Preparing for final exams is stressful enough without the tool you depend on for schoolwork suddenly going offline. That’s the situation many students across the US dealt with on Thursday. After a ransomware attack hit Instructure, the company behind Canvas, the platform switched to “maintenance mode” at the worst possible time. The hacking group ShinyHunters claimed responsibility for the breach. Experts say the disruption highlights just how far these attackers are willing to go to pressure their targets.
Were you aware that Google Chrome quietly downloads the Gemini Nano AI model in the background? If not, you’re in good company. Many users of Google’s widely used browser discovered this week that Gemini Nano has been silently occupying 4 GB of storage on their computers since 2024, leading to frustration and worries about privacy. The good news is you can turn off the AI model—though doing so means giving up some useful security features. Of course, you’re also free to switch to a different browser at no cost.
This week, researchers disclosed that thousands of vibe coded applications were left unprotected on the open internet, exposing confidential corporate and personal information. These security oversights serve as a clear warning: just because you can quickly build something through vibe coding doesn’t automatically mean it’s a good idea.
The Department of Homeland Security issued a subpoena to Google, seeking the location records and account details of a Canadian man who spoke out against US immigration enforcement methods after the deaths of Renee Good and Alex Pretti in Minneapolis earlier this year. The American Civil Liberties Union filed a complaint against DHS this week on the man’s behalf, noting that he hasn’t set foot in the US for over a decade.
According to new research, scammers, amateur hackers, and various cybercriminals have now joined the growing crowd of people fed up with AI-generated slop. In other news, Meta is upgrading its age-verification technology after a study revealed that children are bypassing online age checks using surprisingly simple methods—including one clever kid who fooled the system by sketching on a fake mustache. We also covered Russia’s push to develop a domestic alternative to Starlink satellite internet, along with all the privacy and security issues that come with it.
And that’s not all. Every week, we compile the security and privacy stories we didn’t have time to cover in detail. Click through the headlines to read the full articles. And as always, stay safe out there.
Most people would hope that a 200-pound robot equipped with spinning blades in their yard can’t be easily taken over by hackers. Unfortunately for owners of the Yarbo—a $5,000 robotic lawn mower that doubles as a leaf blower, snowblower, and edger—that hope was misplaced. The Verge reports that a security researcher uncovered multiple vulnerabilities in the lawn robots, potentially allowing hackers to seize remote control of the devices (including their cameras) and steal owners’ email addresses, Wi-Fi passwords, and home addresses.
When a Yarbo spokesperson told The Verge that the robots’ “diagnostic environment is not publicly accessible,” the reporter and researcher put the security flaws to the test, demonstrating the risks by nearly running the reporter over with a hijacked robot. The company has since announced that it is working on a patch for at least one of the vulnerabilities the researcher found.
Meta, led by Mark Zuckerberg, has withdrawn its support for end-to-end encrypted messages on Instagram, reversing its earlier commitment to user privacy through messaging that the company itself couldn’t access. The company discontinued encryption on Instagram on May 8, making it technically easier for the firm to read users’ direct messages.
After investing years in developing the encryption infrastructure needed to secure its chat platforms, Meta announced in 2023 that it had enabled default encryption for Messenger. It also introduced an opt-in encryption feature for Instagram, with plans to eventually make it the default. But that day never came. In March of this year, Meta decided that too few people had opted in, so it removed the encryption option for Instagram chats entirely. The reversal has angered privacy and security experts, who worry the rollback could undermine end-to-end encryption efforts globally.
The Trump administration released a new counterterrorism strategy, which President Donald Trump calls a “return to common sense and Peace through Strength” in a foreword included in the document. According to the document, the three primary categories of terror groups are cartels, Islamist terror organizations, and “violent left wing extremists,” which the memo describes as including anarchists and anti-fascists whose ideologies are labeled “anti-American” and “radically pro-transgender.”
The memo pledges, “We will use all the tools constitutionally available to us to map them at home, identify their membership, map their ties to international organizations like Antifa, and use law enforcement tools to cripple them operationally before they can maim or kill the innocent.”
