Is Big Tech Doing Enough to Fight Scams? The EU Isn’t So Sure
As online scammers continue to harass consumers, the European Union is investigating whether major companies, including Apple, Google, and Microsoft, are doing enough to stop the threat. The European Commission today announced it had sent letters to the “Apple App store, Booking.com, Bing, Google Play, and Google Search on how these platforms and search engines identify and manage risks related to financial scams.” The goal is to learn how companies detect and crack down on fraudulent content, including malicious mobile apps that impersonate legitimate banking and financial products.
ShadowLeak Exploit Exposed Gmail Data Through ChatGPT Agent
A team of security researchers from Cloud Security Solutions provider, Radware, found a way to trick a popular AI tool into giving up a user’s private information. The team, including lead researchers Zvika Babo and Gabi Nakibly, discovered a flaw in OpenAI’s ChatGPT Deep Research agent, a tool that autonomously browses the internet and user documents to create reports. They demonstrated how the agent could be tricked into leaking private data from a user’s Gmail account without their knowledge.
New EDR-Freeze tool uses Windows WER to suspend security software
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft’s Windows Error Reporting (WER) system. The technique eliminates the need of a vulnerable driver and puts security agents like endpoint detection and response (EDR) tools into a state of hibernation. By using the WER framework together with the MiniDumpWriteDump API, security researcher TwoSevenOneThree (Zero Salarium) found a way to suspend indefinitely the activity of EDR and antivirus processes indefinitely.
Scott Wiener on his fight to make Big Tech disclose AI’s dangers
This is not California state Senator Scott Wiener’s first attempt at addressing the dangers of AI. In 2024, Silicon Valley mounted a fierce campaign against his controversial AI safety bill, SB 1047, which would have made tech companies liable for the potential harms of their AI systems. Tech leaders warned that it would stifle America’s AI boom. Governor Gavin Newsom ultimately vetoed the bill, echoing similar concerns, and a popular AI hacker house promptly threw a “SB 1047 Veto Party.” One attendee told me, “Thank god, AI is still legal.”
PyPI urges users to reset credentials after new phishing attacks
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default source for Python’s package management tools, hosting hundreds of thousands of packages and providing developers with a centralized platform to distribute third-party software libraries. Python Software Foundation developer Seth Larson said the phishing emails request targets to “verify their email address” for “account maintenance and security procedures,” threatening them with account suspensions and redirecting to a phishing landing page at pypi-mirror[.]org.
