Breaches, malware, vulnerabilities, privacy, and the wider tech world.
Cyber & Tech tracks the breaches, malware, surveillance tech, and privacy fights shaping the internet. From hidden facial-recognition code shipped in consumer hardware to encryption-policy battles and account-takeover campaigns, we cover what defenders and ordinary users actually need to know — sourced, defensive, and free of hype.
A nonprofit's 27-year-old domain was moved into a stranger's account in minutes, with the DNS wiped — even though the account had dual two-factor auth and ownership protection turned on. The transfer didn't break the security; it bypassed it entirely, through GoDaddy's own support desk. That's the threat model everyone forgets.
Researchers found a dormant facial-recognition feature called 'NameTag' buried in Meta's AI companion app — face-matching, local databases, the works — shipped to an app with 50M+ installs. Meta removed it within about 24 hours of WIRED's report and insisted it was never enabled. Whether you believe that, 'built but switched off' is its own kind of warning.
Recent Chrome builds ship Gemini Nano — a ~4GB on-device AI model — downloaded in the background to power new built-in browser APIs. Running locally is a genuine privacy win, but a multi-gigabyte model installed without a clear prompt raises a fair consent question. Here is what is actually on your machine.
Signal has again refused to comply with a reported UK plan to scan devices for illegal imagery, bundled with age verification. The objection is not about any single law — it is that client-side scanning is fundamentally incompatible with end-to-end encryption.