Subject: What Beginners Often Forget About Crypto Wallets
Source: Android Headlines
https://www.androidheadlines.com/2025/07/what-beginners-often-forget-about-crypto-wallets.html
Entering the world of digital assets opens exciting possibilities, but many newcomers overlook essential facts when it comes to crypto wallets. While buying or selling tokens may feel straightforward at first, real security and control come from understanding how wallets function. Misjudging their role, particularly with regard to private keys and self-custody can expose users to avoidable risks, especially when handling bitcoin, ethereum, stablecoins, and other cryptocurrencies.
Understanding What a Crypto Wallet Really Stores. Despite widespread use, one major misunderstanding persists: a wallet does not hold cryptocurrency. Instead, it stores private keys the critical credentials that allow users to access and authorize transactions on a blockchain. Control over assets always comes down to control over those keys.
This distinction has real-world consequences. With self-custodial wallets, users retain full authority over their digital funds without needing to rely on centralized services. Mismanaging a key by losing it, mishandling the device, or revealing it means permanently losing access to the associated assets. Understanding this mechanism is vital before taking part in any transaction
Subject: AI could harm your critical thinking skills. Should that change how you use it?
Source: Android Central
https://www.androidcentral.com/apps-software/ai/ai-could-harm-your-critical-thinking-skills-should-that-change-how-you-use-it
The results found that people regularly using ChatGPT to write essays had the lowest brain engagement of the groups studied and “consistently underperformed” at all levels compared to the other groups, which used either Google Search or only their own brains to write essays. The study demonstrates “the pressing matter of a likely decrease in learning skills” resulting from LLM use, per the report.If you use AI tools, that probably sounds scary. You might be wondering whether using generative AI and large language models (LLMs) regularly puts your critical thinking skills at risk. While there’s reason for concern, using AI for the right things probably won’t be as dangerous to your mind as you might think.
Subject: In the fight against foreign information manipulation, the US can’t afford to disarm
Source: Atlantic Council
https://www.bespacific.com/in-the-fight-against-foreign-information-manipulation-the-us-cant-afford-to-disarm/
[…]
—
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.
Source: Tech.co
https://tech.co/news/dont-download-these-browser-extensions
Growth of AI Add-Ons Could Spell Cybersecurity Disaster
A bad problem could be about to get a lot worse. In recent years, AI browser add-ons have flourished, with more than 20% of surveyed employees using such extensions. Of these, 58% have “high” or “critical” permissions, giving them access to top-level data. As the technology develops and new chatbots emerge, expect this trend to become more pronounced.This spells trouble. If businesses are to turn the tide on data breaches, which occur at an astonishing rate, a good place to start would be to overhaul how they vet browser extensions. As the Google Chrome case illustrates, individual employees should be prohibited from downloading and installing these extensions.
But companies also need to invest significant time and resources into upskilling their staff on basic cybersecurity practices. And this is a problem at all levels. As Tech.co found in its recent Impact of Technology on the Workplace report, a staggering 98% of senior leaders can’t identify all the signs of a phishing scam. Well-trained employees are crucial to ensuring that rules – such as vetting processes for browser extensions – are adhered to.
Source: UPI.com
https://www.upi.com/Top_News/US/2025/07/09/appeals-ruling-FTC-click-to-cancel/9451752046397/
July 9 (UPI) — Just days before federal government was to enforce the so-called click-to-cancel rule, an appeals court struck it down, finding the Federal Trade Commission had failed to follow procedural requirements under the law. Known colloquially as the click-to cancel rule, the Negative Option Rule was to go into effect July 14, forcing companies to make it as easy for consumers to cancel enrollment in subscriptions and programs as it was for them to enroll.
The rule has received pushback from various industry associations and individual businesses who filed a legal challenge against it in October, arguing it is “arbitrary” and “capricious” under the Administrative Procedure Act due to its scope and the FTC failed to follow procedural requirements under the FTC Act.
In its ruling Tuesday, the U.S. Court of Appeals for the Eighth Circuit generally agreed.
…
“Anyone frustrated by how difficult firms make it to cancel subscriptions can tell the @FTC commissioners to re-issue the rule and urge members of Congress to make it law.”
Source: WIRED
https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
If you want a job at McDonald’s today, there’s a good chance you’ll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them “go insane” by repeatedly misunderstanding their most basic questions.
Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald’s applicants—including all the personal information they shared in those conversations—with tricks as straightforward as guessing the username and password “123456.”
[…]
Carroll says he only discovered that appalling lack of security around applicants’ information because he was intrigued by McDonald’s decision to subject potential new hires to an AI chatbot screener and personality test. “I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that’s what made me want to look into it more,” says Carroll. “So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that’s ever been made to McDonald’s going back years.”
[…]
Subject: Fake online stores look real, rank high, and trap unsuspecting buyers
Source: Help Net Security
https://www.helpnetsecurity.com/2025/07/10/tips-online-shopping-scams/
Shopping on a fake online store can lead to more than a bad purchase. It could mean losing money, having your identity stolen, or even getting malware on your device.One example of this growing threat was the Phish ‘n’ Ships fraud scheme, which hijacked over 1,000 websites to redirect shoppers to more than 200 fake online stores. These sites, operating in several languages including Dutch, English, French, and German, were designed to steal payment card details without ever delivering the goods. Bots carried out every stage of this fully automated campaign.
How cybercriminals create fake stores and reviews
[…]
- Spotting and avoiding online shopping scams – Double-check the website address: Take a moment to look carefully at the URL before you buy. Scammers often use addresses that look almost right but have small typos or extra characters. If something feels off, don’t click through from ads or emails. Type the brand’s official website into your browser or search for it directly.
- Look beyond the padlock: Seeing HTTPS and a padlock means your connection is secure, but it does not guarantee the website is trustworthy. Even fake sites can get HTTPS certificates because these only confirm that the connection is encrypted, not who runs the site. So always double-check the URL and use trusted payment methods to stay safe.
- Check reviews outside the website: Don’t rely only on the reviews posted on the store’s own site. Look for feedback on independent platforms or social media. If the reviews all sound similar or too glowing, that’s a red flag. Real reviews tend to be more mixed and genuine.
- If the price is too low, take a pause and think: Deals that seem unbelievably cheap usually come with a catch. Fraudsters use super-low prices to lure people in, so if something looks too good to be true, it probably is. It’s better to be cautious than sorry.
Source: Gizmodo
https://gizmodo.com/the-sec-is-crashing-the-digital-stocks-party-2000627381
For years, the promise of blockchain technology has captivated the financial world, hinting at a future where traditional assets are transformed into nimble, digital “tokens.” This vision, as the U.S. Securities and Exchange Commission (SEC) Commissioner Hester Peirce puts it, is “enchanting, but not magical.” She just sent a clear message to anyone hoping blockchain would free them from financial regulation: not so fast.Commissioner Peirce acknowledged the promise of tokenization, the process of turning real-world assets like stocks into blockchain-based digital tokens. But she warned that, no matter how futuristic it sounds, the same old rules still apply.
“Tokenized securities are still securities,” Peirce said in a statement. “The same legal requirements apply to on- and off-chain versions of these instruments.”
Her statement comes amid a frenzy of experimentation in tokenized finance. Firms like BlackRock, JPMorgan Chase, and Robinhood Markets are exploring how to tokenize everything from stocks and treasuries to real estate and private credit. The hype is real: blockchain-based markets promise 24/7 trading, faster settlement, better transparency, and a radically cheaper financial system.
But the SEC is reminding everyone that innovation doesn’t mean exemption. If you’re creating or selling tokenized securities, even if you’re just wrapping real assets in a digital shell, you’re still subject to decades-old laws governing how financial instruments are issued, traded, and disclosed. The goal of federal securities laws is to protect investors and ensure fair, orderly markets.
What is Tokenization, Anyway?…
Source: The Hacker News
https://thehackernews.com/2025/07/what-security-leaders-need-to-know.html
What do we mean by AI governance?
In simple terms, it basically refers to the policies, processes, and controls that ensure AI is used responsibly and securely within an organization. Done right, AI governance keeps these tools from becoming a free-for-all and instead aligns them with a company’s security requirements, compliance obligations, and ethical standards.
This is especially important in the SaaS context, where data is constantly flowing to third-party cloud services. […]
Source: FedScoop
https://fedscoop.com/device-disregard-is-multiplying-digital-ghosts-across-federal-agencies/
A few months ago, beyond the waves of layoffs, something unsettling happened at the U.S. Agency for International Development. Dismissed employees discovered they still retained access to government devices, systems, and sensitive data long after cleaning out their desks.These ghosts of endpoints past revealed a federal agency with little visibility or control over its technology perimeter. The most alarming part? This wasn’t some isolated federal haunting from a one-off.
From sprawling agencies to city governments, employees leave, devices get lost, and admins often don’t know what’s connected. As a result, digital ghosts multiply across government.
As someone who’s worked in cybersecurity and endpoint management for nearly two decades, I’ve seen this problem from all sides. And while it’s daunting, it’s solvable if we stop treating laptops and phones as office supplies and start thinking of them as security frontlines.
This endpoint mess is what happens when funding cuts meet administrative unpreparedness. Top-down, USAID simply wasn’t ready for the depth and scale of the federal freeze. Not only was the agency unable to properly decommission devices, but the IT team itself was downsized from around 100 staffers to five. Access controls simply couldn’t keep up, which is particularly concerning since two-thirds of the agency’s workforce is abroad and foreign actors could compromise device data.
…
Tagged: https://fedscoop.com/tag/device-management/
Subject: Crypto Scammer Truglia Gets 12 Years Prison, Up From 18 Months
Source: Bloomberg via archive.today
https://archive.ph/5KOVz#selection-1510.0-1523.280
Source: The Hacker News
https://thehackernews.com/2025/07/securing-data-in-ai-era.html
The 2025 Data Risk Report: [registration req’d] Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help.
As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes for safeguarding sensitive enterprise data have reached unprecedented levels. The Zscaler ThreatLabz 2025 Data Risk Report reveals how evolving technology landscapes are amplifying vulnerabilities, highlighting the critical need for a proactive and unified approach to data protection.Drawing on insights from more than 1.2 billion blocked transactions recorded by the Zscaler Zero Trust Exchange between February and December 2024, this year’s report paints a clear picture of the data security challenges that enterprises face. From the rise of data leakage through generative AI tools to the undiminished risks stemming from email, SaaS applications, and file-sharing services, the findings are both eye-opening and urgent.
The 2025 Data Risk Report sheds light on the multifaceted data security risks enterprises face in today’s digitally enabled world. Some of the most noteworthy trends include…
Source: Help Net Security
https://www.helpnetsecurity.com/2025/07/11/organizations-shadow-ai-risk/
While IT departments race to implement AI governance frameworks, many employees have already opened a backdoor for AI, according to ManageEngine.The rise of unauthorized AI use
Shadow AI has quietly infiltrated organizations across North America, creating blind spots that even the most careful IT leaders struggle to detect.
Despite formal guidelines and sanctioned tools, shadow Al has become the norm rather than the exception. 70% of IT decision makers (ITDMs) have identified unauthorized AI use within their organizations.
60% of employees are using unapproved AI tools more than they were a year ago, and 93% of employees admit to inputting information into AI tools without approval. 63% of ITDMs see data leakage or exposure as the primary risk of shadow AI. Conversely, 91% of employees think shadow AI poses no risk, not much risk, or some risk that’s outweighed by reward.
…
“Shadow AI is a fatal flaw for most organizations,” said Sathish Sagayaraj Joseph, regional technical head at ManageEngine. “IT teams can’t manage risk they can’t see, and they can’t enable business value that users won’t divulge. Proactive AI management unites IT and business professionals in their pursuit of common, organizational goals. That means employees are equipped to understand and avoid AI-related risks, and IT is empowered to help them use AI in ways that drive real business outcomes.