Source: Android Headlines
https://www.androidheadlines.com/2026/04/fbi-alert-points-to-hidden-risks-in-chinese-mobile-apps-downloads.html
The FBI has issued a new alert warning that certain Chinese mobile apps available for download could expose sensitive user data. As per the officials, these mobile apps may collect extensive personal information beyond their core functions. The warning also highlights that the risk not only applies to the user, but to their families and social network as well.
FBI issues alert over privacy risks associated with Chinese mobile apps downloads – The FBI said that mobile apps connected to systems in China must follow local national security laws. These laws can require companies to share user data with authorities if requested. This means that information collected after download may not stay private. Data such as contacts, device details, and usage patterns could be accessed without the user fully understanding how it is used or shared.
In the official statement, the law enforcement agency also explains that many apps ask for permissions during setup that allow them to collect data continuously. This can include access to address books, emails, and phone numbers. In some cases, even people who have not downloaded the app may have their information collected through someone else’s contact list. It further warns that some apps may contain hidden tools that collect data quietly in the background.
Users are requested not to download non-essential Chinese apps – The FBI has not told people to stop using Chinese apps completely. However, it has advised users to be more careful before downloading any apps.
Subject: Combating cybercrime and fraud: A unified approach
Source: The Hill
https://thehill.com/opinion/cybersecurity/5813074-coordinated-response-cybercrime-fraud/
Cybercrime, fraud and scams, for far too long, have been treated as three distinct challenges with their own set of separate solutions. The reality is that they form an unholy trinity powering today’s scam economy.This fact of digital life was identified last month in the President Trump’s executive order on “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens,” which included a subtle but critical point that has so far gone unnoticed. The presidential directive explicitly connects these pillars for the first time — a long-overdue step recognizing that we have entered a new era of industrialized fraud that threatens institutions and individuals alike.This latest action is a step in the right direction, yet it still fails to address the underlying problem: the exploitation of identity, turbocharged by AI and deployed at scale.Today’s fraudsters, cyber criminals and scam artists are stealing real identities and creating synthetic identities to gain illicit access to institutions, siphon billions in taxpayer funds, and steal from vulnerable Americans, including the elderly and military members and their families.
They weaponize AI to generate convincing identities, automate social engineering, create synthetic documents, and scale scam campaigns across borders.
If we are serious about stopping wave after wave of cyber-enabled scams and fraud, we must wake up to the challenge and give digital identity the attention it deserves.
Source: Gizmodo
https://gizmodo.com/russia-allegedly-swung-at-vpns-but-accidentally-hit-its-own-banking-sector-instead-2000742551
In a Saturday post on Telegram (reported by Bloomberg), Telegram’s founder and CEO Pavel Durov claimed that Russia’s “blocking attempts” aimed at VPNs, “just triggered a massive banking failure; cash briefly became the only payment method nationwide yesterday.”
Russia’s heavy-handed government interference in the internet is a fairly recent trend. It’s become relatively common for internet services in Russia to suddenly stop working as the government works behind the scenes to prune away something it doesn’t like in one place and causes collateral damage elsewhere.
Late last month, as part of what commentators were calling the Great Crackdown, Russia’s minister of digital, Maksut Shadayev, announced an effort to “reduce VPN usage.”
Source: Bloomberg
https://archive.ph/dAgKM
Moving Wall Street’s trading infrastructure onto blockchain-based systems could accelerate financial crises beyond regulators’ ability to respond, even as the technology promises to cut costs and eliminate settlement delays, the International Monetary Fund says.
Tokenization — the act of representing assets like stocks, bonds and cash as digital tokens on shared ledgers — is a structural overhaul of financial architecture rather than a marginal efficiency gain, the IMF’s Tobias Adrian wrote in a report published on Thursday.
Source: ProPublica
https://www.propublica.org/article/federal-government-ai-cautionary-tales
We’ve been reporting on cybersecurity for years. As President Donald Trump and his Cabinet say artificial intelligence will transform the nation, the messaging isn’t new. It follows a familiar pattern.
As a cybersecurity reporter at ProPublica, much of my work over the past two years has focused on how the federal government and its IT contractors, like Microsoft, have navigated major technological transitions. The one now in the news every day is artificial intelligence.
This emerging technology has its grip on everyone: Home users, corporations and the federal government are all rushing to use it. President Donald Trump and his Cabinet say AI will transform the nation, making us more prosperous, efficient and secure — if only we can adopt it fast enough.
But this messaging isn’t new. President Barack Obama’s administration used nearly identical language a decade and a half ago as the U.S. barreled into the technological revolution of cloud computing.
I’ve studied how the federal government has handled — and mishandled — this transition over the past two decades, and my reporting offers some cautionary tales and valuable lessons as policymakers encourage the use of AI and federal agencies adopt the technology.
Lesson 1: There’s no such thing as a free lunch…
Subject: Meta to Smart Glasses Owners: Stop Hitting Yourself
Source: Gizmodo
https://gizmodo.com/meta-to-smart-glasses-owners-stop-hitting-yourself-2000742835
Meta has been mostly silent in the wake of revelations that it uses Ray-Ban owners’ naked videos to train AI, but if there’s one thing we know for certain, it’s that Meta CTO Andrew “Boz” Bosworth thinks that you chose for this to happen.In one of Bosworth’s usual Instagram Live Q&A sessions from mid-March, he fielded a question that reads, “How private are Meta glasses? Who views the content I make?” His answer? Well, that’s up to you, silly.v “Every time content leaves the device, you have to have chosen for that to happen—either specifically or generally,” said Bosworth in his video response. “So, if you’re taking photos, those stay on your device. Now, if you’ve chosen to enable cloud storage, they go to the cloud. That’s up to you. If you’ve chosen to use AI, that goes to the server to get processed.”And after you’ve “chosen” your path to capture content? Well, Bosworth expounds there, too:“Every time you cross one of those thresholds, you, the consumer, are informed, ‘Hey, that means this data is going to the server, that means this can happen with it,’ that means you choose to engage with it or not,” Bosworth said. “But if all you want to do is grab the glasses and make content for yourself that you choose to share or not share, then you get to decide who views the content—that’s it.”
There are a lot of issues with that response, but probably the most obvious is the idea of consent. While Meta does “inform” users that its content is collected in certain scenarios, that stipulation is buried in its terms of service—it’s not what most would consider to be obvious. In fact, I think that’s pretty much the running definition of fine print.
…
Explore more on these topics
Source: Cord Cutters News
https://cordcuttersnews.com/the-fcc-is-cracking-down-on-robo-callers-pretending-to-be-your-bank/
The Federal Communications Commission has proposed a $4.5 million fine against Voxbeam Telecommunications, an Orlando-based voice service provider, for its role in facilitating thousands of fraudulent robocalls that impersonated major U.S. financial institutions. The enforcement action, detailed in a Notice of Apparent Liability for Forfeiture released on April 2, 2026, stems from an investigation revealing that Voxbeam transmitted suspicious international call traffic from a foreign provider not authorized to send calls into American networks.The case centers on Voxbeam’s acceptance of tens of thousands of calls originating from Axfone, a Czechia-based provider that has never been registered in the FCC’s Robocall Mitigation Database. This database serves as a critical tool under federal rules to prevent illegal robocalls by requiring voice service providers and intermediate carriers to verify upstream sources. Providers like Voxbeam are barred from carrying traffic from unlisted entities because such sources carry elevated risks of transmitting scam calls that exploit caller ID spoofing techniques.
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/european-commission-investigating-breach-after-amazon-cloud-account-hack/
The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to the Commission’s Amazon cloud environment.
Although the EU’s executive cabinet has yet to disclose the incident publicly, BleepingComputer has learned that the breach affected at least one of the Commission’s AWS (Amazon Web Services) accounts.
“AWS did not experience a security event, and our services operated as designed,” an AWS spokesperson told BleepingComputer after publishing time.
Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission’s cybersecurity incident response team is now investigating.
While the Commission has yet to share any details about this breach, the threat actor who claimed responsibility for the attack reached out to BleepingComputer earlier this week, stating that they had stolen over 350 GB of data (including multiple databases).
The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date.
…Categories:
Source: Business Insider
https://www.businessinsider.com/anthropic-mythos-latest-ai-model-too-powerful-to-be-released-2026-4
- Anthropic said its next-generation AI model is too powerful for the public.
- That’s why Claude Mythos won’t be publicly released, Anthropic said.
- Anthropic said Mythos demonstrated concerning capabilities, including the ability to breach its own safeguards.
Anthropic said on Tuesday that it has halted the broader release of its newest AI model, Mythos, due to concerns that it is too good at finding “high-severity vulnerabilities” in major operating systems and web browsers.
“Claude Mythos Preview’s large increase in capabilities has led us to decide not to make it generally available,” Anthropic wrote in the preview’s system card. “Instead, we are using it as part of a defensive cybersecurity program with a limited set of partners.”
The announcement is a major step for Anthropic, which in February weakened a safety pledge about how it would develop AI models. Claude Opus 4.6, which the company called its most powerful model to date, was publicly released on February 5.
…
Anthropic is withholding some details about the cybersecurity vulnerabilities Mythos found, but it did point out a few. The AI model “found a 27-year-old vulnerability in OpenBSD—which has a reputation as one of the most security-hardened operating systems in the world,” the company wrote.
Mythos was powerful enough that even “non-experts” could seize on its capabilities.
…
For now, only 11 other select organizations, including Google, Microsoft, Amazon Web Services, Nvidia, and JPMorgan Chase, will get access to Mythos as part of a cybersecurity group named “Project Glasswing.” Anthropic is providing up to $100 million in Mythos usage credits as part of what it is calling “Project Glasswing.”
Subject: KISA launches project to develop security standards for physical AI
https://www.upi.com/Top_News/World-News/2026/04/07/physical-ai-security-standard-project-launches/7701775604094/
April 7 (Asia Today) — South Korea’s internet security agency has launched a project to develop security standards and industry-specific protection models for physical artificial intelligence, as concerns grow over cyberattacks that could cause real-world damage in industrial settings.The Korea Internet & Security Agency, or KISA, said Monday it will accept bids through April 21 for the project, titled Development of Physical AI Security Standards and Industry Expansion Security Models.The initiative comes as South Korea steps up investment in physical AI, a field that applies artificial intelligence to machines and systems operating in real-world environments. Unlike conventional cyberattacks that mainly target data, attacks on physical AI systems could trigger equipment malfunctions, production shutdowns and other physical damage, officials said.
In addition to common standards, KISA said it will create customized security models for major industries including manufacturing, healthcare and mobility, based on field surveys and interviews with experts.
Subject: Cybersecurity Alert: Criminals Are Now Using Emojis to Avoid Detection
Source: Android Headlines
https://www.androidheadlines.com/2026/04/cybersecurity-alert-criminals-are-now-using-emojis-to-avoid-detection.html
Digital criminals are evolving and using new tactics to avoid getting caught. In a new report, Cybersecurity experts have warned that criminals are now using emojis to avoid detection and continue their attacks. The symbols, which we normally use in the texts, do not serve the same purpose for everyone. Some are using it to hide malicious intent.
Attackers have started using emojis to avoid detection
A new cybersecurity report from Flashpoint suggests the emojis are no longer decorative elements. Criminals are increasingly using it to avoid getting detected and hide their malicious intent. For reference, instead of writing “credit card” or “bank,” attackers are now using relevant emojis that represent these concepts. Such tactics allow them to communicate openly while avoiding detection from keyword-based monitoring systems commonly used by security teams.
That’s not all. Attackers are even combining emojis with slang, abbreviations, and multiple languages. This further allows them to bypass the detection systems. Experts who rely on traditional keyboard-based monitoring tech may no longer be able to detect such scams. However, several experts are now expanding monitoring systems to include emoji-based patterns alongside text-based indicators.
…
Related Topics
Source: WTAE.com
https://www.wtae.com/article/google-appsheet-phishing-job-scam/70976202
Scammers are using Google’s AppSheet to send fake job offers that look real. Here’s how to spot the scam, and what to do if you get one.
How it works:
The emails are sent using AppSheet, a Google platform that allows companies to build apps and automate tasks without coding. Google says scammers are exploiting that system by creating their own automated workflows to distribute phishing messages. A Google spokesperson provided the following statement: “We are aware of these phishing campaigns and have taken action to block the accounts and apps violating our policies. We have also implemented additional automated protections to detect and prevent similar abuse of AppSheet’s communication features.
Subject: IRS tax filing approaches as scammers use AI to target taxpayers
Source: WLWT
https://www.wlwt.com/article/irs-tax-filing-deadline-scammers-ai-target-taxpayers/70959308
With the IRS tax filing deadline just a week away, cybersecurity experts warn that scammers are using AI to create convincing attacks.
CINCINNATI — With the Internal Revenue Service (IRS) tax filing deadline just one week away, cybersecurity experts are warning about the ways scammers are using artificial intelligence (AI) to target taxpayers.
The tax filing season is filled with stress, financial pressure, and deadlines. For years, scammers have used that time to target and take advantage of vulnerable taxpayers.
Cyber-enabled crimes defrauded more than 1 million Americans out of nearly $21 billion, according to the FBI’s 2025 Internet Crime Report released on Monday. Cryptocurrency and artificial intelligence-related complaints ranked among the costliest.
Now, thieves are scaling their operations with AI to make them better, faster and cheaper, says Cliff Steinhauer, the director of information security and engagement at the National Cybersecurity Alliance.
“And they can really scale this up in a way that hasn’t been done before,” Steinhauer said. “So, people are going to see more scams, more frequent messaging, and more people are going to be targeted.”
In the near future, attacks are likely to become a lot more personalized and more convincing, Steinhauer said. Voice clones, deepfake social profiles, and believable videos depicting public figures and loved ones are targeting Americans, according to the FBI.
“So, attackers will use all sorts of lures and bait to try to get you to call them and try to get you to interact with the scammer instead of obviously, the real IRS,” Steinhauer said. “But the key is that any kind of inbound communication, so whether that’s a phone call, a text message, an email, simply cannot be trusted.”
If a message appears to come from the IRS, it’s best to verify yourself by visiting the IRS’ official website.
Source: Gizmodo
https://gizmodo.com/meta-is-pulling-down-ads-that-seek-to-recruit-clients-for-social-media-addiction-litigation-2000744572
Meta is removing ads from its social media platforms, specifically those posted by attorneys looking to recruit new clients for future social media addiction lawsuits.
Late last month, Meta was handed back-to-back defeats in two landmark social media trials, a New Mexico case accusing Meta of endangering children by enabling sexual predators on Instagram and a Los Angeles-based social media addiction case.
In the latter, representatives for a now 20-year-old client accused Meta of making deliberate design choices, such as infinite scrolling and face-altering filters, that led to her becoming addicted to Instagram from an early age and exacerbated deep mental health issues, including thoughts of self-harm and depression. There have been numerous studies and expert reports over the years providing evidence that social media algorithms and addictive design features have indeed resulted in negative mental health outcomes in the younger generation.
One of the ads read, per Axios: “Anxiety. Depression, Withdrawal. Self-harm. These aren’t just teenage phases — they’re symptoms linked to social media addiction in children. Platforms knew this and kept targeting kids anyway.”
…
Filed: https://gizmodo.com/tech/social-media
Source: Gizmodo
https://www.androidheadlines.com/2026/04/signal-messages-on-an-iphone-have-been-harvested-despite-app-security.html
Signal messages on an iPhone have reportedly been cracked by the FBI despite the app’s heightened security protocols. While the app itself remains a secure option for private messaging between individuals, this situation proves that there are some potential workarounds.Signal is about as secure as it gets when it comes to private messaging with end-to-end encryption on Android phones and iPhones, but it may not seem that way when you read things like Signal messages have been cracked on an iPhone. If you’re an avid Signal user, that’s a concerning thought to be sure. That your Signal messages may not be as secure as you imagine. However, it’s not really quite like what you may be thinking. Signal itself, meaning the app, is still as secure as it’s ever been. There aren’t any glaring issues or security flaws that users should be immediately worried about. However, there are still apparently ways for Signal messages to be harvested, and that’s what users should be looking at if they truly want their communication to stay private. In this particular case, the Signal messages being cracked by the FBI is a result of the way iOS handles things. It has nothing to do with Signal itself. So, there is a way you can ensure this isn’t something that is ever a concern going forward.
Signal messages being cracked on an iPhone is an iOS issue that can be sidestepped…