The Department of Homeland Security is concerned about the rate at which outlawed signal-jamming devices are being found across the US. From a report: In a warning issued on Wednesday, it said it has seen an 830 percent increase in seizures of these signal jammers since 2021, specifically those made in China. Signal-jamming devices are outlawed in the US, mainly because they can interfere with communications between emergency services and law enforcement.

While the Communications Act of 1934 effectively prohibits such devices, signal jammers of the type DHS is concerned about have only circulated in the last 20 to 30 years. Authorities have paid special attention to relay attack devices in recent years -- the types of hardware that can be used to clone signals used by systems such as remote car keys, although the first examples of these devices date back to the 1980s.

david.emery writes: Microsoft is making it harder to use Chrome on Windows. The culprit? This time, it's Windows' Family Safety feature. Since early this month, the parental control measure has prevented users from opening Chrome. Strangely, no other apps or browsers appear to be affected.

Redditors first reported the issue on June 3. u/Witty-Discount-2906 posted that Chrome crashed on Windows 11. "Just flashes quickly, unable to open with no error message," they wrote. Another user chimed in with a correct guess. "This may be related to Parental Controls," u/duk242 surmised. "I've had nine students come see the IT Desk in the last hour saying Chrome won't open."

A senior Broadcom executive has defended VMware's controversial licensing changes by arguing that customers complaining about costs simply weren't using the software bundles properly. VMware shifted away from selling perpetual licenses for individual products to subscription bundles after Broadcom's acquisition. Some smaller and mid-sized customers claim their costs increased eight to 15 times under the new pricing structure, prompting migration plans to alternative platforms.

Joe Baguley, Broadcom's chief technology officer for EMEA, countered that 87% of VMware's top 10,000 customers have signed up for VMware Cloud Foundation, and that cost complaints "don't play out" when Broadcom sits down with customers directly.

Starting mid-July 2025, Microsoft 365 will begin blocking legacy authentication protocols like Remote PowerShell and FrontPage RPC to enhance security under its "Secure by Default" initiative. Admins must now grant explicit consent for third-party app access, which could disrupt workflows but aims to reduce unauthorized data exposure. The Register reports: First in line for the chop is legacy browser authentication to SharePoint and OneDrive using the Remote PowerShell (RPS) protocol. According to Microsoft, legacy authentication protocols like RPS "are vulnerable to brute-force and phishing attacks due to non-modern authentication." The upshot is that attempting to access OneDrive or SharePoint via a browser using legacy authentication will stop working.

Also being blocked is the FrontPage Remote Procedure Call (RPC) protocol. Microsoft FrontPage was a web authoring tool that was discontinued almost two decades ago. However, the protocol for remote web authoring has lived on until now. Describing legacy protocols like RPC as "more susceptible to compromise," Microsoft will block them to prevent their use in Microsoft 365 clients.

Finally, third-party apps will need administrator consent to access files and sites. Microsoft said: "Users allowing third-party apps to access file and site content can lead to overexposure of an organization's content. Requiring admins to consent to this access can help reduce overexposure." "While laudable, shifting consent to the administrator could disrupt some workflows," writes The Register's Richard Speed. "The Microsoft-managed App Consent Policies will be enabled, and users will be unable to consent to third-party applications accessing their files and sites by default. Need consent? A user will need to request an administrator to consent on their behalf."

An anonymous reader quotes a report from Cybernews: Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various infostealers. Unnecessarily compiling sensitive information can be as damaging as actively trying to steal it. For example, the Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned.

Our team has been closely monitoring the web since the beginning of the year. So far, they've discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records. None of the exposed datasets were reported previously, bar one: in late May, Wired magazine reported a security researcher discovering a "mysterious database" with 184 million records. It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is.

"This is not just a leak -- it's a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets -- these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale," researchers said. The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances. Key details to be aware of: - The records include billions of login credentials, often structured as URL, login, and password.
- The datasets include both old and recent breaches, many with cookies, tokens, and metadata, making them especially dangerous for organizations without multi-factor authentication or strong credential practices.
- Exposed services span major platforms like Apple, Google, Facebook, Telegram, GitHub, and even government services.
- The largest dataset alone includes 3.5 billion records, while one associated with the Russian Federation has over 455 million; many dataset names suggest links to malware or specific regions.
- Ownership of the leaked data is unclear, but its potential for phishing, identity theft, and ransomware is severe -- especially since even a - Basic cyber hygiene -- such as regularly updating strong passwords and scanning for malware -- is currently the best line of defense for users.

Hackers have stolen hundreds of millions of dollars from cryptocurrency holders and disrupted major retailers by targeting outsourced call centers used by American corporations to reduce costs, WSJ reported Thursday. The attackers exploit low-paid call center workers through bribes and social engineering to bypass two-factor authentication systems protecting bank accounts and online portals.

Coinbase faces potential losses of $400 million after hackers compromised data belonging to 97,000 customers by bribing call center workers in India with payments of $2,500. The criminals also used malicious tools that exploited vulnerabilities in Chrome browser extensions to collect customer data in bulk.

TaskUs, which handled Coinbase support calls, shut down operations at its Indore, India facility and laid off 226 workers. Retail attacks targeted Marks & Spencer and Harrods with hackers impersonating corporate executives to pressure tech support workers into providing network access. The same technique compromised MGM Resorts systems in 2023. Call center employees typically possess sensitive customer information including account balances and recent transactions that criminals use to masquerade as legitimate company representatives.

An anonymous reader quotes a report from Ars Technica: Tech support scammers have devised a method to inject their fake phone numbers into webpages when a target's web browser visits official sites for Apple, PayPal, Netflix, and other companies. The ruse, outlined in a post on Wednesday from security firm Malwarebytes, threatens to trick users into calling the malicious numbers even when they think they're taking measures to prevent falling for such scams. One of the more common pieces of security advice is to carefully scrutinize the address bar of a browser to ensure it's pointing to an organization's official website. The ongoing scam is able to bypass such checks.

The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple, HP, PayPal, Netflix, and other sites. While Google displays only the scheme and host name of the site the ad links to (for instance, https://www.microsoft.com/ the ad appends parameters to the path to the right of that address. When a target clicks on the ad, it opens a page on the official site. The appended parameters then inject fake phone numbers into the page the target sees.

Google requires ads to display the official domain they link to, but the company allows parameters to be added to the right of it that aren't visible. The scammers are taking advantage of this by adding strings to the right of the hostname. The parameters aren't displayed in the Google ad, so a target has no obvious reason to suspect anything is amiss. When clicked on, the ad leads to the correct hostname. The appended parameters, however, inject a fake phone number into the webpage the target sees. The technique works on most browsers and against most websites. Malwarebytes.com was among the sites affected until recently, when the site began filtering out the malicious parameters.

Austria's coalition government has agreed on a plan to enable police to monitor suspects' secure messaging in order to thwart militant attacks, ending what security officials have said is a rare and dangerous blind spot for a European Union country. From a report: Because Austria lacks a legal framework for monitoring messaging services like WhatsApp, its main domestic intelligence service and police rely on allies with far more sweeping powers like Britain and the United States alerting them to chatter about planned attacks and spying.

That kind of tip-off led to police unravelling what they say was a planned attack on a Taylor Swift concert in Vienna, which prompted the cancellation of all three of her planned shows there in August of last year. "The aim is to make people planning terrorist attacks in Austria feel less secure - and increase everyone else's sense of security," Joerg Leichtfried of the Social Democrats, the junior minister in charge of overseeing the Directorate for State Security and Intelligence (DSN), told a news conference.

Facebook now supports passkeys for login, offering users a more secure, phishing-resistant alternative to passwords by using biometrics or a PIN stored on their device. The feature is rolling out to iOS and Android "soon," while Messenger will get the feature "in the coming months." Lifehacker reports: Meta seems pretty excited about the news -- and not just because the company happens to be a member of the FIDO Alliance, the organization that developed passkeys. Aside from logging into your Facebook account, Meta says you'll be able to use passkeys to autofill your payment info when buying things with Meta Pay. You'll also be able to use the same passkey between both Facebook and Messenger, and your passkey will act as a key to lock out your encrypted Messenger chats.

Microsoft is planning to ax thousands of jobs, particularly in sales, as part of the company's latest move to trim its workforce amid heavy spending on AI. From a report: The cuts are expected to be announced early next month [non-paywalled source], following the end of Microsoft's fiscal year, according to people familiar with the matter. The reductions won't exclusively affect sales teams, and the timing could still change, said the people, who requested anonymity to discuss a private matter. The terminations would follow a previous round of layoffs in May that hit 6,000 people and fell hardest on product and engineering positions, largely sparing customer-facing roles like sales and marketing.

An anonymous reader shares a report: Microsoft has a long history of being criticized for coming up with clunky product names, and for changing them so often it's hard for customers to keep up. The company's own employees once joked in a viral video that the iPod would have been called the "Microsoft I-pod Pro 2005 XP Human Ear Professional Edition with Subscription" had it been created by Microsoft. The latest gripe among some employees and customers: The company's tendency to slap "Copilot" on everything AI.

"There is a delusion on our marketing side where literally everything has been renamed to have Copilot it in," one employee told Business Insider late last year. "Everything is Copilot. Nothing else matters. They want a Copilot tie-in for everything." Now, an advertising watchdog is weighing in. The Better Business Bureau's National Advertising Division reviewed Microsoft's advertising for its Copilot AI tools. NAD called out Microsoft's "universal use of the product description as 'Copilot'" and said "consumers would not necessarily understand the difference," according to a recent report from the watchdog.

"Microsoft is using 'Copilot' across all Microsoft Office applications and Business Chat, despite differences in functionality and the manual steps that are required for Business Chat to produce the same results as Copilot in a specific Microsoft Office app," NAD further explained in an email to BI. NAD did not mention any specific recommendations on product names. But it did say Microsoft should modify claims that Copilot works "seamlessly across all your data" because all of the company's tools with the Copilot moniker don't work together continuously in a way consumers might expect.

Veteran columnist Steven J. Vaughan-Nichols declared that Firefox was "dead" to him in a scathing opinion piece Tuesday that cites Mozilla's strategic missteps and the browser's declining technical performance as evidence of terminal decline. Vaughan-Nichols argues that Mozilla has fundamentally betrayed user trust by removing a longstanding promise never to sell personal data from its privacy policy in February, replacing it with a weaker pledge to "protect your personal information."

The veteran technology writer also criticized Mozilla's decision to discontinue Pocket, a popular article-saving service, and Fakespot, which identified fake online reviews, while pursuing what he called a misguided AI strategy. He cited user reports of Firefox running up to 30% slower than Chrome, consuming excessive memory, and failing to properly load major websites. Mozilla has also become financially more vulnerable, he argued, noting CFO Eric Muhlheim's admission that the company depends on Google for 90% of its revenue. According to federal data he cited, Firefox holds just 1.9% of the browser market, leading him to conclude the browser is "done."

Researchers are cautioning users against clicking unsubscribe links embedded in email bodies, citing new data showing such actions can expose recipients to malicious websites and confirm active email addresses to attackers. DNSFilter found that one in every 644 clicks on unsubscribe links leads users to potentially malicious websites.

"You've left the safe, structured environment of your email client and entered the open web," TK Keanini, DNSFilter's chief technology officer, told WSJ. The risks range from confirming to bad actors that an email address belongs to an active user to redirecting victims to fake websites designed to steal login credentials or install malware. Clicking such links "can make you a bigger target in the future," said Michael Bargury, CTO of security company Zenity.

Microsoft has disabled Windows Hello's ability to authenticate users in low-light environments through a recent security update that now requires both infrared sensors and color cameras to verify faces. The change forces the system to see a visible face through the webcam before completing authentication with IR sensors.

Windows Hello earlier relied solely on infrared sensors to create 3D facial scans, allowing the feature to work in complete darkness similar to iPhone's Face ID. Microsoft pushed the dual-camera requirement to address a spoofing vulnerability in the biometric system.

Microsoft's latest Windows 11 preview builds contain a bug that replaces the operating system's startup sound with Windows Vista's iconic boot chime from 2006. Microsoft acknowledged the bug in its release notes -- describing it as a "delightful blast from the past" -- and said it was working on a fix.

An anonymous reader shared this report from Bloomberg: Amazon's hard-line stance on getting disabled employees to return to the office has sparked a backlash, with workers alleging the company is violating the Americans with Disabilities Act as well as their rights to collectively bargain. At least two Amazon employees have filed complaints with the Equal Employment Opportunity Commission (EEOC) and the National Labor Relations Board, federal agencies that regulate working conditions. One of the workers said they provided the EEOC with a list of 18 "similarly situated" employees to emphasize that their experience isn't isolated and to help federal regulators with a possible investigation.

Disabled workers frustrated with how Amazon is handling their requests for accommodations — including exemptions to a mandate that they report to the office five days a week — are also venting their displeasure on internal chat rooms and have encouraged colleagues to answer surveys about the policies. Amazon has been deleting such posts and warning that they violate rules governing internal communications. One employee said they were terminated and another said they were told to find a different position after advocating for disabled workers on employee message boards. Both filed complaints with the EEOC and NLRB.
Amazon has told employees with disabilities they must now submit to a "multilevel leader review," Bloomberg reported in October, "and could be required to return to the office for monthlong trials to determine if accommodations meet their needs." (They received calls from "accommodation consultants" who also reviewed medical documentation, after which "another Amazon manager must sign off. If they don't, the request goes to a third manager...")

Bloomberg's new article remembers how several employees told them in November. "that they believed the system was designed to deny work-from-home accommodations and prompt employees with disabilities to quit, which some have done. Amazon denied the system was designed to encourage people to resign." Since then, workers have mobilized against the policy. One employee repeatedly posted an online survey seeking colleagues' reactions, defying the company's demands to stop. The survey ultimately generated feedback from more than 200 workers even though Amazon kept deleting it, and the results reflected strong opposition to Amazon's treatment of disabled workers. More than 71% of disabled Amazon employees surveyed said the company had denied or failed to meet most of their accommodation requests, while half indicated they faced "hostile" work environments after disclosing their disabilities and requesting accommodations.

One respondent said they sought permission to work from home after suffering multiple strokes that prevented them from driving. Amazon suggested moving closer to the office and taking mass transit, the person said in the survey. Another respondent said they couldn't drive for longer than 15-minute intervals due to chronic pain. Amazon's recommendation was to pull over and stretch during their commute, which the employee said was unsafe since they drive on a busy freeway... Amazon didn't dispute the accounts and said it considered a range of solutions to disability accommodations, including changes to an employee's commute.
Amazon is also "using AI to parse accommodation requests, read doctors' notes and make recommendations based on keywords," according to the article — another policy that's also generated internal opposition (and formed a "key element" of the complaint to the Equal Employment Opportunity Commission).

"The dispute could affect thousands of Amazon workers. An internal Slack channel for employees with disabilities has 13,000 members, one of the people said..."

The state of New York is "asking companies to disclose whether AI is the reason for their layoffs," reports Entrepreneur: The move applies to New York State's existing Worker Adjustment and Retraining Notification (WARN) system and took effect in March, Bloomberg reported. New York is the first state in the U.S. to add the disclosure, which could help regulators understand AI's effects on the labor market.

The change takes the form of a checkbox added to a form employers fill out at least 90 days before a mass layoff or plant closure through the WARN system. Companies have to select whether "technological innovation or automation" is a reason for job cuts. If they choose that option, they are directed to a second menu where they are asked to name the specific technology responsible for layoffs, like AI or robots.

Last week Anthropic CEO Dario Amodei said AI could eliminate half the entry-level white-collar jobs within five years. CNN called the remarks "part of the AI hype machine."

Asked about the prediction this week at a Paris tech conference, NVIDIA CEO Jensen Huang acknowledged AI may impact some employees, but "dismissed" Amodei's claim, according to Fortune. "Everybody's jobs will be changed. Some jobs will be obsolete, but many jobs are going to be created ... Whenever companies are more productive, they hire more people."

And he also said he "pretty much" disagreed "with almost everything" Anthropic's CEO says. "One, he believes that AI is so scary that only they should do it," Huang said of Amodei at a press briefing at Viva Technology in Paris. "Two, [he believes] that AI is so expensive, nobody else should do it ... And three, AI is so incredibly powerful that everyone will lose their jobs, which explains why they should be the only company building it. I think AI is a very important technology; we should build it and advance it safely and responsibly," Huang continued. "If you want things to be done safely and responsibly, you do it in the open ... Don't do it in a dark room and tell me it's safe."

An Anthropic spokesperson told Fortune in a statement: "Dario has never claimed that 'only Anthropic' can build safe and powerful AI. As the public record will show, Dario has advocated for a national transparency standard for AI developers (including Anthropic) so the public and policymakers are aware of the models' capabilities and risks and can prepare accordingly.
NVIDIA's CEO also touted their hybrid quantum-classical platformCUDA-Q and claimed quantum computing is hitting an "inflection point" and within a few years could start solving real-world problems

Google is rolling out new Gemini AI features for Workspace users that make it easier to find information in PDFs and form responses. From a report: The Gemini-powered file summarization capabilities in Google Drive have now expanded to PDFs and Google Forms, allowing key details and insights to be condensed into a more convenient format that saves users from manually digging through the files.

Gemini will proactively create summary cards when users open a PDF in their drive and present clickable actions based on its contents, such as "draft a sample proposal" or "list interview questions based on this resume." Users can select any of these options to make Gemini perform the desired task in the Drive side panel. The feature is available in more than 20 languages and started rolling out to Google Workspace users on June 12th, though it may take a couple of weeks to appear.

An anonymous reader shares a report: In less than three months' time, almost no civil servant, police officer or judge in Schleswig-Holstein will be using any of Microsoft's ubiquitous programs at work. Instead, the northern state will turn to open-source software to "take back control" over data storage and ensure "digital sovereignty," its digitalisation minister, Dirk Schroedter, told AFP. "We're done with Teams!" he said, referring to Microsoft's messaging and collaboration tool and speaking on a video call -- via an open-source German program, of course.

The radical switch-over affects half of Schleswig-Holstein's 60,000 public servants, with 30,000 or so teachers due to follow suit in coming years. The state's shift towards open-source software began last year. The current first phase involves ending the use of Word and Excel software, which are being replaced by LibreOffice, while Open-Xchange is taking the place of Outlook for emails and calendars.