Microsoft will stop using China-based engineers to support U.S. military cloud services after a ProPublica report revealed their involvement, prompting backlash from Senator Tom Cotton and a two-week Pentagon review ordered by Defense Secretary Pete Hegseth. In response, Hegseth announced an immediate ban on any Chinese involvement in Department of Defense cloud contracts. Reuters reports: The report detailed Microsoft's use of Chinese engineers to work on U.S. military cloud computing systems under the supervision of U.S. "digital escorts" hired through subcontractors who have security clearances but often lacked the technical skills to assess whether the work of the Chinese engineers posed a cybersecurity threat. [Microsoft] told ProPublica it disclosed its practices to the U.S. government during an authorization process.

On Friday, Microsoft spokesperson Frank Shaw said on social media website X the company changed how it supports U.S. government customers "in response to concerns raised earlier this week ... to assure that no China-based engineering teams are providing technical assistance" for services used by the Pentagon.

At Sotheby's Geek Week auction, the largest known Martian meteorite on Earth sold for a record-breaking $5.3 million. The Associated Press reports: The 54-pound (25-kilogram) rock named NWA 16788 was discovered in the Sahara Desert in Niger by a meteorite hunter in November 2023, after having been blown off the surface of Mars by a massive asteroid strike and traveling 140 million miles (225 million kilometers) to Earth, according to Sotheby's. The estimated sale price before the auction was $2 million to $4 million. The identity of the buyer was not immediately disclosed. The final bid was $4.3 million. Adding various fees and costs, the official sale price was about $5.3 million, making it the most valuable meteorite ever sold at auction, Sotheby's said.

The live bidding was slow, with the auctioneer trying to coax more offers and decreasing the minimum bid increases. [...] The bidding for the Mars meteorite began with two advance offers of $1.9 million and $2 million. The live bidding slowly proceeded with increases of $200,000 and $300,000 until $4 million, then continued with $100,000 increases until reaching $4.3 million. The red, brown and gray meteorite is about 70% larger than the next largest piece of Mars found on Earth and represents nearly 7% of all the Martian material currently on this planet, Sotheby's says. It measures nearly 15 inches by 11 inches by 6 inches (375 millimeters by 279 millimeters by 152 millimeters). It was also a rare find. There are only 400 Martian meteorites out of the more than 77,000 officially recognized meteorites found on Earth, the auction house says.

The UK secretly relocated thousands of Afghans to the UK after their personal details were disclosed in one of the country's worst ever data breaches, putting them at risk of Taliban retaliation. The operation cost around $2.7 billion and remained under a court-imposed superinjunction until recently lifted. Reuters reports: The leak by the Ministry of Defence in early 2022, which led to data being published on Facebook the following year, and the secret relocation program, were subject to a so-called superinjunction preventing the media reporting what happened, which was lifted on Tuesday by a court. British defence minister John Healey apologised for the leak, which included details about members of parliament and senior military officers who supported applications to help Afghan soldiers who worked with the British military and their families relocate to the UK. "This serious data incident should never have happened," Healey told lawmakers in the House of Commons. It may have occurred three years ago under the previous government, but to all whose data was compromised I offer a sincere apology."

The incident ranks among the worst security breaches in modern British history because of the cost and risk posed to the lives of thousands of Afghans, some of whom fought alongside British forces until their chaotic withdrawal in 2021. Healey said about 4,500 Afghans and their family members have been relocated or were on their way to Britain under the previously secret scheme. But he added that no-one else from Afghanistan would be offered asylum because of the data leak, citing a government review which found little evidence of intent from the Taliban to seek retribution against former officials.

A Russian professional basketball player has been arrested in France at the request of the United States, which reportedly accused him of being involved in a ransomware group that allegedly targeted hundreds of American companies and federal institutions. From a report: Daniil Kasatkin, 26, was detained in June at Paris's Charles de Gaulle Airport shortly after arriving in the country with his fiancee, according to local media reports. He is currently being held in extradition custody, with a U.S. warrant reportedly issued against him. Kasatkin previously studied and played basketball in the U.S., at Penn State University.

The unnamed ransomware network Kasatkin is suspected of being part of is believed to have targeted nearly 900 entities between 2020 and 2022. Local media, citing court proceedings in Paris, reported that Kasatkin allegedly helped negotiate ransom payments, though the extent of the damage caused by the attacks has not been disclosed.

In April researchers responsibly disclosed two security flaws found in Sudo "that could enable local attackers to escalate their privileges to root on susceptible machines," reports The Hacker News. "The vulnerabilities have been addressed in Sudo version 1.9.17p1 released late last month." Stratascale researcher Rich Mirch, who is credited with discovering and reporting the flaws, said CVE-2025-32462 has managed to slip through the cracks for over 12 years. It is rooted in the Sudo's "-h" (host) option that makes it possible to list a user's sudo privileges for a different host. The feature was enabled in September 2013. However, the identified bug made it possible to execute any command allowed by the remote host to be run on the local machine as well when running the Sudo command with the host option referencing an unrelated remote host. "This primarily affects sites that use a common sudoers file that is distributed to multiple machines," Sudo project maintainer Todd C. Miller said in an advisory. "Sites that use LDAP-based sudoers (including SSSD) are similarly impacted."

CVE-2025-32463, on the other hand, leverages Sudo's "-R" (chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. It's also a critical-severity flaw. "The default Sudo configuration is vulnerable," Mirch said. "Although the vulnerability involves the Sudo chroot feature, it does not require any Sudo rules to be defined for the user. As a result, any local unprivileged user could potentially escalate privileges to root if a vulnerable version is installed...."

Miller said the chroot option will be removed completely from a future release of Sudo and that supporting a user-specified root directory is "error-prone."

An anonymous reader quotes a report from TechCrunch: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app's full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from the phones of their victims. [...] According to a copy of the database from early June, which TechCrunch has seen, Catwatchful had email addresses and passwords on more than 62,000 customers and the phone data from 26,000 victims' devices.

Most of the compromised devices were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia (in order of the number of victims). Some of the records date back to 2018, the data shows. The Catwatchful database also revealed the identity of the spyware operation's administrator, Omar Soca Charcov, a developer based in Uruguay. Charcov opened our emails, but did not respond to our requests for comment sent in both English and Spanish. TechCrunch asked if he was aware of the Catwatchful data breach, and if he plans to disclose the incident to its customers. Without any clear indication that Charcov will disclose the incident, TechCrunch provided a copy of the Catwatchful database to data breach notification service Have I Been Pwned. The stalkerware operation uses a custom API and Google's Firebase to collect and store victims' stolen data, including photos and audio recordings. According to Daigle, the API was left unauthenticated, exposing sensitive user data such as email addresses and passwords.

The hosting provider temporarily suspended the spyware after TechCrunch disclosed this vulnerability but it returned later on HostGator. Despite being notified, Google has yet to take down the Firebase instance but updated Google Play Protect to detect Catwatchful.

While Catwatchful claims it "cannot be uninstalled," you can dial "543210" and press the call button on your Android phone to reveal the hidden app. As for its removal, TechCrunch has a general how-to guide for removing Android spyware that could be helpful.

Grammarly has acquired the AI email client Superhuman to enhance its AI-driven productivity suite and expand AI capabilities within email communication. Financial terms of the deal were not disclosed but Superhuman CEO Rahul Vohra and his team will be joining the AI writing company. TechCrunch reports: Superhuman was founded by Rahul Vohra, Vivek Sodera, and Conrad Irwin. The company raised more than $114 million in funding from backers including a16z, IVP, and Tiger Global, with its last valuation at $825 million, according to data from venture data analytics firm Traxcn. "With Superhuman, we can deliver that future to millions more professionals while giving our existing users another surface for agent collaboration that simply doesn't exist anywhere else. Email isn't just another app; it's where professionals spend significant portions of their day, and it's the perfect staging ground for orchestrating multiple AI agents simultaneously," Shishir Mehrotra, CEO of Grammarly, said in a statement.

With this deal, CEO Vohra and other Superhuman employees are moving over to Grammarly. "Email is the main communication tool for billions of people worldwide and the number-one use case for Grammarly customers. By joining forces with Grammarly, we will invest even more in the core Superhuman experience, as well as create a new way of working where AI agents collaborate across the communication tools that we all use every day," Rahul Vohra, CEO of Superhuman, said in a statement.

Oracle has signed a landmark $30 billion annual cloud deal -- nearly triple the size of its current cloud infrastructure business -- with revenue expected to begin in fiscal year 2028. The deal was disclosed in a regulatory filing Monday without the customer being named. Bloomberg reports: "Oracle is off to a strong start" in its fiscal year 2026, Chief Executive Officer Safra Catz said in the filing. The company has signed "multiple large cloud services agreements," she said, adding that revenue from Oracle's namesake database that runs on other clouds continues to grow more than 100%.

The $30-billion deal ranks among the largest cloud contracts on record. That revenue alone would represent nearly three times the size of Oracle's current infrastructure business, which totaled $10.3 billion over the past four quarters. A major cloud contract awarded in 2022 from the US Defense Department, that runs through 2028 and could be worth as much as $9 billion, is split among four companies, including Oracle. That award was a shift after an earlier contract worth $10 billion was awarded to Microsoft and was contested in court.

Designated as a foreign terrorist group by multiple countries, Mexico's Sinaloa drug cartel fiercely defends its transnational organized crime syndicate.

"A hacker working for the Sinaloa drug cartel was able to obtain an FBI official's phone records," reports Reuters, "and use Mexico City's surveillance cameras to help track and kill the agency's informants in 2018, the U.S. Justice Department said in a report issued on Thursday." The incident was disclosed in a Justice Department Inspector General's audit of the FBI's efforts to mitigate the effects of "ubiquitous technical surveillance," a term used to describe the global proliferation of cameras and the thriving trade in vast stores of communications, travel, and location data... The report said the hacker identified an FBI assistant legal attaché at the U.S. Embassy in Mexico City and was able to use the attaché's phone number "to obtain calls made and received, as well as geolocation data."

The report said the hacker also "used Mexico City's camera system to follow the (FBI official) through the city and identify people the (official) met with." The report said "the cartel used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses."

An anonymous reader quotes a report from Ars Technica: After a court ordered OpenAI to "indefinitely" retain all ChatGPT logs, including deleted chats, of millions of users, two panicked users tried and failed to intervene. The order sought to preserve potential evidence in a copyright infringement lawsuit raised by news organizations. In May, Judge Ona Wang, who drafted the order, rejected the first user's request (PDF) on behalf of his company simply because the company should have hired a lawyer to draft the filing. But more recently, Wang rejected (PDF) a second claim from another ChatGPT user, and that order went into greater detail, revealing how the judge is considering opposition to the order ahead of oral arguments this week, which were urgently requested by OpenAI.

The second request (PDF) to intervene came from a ChatGPT user named Aidan Hunt, who said that he uses ChatGPT "from time to time," occasionally sending OpenAI "highly sensitive personal and commercial information in the course of using the service." In his filing, Hunt alleged that Wang's preservation order created a "nationwide mass surveillance program" affecting and potentially harming "all ChatGPT users," who received no warning that their deleted and anonymous chats were suddenly being retained. He warned that the order limiting retention to just ChatGPT outputs carried the same risks as including user inputs, since outputs "inherently reveal, and often explicitly restate, the input questions or topics input."

Hunt claimed that he only learned that ChatGPT was retaining this information -- despite policies specifying they would not -- by stumbling upon the news in an online forum. Feeling that his Fourth Amendment and due process rights were being infringed, Hunt sought to influence the court's decision and proposed a motion to vacate the order that said Wang's "order effectively requires Defendants to implement a mass surveillance program affecting all ChatGPT users." [...] OpenAI will have a chance to defend panicked users on June 26, when Wang hears oral arguments over the ChatGPT maker's concerns about the preservation order. In his filing, Hunt explained that among his worst fears is that the order will not be blocked and that chat data will be disclosed to news plaintiffs who may be motivated to publicly disseminate the deleted chats. That could happen if news organizations find evidence of deleted chats they say are likely to contain user attempts to generate full news articles.

Wang suggested that there is no risk at this time since no chat data has yet been disclosed to the news organizations. That could mean that ChatGPT users may have better luck intervening after chat data is shared, should OpenAI's fight to block the order this week fail. But that's likely no comfort to users like Hunt, who worry that OpenAI merely retaining the data -- even if it's never shared with news organizations -- could cause severe and irreparable harms. Some users appear to be questioning how hard OpenAI will fight. In particular, Hunt is worried that OpenAI may not prioritize defending users' privacy if other concerns -- like "financial costs of the case, desire for a quick resolution, and avoiding reputational damage" -- are deemed more important, his filing said.

Hackers suspected of working on behalf of the Chinese government exploited a maximum-severity vulnerability, which had received a patch 16 months earlier, to compromise a telecommunications provider in Canada, officials from that country and the US said Monday. ArsTechnica: "The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies," officials for the center, the Canadian government's primary cyber security agency, said in a statement. "The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon." The FBI issued its own nearly identical statement.

Salt Typhoon is the name researchers and government officials use to track one of several discreet groups known to hack nations all over the world on behalf of the People's Republic of China. In October 2023, researchers disclosed that hackers had backdoored more than 10,000 Cisco devices by exploiting CVE-2023-20198, a vulnerability with a maximum severity rating of 10. Any switch, router, or wireless LAN controller running Cisco's iOS XE that had the HTTP or HTTPS server feature enabled and exposed to the Internet was vulnerable. Cisco released a security patch about a week after security firm VulnCheck published its report.

Apple's latest AI models continue to lag behind competitors, according to the company's own benchmark testing it disclosed this week. The tech giant's newest "Apple On-Device" model, which runs locally on iPhones and other devices, performed only "comparably" to similarly-sized models from Google and Alibaba in human evaluations of text generation quality -- not better, despite being Apple's most recent release.

The performance gap widens with Apple's more powerful "Apple Server" model, designed for data center deployment. Human testers rated it behind OpenAI's year-old GPT-4o in text generation tasks. In image analysis tests, evaluators preferred Meta's Llama 4 Scout model over Apple Server, a particularly notable result given that Llama 4 Scout itself underperforms leading models from Google, Anthropic, and OpenAI on various benchmarks.

Coinbase reportedly knew as early as January about a customer data breach linked to its outsourcing partner TaskUs, where an employee in India was caught leaking customer information in exchange for bribes. "At least one part of the breach [...] occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone," reports Reuters, citing five former TaskUs employees. Though Coinbase disclosed the incident in May after receiving an extortion demand, the newly revealed timeline raises questions about how long the company was aware of the breach, which could cost up to $400 million. Reuters reports: Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were.

TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January.

In March an executive order directed America's treasury secretary to create two stockpiles of crypto assets (to accompany already-existing "strategic reserves"of gold and foreign currencies). And the Washington Post notes these new stockpiles would include "cryptocurrency seized by federal agencies in criminal or civil proceedings." But how big would America's "Strategic Bitcoin Reserve" be — and what other cryptocurrencies would the U.S. government hold in its "Digital Asset Stockpile"?

"New data on what crypto cash the U.S. government has seized may now provide some answers. It suggests the crypto reserves will together hold more than $21 billion in cryptocurrency... The stockpile will be funded with whatever crypto assets the Treasury holds other than bitcoin, leaving the stockpile's composition to be largely determined by a mixture of chance and criminal conduct. That unconventional method for selecting government financial holdings had the benefit of making the reserves cost-neutral for the taxpayer.

It also provided a way to estimate what exactly might go into the two pools before results are released from an official accounting of U.S. crypto holdings that is underway.Because government seizures are disclosed in court documents, news releases and other sources, crypto-tracking firms can use those notices to monitor which digital assets the U.S. government holds. Chainalysis, a blockchain analytics firm, reviewed cryptocurrency wallets that appear to be associated with the U.S. government for The Washington Post. The company estimated how much bitcoin it holds, and the other crypto tokens in its top 20 digital holdings as of May 13, by tracking transactions involving those wallets.

The United States' top 20 crypto holdings according to Chainalysis are worth about $20.9 billion as of 3 p.m. Eastern on May 28, with $20.4 billion in bitcoin and about $493 million in other digital assets. It has been scooped up from crimes such as stolen funds, scams and sales on dark net markets. Those estimates put the U.S. government's top crypto holdings at less than the approximately $25 billion worth of oil held in the U.S. Strategic Petroleum Reserve. Their value is nearly double the Fed's listing for U.S. gold holdings, although that figure uses outdated pricing and would be over $850 billion at current prices...

The crypto tokens headed for the U.S. Digital Asset Stockpile according to the Chainalysis list include ethereum, the world's second-largest digital asset, and a string of other crypto tokens with punier name recognition. They include derivatives of bitcoin and ethereum that mirror those cryptocurrencies' prices, several stable coins designed to be pegged in value to the U.S. dollar, and 10 tokens tied to specific companies, including the cryptocurrency exchanges FTX, which imploded in 2022 after defrauding customers, and Binance.
Two U.S. states have already passed legislation creating their own cryptocurrency reserve funds, the article points out. But ethereum co-founder Vitalik Buterin complained to the Post in March that crypto's "original spirit...is about counterbalancing power" — including government and corporate power, and getting too close to "one particular government team" could conflict with its mission of decentralization and openness. And he's not the only one concerned: Austin Campbell, a professor at New York University's business school and a principal at crypto advisory firm Zero Knowledge, sees hypocrisy in crypto enthusiasts cheering the government's strategic reserves. The bitcoin community in particular "has historically been about freedom from sovereign interference," he said.

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove.

The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini.

GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

An anonymous reader quotes a report from TechCrunch: LexisNexis Risk Solutions, a data broker that collects and uses consumers' personal data to help its paying corporate customers detect possible risk and fraud, has disclosed a data breach affecting more than 364,000 people. The company said in a filing with Maine's attorney general that the breach, dating back to December 25, 2024, allowed a hacker to obtain consumers' sensitive personal data from a third-party platform used by the company for software development.

Jennifer Richman, a spokesperson for LexisNexis, told TechCrunch that an unknown hacker accessed the company's GitHub account. The stolen data varies, but includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver license numbers. It's not immediately clear what circumstances led to the breach. Richman said LexisNexis received a report on April 1, 2025 "from an unknown third party claiming to have accessed certain information." The company would not say if it had received a ransom demand from the hacker.

German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. From a report: "adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the company said. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts."

Adidas added that the stolen information did not include the affected customers' payment-related information or passwords, as the threat actors behind the breach only gained access to contact. The company has also notified the relevant authorities regarding this security incident and will alert those affected by the data breach.

Nikon will raise prices on its cameras and imaging products in the United States starting June 23, citing President Donald Trump's tariffs on Chinese-made goods as the reason for what the company calls a "necessary price adjustment." The Japanese camera maker joins a growing list of photography equipment manufacturers implementing price increases, including Canon, Sony, Leica, and lens maker Sigma. Nikon told investors the tariffs could slash its profits by 10 billion yen ($70 million) in the upcoming fiscal year, though the company has not disclosed which specific products will see increases or by how much prices will rise.

"A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver," reports The Hacker News: Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

The vulnerability was first flagged by ReliaQuest late last month when it found the shortcoming being abused in real-world attacks by unknown threat actors to drop web shells and the Brute Ratel C4 post-exploitation framework. According to [SAP cybersecurity firm] Onapsis, hundreds of SAP systems globally have fallen victim to attacks spanning industries and geographies, including energy and utilities, manufacturing, media and entertainment, oil and gas, pharmaceuticals, retail, and government organizations. Onapsis said it observed reconnaissance activity that involved "testing with specific payloads against this vulnerability" against its honeypots as far back as January 20, 2025. Successful compromises in deploying web shells were observed between March 14 and March 31.
"In recent days, multiple threat actors are said to have jumped aboard the exploitation bandwagon to opportunistically target vulnerable systems to deploy web shells and even mine cryptocurrency..."



Thanks to Slashdot reader bleedingobvious for sharing the news.

An anonymous reader quotes a report from BleepingComputer: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."

"We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information. The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.

BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.

Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.