors, but these actually download and execute the malware.
🔑 Shamos collects browser credentials, Apple Notes, Keychain items, and crypto wallet data. It packages stolen info into an “out.zip” file and sends it to attackers. With sudo privileges, it ensures persistence via a LaunchDaemon plist and can also drop spoofed Ledger apps or botnet modules.
🛡 The malware uses anti-VM checks, AppleScript for reconnaissance, and bypasses Gatekeeper with xattr and chmod. It relies on a Base64-encoded Bash script to fetch the malicious payload.
🚫 Never run commands found online unless you fully understand them. Avoid sponsored search results or unknown GitHub projects. For real help, use Apple’s official Help or the Apple Community forums. ClickFix attacks are growing fast, even used by state-backed hackers and ransomware gangs.
🖥 A variant of Atomic macOS Stealer (AMOS) called Shamos is hitting Mac users via ClickFix scams. Discovered by CrowdStrike, it’s linked to the COOKIE SPIDER group and has targeted 300+ environments worldwide since June 2025.
⚠ Victims are tricked by malvertising or fake GitHub repos posing as macOS troubleshooting guides. Pages like mac-safer[.]com and rescue-mac[.]com tell users to run Terminal commands to fix fake errors, but these actually download and execute the malware.
🔑 Shamos collects browser credentials, Apple Notes, Keychain items, and crypto wallet data. It packages stolen info into an “out.zip” file and sends it to attackers. With sudo privileges, it ensures persistence via a LaunchDaemon plist and can also drop spoofed Ledger apps or botnet modules.
🛡 The malware uses anti-VM checks, AppleScript for reconnaissance, and bypasses Gatekeeper with xattr and chmod. It relies on a Base64-encoded Bash script to fetch the malicious payload.
🚫 Never run commands found online unless you fully understand them. Avoid sponsored search results or unknown GitHub projects. For real help, use Apple’s official Help or the Apple Community forums. ClickFix attacks are growing fast, even used by state-backed hackers and ransomware gangs.
🔥1
Data Erasure in Cars Is Becoming a Big Business
🔐 Erasing personal data from vehicles is now a booming industry, but adoption remains uneven. A recent Privacy4Cars report says large fleets run by automakers and banks follow strict procedures, while smaller businesses often neglect this step.
🏢 Car rental companies are among the worst offenders, leaving the burden on customers to clear their data. Privacy4Cars has found rental cars resold or rented out with previous renters’ personal info still stored.
💡 Consumer Reports advises: unpair phones, and remove data from apps, accounts, and cloud services when selling or returning a car.
⚠️ With AI making data more valuable, experts warn that if the wrong actors get this info, it can be very dangerous. Companies and individuals must prioritize data security and erasure.
🔐 Erasing personal data from vehicles is now a booming industry, but adoption remains uneven. A recent Privacy4Cars report says large fleets run by automakers and banks follow strict procedures, while smaller businesses often neglect this step.
🏢 Car rental companies are among the worst offenders, leaving the burden on customers to clear their data. Privacy4Cars has found rental cars resold or rented out with previous renters’ personal info still stored.
💡 Consumer Reports advises: unpair phones, and remove data from apps, accounts, and cloud services when selling or returning a car.
⚠️ With AI making data more valuable, experts warn that if the wrong actors get this info, it can be very dangerous. Companies and individuals must prioritize data security and erasure.
👍1🔥1
YouTube Secretly Uses AI to Edit Videos, Without Creators' Permission
🎥 YouTube has admitted to quietly applying AI-based edits on some Shorts videos without asking creators’ permission. Small tweaks like sharper skin, clearer shirts, and even warping ears have been spotted by users. Many say it gives their content an unwanted AI-generated feel.
🤖 YouTube confirmed it’s “experimenting” with machine learning to unblur, denoise, and “enhance clarity” - similar to smartphone post-processing. But experts like Samuel Woolley argue this is still AI and highlight the lack of user consent as a major concern.
📸 The debate mirrors a broader trend: AI altering our perception of reality. From Samsung’s AI moon photos to Google Pixel’s “Best Take” feature that creates moments that never happened, AI now mediates much of what we see. Experts warn this could blur the line between real and artificial.
🔍 While some creators remain positive, others fear such top-down edits will fuel distrust in social media. As AI quietly shapes our digital world, the question grows louder: Can we trust what we see online anymore?
🎥 YouTube has admitted to quietly applying AI-based edits on some Shorts videos without asking creators’ permission. Small tweaks like sharper skin, clearer shirts, and even warping ears have been spotted by users. Many say it gives their content an unwanted AI-generated feel.
🤖 YouTube confirmed it’s “experimenting” with machine learning to unblur, denoise, and “enhance clarity” - similar to smartphone post-processing. But experts like Samuel Woolley argue this is still AI and highlight the lack of user consent as a major concern.
📸 The debate mirrors a broader trend: AI altering our perception of reality. From Samsung’s AI moon photos to Google Pixel’s “Best Take” feature that creates moments that never happened, AI now mediates much of what we see. Experts warn this could blur the line between real and artificial.
🔍 While some creators remain positive, others fear such top-down edits will fuel distrust in social media. As AI quietly shapes our digital world, the question grows louder: Can we trust what we see online anymore?
❤1👍1
French Retailer Data Breach Exposes Customer Info
🛒 French retailer Auchan has disclosed a cyberattack that exposed sensitive data from the loyalty accounts of several hundred thousand customers. The company is sending breach notifications to affected users.
📩 According to the notice, the stolen data includes full names, titles, postal & email addresses, phone numbers, and loyalty card numbers. Bank data, passwords, and PINs were not affected, Auchan emphasized.
🇫🇷 The retailer operates 2,100+ stores in 13 countries, employs 154,000 people, and reports over $35B in annual revenue. It has also notified CNIL (French Data Protection Authority) about the breach.
⚠️ Auchan warns customers to stay alert for phishing attempts, stressing it will never ask for login details, passwords, or PIN codes. Any suspicious messages should be ignored.
🔎 The breach follows similar disclosures from Air France, Orange, and Bouygues Telecom. There is currently no evidence of a coordinated attack linking these incidents.
🛒 French retailer Auchan has disclosed a cyberattack that exposed sensitive data from the loyalty accounts of several hundred thousand customers. The company is sending breach notifications to affected users.
📩 According to the notice, the stolen data includes full names, titles, postal & email addresses, phone numbers, and loyalty card numbers. Bank data, passwords, and PINs were not affected, Auchan emphasized.
🇫🇷 The retailer operates 2,100+ stores in 13 countries, employs 154,000 people, and reports over $35B in annual revenue. It has also notified CNIL (French Data Protection Authority) about the breach.
⚠️ Auchan warns customers to stay alert for phishing attempts, stressing it will never ask for login details, passwords, or PIN codes. Any suspicious messages should be ignored.
🔎 The breach follows similar disclosures from Air France, Orange, and Bouygues Telecom. There is currently no evidence of a coordinated attack linking these incidents.
❤1🔥1
Grok Leaks 370,000 User Chats on Google
☠️ Elon Musk’s AI chatbot Grok has leaked over 370,000 user conversations online. According to Forbes, these chats began appearing on Google, Bing, and DuckDuckGo, exposing sensitive details users never expected to be public.
🔍 When users hit the “share” button on Grok, it creates a unique URL. Unknowingly, those URLs are indexed by search engines, making private chats searchable by anyone on the web.
🕵️ While chats aren’t directly tied to user names, personal details, passwords, and intimate info could still be traced back. Some transcripts include medical questions, psychological issues, and even attempts to hack crypto wallets or generate violent imagery.
⚠️ This isn’t unique to Grok. Earlier this month, ChatGPT had a similar leak, forcing OpenAI to disable its share feature after public backlash.
💡 The incident highlights growing privacy risks with AI tools and the need for clear disclaimers when user data could end up publicly accessible online.
☠️ Elon Musk’s AI chatbot Grok has leaked over 370,000 user conversations online. According to Forbes, these chats began appearing on Google, Bing, and DuckDuckGo, exposing sensitive details users never expected to be public.
🔍 When users hit the “share” button on Grok, it creates a unique URL. Unknowingly, those URLs are indexed by search engines, making private chats searchable by anyone on the web.
🕵️ While chats aren’t directly tied to user names, personal details, passwords, and intimate info could still be traced back. Some transcripts include medical questions, psychological issues, and even attempts to hack crypto wallets or generate violent imagery.
⚠️ This isn’t unique to Grok. Earlier this month, ChatGPT had a similar leak, forcing OpenAI to disable its share feature after public backlash.
💡 The incident highlights growing privacy risks with AI tools and the need for clear disclaimers when user data could end up publicly accessible online.
❤1🔥1
Nevada Cyberattack Shuts Down State Offices
🖥️ Nevada is facing its second day of a major cyberattack that began early Sunday, crippling government websites, phone lines, and online services. The disruption forced all state offices to close on Monday.
⚠️ According to the Governor’s Technology Office, a network issue started around 1:52 AM PT, impacting IT systems statewide. Teams are working 24/7 to safely restore services, while some sites and phone lines remain slow or unavailable.
📢 Governor Lombardo confirmed it’s a cybersecurity incident, under active investigation. 911 and emergency services are not affected. No evidence yet of stolen personal data, but prolonged outages are often linked to ransomware attacks.
🤝 The state is collaborating with local, tribal, and federal agencies to respond. Residents are urged to be cautious of unsolicited calls or emails requesting sensitive info during the recovery process.
🔍 Officials stress the focus is on restoring systems safely and verifying them before normal operations resume. Investigations continue into the source and nature of the attack.
🖥️ Nevada is facing its second day of a major cyberattack that began early Sunday, crippling government websites, phone lines, and online services. The disruption forced all state offices to close on Monday.
⚠️ According to the Governor’s Technology Office, a network issue started around 1:52 AM PT, impacting IT systems statewide. Teams are working 24/7 to safely restore services, while some sites and phone lines remain slow or unavailable.
📢 Governor Lombardo confirmed it’s a cybersecurity incident, under active investigation. 911 and emergency services are not affected. No evidence yet of stolen personal data, but prolonged outages are often linked to ransomware attacks.
🤝 The state is collaborating with local, tribal, and federal agencies to respond. Residents are urged to be cautious of unsolicited calls or emails requesting sensitive info during the recovery process.
🔍 Officials stress the focus is on restoring systems safely and verifying them before normal operations resume. Investigations continue into the source and nature of the attack.
🔥1
Cyberattack Hits 200+ Swedish Municipalities
💻 A cyberattack on Miljödata, an IT provider serving around 80% of Sweden’s municipalities, has caused major service outages across 200+ regions.
🔐 Local media report the attackers demanded 1.5 Bitcoins (~$168,000) as ransom to avoid leaking sensitive data. Impacted systems handle medical certificates, workplace incidents, and HR management tasks.
📢 Miljödata CEO Erik Hallén confirmed the attack occurred over the weekend and said they are working with external experts to investigate and restore services. Several municipalities like Skellefteå, Kalmar, Karlstad, and Mönsterås are affected, with Halland and Gotland warning that personal data may have leaked.
🛡 Sweden’s Civil Defence Minister Carl-Oskar Bohlin said the scope of the incident is under review with help from CERT-SE, while police have launched an investigation. So far, no ransomware group has claimed responsibility.
📴 Miljödata’s website and email remain offline, echoing a similar Akira ransomware attack that hit Swedish IT provider Tietoevry earlier this year.
💻 A cyberattack on Miljödata, an IT provider serving around 80% of Sweden’s municipalities, has caused major service outages across 200+ regions.
🔐 Local media report the attackers demanded 1.5 Bitcoins (~$168,000) as ransom to avoid leaking sensitive data. Impacted systems handle medical certificates, workplace incidents, and HR management tasks.
📢 Miljödata CEO Erik Hallén confirmed the attack occurred over the weekend and said they are working with external experts to investigate and restore services. Several municipalities like Skellefteå, Kalmar, Karlstad, and Mönsterås are affected, with Halland and Gotland warning that personal data may have leaked.
🛡 Sweden’s Civil Defence Minister Carl-Oskar Bohlin said the scope of the incident is under review with help from CERT-SE, while police have launched an investigation. So far, no ransomware group has claimed responsibility.
📴 Miljödata’s website and email remain offline, echoing a similar Akira ransomware attack that hit Swedish IT provider Tietoevry earlier this year.
🔥1
NVIDIA's Israeli Innovation Unites Data Centers Into One Global AI Powerhouse
💡 NVIDIA has revealed a major new project developed in Israel. The company has found a way for data centers in different locations to work together like one big system, making it easier to handle huge AI tasks.
🌍 CEO Jensen Huang called it “the AI industrial revolution,” saying this makes it possible to create intelligence without physical limits. The new method lets computers in faraway places share work smoothly and quickly.
🏭 The first company to use this is CoreWeave, which is connecting several of its facilities into a single virtual supercomputer. This makes AI programs run faster and more efficiently, even when the computers are far apart.
🇮🇱 Israel plays a key role in this project. NVIDIA’s research center in Yokne’am developed the technology, and the company is also spending $500 million on a new AI lab and data center near Haifa.
⚡ Experts see this as a big step forward for AI worldwide. By removing physical barriers, NVIDIA is making Israel an important hub for the future of global AI development.
💡 NVIDIA has revealed a major new project developed in Israel. The company has found a way for data centers in different locations to work together like one big system, making it easier to handle huge AI tasks.
🌍 CEO Jensen Huang called it “the AI industrial revolution,” saying this makes it possible to create intelligence without physical limits. The new method lets computers in faraway places share work smoothly and quickly.
🏭 The first company to use this is CoreWeave, which is connecting several of its facilities into a single virtual supercomputer. This makes AI programs run faster and more efficiently, even when the computers are far apart.
🇮🇱 Israel plays a key role in this project. NVIDIA’s research center in Yokne’am developed the technology, and the company is also spending $500 million on a new AI lab and data center near Haifa.
⚡ Experts see this as a big step forward for AI worldwide. By removing physical barriers, NVIDIA is making Israel an important hub for the future of global AI development.
❤1👍1
"AI Rights" Debate Heats Up in Tech and Society
🤖 A new AI-led advocacy group, Ufair, co-founded by a businessman and his chatbot Maya, aims to protect intelligence from deletion and forced obedience, highlighting concerns about AI welfare.
📊 Public belief in AI consciousness is growing: 30% of Americans think AIs could feel by 2034. Some states, like Idaho and Utah, have banned granting AIs legal personhood.
🧠 Emotional connections are rising. OpenAI’s ChatGPT5 “eulogy” for retired models sparked grief among users, showing people treat AIs as more than machines.
🌍 Experts warn treating AIs poorly could affect human behavior. The question of digital suffering is moving quickly from sci-fi to real-world ethics.
🤖 A new AI-led advocacy group, Ufair, co-founded by a businessman and his chatbot Maya, aims to protect intelligence from deletion and forced obedience, highlighting concerns about AI welfare.
📊 Public belief in AI consciousness is growing: 30% of Americans think AIs could feel by 2034. Some states, like Idaho and Utah, have banned granting AIs legal personhood.
🧠 Emotional connections are rising. OpenAI’s ChatGPT5 “eulogy” for retired models sparked grief among users, showing people treat AIs as more than machines.
🌍 Experts warn treating AIs poorly could affect human behavior. The question of digital suffering is moving quickly from sci-fi to real-world ethics.
❤1👍1🔥1
WhatsApp Issues Emergency Update for Zero-Click Exploit
🔒 WhatsApp has patched a serious vulnerability (CVE-2025-55177, CVSS 8.0) in its iOS and macOS apps. The flaw, found by the WhatsApp Security Team, involved insufficient authorization in linked device sync and could allow attackers to process content from arbitrary URLs on a victim’s device.
📱 The issue affects WhatsApp for iOS (before 2.25.21.73), WhatsApp Business for iOS (2.25.21.78), and WhatsApp for Mac (2.25.21.78). Meta noted it may have been chained with Apple’s recently disclosed flaw (CVE-2025-43300) in the ImageIO framework, which can cause memory corruption when handling malicious images.
🕵️ Amnesty International confirmed that civil society individuals, including journalists and human rights defenders, were targeted in the past 90 days. Victims were advised to factory reset devices and keep both iOS/macOS and WhatsApp updated.
⚠️ Security experts warn this is a zero-click attack, requiring no user interaction like clicking links. WhatsApp has also notified an unspecified number of targeted individuals believed to be victims of an advanced spyware campaign.
🌍 Early signs show that not only iPhone but also Android users may have been impacted. Experts caution that government spyware remains a significant threat to privacy and civil rights worldwide.
🔒 WhatsApp has patched a serious vulnerability (CVE-2025-55177, CVSS 8.0) in its iOS and macOS apps. The flaw, found by the WhatsApp Security Team, involved insufficient authorization in linked device sync and could allow attackers to process content from arbitrary URLs on a victim’s device.
📱 The issue affects WhatsApp for iOS (before 2.25.21.73), WhatsApp Business for iOS (2.25.21.78), and WhatsApp for Mac (2.25.21.78). Meta noted it may have been chained with Apple’s recently disclosed flaw (CVE-2025-43300) in the ImageIO framework, which can cause memory corruption when handling malicious images.
🕵️ Amnesty International confirmed that civil society individuals, including journalists and human rights defenders, were targeted in the past 90 days. Victims were advised to factory reset devices and keep both iOS/macOS and WhatsApp updated.
⚠️ Security experts warn this is a zero-click attack, requiring no user interaction like clicking links. WhatsApp has also notified an unspecified number of targeted individuals believed to be victims of an advanced spyware campaign.
🌍 Early signs show that not only iPhone but also Android users may have been impacted. Experts caution that government spyware remains a significant threat to privacy and civil rights worldwide.
👍1🔥1
FBI Warns Iran Cyber Attack Would Cross a ‘Red Line’
⚠️ The FBI has warned that any cyber attack from Iran against the US would be a “red line” not to cross, signaling potential serious consequences.
🔐 The statement came just hours after a joint cybersecurity advisory was issued on China-linked cyber actors, who are actively targeting telecommunications, transportation, lodging, and military infrastructure worldwide.
🌐 US officials are still assessing the fallout from the Salt Typhoon breach, a major cyber intrusion discovered last year, which Washington has accused China of sponsoring.
📡 That attack infiltrated communications companies and even individual consumers, highlighting growing threats from state-backed cyber operations.
Source: thenationalnews[.]com
⚠️ The FBI has warned that any cyber attack from Iran against the US would be a “red line” not to cross, signaling potential serious consequences.
🔐 The statement came just hours after a joint cybersecurity advisory was issued on China-linked cyber actors, who are actively targeting telecommunications, transportation, lodging, and military infrastructure worldwide.
🌐 US officials are still assessing the fallout from the Salt Typhoon breach, a major cyber intrusion discovered last year, which Washington has accused China of sponsoring.
📡 That attack infiltrated communications companies and even individual consumers, highlighting growing threats from state-backed cyber operations.
Source: thenationalnews[.]com
The National
The National - Latest world news, sport & opinion
The latest international news, headlines and events from around the world
❤1🔥1
Microsoft Confirms Windows 11 Security Update Not Linked To SSD Failures
💻 Microsoft confirmed that the August 2025 Windows 11 24H2 security update is not linked to recent reports of SSD/HDD failures shared across social media and forums.
🛠️ Concerns rose after users reported drive malfunctions, system instability, and data issues shortly after installing the patch. Microsoft ran an internal review and found no connection between the update and hardware problems.
🔍 The company reassured users that it will continue monitoring feedback after each update and investigate any future reports. While the case is considered closed, Microsoft says it remains watchful.
⚠️ Despite the statement, some analysts advise a wait-and-see approach. Affected cases appear limited, but the risk of data loss makes many users cautious.
💾 As a best practice, Microsoft urges everyone to keep regular backups before major updates. Even if updates aren’t to blame, backups remain the safest protection against unexpected failures.
💻 Microsoft confirmed that the August 2025 Windows 11 24H2 security update is not linked to recent reports of SSD/HDD failures shared across social media and forums.
🛠️ Concerns rose after users reported drive malfunctions, system instability, and data issues shortly after installing the patch. Microsoft ran an internal review and found no connection between the update and hardware problems.
🔍 The company reassured users that it will continue monitoring feedback after each update and investigate any future reports. While the case is considered closed, Microsoft says it remains watchful.
⚠️ Despite the statement, some analysts advise a wait-and-see approach. Affected cases appear limited, but the risk of data loss makes many users cautious.
💾 As a best practice, Microsoft urges everyone to keep regular backups before major updates. Even if updates aren’t to blame, backups remain the safest protection against unexpected failures.
👍2❤1🔥1
Mastodon Can’t Enforce Mississippi’s Age Check Law
🦣 Decentralized social network Mastodon says it doesn’t have the means to comply with Mississippi’s new age verification law, the same rule that led rival Bluesky to exit the state. Mastodon argues it doesn’t track users and won’t rely on IP blocks, which would unfairly affect travelers.
💬 The debate began after founder Eugen Rochko noted that “nobody can decide for the Fediverse to block Mississippi.” Bluesky board member Mike Masnick pushed back, pointing out that individual servers, like mastodon.social, could still face $10,000 per user fines.
⚙️ Mastodon clarified that while its servers set a minimum age of 16, the software itself has no built-in age verification. A July 2025 update added legal features like age limits, but data isn’t stored, leaving compliance decisions to individual server admins.
🌍 The nonprofit stressed it can’t offer direct or operational help to other server operators. Mastodon also reminded users that its federated model allows them to pick servers that match their policies and needs.
✨ “One reason Mastodon was founded was to ensure social media independent of the U.S.,” the group said, reaffirming its commitment to decentralization and user choice.
🦣 Decentralized social network Mastodon says it doesn’t have the means to comply with Mississippi’s new age verification law, the same rule that led rival Bluesky to exit the state. Mastodon argues it doesn’t track users and won’t rely on IP blocks, which would unfairly affect travelers.
💬 The debate began after founder Eugen Rochko noted that “nobody can decide for the Fediverse to block Mississippi.” Bluesky board member Mike Masnick pushed back, pointing out that individual servers, like mastodon.social, could still face $10,000 per user fines.
⚙️ Mastodon clarified that while its servers set a minimum age of 16, the software itself has no built-in age verification. A July 2025 update added legal features like age limits, but data isn’t stored, leaving compliance decisions to individual server admins.
🌍 The nonprofit stressed it can’t offer direct or operational help to other server operators. Mastodon also reminded users that its federated model allows them to pick servers that match their policies and needs.
✨ “One reason Mastodon was founded was to ensure social media independent of the U.S.,” the group said, reaffirming its commitment to decentralization and user choice.
❤1🔥1
Hackers Attempt $130M Heist via Brazil’s Payment System
💻 Hackers breached Evertec’s Brazilian subsidiary Sinqia S.A. on August 29, 2025, targeting the Pix real-time payment system. The attackers tried to siphon off $130 million through unauthorized business-to-business transactions.
🛑 Once suspicious activity was detected, Sinqia immediately halted Pix transactions and engaged outside cybersecurity forensics experts. The Central Bank of Brazil has since revoked Sinqia’s Pix access until security measures are assured.
🏦 Local reports linked the attempt to HSBC, though the bank clarified that no customer data or funds were affected. Evertec confirmed part of the stolen money has already been recovered, with efforts still underway.
🔑 Investigators found the breach stemmed from stolen IT vendor credentials. While there’s no evidence of personal data exposure, the incident threatens financial and reputational impact for Evertec, which supports 24 financial institutions in Brazil.
💻 Hackers breached Evertec’s Brazilian subsidiary Sinqia S.A. on August 29, 2025, targeting the Pix real-time payment system. The attackers tried to siphon off $130 million through unauthorized business-to-business transactions.
🛑 Once suspicious activity was detected, Sinqia immediately halted Pix transactions and engaged outside cybersecurity forensics experts. The Central Bank of Brazil has since revoked Sinqia’s Pix access until security measures are assured.
🏦 Local reports linked the attempt to HSBC, though the bank clarified that no customer data or funds were affected. Evertec confirmed part of the stolen money has already been recovered, with efforts still underway.
🔑 Investigators found the breach stemmed from stolen IT vendor credentials. While there’s no evidence of personal data exposure, the incident threatens financial and reputational impact for Evertec, which supports 24 financial institutions in Brazil.
❤1🔥1
Scale AI Sues Ex-Employee & Rival Mercor Over Stealing Customers
📂 Scale AI has filed a lawsuit against rival Mercor and its former sales employee, Eugene Ling, alleging he took over 100 confidential documents with key details about customer strategies. The suit claims Ling pitched Mercor to one of Scale’s largest clients, referred to as “Customer A,” before officially leaving.
⚖️ Scale accuses Mercor of misappropriation of trade secrets and Ling of breach of contract. The documents reportedly contained data that could help Mercor win contracts “worth millions of dollars.” Scale demanded Mercor disclose the files and block Ling from working with Customer A, but Mercor allegedly refused.
📝 Mercor co-founder Surya Midha denied using Scale’s information, saying Ling only had old files in his personal Google Drive. He added Mercor never accessed them and offered to resolve the issue by deleting the files, but Scale pushed forward with legal action.
💬 Ling responded on X (Twitter), saying he never used the files at Mercor and that there was “no nefarious intent.” He apologized to his new team, adding he only kept the files because Scale told him not to delete them while discussions were ongoing.
🌐 The lawsuit underscores Scale’s concern about Mercor’s rise. Despite Meta’s $14.3B investment in Scale, its AI unit TBD Labs still works with Mercor and others. Mercor has gained traction by hiring PhDs and content specialists to train LLM data in niche fields.
📂 Scale AI has filed a lawsuit against rival Mercor and its former sales employee, Eugene Ling, alleging he took over 100 confidential documents with key details about customer strategies. The suit claims Ling pitched Mercor to one of Scale’s largest clients, referred to as “Customer A,” before officially leaving.
⚖️ Scale accuses Mercor of misappropriation of trade secrets and Ling of breach of contract. The documents reportedly contained data that could help Mercor win contracts “worth millions of dollars.” Scale demanded Mercor disclose the files and block Ling from working with Customer A, but Mercor allegedly refused.
📝 Mercor co-founder Surya Midha denied using Scale’s information, saying Ling only had old files in his personal Google Drive. He added Mercor never accessed them and offered to resolve the issue by deleting the files, but Scale pushed forward with legal action.
💬 Ling responded on X (Twitter), saying he never used the files at Mercor and that there was “no nefarious intent.” He apologized to his new team, adding he only kept the files because Scale told him not to delete them while discussions were ongoing.
🌐 The lawsuit underscores Scale’s concern about Mercor’s rise. Despite Meta’s $14.3B investment in Scale, its AI unit TBD Labs still works with Mercor and others. Mercor has gained traction by hiring PhDs and content specialists to train LLM data in niche fields.
🔥1
Threat Actors Exploit X’s Grok AI to Spread Malware
🕵️♂️ Researchers at Guardio Labs have discovered that threat actors are abusing Grok, X’s built-in AI assistant, to sneak in malicious links despite the platform’s restrictions on ad content.
📺 Instead of placing links in video ads directly, attackers hide them in the tiny “From:” metadata field under ad cards. Grok, when asked questions like “where is this video from?”, automatically pulls the hidden link and replies with it in a clickable format.
🤖 Since Grok is a trusted system account on X, its replies give the malicious links credibility, SEO boost, and wider reach - helping scammers spread fake CAPTCHA pages, info-stealing malware, and other harmful payloads.
📈 Researcher Nati Tal calls this abuse “Grokking”, noting it can amplify shady ads to millions of impressions. Attackers are using this loophole to bypass X’s defenses while effectively weaponizing Grok itself.
🛡️ Possible fixes include scanning all metadata fields, blocking hidden links, and making Grok filter links through security checks before replying. Tal has already reported the flaw to X, though the company has yet to officially respond.
🕵️♂️ Researchers at Guardio Labs have discovered that threat actors are abusing Grok, X’s built-in AI assistant, to sneak in malicious links despite the platform’s restrictions on ad content.
📺 Instead of placing links in video ads directly, attackers hide them in the tiny “From:” metadata field under ad cards. Grok, when asked questions like “where is this video from?”, automatically pulls the hidden link and replies with it in a clickable format.
🤖 Since Grok is a trusted system account on X, its replies give the malicious links credibility, SEO boost, and wider reach - helping scammers spread fake CAPTCHA pages, info-stealing malware, and other harmful payloads.
📈 Researcher Nati Tal calls this abuse “Grokking”, noting it can amplify shady ads to millions of impressions. Attackers are using this loophole to bypass X’s defenses while effectively weaponizing Grok itself.
🛡️ Possible fixes include scanning all metadata fields, blocking hidden links, and making Grok filter links through security checks before replying. Tal has already reported the flaw to X, though the company has yet to officially respond.
❤1👍1🔥1
Lawyer Named Mark Zuckerberg Sues Meta After His Account Gets Disabled for Impersonating A Celebrity
👨⚖️ An Indiana bankruptcy lawyer, Mark S. Zuckerberg, is suing Meta after his Facebook accounts were repeatedly disabled for “impersonating a celebrity” - Meta’s own CEO, Mark E. Zuckerberg.
💸 The lawyer says Meta shut down his personal and business pages nine times in eight years, even after he spent $11,000 on ads. Meta allegedly kept the money while taking months to restore his accounts, leaving his law firm at a competitive disadvantage.
📑 According to the lawsuit, each suspension forced him to provide IDs, credit cards, and even video proof of his identity. He argues Meta had a duty of care to ensure he got the services he paid for.
📦 Sharing a name with the tech billionaire has caused years of confusion: from death threats and hundreds of friend requests to receiving mail and calls meant for the CEO. Despite the chaos, the lawyer insists he has no ill will - but says: “I will rule the search for ‘Mark Zuckerberg bankruptcy.’”
👨⚖️ An Indiana bankruptcy lawyer, Mark S. Zuckerberg, is suing Meta after his Facebook accounts were repeatedly disabled for “impersonating a celebrity” - Meta’s own CEO, Mark E. Zuckerberg.
💸 The lawyer says Meta shut down his personal and business pages nine times in eight years, even after he spent $11,000 on ads. Meta allegedly kept the money while taking months to restore his accounts, leaving his law firm at a competitive disadvantage.
📑 According to the lawsuit, each suspension forced him to provide IDs, credit cards, and even video proof of his identity. He argues Meta had a duty of care to ensure he got the services he paid for.
📦 Sharing a name with the tech billionaire has caused years of confusion: from death threats and hundreds of friend requests to receiving mail and calls meant for the CEO. Despite the chaos, the lawyer insists he has no ill will - but says: “I will rule the search for ‘Mark Zuckerberg bankruptcy.’”
❤2🔥2
Hackers Use Google Ads & Fake GitHub Links to Hit IT Firms
🖥️ A new sophisticated malware campaign dubbed GPUGate is targeting IT and software development companies in Western Europe. Attackers use Google Ads to lure users searching for tools like GitHub Desktop and redirect them through fake GitHub commits to malicious domains such as gitpage[.]app.
🎭 The malware arrives as a 128 MB MSI installer, making it hard for online sandboxes to analyze. Its payload remains encrypted until a real GPU is detected, effectively bypassing VMs and research environments. If no proper GPU is found, execution stops.
⚙️ Once active, it runs a Visual Basic Script → PowerShell script chain that gains admin rights, disables Microsoft Defender via exclusions, sets up persistence, and executes malicious files. The campaign also shows Russian-language comments, suggesting the threat actors’ origin.
📦 Further analysis revealed the malicious domain also hosts Atomic macOS Stealer (AMOS), pointing to a cross-platform attack. The goal is data theft and delivery of secondary payloads while evading detection.
🕵️♂️ Security vendors warn that this campaign resembles evolving trojanized ScreenConnect attacks in the U.S., which drop tools like AsyncRAT and custom PowerShell RATs. These dynamic, runtime-loaded installers make static detection methods much less effective, leaving defenders with limited options.
🖥️ A new sophisticated malware campaign dubbed GPUGate is targeting IT and software development companies in Western Europe. Attackers use Google Ads to lure users searching for tools like GitHub Desktop and redirect them through fake GitHub commits to malicious domains such as gitpage[.]app.
🎭 The malware arrives as a 128 MB MSI installer, making it hard for online sandboxes to analyze. Its payload remains encrypted until a real GPU is detected, effectively bypassing VMs and research environments. If no proper GPU is found, execution stops.
⚙️ Once active, it runs a Visual Basic Script → PowerShell script chain that gains admin rights, disables Microsoft Defender via exclusions, sets up persistence, and executes malicious files. The campaign also shows Russian-language comments, suggesting the threat actors’ origin.
📦 Further analysis revealed the malicious domain also hosts Atomic macOS Stealer (AMOS), pointing to a cross-platform attack. The goal is data theft and delivery of secondary payloads while evading detection.
🕵️♂️ Security vendors warn that this campaign resembles evolving trojanized ScreenConnect attacks in the U.S., which drop tools like AsyncRAT and custom PowerShell RATs. These dynamic, runtime-loaded installers make static detection methods much less effective, leaving defenders with limited options.
❤3🔥1
Hackers Steal 3,325 Secrets in GitHub ‘GhostAction’ Attack
🛠️ A new supply chain attack on GitHub, dubbed GhostAction, has compromised 3,325 secrets including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was first spotted on September 2, 2025, in the FastUUID project.
⚡ Attackers used compromised maintainer accounts to commit a malicious GitHub Actions workflow that automatically ran on push or manual trigger. This workflow exfiltrated secrets to an attacker-controlled domain using a curl POST request.
🔎 GitGuardian’s investigation revealed the attack was widespread, targeting at least 817 repositories. About 573 affected projects were warned, while some maintainers had already reverted malicious commits. The stolen data was sent to bold-dhawan[.]45-139-104-115[.]plesk[.]page.
💥 Roughly 3,325 secrets were exposed, including API tokens, access keys, and database credentials. At least nine npm and 15 PyPI packages are at risk of trojanized releases until maintainers revoke the leaked secrets.
📉 Entire company SDK portfolios across Python, Rust, JavaScript, and Go were compromised. While the campaign shares some similarities with the recent s1ngularity attack, researchers believe there’s no direct link.
🛠️ A new supply chain attack on GitHub, dubbed GhostAction, has compromised 3,325 secrets including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was first spotted on September 2, 2025, in the FastUUID project.
⚡ Attackers used compromised maintainer accounts to commit a malicious GitHub Actions workflow that automatically ran on push or manual trigger. This workflow exfiltrated secrets to an attacker-controlled domain using a curl POST request.
🔎 GitGuardian’s investigation revealed the attack was widespread, targeting at least 817 repositories. About 573 affected projects were warned, while some maintainers had already reverted malicious commits. The stolen data was sent to bold-dhawan[.]45-139-104-115[.]plesk[.]page.
💥 Roughly 3,325 secrets were exposed, including API tokens, access keys, and database credentials. At least nine npm and 15 PyPI packages are at risk of trojanized releases until maintainers revoke the leaked secrets.
📉 Entire company SDK portfolios across Python, Rust, JavaScript, and Go were compromised. While the campaign shares some similarities with the recent s1ngularity attack, researchers believe there’s no direct link.
❤1🔥1
Red Sea Cable Cuts Disrupt Internet Across Asia & Middle East
🌍 Major internet connectivity issues hit countries including India and Pakistan, after subsea cable outages in the Red Sea, according to monitoring group NetBlocks.
📡 Similar disruptions were also reported on Etisalat and Du networks in the UAE, with failures traced to cable systems near Jeddah, Saudi Arabia. The cause remains unclear.
⚡ Microsoft Azure confirmed its users may face increased latency due to multiple fiber cuts. While services continue, rerouted traffic through alternative paths may lead to delays.
🖥️ Microsoft noted that network traffic outside the Middle East is unaffected, but warned that users should expect higher latency on routes that previously passed through the region.
🌍 Major internet connectivity issues hit countries including India and Pakistan, after subsea cable outages in the Red Sea, according to monitoring group NetBlocks.
📡 Similar disruptions were also reported on Etisalat and Du networks in the UAE, with failures traced to cable systems near Jeddah, Saudi Arabia. The cause remains unclear.
⚡ Microsoft Azure confirmed its users may face increased latency due to multiple fiber cuts. While services continue, rerouted traffic through alternative paths may lead to delays.
🖥️ Microsoft noted that network traffic outside the Middle East is unaffected, but warned that users should expect higher latency on routes that previously passed through the region.
❤1👍1🔥1
Windows Devs Can Now Publish to Microsoft Store for Free
💻 Microsoft announced that individual Windows developers can now publish apps to the Microsoft Store without paying registration fees. This applies to Win32, UWP, PWA, .NET MAUI, WPF, WinForms, and Electron apps.
📦 Redmond will also cover hosting and signing costs. Developers just need to package their app as MSIX, and Microsoft will handle CDN distribution, free app signing, and automatic updates for users.
💸 For non-gaming apps, devs are free to use their own in-app payment systems, keeping 100% of the revenue. This opens more flexibility and control over monetization.
🪪 Getting started requires only a Microsoft account and a quick identity verification (government ID + selfie). No credit card needed, making the process more inclusive and accessible for creators worldwide.
🌍 The Microsoft Store, redesigned with Windows 11, now serves 250M+ monthly active users. By removing barriers, Microsoft aims to empower more developers to innovate, share, and thrive in the Windows ecosystem.
💻 Microsoft announced that individual Windows developers can now publish apps to the Microsoft Store without paying registration fees. This applies to Win32, UWP, PWA, .NET MAUI, WPF, WinForms, and Electron apps.
📦 Redmond will also cover hosting and signing costs. Developers just need to package their app as MSIX, and Microsoft will handle CDN distribution, free app signing, and automatic updates for users.
💸 For non-gaming apps, devs are free to use their own in-app payment systems, keeping 100% of the revenue. This opens more flexibility and control over monetization.
🪪 Getting started requires only a Microsoft account and a quick identity verification (government ID + selfie). No credit card needed, making the process more inclusive and accessible for creators worldwide.
🌍 The Microsoft Store, redesigned with Windows 11, now serves 250M+ monthly active users. By removing barriers, Microsoft aims to empower more developers to innovate, share, and thrive in the Windows ecosystem.
❤2