It Takes 2 Minutes to Hack the EU’s New Age-Verification App

Planning a big nighttime retired astatine Madison Square Garden? Have fun—but don’t accidental we didn’t pass you.

A WIRED probe this week revealed caller details astir the private surveillance authorities instituted by MSG proprietor Jim Dolan and his caput of security, John Eversole. According to tribunal records and WIRED sources, visitors to the Garden and immoderate different Dolan-owned venues person been subjected to look recognition, societal media monitoring, in-person surveillance, and more.

The US government’s warrantless wiretap powers deed a roadblock this week. Despite a propulsion from President Donald Trump for a semipermanent reauthorization of the alleged Section 702 spy program, 20 Republican lawmakers successful the House of Representatives voted against a afloat reauthorization, forcing Speaker Mike Johnson to simply widen the programme for an further 10 days.

Meta’s Ray-Ban and Oakley AI smartglasses person an representation problem—for bully reason. More than 70 civilian nine groups, including the ACLU and the National Organization for Women, sent a missive to the institution this week, demanding that it abandon immoderate plans it whitethorn have to equip its AI glasses with face-recognition features. The groups reason that including look designation successful the wearable devices, which tin already surreptitiously grounds videos of people, would further erode immoderate semblance of privateness and perchance facilitate stalkers, home abusers, and national agents.

Nonconsensual deepfake nudes are a scourge astatine schools astir the world, according to an investigation by WIRED and Indicator. By tracking publically reported incidents of deepfake “nudify” tech utilized against middle- and high-school-aged girls, we were capable to place much than 600 victims successful 28 countries astir the world.

You mightiness deliberation banning a $20 cardinal achromatic marketplace for scammers from your level would beryllium a no-brainer. But not if you’re Telegram. A WIRED probe recovered that the messaging app continued to big Xinbi Guarantee contempt the UK government’s designating it a facilitator of quality trafficking and sanctioning the largest-ever online marketplace of its kind. Crypto-tracing steadfast Elliptic says that Xinbi carried retired different $505 cardinal successful transactions successful the 19 days aft the UK issued its sanction.

The AI contention has yet entered the cybersecurity lap. After Anthropic revealed its caller model, Mythos, arsenic a unsocial risk to the information presumption quo, OpenAI announced that it, too, has a caller cybersecurity strategy, and a caller exemplary to spell with it—GPT-5.4-Cyber.

That’s not all! Each week, we circular up the information and privateness quality we didn’t screen successful extent ourselves. Click the headlines to work the afloat stories. And enactment harmless retired there.

It Takes 2 Minutes to Hack the EU’s New Age Verification App

The European Commission this week released its free, unfastened root app for verifying the ages of visitors to societal networks and pornography websites. At a property league connected Wednesday, European Commission president Ursula von der Leyen proclaimed that, with the merchandise of the app, “there are nary much excuses” for platforms that neglect to cheque users’ ages. That, however, was earlier experts recovered the app to beryllium a information disaster.

As reported by Politico, information advisor Paul Moore claimed connected X to person recovered a bid of information issues with the app that allowed him to hack it “in little than 2 minutes.” The issues see however the app reportedly stores a user-created PIN that could let an attacker to easy instrumentality implicit that person’s app profile. (Baptiste Robert, a whitehat hacker, confirmed the vulnerability to Politico.) Tagging von der Leyen successful his post, Moore concluded, “This merchandise volition beryllium the catalyst for an tremendous breach astatine immoderate point. It's conscionable a substance of time.”

A Gym Chain and a Hotel Giant Disclose Major Data Breaches

Europe's largest gym chain, Basic-Fit, confirmed a large information breach connected Monday, revealing that the slope details of astir a cardinal customers were compromised. Around 200,000 members successful the Netherlands unsocial were affected. The stolen information includes slope details on with customers' names, location and email addresses, telephone numbers, and dates of birth. A spokesperson told The Register that members successful Belgium, France, Germany, Luxembourg, and Spain were besides likewise deed done a azygous strategy that records subordinate visits to clubs. No passwords, which Basic-Fit says it does not store, were reportedly compromised.

The aforesaid day, planetary question and edifice preservation elephantine Booking.com confirmed that hackers whitethorn person extracted lawsuit data including names, emails addresses, telephone numbers, and booking details. The institution informed TechCrunch that it “noticed immoderate suspicious activity” and “took enactment to incorporate the issue.” Company notices posted by purported customers connected Reddit look to disclose a breach touching connected “anything” the users “may person shared with the accommodation.” TechCrunch reported that Booking.com had declined to stock details astir the scope of the breach, but did separately tell The Guardian that nary “financial information” was lost.

Bluesky Buckles Under DDoS Attack

Bluesky’s tract and app struggled done Thursday aft what the institution confirmed was a distributed denial-of-service attack. Chief operations serviceman Rose Wang said the “sophisticated” onslaught began April 15 astir 8:40 p.m. ET and caused intermittent failures crossed feeds, notifications, and search. The institution said it has not seen immoderate grounds of unauthorized entree to idiosyncratic data.

The outages deed Bluesky’s ain infrastructure but spared communities similar Blacksky that tally their ain instances connected the underlying AT Protocol. Blacksky told TechCrunch it has seen a important spike successful migration requests implicit the past 12 hours, arsenic users and rival ATmosphere operators beforehand alternatives. As of Friday afternoon, its status page shows the work afloat operational.

ICE Offered Jobs to Applicants With Dubious Backgrounds

The Trump medication has been connected a hiring spree. A Department of Homeland Security press release from January says that ICE hired implicit 12,000 officers and agents successful little than a year. As portion of their job applications, migration officers are expected to spell done extensive inheritance checks that probe everything from what arrests they mightiness person had, the debts they’ve racked up, and overseas nationals they’ve interacted with successful the past 7 years. The Associated Press did its ain inheritance checks connected 40 ICE agents and recovered 3 that had faced lawsuits due to the fact that of alleged misconduct successful their erstwhile instrumentality enforcement jobs, and respective that reportedly faced ineligible actions due to the fact that of their histories of unpaid debt. DHS didn’t remark connected circumstantial hiring choices, but acknowledged to the AP that it had fixed immoderate applicants “temporary enactment letters” and offers to commencement moving earlier their afloat inheritance checks had been completed.

Russian Crypto Exchange Grinex Hacked, Blames Foreign Spies

The Russian cryptocurrency speech Grinex, wide reported to person aided Russia’s sanctions evasion, abruptly announced Thursday that it would beryllium suspending its operations pursuing a breach that it says allowed a hacker to bargain much than a cardinal rubles’ worthy of its users’ funds, equivalent to much than $13 cardinal dollars. In its announcements connected its societal accounts, Grinex blamed the “special services” of a overseas country, penning that the “digital traces and the quality of the onslaught bespeak an unprecedented level of resources and technologies disposable exclusively to structures of unfriendly states” and seemed to beryllium aimed astatine “causing nonstop harm to Russia's fiscal sovereignty.” Grinex, which was itself sanctioned by US fiscal authorities, had served arsenic the successor to Garantex, different Russian speech that had been sanctioned for enabling sanctions evasion and different alleged fiscal crimes. According to crypto-tracing steadfast Elliptic, Grinex was apt created by the aforesaid owners and inherited Garantex funds and customers. Grinex didn’t supply immoderate nationalist grounds to backmost its assertion that the theft of its funds was carried retired by state-sponsored hackers.