NEW: The notorious stalkerware TheTruthSpy has a security flaw that lets anyone reset any user's password, allowing them to access the private data of the people the users are spying on.

The security researcher who told us about the flaw also alerted the company, but did not get an answer.

When we told the TheTruthSpy owner, he said he won't fix the bug, which puts people who likely don't know they're being spied on at huge risk.

We verified the bug by giving the researcher usernames of test accounts, and he changed the passwords immediately.

A new security flaw in TheTruthSpy phone spyware is putting victims at risk | TechCrunch

Exclusive: Hackers can take over the accounts of TheTruthSpy spyware customers, putting their victims' private phone data at risk thanks to a new security flaw.

TechCrunch (techcrunch.com)

NEW: The hackers who broke into the computer of an alleged North Korean government hacker, exposing their espionage operations and hacking tool, explained why they did it.

“These nation state hackers are hacking for all the wrong reasons, I hope more of them will get exposed, they deserve to be,” one of the hackers, who called himself a hacktivist, told me.

Hackers who exposed North Korean government hacker explain why they did it | TechCrunch

The two self-described hacktivists said they had access to the North Korean spy’s computer for around four months before deciding what they had found should be made public.

TechCrunch (techcrunch.com)

Yesterday my life changed forever. I discovered that the deli on the corner of my apartment sells these.

NEW: The two Harvard students who doxed random people with Meta Ray-Ban glasses are launching "always-on" AI-powered smart glasses that listen, record, and transcribe, everything happening around them.

The glasses don't have an indicator that shows people around them that they are being recorded.

@evacide is not a fan: "Normalizing the use of an always-on recording device, which in many circumstances would require the user to get the consent of everyone within recording distance, eats away at the expectation of privacy we have for our conversations in all kinds of spaces.”

Harvard dropouts to launch 'always on' AI smart glasses that listen and record every conversation | TechCrunch

After developing a facial recognition app for Meta’s Ray-Ban glasses and doxing random people, two former Harvard students are now launching a startup that makes smart glasses with an always-on microphone.

TechCrunch (techcrunch.com)

NEW: There's a new startup in Dubai that is offering up to $20 million for zero-days to break into any smartphone ($15 for only iOS and only Android).

Company says it's made by people with "20 years of experience in elite intelligence units and private military contractors" but won't say who they are, who funds them, who they sell to, or whether they have any legal or ethical restrictions on who they sell to.

“I don’t think you should sell bugs to anyone who’s trying to hide who they are,” a person with experience in the exploit development industry told me.

New zero-day startup offers $20 million for tools that can hack any smartphone | TechCrunch

Prices for hacking tools that allow governments to break into mobile phones keep going up, thanks to efforts by tech firms shoring up their cybersecurity.

TechCrunch (techcrunch.com)

The U.S. discovery process in the context of spyware lawsuits poses dangers to spyware victims, who could be exposed in the proceedings, and can also discourage tech giants from going after companies like NSO.

Very interesting article by AccessNow's Natalia Krapiva, a legal expert who has followed these cases for years.

Discovery in U.S. Spyware Litigation: A Double-Edged Sword?

Despite its inherent risks, civil society and policymakers can learn how to benefit from the discovery process in spyware cases.

Just Security (www.justsecurity.org)

NEW: According to U.S. National Intelligence Director Tulsi Gabbard, the U.K. government has dropped its demand to have a backdoor in Apple's iCloud system.

Gabbard said the negotiations, which involved Trump and Vance, were "to ensure Americans' private data remains private and our Constitutional rights and civil liberties are protected.

US spy chief says UK has dropped its Apple backdoor demand | TechCrunch

Tulsi Gabbard said that President Donald Trump and Vice President JD Vance also participated in the negotiations with the U.K. government over its once-secret demand to Apple.

TechCrunch (techcrunch.com)

NEW: Here's how @zackwhittaker.com found that TeaOnHer was spilling the personal data of its users — including photos of drivers' licenses — on the internet, for all to see.

The security issues were so trivial all it took him was around ten minutes.

The result is that anyone could have scraped all the users' IDs just by looking around the app's API.

How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch

Exclusive: A dating gossip app for men exposed thousands of users' personal data, including scans of driver's licenses. The app's developer, Xavier Lampkin, won't say if he plans to notify affected users about the app's security lapse.

TechCrunch (techcrunch.com)

NEW: Two hackers broke into the computer of a hacker allegedly working for the North Korean spy group known as "Kimsuky."

The hackers then leaked a treasure trove of stolen data, exposing a North Korean spy operation against South Korean targets.

“Kimsuky, you’re not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda. You steal from others and favour your own. You value yourself above the others: You are morally perverted,” the two wrote in their Phrack magazine article. “You hack for all the wrong reasons.”

Hackers breach and expose a major North Korean spying operation | TechCrunch

Two hackers broke into the computer of a North Korean government hacker and leaked its contents, offering a rare glimpse inside the secretive nation's spying operations.

TechCrunch (techcrunch.com)

NEW: U.S. government announces seizure of servers and $1 million in Bitcoin from cybercriminal gang behind the Royal and Blacksuit ransomware.

US government seized $1M from Russian ransomware gang | TechCrunch

A global law enforcement coalition targeted the infrastructure of the group behind the Royal and BlackSuit ransomware strains, allegedly responsible for extorting victims out of $370 million since 2022.

TechCrunch (techcrunch.com)

NEW: Electronic Arts was forced to respond to a flood of cheaters in Battlefield 6's open beta this weekend.

The company says it blocked more than 300,000 to cheat, and that players reported 104,000 "instances of potential cheaters."

Electronic Arts blocks more than 300,000 attempts to cheat after launching Battlefield 6 beta | TechCrunch

Soon after the launch of first-person shooter Battlefield 6, cheaters flooded the games, forcing Electronic Arts to respond.

TechCrunch (techcrunch.com)

NEW: I spoke to @rondeibert.bsky.social ahead of his keynote at Black Hat today.

Ron travelled to Vegas to ring the alarm bell and warn the cybersecurity industry that perhaps it’s time to get political.

“They should be aware of what’s going on and hopefully they can not contribute to it, if not help reverse it,” he said.

Citizen Lab director warns cyber industry about US authoritarian descent | TechCrunch

Ron Deibert, the head of the prominent digital human rights groups Citizen Lab, sounds the alarm at the Black Hat security conference about the "dramatic descent into authoritarianism," but one that the cyber community can help to defend against.

TechCrunch (techcrunch.com)

I highly recommend listening to this Riaky Business podcast, particularly the beginning of the show where they discuss AI bug hunters.

I am and will continue to be an AI skeptic. But it surely looks like very smart people in the industry are convinced this is the future.

risky.biz/RB801/

NEW: A hacker tricked a Cisco representative with a voice phishing attack and got access to Cisco[.]com customers' information, including names, organization names, addresses, email addresses, and phone numbers.

Cisco is not saying how many people were affected.

Hacker used a voice phishing attack to steal Cisco customers' personal information | TechCrunch

Cisco disclosed a data breach including customer names, organization names, addresses, email addresses, and phone numbers of Cisco.com users.

TechCrunch (techcrunch.com)

NEW: Google announced that its AI-powered bug hunter Big Sleep found its first 20 vulnerabilities, mostly in open source projects.

A company executive called the development "a new frontier in automated vulnerability discovery." But it's important to note that there was still a human involved, as Google told us.

"We have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention,” a spokesperson said.

Google says its AI-based bug hunter found 20 security vulnerabilities | TechCrunch

The discoveries by an AI-based bug hunter are significant, as it shows these tools are starting to get real results, even if they still need a human.

TechCrunch (techcrunch.com)

NEW: CloudFlare says it detected Perplexity scraping and crawling websites that explicitly block it from scraping them.

Based on customers' complaints and its own experiments, the company says Perplexity is using "stealth" bots and changing its bots "user agent" to circumvent restrictions.

Perplexity accused of scraping websites that explicitly blocked AI scraping | TechCrunch

Internet giant Cloudflare says it detected Perplexity crawling and scraping websites, even after customers had added technical blocks telling Perplexity not to scrape their pages.

TechCrunch (techcrunch.com)

NEW: French telecom giant Orange disclosed an unspecified "cyberattack" that has caused disruptions to businesses and consumers alike.

For now, the company is not saying what's the nature of the cyberattack.

Telecom giant Orange warns of disruption amid ongoing cyberattack | TechCrunch

The telecom giant, one of the largest in the world with customers in Europe and Africa, said customers are experiencing ongoing disruption to its services due to an unspecified hack.

TechCrunch (techcrunch.com)

NEW: We spoke to Colin Ahern, the chief cyber officer for the state of New York.

He sounded the alarm after all the Trump cuts to cybersecurity agencies and programs, and said states need Washington to be a better partner to secure its networks.

“We work with the federal government day in and day out. We need and want the federal government to be effective,” Ahern said. “I think it's no secret that we are concerned about some of the things — many of the things, in fact — that we're seeing with the ‘Big Ugly Bill,’ with the rescissions that just passed,” said Ahern, referring to Trump's flagship budget that passed in early July.

Trump's cybersecurity cuts putting nation at risk, warns New York cyber chief | TechCrunch

The top cybersecurity official in New York told TechCrunch in an interview that Trump's budget cuts are going to put the government at risk from cyberattacks, and will put more pressure on states to secure themselves.

TechCrunch (techcrunch.com)