California jury orders Google to pay $314 million over data transfers from Android phones
A California jury has ordered Google to pay $314 million for collecting data from Android phones while they were connected to cellular networks, a practice that plaintiffs said equated to stealing a resource that they had paid for. The verdict, issued Tuesday by a jury in a Northern California state court, is the culmination of a class-action lawsuit that began in 2019. The plaintiffs argued that Google could have waited until the devices were connected to WiFi networks, thus avoiding any costs related to cellular plans.
Hunters International ransomware shuts down, releases free decryptors
The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom. “After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with,” the cybercrime gang says in a statement published on its dark web leak earlier today. “As a gesture of goodwill and to assist those affected by our previous activities, we are offering free decryption software to all companies that have been impacted by our ransomware. Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms.”
The Hidden Weaknesses in AI SOC Tools that No One Talks About
If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today’s reality is different. Modern security operations teams face a sprawling and ever-changing landscape of alerts. From cloud to endpoint, identity to OT, insider threats to phishing, network to DLP, and so many more, the list goes on and is continuously growing. CISOs and SOC managers are rightly skeptical. Can this AI actually handle all of my alerts, or is it just another rules engine in disguise?
Columbia University breach attributed to politically motivated hacker
New York-based Columbia University has linked last week’s cyberattack that led to extensive student document theft and a momentary systems shutdown to a sophisticated politically motivated hacktivist, according to The Associated Press. Additional details regarding the possible political bent of the intrusion were not provided by a Columbia spokesperson, who noted an ongoing investigation into the attack’s connection to the display of President Donald Trump’s photo on multiple public monitors across the campus during the compromise.
Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
When Netcraft researchers asked a large language model where to log into various well-known platforms, the results were surprisingly dangerous. Of 131 hostnames provided in response to natural language queries for 50 brands, 34% of them were not controlled by the brands at all. Two-thirds of the time, the model returned the correct URL. But in the remaining third, the results broke down like this: nearly 30% of the domains were unregistered, parked, or otherwise inactive, leaving them open to takeover. Another 5% pointed users to completely unrelated businesses. In other words, more than one in three users could be sent to a site the brand doesn’t own, just by asking a chatbot where to log in.
