Enlarge (credit: Benj Edwards / Snap Inc.)

It's not Halloween yet, but some users of Snapchat feel like it is. On Tuesday evening, Snapchat's My AI chatbot posted a mysterious one-second video of what looks like a wall and a ceiling, despite never having added a video to its messages before. When users asked the chatbot about it, the machine stayed eerily silent.

"My AI" is a chatbot built into the Snapchat app that people can talk to as if it were a real person. It's powered by OpenAI's large language model (LLM) technology, similar to ChatGPT . It shares clever quips and recommends Snapchat features in a way that makes it feel like a corporate imitation of a trendy young person chillin' with its online homies.

Late yesterday, many people discovered that My AI had left a short video of a two-toned scene as a "story" (what Snapchat calls a shared photo or video), shocking users because it was unknown that the bot had this capability. And the bot's faux personality makes it easy to assume there is some intentional action behind the video, even though it's probably just a weird technical glitch.

Enlarge (credit: Savusia Konstantin | Getty Images )

Thousands of websites belonging to US government agencies, leading universities, and professional organizations have been hijacked over the last half decade and used to push scammy offers and promotions, new research has found. Many of these scams are aimed at children and attempt to trick them into downloading apps, malware, or submitting personal details in exchange for nonexistent rewards in Fortnite and Roblox .

For more than three years, security researcher Zach Edwards has been tracking these website hijackings and scams. He says the activity can be linked back to the activities of affiliate users of one advertising company. The US-registered company acts as a service that sends web traffic to a range of online advertisers, allowing individuals to sign up and use its systems. However, on any given day, Edwards, a senior manager of threat insights at Human Security , uncovers scores of .gov, .org, and .edu domains being compromised.

“This group is what I would consider to be the number one group at bulk compromising infrastructure across the Internet and hosting scams on it and other types of exploits,” Edwards says. The scale of the website compromises—which are ongoing—and the public nature of the scams makes them stand out, the researcher says.

Enlarge / MLS (Multiple Listing Service). (credit: Getty Images)

Home buyers, sellers, real estate agents, and listing websites throughout the US have been stymied for five days by a cyberattack on a California company that provides a crucial online service used to track home listings.

The attack, which commenced last Wednesday, hit Rapottoni , a software and services provider that supplies Multiple Listing Services to regional real estate groups nationwide. Better known as MLS, it provides instant access to data on which homes are coming to the market, purchase offers, and sales of listed homes. MLS has become essential for connecting buyers to sellers and to the agents and listing websites serving them.

“If you're an avid online refresher on any real estate website, you may have noticed a real nosedive in activity the last couple of days,” Peg King, a realty agent in California’s Sonoma County, wrote in an email newsletter she sent clients on Friday. “Real estate MLS systems across the country have been unusable since Wednesday after a massive cyberattack against major MLS provider, Rapattoni Corporation. This means that real estate markets (like ours!) can't list new homes, change prices, mark homes as pending/contingent/sold, or list open houses.”

Enlarge (credit: Getty Images )

One of your Mac's built-in malware detection tools may not be working quite as well as you think. At the Defcon hacker conference in Las Vegas, longtime Mac security researcher Patrick Wardle presented findings on Saturday about vulnerabilities in Apple's macOS Background Task Management mechanism, which could be exploited to bypass and, therefore, defeat the company's recently added monitoring tool.

There's no foolproof method for catching malware on computers with perfect accuracy because, at their core, malicious programs are just software, like your web browser or chat app. It can be difficult to tell the legitimate programs from the transgressors. So operating system makers like Microsoft and Apple, as well as third-party security companies, are always working to develop new detection mechanisms and tools that can spot potentially malicious software behavior in new ways.

Apple's Background Task Management tool focuses on watching for software “persistence.” Malware can be designed to be ephemeral and operate only briefly on a device or until the computer restarts. But it can also be built to establish itself more deeply and “persist” on a target even when the computer is shut down and rebooted. Lots of legitimate software needs persistence so all of your apps and data and preferences will show up as you left them every time you turn on your device. But if software establishes persistence unexpectedly or out of the blue, it could be a sign of something malicious.

Enlarge (credit: Aurich Lawson)

CNET, one of the great-granddaddies of tech news on the web, has been having a rough year. First, its AI-written articles sparked drama, then layoffs rocked the publication. And now, Gizmodo reports that the 28-year-old site has been deleting thousands of its old articles in a quest to achieve better rankings in Google searches.

The deletion process began with small batches of articles and dramatically increased in the second half of July, leading to the removal of thousands of articles in recent weeks. Although CNET confirmed the culling of stories to Gizmodo, the exact number of deleted articles has not been disclosed.

"Removing content from our site is not a decision we take lightly. Our teams analyze many data points to determine whether there are pages on CNET that are not currently serving a meaningful audience. This is an industry-wide best practice for large sites like ours that are primarily driven by SEO traffic. In an ideal world, we would leave all of our content on our site in perpetuity. Unfortunately, we are penalized by the modern Internet for leaving all previously published content live on our site," Taylor Canada, CNET’s senior director of marketing and communications, told Gizmodo.

Enlarge / Researchers use CyBio FeliX workstations to extract and purify DNA samples for testing (credit: LabGenius)

At an old biscuit factory in South London, giant mixers and industrial ovens have been replaced by robotic arms, incubators, and DNA sequencing machines. James Field and his company LabGenius aren’t making sweet treats; they’re cooking up a revolutionary, AI-powered approach to engineering new medical antibodies.

In nature, antibodies are the body’s response to disease and serve as the immune system’s front-line troops. They’re strands of protein that are specially shaped to stick to foreign invaders so that they can be flushed from the system. Since the 1980s, pharmaceutical companies have been making synthetic antibodies to treat diseases like cancer, and to reduce the chance of transplanted organs being rejected.

Enlarge / Building with Microsoft logo. (credit: Getty Images)

It’s looking more and more likely that a critical zero-day vulnerability that went unfixed for more than a month in Microsoft Exchange was the cause of one of the UK’s biggest hacks ever—the breach of the country’s Electoral Commission, which exposed data for as many as 40 million residents.

Electoral Commission officials disclosed the breach on Tuesday. They said that they discovered the intrusion last October when they found “suspicious activity” on their networks and that “hostile actors had first accessed the systems in August 2021.” That means the attackers were in the network for 14 months before finally being driven out. The Commission waited nine months after that to notify the public.

The compromise gave the attackers access to a host of personal information, including names and addresses of people registered to vote from 2014 to 2022. Spokespeople for the Commission said the number of affected voters could be as high as 40 million. The Commission has not yet said what the cause of the breach or the means of initial entry was.

Enlarge / An 8th-generation Intel Core desktop CPU, one of several CPU generations affected by the Downfall bug. (credit: Mark Walton)

It's a big week for CPU security vulnerabilities. Yesterday, different security researchers published details on two different vulnerabilities, one affecting multiple generations of Intel processors and another affecting the newest AMD CPUs. " Downfall " and " Inception " (respectively) are different bugs, but both involve modern processors' extensive use of speculative execution (a la the original Meltdown and Spectre bugs ), both are described as being of "medium" severity, and both can be patched either with OS-level microcode updates or firmware updates with fixes incorporated.

AMD and Intel have both already released OS-level microcode software updates to address both issues. Both companies have also said that they're not aware of any active in-the-wild exploits of either vulnerability. Consumer, workstation, and server CPUs are all affected, making patching particularly important for server administrators.

It will be up to your PC, server, or motherboard manufacturer to release firmware updates with the fixes after Intel and AMD make them available.

Enlarge (credit: Getty Images)

Researchers have discovered a suite of vulnerabilities that largely break a next-generation protocol that was designed to prevent the hacking of access control systems used at secure facilities on US military bases and buildings belonging to federal, state, and local governments and private organizations.

The next-generation mechanism, known as Secure Channel, was added about 10 years ago to an open standard known as OSDP, short for the Open Supervised Device Protocol . Like an earlier protocol, known as Wiegand , OSDP provides a framework for connecting card readers, fingerprint scanners, and other types of peripheral devices to control panels that check the collected credentials against a database of valid personnel. When credentials match, the control panel sends a message that opens a door, gate, or other entry system.

Broken before getting out the gate

OSDP came about in the aftermath of an attack demonstrated in 2008 at the BlackHat security conference. In a talk there, researcher Zac Franken demonstrated a device dubbed Gecko, which was no bigger than a US quarter. When surreptitiously inserted by a would-be intruder into the wiring behind a peripheral device, Gecko performed an adversary-in-the-middle attack that monitors all communications sent to and from the control panel.