A series of intrusions targeting Chrome browser extensions has compromised multiple companies since mid-December, experts revealed. Among the victims is Cyberhaven, a California-based data protection company. The breach, confirmed by Cyberhaven on Christmas Eve, is reportedly part of a larger campaign aimed at developers of Chrome extensions across various industries.
Cyberhaven stated it is cooperating with federal law enforcement to address the issue. Browser extensions, commonly used to enhance web browsing, can also pose risks when maliciously altered. Cyberhaven’s Chrome extension, for example, is designed to monitor and secure client data within web-based applications.
Experts identified other compromised extensions, including those involving AI and virtual private networks. Jaime Blasco, cofounder of Texas-based Nudge Security, noted that the attacks appear opportunistic, aiming to harvest sensitive data from numerous sources. Some breaches date back to mid-December, indicating an ongoing effort.
Federal authorities, including the US cyber watchdog CISA, have redirected inquiries to the affected companies. Alphabet, maker of the Chrome browser, has yet to respond to requests for comment.
As concerns grow over the impact of smartphones on children, several European countries are implementing or debating restrictions on their use in schools. France, for example, has prohibited phones in primary and secondary schools since 2018 and recently extended the policy to include ‘digital breaks’ at some institutions. Similarly, the Netherlands and Hungary have adopted bans, with exceptions for educational purposes or special needs, while Italy, Greece, and Latvia have also imposed restrictions.
The debate is fueled by studies showing that smartphones can distract students, though some argue they can also be useful for learning. A 2023 UNESCO report recommended limiting phones in schools to support education, with more than 60 countries now following similar measures. However, enforcement remains a challenge, as some reports suggest that many students still find ways to use their devices despite the bans.
Experts remain divided on the issue. While some highlight the risks of distraction and mental health impacts, others emphasise the need for balance. ‘Banning phones can be beneficial, but we must ensure children have adequate alternatives for education and communication,’ said Ben Carter, a professor of medical statistics at King’s College London.
The trend reflects broader concerns about screen time among children, with countries like Sweden and Luxembourg calling for clearer rules to promote healthier digital habits. While opinions differ, the growing movement underscores a collective effort to create focused, engaging, and healthier learning environments.
Smart home cameras have become a staple for security-conscious households, offering peace of mind by monitoring both indoor and outdoor spaces. However, new research by Surfshark exposes alarming privacy concerns, showing that these devices collect far more user data than necessary. Outdoor security camera apps top the list, gathering an average of 12 data points, including sensitive information such as precise location, email addresses, and payment details which is 50% more than other smart devices.
Indoor camera apps are slightly less invasive but still problematic, collecting an average of nine data points, including audio data and purchase histories. Some apps, like those from Arlo, Deep Sentinel, and D-Link, even extract contact information unnecessarily, raising serious questions about user consent and safety. The absence of robust privacy regulations leaves users vulnerable to data breaches, cyberattacks, and misuse of personal information.
Experts recommend limiting data-sharing permissions, using strong passwords, and regularly updating privacy settings to mitigate risks. Options such as enabling local storage instead of cloud services and employing a VPN can further protect against data leaks. While smart cameras bring convenience, they highlight the urgent need for clearer regulations to safeguard consumer privacy in the era of connected technology.
In the rapidly expanding online world, teenagers are becoming prime targets for scammers. Over a recent five-year period, financial losses reported by teens increased by an alarming 2,500%, outpacing the 805% rise among seniors. Experts attribute this to scammers exploiting the tech-savviness of younger users while capitalising on their lack of experience.
Scammers use various tactics, including impersonating online influencers, romance schemes, and phishing for sensitive information through gaming platforms. One growing threat involves sextortion, where victims are coerced into sharing explicit images that are later used to demand money under the threat of public exposure. Tragically, such incidents have already led to devastating consequences, including teen suicides.
Parents are urged to foster open communication with their children about these risks, creating a safe space for them to share any unsettling online encounters. Basic steps like monitoring app usage, staying connected on social media, and setting clear tech boundaries can go a long way in shielding teens from these dangers. The key, experts stress, is building trust and ensuring children know they have unwavering support, no matter the situation.
Apple has introduced an ‘Enhanced Visual Search’ feature in iOS 18, allowing users to identify landmarks in photos by matching data with a global database. While convenient, the feature has sparked privacy concerns, as it is enabled by default, requiring users to manually turn it off in settings if they prefer not to share photo data with Apple.
The feature uses on-device machine learning to detect landmarks in photos, creating encrypted ‘vector embeddings’ of image data. These are then sent to Apple for comparison with its database. While the company has reportedly implemented privacy safeguards, such as encrypting and condensing data into machine-readable formats, critics argue the feature should have been opt-in rather than opt-out, aligning with Apple’s usual privacy standards.
This toggle builds on Apple’s earlier ‘Visual Look Up’ tool, which identifies objects like plants or symbols without sending data to Apple’s servers. Privacy advocates suggest that Apple could have maintained this approach for Enhanced Visual Search, questioning why it requires shared data for similar functionality.
The debate highlights ongoing tensions between technological convenience and user privacy, raising questions about how far companies should go in enabling features that require data sharing without explicit consent.
AT&T and Verizon have confirmed cyberattacks linked to a Chinese hacking group known as “Salt Typhoon,” but assured the public on Saturday that their US networks are now secure. Both companies acknowledged the breaches for the first time, stating they are cooperating with law enforcement and government agencies to address the threat. AT&T disclosed that the attackers targeted a small group of individuals tied to foreign intelligence, while Verizon emphasised that the activities have been contained following extensive remediation efforts.
The attacks, described by US officials as the most extensive telecommunications hack in the nation’s history, reportedly allowed Salt Typhoon operatives to access sensitive network systems, including the ability to geolocate individuals and record phone calls. Authorities have linked the breaches to several telecom firms, with a total of nine entities now confirmed as compromised. In response, the Cybersecurity and Infrastructure Security Agency has urged government officials to transition to encrypted communication methods.
US Senators, including Democrat Ben Ray Luján and Republican Ted Cruz, have expressed alarm over the breach’s scale, calling for stronger safeguards against future intrusions. Meanwhile, Chinese officials have denied the accusations, dismissing them as disinformation and reaffirming their opposition to cyberattacks. Despite assurances from the companies and independent cybersecurity experts, questions remain about how long it will take to fully restore public confidence in the nation’s telecommunications security.
Hackers are using fake job offers from well-known crypto firms to trick victims into installing malware that grants them access to devices and wallets. According to blockchain expert Taylor Monahan, these scams begin with the hackers posing as recruiters offering high-paying roles, with salaries ranging from $200,000 to $350,000. Instead of sharing documents or software, victims are led through a series of steps to “fix” technical issues with their microphone and camera, which results in malware installation.
Monahan explained that the scam unfolds during lengthy interviews where the final step involves the victim being instructed to resolve an access issue. Following the given instructions prompts a fake browser update that compromises their system. The malware can provide attackers with backdoor access to steal crypto funds or cause other damage, and it works across Mac, Windows, and Linux platforms.
These fake recruiters approach victims on LinkedIn, freelancer platforms, and chat apps like Discord and Telegram, advertising roles at major crypto firms like Gemini and Kraken. Monahan advised those who suspect exposure to the malware to wipe their devices and urged everyone in the crypto space to remain vigilant against such tactics.
Hackers temporarily disrupted around ten official websites in Italy on Saturday, including those of the Foreign Ministry and Milan’s two airports, according to the country’s cybersecurity agency. The pro-Russian group Noname057(16) claimed responsibility on Telegram, describing the attack as a retaliation against what it called Italy’s ‘Russophobia.’
The attack, a Distributed Denial of Service (DDoS) operation, flooded networks with excessive data traffic, paralysing their functionality. Italy’s cybersecurity agency acted swiftly, mitigating the impact within two hours. A spokesperson confirmed that assistance was provided to affected institutions and companies.
Despite the disruptions, flights at Milan’s Linate and Malpensa airports were unaffected, and the airports’ mobile apps continued to operate normally, according to SEA, the company managing the airports. Authorities continue to investigate the incident, highlighting ongoing threats from cyber groups linked to geopolitical tensions.
President-elect Donald Trump has called on the US Supreme Court to postpone implementing a law that would ban TikTok or force its sale, arguing for time to seek a political resolution after taking office. The court will hear arguments on the case on 10 January, ahead of a 19 January deadline for TikTok’s Chinese owner, ByteDance, to sell the app or face a US ban.
The move marks a stark shift for Trump, who previously sought to block TikTok in 2020 over national security concerns tied to its Chinese ownership. Trump’s legal team emphasised that his request does not take a stance on the law’s merits but seeks to allow his incoming administration to explore alternatives. Trump has expressed a newfound appreciation for TikTok, citing its role in boosting his campaign visibility.
TikTok, with over 170 million US users, continues to challenge the legislation, asserting that its data and operations affecting US users are fully managed within the country. However, national security concerns persist, with the Justice Department and a coalition of attorneys general urging the Supreme Court to uphold the divest-or-ban mandate. The case highlights the growing debate between free speech advocates and national security interests in regulating digital platforms.
A power provider in Siberia’s Irkutsk region has been caught illegally leasing land to crypto miners, with the plot originally designated for public utilities. The Irkutsk Region Prosecutor-General’s Office announced that the unnamed power company had facilitated the establishment of a crypto mining farm, leading to a fine of 330 thousand rubles (approximately $3,120) and an ongoing administrative case against the firm.
This case highlights the ongoing issue of illegal crypto mining in Russia, particularly in Siberia, where miners are drawn to cheap electricity and low temperatures that reduce cooling costs. However, the increased demand for power has led to grid instability and power outages in the region, prompting Moscow to implement temporary mining bans in some areas. Despite these measures, illegal mining continues to thrive, especially in Irkutsk.
Other parts of Russia, like Tyumen and the Komi Republic, are emerging as alternative hotspots for crypto mining, with new facilities being developed to attract miners. In addition to these developments, Russia’s largest industrial mining firm, BitRiver, is building a new 100MW data centre in Buryatia, set to become the largest in the Far Eastern Federal District. These moves reflect the growing demand for crypto mining infrastructure across the country, despite the regulatory challenges.
