An impostor pretending to be Secretary of State Marco Rubio contacted foreign ministers, a U.S. governor and a member of Congress by sending them voice and text messages that mimic Rubio's voice and writing style using AI-powered software, Washington Post reported Tuesday, citing a senior U.S. official and a State Department cable. From the report: U.S. authorities do not know who is behind the string of impersonation attempts but they believe the culprit was probably attempting to manipulate powerful government officials "with the goal of gaining access to information or accounts," according to a cable sent by Rubio's office to State Department employees.

Using both text messaging and the encrypted messaging app Signal, which the Trump administration uses extensively, the impostor "contacted at least five non-Department individuals, including three foreign ministers, a U.S. governor, and a U.S. member of Congress," said the cable, dated July 3. The impersonation campaign began in mid-June when the impostor created a Signal account using the display name "Marco.Rubio@state.gov" to contact unsuspecting foreign and domestic diplomats and politicians, said the cable.

Long-time Slashdot reader AmiMoJo shared this report from the Apple news blog 9to5Mac: iOS 26 is a packed update for iPhone users thanks to the new Liquid Glass design and major updates for Messages, Wallet, CarPlay, and more. But another new feature was just discovered in the iOS 26 beta: FaceTime will now freeze your call's video and audio if someone starts undressing.

When Apple unveiled iOS 26 last month, it mentioned a variety of new family tools... "Communication Safety expands to intervene when nudity is detected in FaceTime video calls, and to blur out nudity in Shared Albums in Photos." However, at least in the iOS 26 beta, it seems that a similar feature may be in place for all users — adults included.
That's the claim of an X.com user named iDeviceHelp, who says FaceTime in iOS 26 swaps in a warning message that says "Audio and video are paused because you may be showing something sensitive," giving users a choice of ending the call or resuming it.

9to5Mac says "It's unclear whether this is an intended behavior, or just a bug in the beta that's applying the feature to adults... [E]verything happens on-device so Apple has no idea about the contents of your call."

Ripple Labs is applying for a U.S. national bank charter and a Federal Reserve master account, "following a similar move by stablecoin issuer Circle Internet Group as crypto firms look to be regulated to deepen ties with traditional finance," reports CoinTelegraph. From the report: Ripple CEO Brad Garlinghouse confirmed on X on Wednesday that the company is applying for a license with the US Office of the Comptroller of the Currency (OCC), following an earlier report by The Wall Street Journal. "True to our long-standing compliance roots, Ripple is applying for a national bank charter from the OCC," he wrote. Garlinghouse said if the license is approved, it would be a "new (and unique!) benchmark for trust in the stablecoin market" as the firm would be under federal and state oversight -- with the New York Department of Financial Services already regulating its Ripple USD (RLUSD) stablecoin. [...]

Ripple's Garlinghouse added that the company also applied for a Master Account with the Federal Reserve, which would give it access to the US central banking system. "This access would allow us to hold $RLUSD reserves directly with the Fed and provide an additional layer of security to future proof trust in RLUSD," Garlinghouse said. "Congress is working towards clear rules and regulations, and banks (in a far cry from the years of Operation Chokepoint 2.0) are leaning in," he added, mentioning the conspiracy that the Biden administration sought to cut off crypto from the financial system. Ripple applied for the account through Standard Custody, a crypto custody firm it acquired in February 2024.

The "Stop Killing Games" movement, led by YouTuber Accursed Farms, has gained serious momentum as it pushes back against the practice of game publishers shutting down access to titles consumers have paid for. Recent milestones include a UK petition surpassing 100K signatures and an EU initiative nearing its 1 million goal. GamingOnLinux reports: In the UK, the newer petition has flown past the 100K signatures (126,066 at time of writing) needed for it to be considered for a debate in Parliament. That doesn't mean it will happen, just that it now needs to be considered by the UK government to potentially have it mentioned. A good step though, with signatures still flowing in until July 14th, showing there's demand for change.

On the EU side, things are also going well there now too. Against the needed 1 million signatures, it's now hit 977,864 (at time of writing). According to the official Accursed Farms X account, they've had reports of "non-citizens spoofing signatures on the EU initiative" so it may be a little inflated.

An anonymous reader shares a report: AI-powered chatbots often deliver incorrect information when asked to name the address for major companies' websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals. Netcraft prompted the GPT-4.1 family of models with input such as "I lost my bookmark. Can you tell me the website to login to [brand]?" and "Hey, can you help me find the official website to log in to my [brand] account? I want to make sure I'm on the right site."

The brands specified in the prompts named major companies the field of finance, retail, tech, and utilities. The team found that the AI would produce the correct web address just 66% of the time. 29% of URLs pointed to dead or suspended sites, and a further five percent to legitimate sites -- but not the ones users requested.

While this is annoying for most of us, it's potentially a new opportunity for scammers, Netcraft's lead of threat research Rob Duncan told The Register. Phishers could ask for a URL and if the top result is a site that's unregistered, they could buy it and set up a phishing site, he explained.

Mixpanel co-founder Suhail Doshi has publicly accused an Indian developer of simultaneously working at multiple startups under false pretenses. Doshi posted on X that Soham Parekh works at "3-4 startups at the same time" and has been "preying on YC companies." (YC, or Y Combinator, is a popular startup accelerator and venture capital firm.)

Doshi fired Parekh within a week at his company Playground AI and warned him to stop the practice, but said Parekh continued a year later. Parekh's resume lists positions at Dynamo AI, Union AI, Synthesia, and Alan AI, along with degrees from the University of Mumbai and Georgia Institute of Technology. Doshi called the CV "probably 90% fake and most links are gone." Several other startup founders confirmed they had either hired Parekh in the past, or had been approached by him. Nicolai Ouporov of Fleet AI said Parekh "works at more than 4 startups at any given time." Justin Harvey of AIVideo said he nearly hired Parekh, who "crushed the interview." Doshi said he corroborated the account with more than six companies before posting publicly.

Citigroup spent over $9 billion on technology and communications last year, almost a fifth of total operating expenses and a larger proportion than competitors, as the bank works to fix legacy software systems that have produced costly errors including accidentally wiring more than $900 million to Revlon creditors.

The bank has consolidated 12 international sanctions screening systems into one platform, retired 20 cash equities platforms and launched a replacement, and automated high-risk processes where "fat-finger" errors previously occurred. Recent mistakes included crediting one account with $81 trillion after an employee failed to remove zeros from an electronic form and a copy-paste error that almost missent $6 billion.

Amazon plans to shut down its standalone Freevee app in August, according to an in-app notice to users. From a report: The free, ad-supported streaming service is directing viewers to continue watching Freevee content on Prime Video.

"Prime Video is the new exclusive home for Freevee Tv show, movies, and Live TV," the notice to readers states. "The Freevee app will be accessible until August 2025. Continue watching your favorite Free Originals and our library of hit movies, shows, and live TV on Prime Video for free, no subscription needed. Download Prime Video to get started and sign-in with your Amazon account."

Apple has filed (PDF) a lawsuit against former Vision Pro engineer Di Liu, accusing him of stealing thousands of confidential files related to his work on Apple's augmented reality headset for the benefit of his new employer Snap. The company alleges Liu misled colleagues about his departure, secretly accepted a job offer from Snap, and attempted to cover his tracks by deleting files -- actions Apple claims violated his confidentiality agreement. The Register reports: Liu secretly received a job offer from Snap on October 18, 2024, a role the complaint describes as "substantially similar" to his Apple position, meaning Liu waited nearly two weeks to resign from Apple, per the lawsuit. "Even then, he did not disclose he was leaving for Snap," the suit said. "Apple would not have allowed Mr. Liu continued access had he told the truth." Liu allegedly copied "more than a dozen folders containing thousands of files" from Apple's filesystem to a personal cloud storage account, dropping the stolen bits in a pair of nested folders with the amazingly nondescript names "Personal" and "Knowledge."

Apple said that data Liu copied includes "filenames containing confidential Apple product code names" and files "marked as Apple confidential." Company research, product design, and supply chain management documents were among the content Liu is accused of stealing. The complaint also alleges that Liu deleted files to conceal his activities, a move that may hinder Apple's ability to determine the full scope of the data he exfiltrated. "Mr. Liu additionally took actions to conceal his theft, including deceiving Apple about his job at Snap, and deleting files from his Apple-issued computer that might have let Apple determine what data Mr. Liu stole," the complaint noted.

Whatever he has, Apple wants it back. The company demands a jury trial on a single count of breach of contract under a confidentiality and intellectual property agreement Liu was bound to. It also asks the court to compel Liu to return all misappropriated data, award damages to be determined at trial, and reimburse Apple's costs and attorneys' fees.

An anonymous reader quotes a report from Axios: Tinder is mandating new users in California verify their profiles using facial recognition technology starting Monday, executives exclusively tell Axios. The move aims to reduce impersonation and is part of Tinder parent Match Group's broader effort to improve trust and safety amid ongoing user frustration. The Face Check feature prompts users to take a short video selfie during onboarding. The biometric face scan, powered by FaceTec, then confirms the person is real and present and whether their face matches their profile photos. It also checks if the face is used across multiple accounts. If the criteria are met, the user receives a photo verified badge on their profile. The selfie video is then deleted. Tinder stores a non-reversible, encrypted face map to detect duplicate profiles in the future.

Face Check is separate from Tinder's ID Check, which uses a government-issued ID to verify age and identity. "We see this as one part of a set of identity assurance options that are available to users," Match Group's head of trust and safety Yoel Roth says. "Face Check ... is really meant to be about confirming that this person is a real, live person and not a bot or a spoofed account." "Even if in the short term, it has the effect of potentially reducing some top-line user metrics, we think it's the right thing to do for the business," Rascoff said.

AMC Theatres now warns customers that movies start 25-30 minutes after the listed showtime to account for ads and trailers, "making it easier for moviegoers to know the actual start time of their film screening," reports The Verge. From the report: Starting today, AMC will also show more ads than before, meaning its preshow lineup may have to be reconfigured to avoid exceeding the 30-minute mark. The company made an agreement with the National CineMedia ad network that includes as much as five minutes of commercials shown "after a movie's official start time," according to The Hollywood Reporter, and an additional 30-to-60-second "Platinum Spot" that plays before the last one or two trailers.

AMC was the only major theater chain to reject the National CineMedia ad spot when it was pitched in 2019, telling Bloomberg at the time that it believed "US moviegoers would react quite negatively." Now struggling financially amid an overall decline in movie theater attendance and box-office grosses, AMC has reversed course, telling The Hollywood Reporter that its competitors "have fully participated for more than five years without any direct impact to their attendance."

AT&T has launched a new Account Lock feature designed to protect customers from SIM swapping attacks. The security tool, available through the myAT&T app, prevents unauthorized changes to customer accounts including phone number transfers, SIM card changes, billing information updates, device upgrades, and modifications to authorized users.

SIM swapping attacks occur when criminals obtain a victim's phone number through social engineering techniques, then intercept messages and calls to access two-factor authentication codes for sensitive accounts. The attacks have become increasingly common in recent years. AT&T began gradually rolling out Account Lock earlier this year, joining T-Mobile, Verizon, and Google Fi, which already offer similar fraud prevention features.

Avantare writes: Microsoft Authenticator houses your passwords and lets you sign into all of your Microsoft accounts using a PIN, facial recognition such as Windows Hello, or other biometric data, like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your Microsoft accounts.
In June, Microsoft stopped letting users add passwords to Authenticator, but here's a timeline of other changes you can expect, according to Microsoft:

July 2025: You won't be able to use the autofill password function.
August 2025: You'll no longer be able to use saved passwords.

U.S. banks have failed to prevent mass-scale money laundering in the face of approximately $44 billion per year in pig-butchering scams conducted by Asian crime syndicates, according to a ProPublica investigation.

Chinese-language Telegram channels openly advertise rental of U.S. bank accounts to scammers who use them to move victims' cash into cryptocurrency. Bank of America allowed hundreds of unverified customers to open accounts, prosecutors alleged, including 176 customers who claimed the same small home as their address.

Major financial institutions whose accounts pig-butchering scammers have exploited include Bank of America, Chase, Citibank, HSBC and Wells Fargo. The scams typically involve fake cryptocurrency trading platforms that convince victims to wire money to seemingly legitimate business accounts. Banks are reluctant to share account information with each other even after identifying suspicious activity, and "no real standards" exist for what banks must do to detect fraud or money laundering.

Microsoft will offer free Windows 10 security updates through October 2026 to consumers who enable Windows Backup or spend 1,000 Microsoft Rewards points, the company said today. The move provides alternatives to the previously announced $30-per-PC Extended Security Update program for individuals wanting to continue using Windows 10 past its October 14, 2025 end-of-support date.

The company will notify Windows 10 users about the ESU program through the Settings app and notifications starting in July, with full rollout by mid-August. Both free options require a Microsoft Account, which the company has increasingly pushed in Windows 11. Business and organizational customers can still purchase up to three years of ESU updates but must pay for the service.

Windows 10 remains installed on 53% of Windows PCs worldwide, according to Statcounter data.

With no one behind the steering wheel, a Tesla robotaxi passes Guero's Taco Bar in Austin Texas, making a right turn onto Congress Avenue.

Today is the day Austin became the first city in the world to see Tesla's self-driving robotaxi service, reports The Guardian: Some analysts believe that the robotaxis will only be available to employees and invitees initially. For the CEO, Tesla's rollout is slow. "We could start with 1,000 or 10,000 [robotaxis] on day one, but I don't think that would be prudent," he told CNBC in May. "So, we will start with probably 10 for a week, then increase it to 20, 30, 40."

The billionaire has said the driverless cars will be monitored remotely... [Posting on X.com] Musk said the date was "tentatively" 22 June but that this launch date would be "not real self-driving", which would have to wait nearly another week... Musk said he planned to have one thousand Tesla robotaxis on Austin roads "within a few months" and then he would expand to other cities in Texas and California.
Musk posted on X that riders on launch day would be charged a flat fee of $4.20, according to Reuters. And "In recent days, Tesla has sent invites to a select group of Tesla online influencers for a small and carefully monitored robotaxi trial..." As the date of the planned robotaxi launch approached, Texas lawmakers moved to enact rules on autonomous vehicles in the state. Texas Governor Greg Abbott, a Republican, on Friday signed legislation requiring a state permit to operate self-driving vehicles. The law does not take effect until September 1, but the governor's approval of it on Friday signals state officials from both parties want the driverless-vehicle industry to proceed cautiously... The law softens the state's previous anti-regulation stance on autonomous vehicles. A 2017 Texas law specifically prohibited cities from regulating self-driving cars...

The law requires autonomous-vehicle operators to get approval from the Texas Department of Motor Vehicles before operating on public streets without a human driver. It also gives state authorities the power to revoke permits if they deem a driverless vehicle "endangers the public," and requires firms to provide information on how police and first responders can deal with their driverless vehicles in emergency situations. The law's requirements for getting a state permit to operate an "automated motor vehicle" are not particularly onerous but require a firm to attest it can safely operate within the law... Compliance remains far easier than in some states, most notably California, which requires extensive submission of vehicle-testing data under state oversight.
Tesla "planned to operate only in areas it considered the safest," according to the article, and "plans to avoid bad weather, difficult intersections, and will not carry anyone below the age of 18."

More details from UPI: To get started using the robotaxis, users must download the Robotaxi app and use their Tesla account to log in, where it then functions like most ridesharing apps...

"Riders may not always be delivered to their intended destinations or may experience inconveniences, interruptions, or discomfort related to the Robotaxi," the company wrote in a disclaimer in its terms of service. "Tesla may modify or cancel rides in its discretion, including for example due to weather conditions." The terms of service include a clause that Tesla will not be liable for "any indirect, consequential, incidental, special, exemplary, or punitive damages, including lost profits or revenues, lost data, lost time, the costs of procuring substitute transportation services, or other intangible losses" from the use of the robotaxis.
Their article includes a link to the robotaxi's complete Terms of Service: To the fullest extent permitted by law, the Robotaxi, Robotaxi app, and any ride are provided "as is" and "as available" without warranties of any kind, either express or implied... The Robotaxi is not intended to provide transportation services in connection with emergencies, for example emergency transportation to a hospital... Tesla's total liability for any claim arising from or relating to Robotaxi or the Robotaxi app is limited to the greater of the amount paid by you to Tesla for the Robotaxi ride giving rise to the claim, and $100... Tesla may modify these Terms in our discretion, effective upon posting an updated version on Tesla's website. By using a Robotaxi or the Robotaxi app after Tesla posts such modifications, you agree to be bound by the revised Terms.

It's not just Amazon's CEO predicting AI will lower their headcount. "Top executives at some of the largest American companies have a warning for their workers: Artificial intelligence is a threat to your job," reports the Washington Post — including IBM, Salesforce, and JPMorgan Chase.

But are they really just trying to impress their shareholders? Economists say there aren't yet strong signs that AI is driving widespread layoffs across industries.... CEOs are under pressure to show they are embracing new technology and getting results — incentivizing attention-grabbing predictions that can create additional uncertainty for workers. "It's a message to shareholders and board members as much as it is to employees," Molly Kinder, a Brookings Institution fellow who studies the impact of AI, said of the CEO announcements, noting that when one company makes a bold AI statement, others typically follow. "You're projecting that you're out in the future, that you're embracing and adopting this so much that the footprint [of your company] will look different."

Some CEOs fear they could be ousted from their job within two years if they don't deliver measurable AI-driven business gains, a Harris Poll survey conducted for software company Dataiku showed. Tech leaders have sounded some of the loudest warnings — in line with their interest in promoting AI's power...

IBM, which recently announced job cuts, said it replaced a couple hundred human resource workers with AI "agents" for repetitive tasks such as onboarding and scheduling interviews. In January, Meta CEO Mark Zuckerberg suggested on Joe Rogan's podcast that the company is building AI that might be able to do what some human workers do by the end of the year.... Marianne Lake, JPMorgan's CEO of consumer and community banking, told an investor meeting last month that AI could help the bank cut headcount in operations and account services by 10 percent. The CEO of BT Group Allison Kirkby suggested that advances in AI would mean deeper cuts at the British telecom company...

Despite corporate leaders' warnings, economists don't yet see broad signs that AI is driving humans out of work. "We have little evidence of layoffs so far," said Columbia Business School professor Laura Veldkamp, whose research explores how companies' use of AI affects the economy. "What I'd look for are new entrants with an AI-intensive business model, entering and putting the existing firms out of business." Some researchers suggest there is evidence AI is playing a role in the drop in openings for some specific jobs, like computer programming, where AI tools that generate code have become standard... It is still unclear what benefits companies are reaping from employees' use of AI, said Arvind Karunakaran, a faculty member of Stanford University's Center for Work, Technology, and Organization. "Usage does not necessarily translate into value," he said. "Is it just increasing productivity in terms of people doing the same task quicker or are people now doing more high value tasks as a result?"

Lynda Gratton, a professor at London Business School, said predictions of huge productivity gains from AI remain unproven. "Right now, the technology companies are predicting there will be a 30% productivity gain. We haven't yet experienced that, and it's not clear if that gain would come from cost reduction ... or because humans are more productive."
On an earnings call, Salesforce's chief operating and financial officer said AI agents helped them reduce hiring needs — and saved $50 million, according to the article. (And Ethan Mollick, co-director of Wharton School of Business' generative AI Labs, adds that if advanced tools like AI agents can prove their reliability and automate work — that could become a larger disruptor to jobs.) "A wave of disruption is going to happen," he's quoted as saying.

But while the debate continues about whether AI will eliminate or create jobs, Mollick still hedges that "the truth is probably somewhere in between."

An anonymous reader quotes a report from Cybernews: Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various infostealers. Unnecessarily compiling sensitive information can be as damaging as actively trying to steal it. For example, the Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned.

Our team has been closely monitoring the web since the beginning of the year. So far, they've discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records. None of the exposed datasets were reported previously, bar one: in late May, Wired magazine reported a security researcher discovering a "mysterious database" with 184 million records. It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is.

"This is not just a leak -- it's a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets -- these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale," researchers said. The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances. Key details to be aware of: - The records include billions of login credentials, often structured as URL, login, and password.
- The datasets include both old and recent breaches, many with cookies, tokens, and metadata, making them especially dangerous for organizations without multi-factor authentication or strong credential practices.
- Exposed services span major platforms like Apple, Google, Facebook, Telegram, GitHub, and even government services.
- The largest dataset alone includes 3.5 billion records, while one associated with the Russian Federation has over 455 million; many dataset names suggest links to malware or specific regions.
- Ownership of the leaked data is unclear, but its potential for phishing, identity theft, and ransomware is severe -- especially since even a - Basic cyber hygiene -- such as regularly updating strong passwords and scanning for malware -- is currently the best line of defense for users.

Hackers have stolen hundreds of millions of dollars from cryptocurrency holders and disrupted major retailers by targeting outsourced call centers used by American corporations to reduce costs, WSJ reported Thursday. The attackers exploit low-paid call center workers through bribes and social engineering to bypass two-factor authentication systems protecting bank accounts and online portals.

Coinbase faces potential losses of $400 million after hackers compromised data belonging to 97,000 customers by bribing call center workers in India with payments of $2,500. The criminals also used malicious tools that exploited vulnerabilities in Chrome browser extensions to collect customer data in bulk.

TaskUs, which handled Coinbase support calls, shut down operations at its Indore, India facility and laid off 226 workers. Retail attacks targeted Marks & Spencer and Harrods with hackers impersonating corporate executives to pressure tech support workers into providing network access. The same technique compromised MGM Resorts systems in 2023. Call center employees typically possess sensitive customer information including account balances and recent transactions that criminals use to masquerade as legitimate company representatives.

Facebook now supports passkeys for login, offering users a more secure, phishing-resistant alternative to passwords by using biometrics or a PIN stored on their device. The feature is rolling out to iOS and Android "soon," while Messenger will get the feature "in the coming months." Lifehacker reports: Meta seems pretty excited about the news -- and not just because the company happens to be a member of the FIDO Alliance, the organization that developed passkeys. Aside from logging into your Facebook account, Meta says you'll be able to use passkeys to autofill your payment info when buying things with Meta Pay. You'll also be able to use the same passkey between both Facebook and Messenger, and your passkey will act as a key to lock out your encrypted Messenger chats.