Hackers breached financial services firm Prosper, stealing the personal data of roughly 17.6 million people, including Social Security numbers, income details, and government IDs. "We have evidence that confidential, proprietary, and personal information, including Social Security Numbers, was obtained, including through unauthorized queries made on Company databases that store customer information and applicant data. We will be offering free credit monitoring as appropriate after we determine what data was affected," the company says. "The investigation is still in its very early stages, but resolving this incident is our top priority and we are committed to sharing additional information with our customers as appropriate." BleepingComputer reports: Prosper operates as a peer-to-peer lending marketplace that has helped over 2 million customers secure more than $30 billion in loans since its founding in 2005. As the company disclosed one month ago on a dedicated page, the breach was detected on September 2, but Prosper has yet to find evidence that the attackers gained access to customer accounts and funds.

However, the attackers stole data belonging to Prosper customers and loan applicants. The company hasn't shared what information was exposed beyond Social Security numbers because it's still investigating what data was affected. Prosper added that the security breach didn't impact its customer-facing operations and that it has reported the incident to relevant authorities and is collaborating with law enforcement to investigate the attack. [...] The stolen information also includes customers' names, government-issued IDs, employment status, credit status, income levels, dates of birth, physical addresses, IP addresses, and browser user agent details. Have I Been Pwned revealed the extent of the incident on Thursday.

Miami-Dade County is piloting a self-driving police car built by PolicingLab and powered by Perrone Robotics, equipped with 360-degree cameras, AI analytics, license plate readers, and even drone-launch capabilities. The Drive reports: "Designed as a force multiplier, the PUG combines advanced autonomy from Perrone Robotics with AI-driven analytics, real-time crime data, and a suite of sensors including 360-degree cameras, thermal imaging, license plate recognition, and drone launch capabilities," [says the PolicingLab's announcement.] "Its role: extend deputy resources, improve efficiency, and enhance community safety without additional cost to Miami-Dade taxpayers," it continued.

For starters, this is merely a pilot program being sponsored by PolicingLab, not a standard addition to the department's fleet. And second, at least initially, it's being soft-launched as a feeler for the Sheriff's public affairs folks. It'll be posted up at public and media events in order to "gather feedback" before the department considers whether to press it into service. Once it's actually brought online, PolicingLab says the squad car will offer several benefits to the department: "The 12-month pilot will evaluate outcomes such as improved response times, enhanced deterrence, officer safety, and stronger public trust," it said. "Results will inform whether and how the program expands, potentially serving as a national model for agencies across the country."

In other words, PolicingLab expects that the data collected about real-world policing will more than offset the costs of building and supporting the car in the long run, but if these are ever pressed into regular service, you can bet they'll come with hefty subscription and support costs, even if they do eliminate expensive human labor (and judgment) from the situation.

The TED conference is changing hands, and education pioneer Sal Khan will be the new "vision steward" for the institution long headed by Chris Anderson. From a report: The move aims to ensure the future of the organization, while keeping it a not-for-profit entity. Khan, founder and CEO of Khan Academy, will be the public face of TED, with Logan McClure Davda taking over as CEO.

Davda, who previously served as the organization's head of impact and was the co-founder of its fellows program, will run day-to-day operations. Khan remains CEO of Khan Academy while joining TED's board. Jay Herratti, who has served as CEO since 2021, will remain on TED's board. TED announced in February it was seeking new leadership and structure and put out an open call for proposals. The company held dozens of discussions, including some that would have transformed the organization into a for-profit venture. The organization's flagship conference is also headed for a big change, with 2026 being its last year in Vancouver, with plans to hold future events somewhere in California.

An anonymous reader quotes a report from BleepingComputer: U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform.

F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products. BIG-IP is the firm's flagship product used for application delivery and traffic management by many large enterprises worldwide. [...]

F5 is still reviewing which customers had their configuration or implementation details stolen and will contact them with guidance. To help customers secure their F5 environments against risks stemming from the breach, the company released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients. Despite any evidence "of undisclosed critical or remote code execution vulnerabilities," the company urges customers to prioritize installing the new BIG-IP software updates.

An anonymous reader shares a report: On Wednesday, Pew Research Center published a survey assessing how parents in the US with children under 12 manage their kids' screen time, which revealed that 61% of respondents overall reported their child ever uses or interacts with smartphones -- including 38% of those with children under 2 years old.

Much of this smartphone screen time is likely made up by parents streaming kid-friendly cartoons for their little ones to watch on the go: the study also found that YouTube use among children under 2 has risen sharply from 45% to 62% over the last five years. But it appears that most American toddlers only need to wait a few years before they can get devices of their very own. The same survey showed that almost one in four US parents overall allow their children aged 12 and under to have their own smartphones, and this ballooned to nearly 60% when just looking at kids aged 11-12 years old.

A new study shows that common baker's yeast (Saccharomyces cerevisiae) can survive Mars-like conditions, including meteorite shock waves and toxic perchlorate salts found in Martian soil. Phys.org reports: Published in PNAS Nexus, Purusharth I. Rajyaguru and colleagues subjected Saccharomyces cerevisiae, which is a widely used model yeast, to shock waves and perchlorates. The authors chose the yeast in part because it has already been studied in space. When stressed, yeast, humans, and many other organisms form ribonucleoprotein (RNP) condensates, structures made of RNA and proteins that protect RNA and affect the fates of mRNAs. When the stressor passes, the RNP condensates, which include subtypes known as stress granules and P-bodies, disassemble.

The authors simulated Martian shock waves at the High-Intensity Shock Tube for Astrochemistry (HISTA) housed in the Physical Research Laboratory in Ahmedabad, India. Yeast exposed to 5.6 Mach intensity shock waves survived with slowed growth, as did yeast subjected to 100 mM sodium salt of perchlorate (NaClO4) -- a concentration similar to that in Martian soils. Yeast cells also survived exposure to the combined stress of shock waves and perchlorate stress. In both cases, the yeast assembled RNP condensates. Shock waves induced the assembly of stress granules and P-bodies; perchlorate caused yeast to make P-bodies but not stress granules. Mutants incapable of assembling RNP condensates were poor at surviving the Martian stress condition. Transcriptome analysis identified specific RNA transcripts perturbed by Mars-like conditions.

Roughly 200,000 Linux-based Framework laptops shipped with a signed UEFI shell command (mm) that can be abused to bypass Secure Boot protections -- allowing attackers to load persistent bootkits like BlackLotus or HybridPetya. Framework has begun patching affected models, though some fixes and DBX updates are still pending. BleepingComputer reports: According to firmware security company Eclypsium, the problem stems from including a 'memory modify' (mm) command in legitimately signed UEFI shells that Framework shipped with its systems. The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules.

The mm command can be abused to overwrite gSecurity2 with NULL, effectively disabling signature verification. "This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads." The researchers also note that the attack can be automated via startup scripts to persist across reboots.

schwit1 shares a report from Hackread: On October 3, 2025, Hackread.com published an in-depth report in which hackers claimed to have stolen 989 million records from 39 major companies worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected firms enter negotiations before October 10, 2025, warning that if their demands were ignored, they would release the entire dataset. The hackers, identifying themselves as "Scattered Lapsus$ Hunters," a collective said to combine elements of Scattered Spider, Lapsus$, and ShinyHunters, have now published data allegedly belonging to 6 of the 39 targeted companies.

The companies named in the leak are as follows: Fujifilm, GAP, INC., Vietnam Airlines, Engie Resources, Quantas Airways Limited, and Albertsons Companies, Inc. In all 6 leaks, the record contains personal details of customers, business, including email addresses, full names, addresses, passport numbers, phone numbers. The hackers said on Telegram that they will not be releasing any additional information, stating, "A lot of people are asking what else will be leaked. Nothing else will be leaked. Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."

The FCC has forced major U.S. online retailers to remove millions of listings for prohibited Chinese-made electronics, including products from Huawei, ZTE, Hikvision, and Dahua, citing national security risks. Reuters reports: FCC Chair Brendan Carr said in an interview [on Friday] that the items removed are either on a U.S. list of barred equipment or were not authorized by the agency, including items like home security cameras and smart watches from companies including Huawei, Hangzhou Hikvision, ZTE, and Dahua Technology Company. Carr said companies are putting new processes in place to prevent future prohibited items as a result of FCC oversight. "We're going to keep our efforts up," Carr said. The FCC issued a new national security notice reminding companies of prohibited items including video surveillance equipment. Carr said the items could allow China to "surveil Americans, disrupt communications networks and otherwise threaten U.S. national security."

Car manufacturers decided they would rather cheat to prioritise "customer convenience" and sell cars than comply with the law on deadly pollutants, the first day of the largest group action trial in English legal history has been told. From a report: More than a decade after the original "dieselgate" scandal broke, lawyers representing 1.6 million diesel car owners in the UK argue that manufacturers deliberately installed software to rig emissions tests. They allege the "prohibited defeat devices" could detect when the cars were under test conditions and ensure that harmful NOx emissions were kept within legal limits, duping regulators and drivers.

Should the claim be upheld, estimated damages could exceed $8 billion. The three-month hearing that opened at London's high court on Monday will focus on vehicles sold by five manufacturers -- Mercedes, Ford, Renault, Nissan and Peugeot/Citroen -- from 2009. In "real world" conditions, when driven on the road, lawyers argue, the cars produced much higher levels of emissions. The judgment on the five lead defendants will also bind other manufacturers including Jaguar Land Rover, Vauxhall/Opel, Volkswagen/Porsche, BMW, FCA/Suzuki, Volvo, Hyundai-Kia, Toyota and Mazda, whose cases are not being heard to reduce the case time and costs.

OpenAI and Broadcom are working together to develop and deploy 10 gigawatts of custom AI chips and computing systems over the next four years, a high-profile partnership aimed at satisfying some of the startup's immense computing needs. From a report: OpenAI plans to design its own graphics processing units, or GPUs, which will allow it to integrate what it has learned from developing powerful artificial-intelligence models into the hardware that underpins future systems. As part of the agreement announced Monday, the chips will be co-developed by OpenAI and Broadcom and deployed by the chip company starting in the second half of next year. The new agreement will be worth multiple billions of dollars, people familiar with the matter said.

Broadcom specializes in designing custom AI chips that are specifically tailored to certain artificial-intelligence applications. It began working with OpenAI on creating a custom chip 18 months ago, and the companies broadened their partnership to include work on related components, including server racks and networking equipment.

Enthusiasm for Sora 2 "wasn't shared in Hollywood," reports the Los Angeles Times, "where the new AI tools have created a swift backlash" that "appears to be only just the beginning of a bruising legal fight that could shape the future of AI use in the entertainment business." [OpenAI] executives went on a charm offensive last year. They reached out to key players in the entertainment industry — including Walt Disney Co. — about potential areas for collaboration and trying to assuage concerns about its technology. This year, the San Francisco-based AI startup took a more assertive approach. Before unveiling Sora 2 to the general public, OpenAI executives had conversations with some studios and talent agencies, putting them on notice that they need to explicitly declare which pieces of intellectual property — including licensed characters — were being opted-out of having their likeness depicted on the AI platform, according to two sources familiar with the matter who were not authorized to comment. Actors would be included in Sora 2 unless they opted out, the people said. OpenAI disputes the claim and says that it was always the company's intent to give actors and other public figures control over how their likeness is used.

The response was immediate.... [Big talent agencies objected, along with performers' unions and major studios.] "Decades of enforceable copyright law establishes that content owners do not need to 'opt out' to prevent infringing uses of their protected IP," Warner Bros. Discovery said in a statement... The strong pushback from the creative community could be a strategy to force OpenAI into entering licensing agreements for the content they need, legal experts said... One challenge is figuring out a way that fairly compensates talent and rights holders. Several people who work within the entertainment industry ecosystem said they don't believe a flat fee works.
Meanwhile, "the complete copyright-free-for-all approach that OpenAI took to its new AI video generation model, Sora 2, lasted all of one week," writes Gizmodo. But that means the service has "now pissed off its users." As 404 Media pointed out, social channels like Twitter and Reddit are now flooded with Sora users who are angry they can't make 10-second clips featuring their favorite characters anymore. One user in the OpenAI subreddit said that being able to play with copyrighted material was "the only reason this app was so fun."
Futurism published more reactions, including ""It's official, Sora 2 is completely boring and useless with these copyright restrictions." Others accused OpenAI of abusing copyright to hype up its new app. "This is just classic OpenAI at this point," another user wrote. "They do this s*** all the time. Let people have fun for a day or two and then just start censoring like crazy." The app now has a measly 2.9-star rating on the App Store, indicative of growing disillusionment and frustration with censorship... [It's not dropped to 2.8.]

In an apparent effort to save face, Altman claimed this week that many copyright holders are actually begging to have their characters appear on Sora, instead of complaining about the trend. "In the case of Sora, we've heard from a lot of concerned rightsholders and also a lot of rightsholders who are like 'My concern is you won't put my character in enough,'" he told the a16z podcast earlier this week. "So I can completely see a world where subject to the decisions that a rightsholder has, they get more upset with us for not generating their character often enough than too much," he added. Whether most rightsholders would agree with that sentiment remains to be seen.
Business Insider offers another reaction. After watching Sora 2's main public feed, they write that Sora 2 "seems to be overrun with teenage boys."

The Register reports: Over the past two years, the open source curl project has been flooded with bogus bug reports generated by AI models. The deluge prompted project maintainer Daniel Stenberg to publish several blog posts about the issue in an effort to convince bug bounty hunters to show some restraint and not waste contributors' time with invalid issues. Shoddy AI-generated bug reports have been a problem not just for curl, but also for the Python community, Open Collective, and the Mesa Project.

It turns out the problem is people rather than technology. Last month, the curl project received dozens of potential issues from Joshua Rogers, a security researcher based in Poland. Rogers identified assorted bugs and vulnerabilities with the help of various AI scanning tools. And his reports were not only valid but appreciated. Stenberg in a Mastodon post last month remarked, "Actually truly awesome findings." In his mailing list update last week, Stenberg said, "most of them were tiny mistakes and nits in ordinary static code analyzer style, but they were still mistakes that we are better off having addressed. Several of the found issues were quite impressive findings...."

Stenberg told The Register that about 50 bugfixes based on Rogers' reports have been merged. "In my view, this list of issues achieved with the help of AI tooling shows that AI can be used for good," he said in an email. "Powerful tools in the hand of a clever human is certainly a good combination. It always was...!" Rogers wrote up a summary of the AI vulnerability scanning tools he tested. He concluded that these tools — Almanax, Corgea, ZeroPath, Gecko, and Amplify — are capable of finding real vulnerabilities in complex code.
The Register's conclusion? AI tools "when applied with human intelligence by someone with meaningful domain experience, can be quite helpful."

jantangring (Slashdot reader #79,804) has published an article on Stenberg's new position, including recently published comments from Stenberg that "It really looks like these new tools are finding problems that none of the old, established tools detect."

California's Privacy Protection Agency "issued a record fine earlier this month to Tractor Supply," according to an EFF Deeplinks blog post — for "apparently ducking its responsibilities under the California Consumer Privacy Act." Under that law, companies are required to respect California customers' and job applicants' rights to know, delete, and correct information that businesses collect about them, and to opt-out of some types of sharing and use. The law also requires companies to give notice of these rights, along with other information, to customers, job applicants, and others. The CPPA said that Tractor Supply failed several of these requirements. This is the first time the agency has enforced this data privacy law to protect job applicants...

Tractor Supply, which has 2,500 stores in 49 states, will pay for their actions to the tune of $1,350,000 — the largest fine the agency has issued to date. Specifically, the agency said, Tractor Supply violated the law by:

- Failing to maintain a privacy policy that notified consumers of their rights;

- Failing to notify California job applicants of their privacy rights and how to exercise them;

- Failing to provide consumers with an effective mechanism to opt-out of the selling and sharing of their personal information, including through opt-out preference signals such as Global Privacy Control; and

- Disclosing personal information to other companies without entering into contracts that contain privacy protections.


In addition to the fine, the company also must take an inventory of its digital properties and tracking technologies and will have to certify its compliance with the California privacy law for the next four years.
The agency's web site says it "continues to actively enforce California's cutting-edge privacy laws." It's recently issued decisions (and fines) against American Honda Motor Company and clothing retailer Todd Snyder. Other recent actions include:

• Securing a settlement agreement requiring data broker Background Alert — which promoted its ability to dig up "scary" amounts of information about people — to shut down or pay a steep fine.

• Launching the bipartisan Consortium of Privacy Regulators to collaborate with states across the country to implement and enforce privacy laws nationwide.

• Partnering with the data protection authorities in Korea, France, and the United Kingdom to share information and advance privacy protections for Californians.

• The agency has secured more than half a dozen successful enforcement actions against unregistered data brokers following an investigative sweep launched late last year to assess compliance with the Delete Act.

Cryptologist/CS professor Daniel J. Bernstein is alleging that America's National Security Agency is attempting to influence NIST post-quantum cryptography standards.

Bernstein first emphasizes that it's normal for post-quantum cryptography (or "PQ") to be part of "hybrid" security that also includes traditional pre-quantum cryptography. (Bernstein says this is important because since 2016, "We've seen many breaks of post-quantum proposals...")

"The problem in a nutshell. Surveillance agency NSA and its [UK counterpart] GCHQ are trying to have standards-development organizations endorse weakening [pre-quantum] ECC+PQ down to just PQ." Part of this is that NSA and GCHQ have been endlessly repeating arguments that this weakening is a good thing... I'm instead looking at how easy it is for NSA to simply spend money to corrupt the standardization process.... The massive U.S. military budget now publicly requires cryptographic "components" to have NSA approval... In June 2024, NSA's William Layton wrote that "we do not anticipate supporting hybrid in national security systems"...

[Later a Cisco employee wrote of selling non-hybrid cryptography to a significant customer, "that's what they're willing to buy. Hence, Cisco will implement it".]

What do you do with your control over the U.S. military budget? That's another opportunity to "shape the worldwide commercial cryptography marketplace". You can tell people that you won't authorize purchasing double encryption. You can even follow through on having the military publicly purchase single encryption. Meanwhile you quietly spend a negligible amount of money on an independent encryption layer to protect the data that you care about, so you're actually using double encryption.
This seems to be a speculative scenario. But Bernstein is also concerned about how the Internet Engineering Task Force handled two drafts specifying post-quantum encryption mechanisms for TLS ("the security layer inside HTTPS and inside various other protocols"). For a draft suggesting "non-hybrid" encryption, there were 20 statements of support (plus 2 more only conditionally supporting it), but 7 more statements unequivocally opposing adoption, including one from Bernstein. The IETF has at times said they aim for "rough consensus" — or for "broad consensus" — but Bernstein insists 7 opposers in a field of 29 (24.13%) can't be said to match the legal definition of consensus (which is "general agreement"). "I've filed a formal complaint regarding the claim of consensus to adopt."

He's also written a second blog post analyzing the IETF's decision-making process in detail. "It's already bad that the IETF TLS working group adopted non-hybrid post-quantum encryption without official answers to the objections that were raised. It's much worse if the objections can't be raised in the first place."

Thanks to alanw (Slashdot reader #1,822) for spotting the blog posts.

"California Governor Gavin Newsom signed the 'California Opt Me Out Act', which will require web browsers to include an easy, universal way for users to opt out of data collection and sales," reports the blog 9to5Mac: [The law] requires browsers to provide a clear, one-click mechanism for Californians to opt out of data sharing across websites. The bill reads: "A business shall not develop or maintain a browser that does not include functionality configurable by a consumer that enables the browser to send an opt-out preference signal to businesses with which the consumer interacts through the browser...." Californians will need patience, though, as the law doesn't take effect until January 1, 2027.
Americans in some states — including California, Texas, Colorado, New Jersey and Maryland — "have the option to make those opt-out demands automatic whenever they surf the web," reports the Washington Post. "But they can only do so if they use small browsers that voluntarily offer that option, such as DuckDuckGo, Firefox and Brave. What's new in California's law is that all browsers must give people the same option." That means soon in California, just using Google's Chrome, Apple's Safari and Microsoft's Edge can command companies not to sell your data or pass it along for ad targeting... It's an imperfect but potent and simple way to flex privacy rights — and becomes even more powerful with another simple privacy measure in California. Starting on January 1, California residents can fill out an online form once to completely and repeatedly wipe their data from hundreds of data brokers that package your personal information for sale.
But their article also suggests other ways readers can "try a one-click privacy option now."

• "[S]ome national companies respect one-click privacy opt-out requests from everyone... This happens automatically if you use DuckDuckGo and Brave. You need to change a setting with Firefox."

• "Download Privacy Badger: The software from the Electronic Frontier Foundation, a consumer privacy advocacy group, works in the background to order websites not to sell information they're collecting about you."

• "Use Permission Slip from Consumer Reports. Give the app basic information, and it will help you do much of the legwork to tell companies not to sell your information or to delete it, if you have the right to do so."

An anonymous reader shared this report from the Independent: Bitcoin and Ethereum both saw record liquidations as investors reacted to fears over a trade war, which saw many crypto investors move their money to stablecoins or safer assets... Bitcoin fell by more than 10 per cent to below $110,000, before recovering to $113,096 on Saturday morning. The value of Ethereum slumped by 11.2 per cent to $3,878. Other cryptocurrencies, including XRP, Doge and Ada, fell around 19 per cent, 27 per cent, and 25 per cent in the last 24 hours, respectively.
LiveMint shares some statistics from Bloomberg: Citing 24-hour data from Coinglass, the report noted that more than $19 billion has been wiped out in the "largest liquidation event in crypto history", which impacted more than 1.6 million traders. It added that more than $7 billion of those positions were sold in less than one hour of trading on October 10. According to data on CoinMarketCap, the cryptocurrency market cap has dived to $3.74 trillion from the record-high $4.30 trillion level, the previous day. Trading volumes as of the market close were recorded at $490.23 billion.

Bitcoin retreated on Friday, as US-China trade tensions reignited, after racing to record highs earlier in the week as persistent rate-cut bets and signs of some cooling in geopolitical tensions helped boost risk. Bitcoin was trading at $105,505.4 on Friday, down 13.15% on the day.

An anonymous reader quotes a report from Ars Technica: Bose will brick key features of its SoundTouch Wi-Fi speakers and soundbars soon. On Thursday, Bose informed customers that as of February 18, 2026, it will stop supporting the devices, and the devices' cloud-based features, including the companion app, will stop working. The SoundTouch app enabled numerous capabilities, including integrating music services, like Spotify and TuneIn, and the ability to program multiple speakers in different rooms to play the same audio simultaneously.

Bose has also said that some saved presets won't work and that users won't be able to change saved presets once the app is gone. Additionally, Bose will stop providing security updates for SoundTouch devices. The Framingham, Massachusetts-headquartered company noted to customers that the speakers will continue being able to play audio from a device connected via AUX or HDMI. Wireless playback will still work over Bluetooth; however, Bluetooth is known to introduce more latency than Wi-Fi connections. Affected customers can trade in their SoundTouch product for a credit worth up to $200.

In its notice sent to customers this week, Bose provided minimal explanation for end-of-life-ing its pricey SoundTouch speakers, saying: "Bose SoundTouch systems were introduced into the market in 2013. Technology has evolved since then, and we're no longer able to sustain the development and support of the cloud infrastructure that powers this older generation of products. We remain committed to creating new listening experiences for our customers built on modern technologies."

Lyft is teaming up with Tensor Auto to launch hundreds of AI-powered "Robocars" across Europe and North America starting in 2027. Bloomberg reports: Tensor Robocars, the first deliveries of which are planned in late 2026, have more than 100 sensors including cameras, lidars and radars, and processes sensor data with artificial intelligence technology powered by Nvidia Corp. chips on board. The vehicles will come from the manufacturer with Lyft's platform installed, which will allow owners to make money on the rideshare network in markets where level 4 autonomous technology is available, according to the joint statement. Lyft has reserved hundreds of Robocars via its affiliates for its own fleet operations, subject to regulatory approvals.

An anonymous reader quotes a report from CSO Online: On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to "less than five percent" of its customers. Now, the firewall provider has admitted that "all customers" using the MySonicWall cloud backup feature were affected. According to the company, the stolen files contain encrypted credentials and configuration data. "[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns in its press release.

Security specialist Arctic Wolf also warns of the consequences of the incident. "Firewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization's network," explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf. "These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates," he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks. SonicWall urges all customers and partners to regularly check their devices for updates. Admins can find additional information here.