Subject: Minnesota Lawmakers and Police Seek Complete Ban on Crypto ATMs
Source: Gizmodo
https://gizmodo.com/minnesota-lawmakers-and-police-seek-complete-ban-on-crypto-atms-2000728132
That earlier law required operators to post warnings that crypto is not legal tender and transactions are irreversible, imposed a $2,000 daily limit on new customers who had held accounts for less than 72 hours, and allowed refunds if fraud victims contacted the company and law enforcement within 14 days. Department of Commerce officials testified that scammers routinely bypass these protections by coaching victims to use existing accounts or machines in neighboring states such as Wisconsin. The department recorded 70 complaints in the past year totaling $540,000 in losses; however, it should be noted that the vast majority of these incidents tend to go unreported….Scammers using crypto ATMs to target the elderly is an issue seen all over the country:
FBI figures show nearly 11,000 crypto ATM scam complaints in 2024 totaling $247 million, climbing to $333 million in 2025 without even including December. But again, the actual total is likely far higher because most victims never report the crime.
Crypto ATMs Also Targeted at Federal Level Via CLARITY Act – The Digital Asset Market Clarity Act (also known as the CLARITY Act) also targets crypto ATMs at the federal level. Although the legislation passed the House last year, Senate committees postponed markups in January while negotiators finalized language in the bill. A dispute over stablecoin interest remains a major point of friction between traditional banks and the crypto industry.
A Senate Banking Committee draft bill (PDF) treats kiosk operators as money transmitters subject to Bank Secrecy Act obligations, and operators must register kiosk locations with the Treasury Department on a quarterly basis. Additional requirements include mandatory disclosures and receipts, appointment of a compliance officer, identity confirmation for new customers, short holding periods before large transfers, transaction limits, refund procedures for suspected fraud, and a customer service helpline.
…
Explore more on these topics
Source: WIRED
https://www.wired.com/story/security-news-this-week-area-man-accidentally-hacks-6700-camera-enabled-robot-vacuums/
Congressional Democrats on the Joint Economic Committee released a report this week pinpointing more than $20.9 billion in consumer losses stemming from identity theft that came out of four major breaches of data broker firms. US senator Maggie Hassan launched the investigation in August after an investigation by The Markup and CalMatters, copublished by WIRED, found that some data brokers were hiding opt-out tools from Google and other search engines.
The US Department of Justice’s recent release of 3 million documents related to convicted sex offender Jeffrey Epstein included grand jury subpoenas to Google that shed light on how federal investigators interact with tech companies and how they respond to government requests for information.
Meanwhile, as AI assistant agents like OpenClaw explode in popularity—and sow chaos around the web—a new open source project called IronCurtain is using a unique design to secure and constrain agentic AI before it can go rogue.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Area Man Accidentally Hacks Into 6,700 Camera-Packing Robot Vacuums – Setting an autonomous internet-enabled robot loose in your house should give anyone a moment’s pause. When that robot is a roving vacuum cleaner equipped with a camera and microphone that could be hijacked from anywhere in the world with nothing more than its serial number, it becomes an actual privacy horror story.
But the story nonetheless raises serious questions about the security of other audio- or video-enabled internet-of-things gadgets—not to mention ones capable of freely roaming your home.
[…]
Topics
Source: Gizmodo
https://gizmodo.com/anthropic-improves-feature-to-switch-from-competitors-as-users-call-for-chatgpt-boycott-2000728352
Anthropic just updated a tool that lets users import preferences and memory from rival chatbots, as a dispute with the U.S. military helped push Claude to the top of the app charts.The updated tool makes it easier than ever for chatbot users to switch to Claude without having to start from scratch. “Bring your preferences and context from other AI providers to Claude,” the company says on its website. “With one copy-paste, Claude updates its memory and picks up right where you left off.”
Source: Wired
https://www.wired.com/story/coruna-iphone-hacking-toolkit-us-government/
A highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government.
An iPhone-hacking technique used in the wild to indiscriminately hijack the devices of any iOS user who merely visits a website represents a rare and shocking event in the cybersecurity world. Now one powerful hacking toolkit at the center of multiple mass iPhone exploitation campaigns has taken an even rarer and more disturbing path: It appears to have traveled from the hands of Russian spies who used it to target Ukrainians to a cybercriminal operation designed to steal cryptocurrency from Chinese-speaking victims—and some clues suggest it may have been originally created by a US contractor and sold to the American government.Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code. In total, Coruna takes advantage of 23 distinct vulnerabilities in iOS, a rare collection of hacking components that suggests it was created by a well-resourced, likely state-sponsored group of hackers.
[…]
Source: The Register
https://www.theregister.com/2026/03/03/cyberwarriors_us_iran_war/
No more hiding in the server closet: Cyber ops mentioned alongside kinetic warfare as critical to conflict. In what may be the most public acknowledgment of its cyber operations capabilities to date, the Pentagon has admitted that cyber soldiers are playing a key role in its attacks on Iran.
Chairman of the Joint Chiefs of Staff, General Dan Caine, discussed cyber operations in the same breath as traditional military domains during a Monday press conference he and Defense Secretary Pete Hegseth held to discuss the state of “Operation Epic Fury,” as the dudes at the “Department of War” have taken to calling the US’ ongoing strike on the Middle Eastern nation.
“Across every domain, land, air, sea, cyber, the U.S. Joint Force delivered synchronized and layered effects designed to disrupt, degrade, deny and destroy Iran’s ability to conduct and sustain combat operations,” Caine said.
Caine didn’t offer many details about the nature of what Space and Cyber Command troops did, exactly, and the Pentagon didn’t offer any additional information when asked. Nonetheless, it marks a surprising elevation of the profile of cyber operations, which have classically been something that didn’t get discussed much – at least until the second Trump administration.
…
More about
Filed: https://www.theregister.com/security/
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/samsung-tvs-to-stop-collecting-texans-data-without-express-consent/
Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVsAs part of the agreement, the TV manufacturer will revise its privacy disclosures to clearly explain its data collection and processing practices to consumers.
In support of the TRO, the Court found that there was “good cause to believe” that Samsung automatically enrolled customers in this system using “dark patterns” that included “over 200 clicks spread across four or more menus for a consumer to read the privacy statements and disclosures.”
“Additionally, it compels Samsung to promptly update its smart TVs and implement disclosures and consent screens that are clear and conspicuous to ensure that Texans can make an informed decision regarding whether their data is collected and how it’s used.”
Paxton commended Samsung for agreeing to implement consumer safeguards, while he underlined that others haven’t moved with a similar fervor as of yet.Smart TV manufacturers, including Sony, LG, Hisense, and TCL Technologies, have not made any changes in response to the lawsuits yet.
Subject: Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets
Source: TechRepublic
https://www.techrepublic.com/article/news-compromised-chrome-extension-malware-crypto-theft/
A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases. A once-trusted Chrome extension with thousands of users was quietly transformed into a malware delivery vehicle, exposing how quickly browser add-ons can become security liabilities.QuickLens – Search Screen with Google Lens was removed from the Chrome Web Store after researchers discovered it had been updated to deploy ClickFix attacks and steal cryptocurrency wallet data.“For every page, frame, and request, the security headers are now gone. User traffic is now vulnerable to many new attacks like clickjacking,” Annex researchers said in a blog post.Inside the malicious Chrome extension update…
Subject: The biggest AI threats come from within – 12 ways to defend your organization
Source: ZDNet via Sabrina
https://www.zdnet.com/article/12-tips-for-cybersecurity-pros-looking-to-harness-ai-safely/
The gravest AI-powered threat to your cybersecurity isn’t coming from external hackers. Review these strategic recommendations for handling the risks from within.
ZDNET’s key takeaways:
- AI is empowering both cybersecurity teams and cyber criminals.
- Consultancy EY urges CISOs to be proactive to minimize risk.
- The company shares 12 safety tips in a new report.
It’s become a bit of a cliché to describe AI as a double-edged sword, but that doesn’t make the phrase untrue.
Cybersecurity experts have been particularly vocal on this point. “AI amplifies defense through faster detection and response but simultaneously lowers the cost and complexity of attacks,” consulting firm EY wrote in a report published earlier this month called “AI and cybersecurity: The new frontier of business resilience.”
“While defenders use AI to identify threats, adversaries leverage the same technologies for deception,” the report said.
The technology that’s making cybersecurity defenses more robust, in other words, is also empowering the cybercriminals who are trying to break through those protections. Like Thor and Loki, or Batman and the Joker, the two foes constantly have to outpace and outmaneuver one another in what’s shaping up to be a long, possibly never-ending arms race. (On a related note, AI developers like OpenAI have their own security arms race to contend with: the better that their models can protect against prompt injection attacks, the more cunning those attacks become.)
Counterintuitively, however, some experts say the gravest AI-powered threat to cybersecurity systems isn’t from external hackers. Instead, the biggest threat comes from within organizations themselves, when employees use the technology without adequate internal guardrails.
Following a watershed MIT study last year, which found that over nine in 10 businesses’ AI initiatives have failed to produce meaningful results, there’s been a lot of debate around the value of a top-down approach to the technology (in which organizational leaders control how their employees use it) and a bottom-up approach (where employees are given more freedom to experiment with different tools). And according to Dan Mellen, EY’s global cyber chief technology officer, taking a bottom-up approach to cybersecurity in the age of AI is asking for trouble.
“Organizations should absolutely take a top-down approach to implementing security guardrails around employees’ use of AI,” Mellen told ZDNET. Compared with external threats, such as prompt-injection attacks, said Mellen, “the use of ungoverned intelligent tools by insiders … presents a significantly greater risk to the enterprise.”
EY’s new report arrives at a time when AI agents are being peddled to businesses as productivity boosters for employees. But while these systems’ capacity to build apps and handle a range of other complex tasks continues to grow, they still come with as-yet unresolved security concerns. The most notable concern is that agents’ greater autonomy comes with the potential for unexpected behavior. Evidence suggests agents are liable to behave unpredictably, sometimes with disastrous consequences.
Mellen is, therefore, just one voice among a growing chorus of cybersecurity experts who have been raising alarms that the deployment of agents within businesses is outpacing the implementation of effective guardrails.