Login

**kyonides** · 09-19-2025, 10:24 PM

NINTENDO'S LATEST PATENT

Nintendo patent points to in-game missions, achievements, rewards and more

Quote:For decades now, platforms like Xbox and PlayStation have had achievements and trophies, which are extra challenges for players to tackle in-game that will earn them virtual points/scores/trophies to represent their hard work. A handful of Nintendo games over the years have had something similar, but there’s never been a system-wide feature. Now it seems Nintendo might be rethinking that.

A Nintendo patent was published on Sept. 4th, 2025 and it includes a lot of language that points to some sort of achievement-like system. As usual, Nintendo wants to take a somewhat different approach to their offering as compared to the competition, but the same basic ideas are there. Players will be tasked with completing specific in-game goals that are beyond what the game itself asks, and then they’ll be rewarded for accomplishing them.

It seems that Nintendo is taking a multi-faceted approach to their achievements setup, as gamers will get digital rewards and points for clearing out objectives. Sometimes you’ll tackle a mission and get points, while other times you’ll earn something like an icon or wallpaper. You’ll also be able to use these points to cash in and purchase rewards.

Not surprisingly, it seems like this entire system will only be available to those who have Switch Online accounts, making it just one more perk for members, as well as a point of enticement for those who haven’t signed up. With all this said, remember that Nintendo patents can point to future projects from Nintendo, but we’ve also seen patents that never actually get used. Whether or not this achievement-style system actually goes live on Switch or Switch 2 remains to be seen.

Patent's Abstract Wrote:A processor gives points to a user if any of a plurality of giving conditions is achieved by the user, and gives a reward selected by the user from among a plurality of rewards, to the user in exchange for the points owned by the user. The plurality of giving conditions include a first giving condition achieved if a specific game is played, and the plurality of rewards include first rewards set in an initial state of being unselectable, and second rewards selectable without achieving the first giving condition. When the first giving condition is achieved, the processor updates the first reward corresponding to the specific game among the first rewards from the initial state of being unselectable by the user to a state of being selectable by the user.

Honestly, it sounds a bit more (unnecessarily) complicated than your usual achievements scene on any game or platform. Confused

CYBERCRIME & PORN

Amateur porn website users’ data leaked online, hackers claim

Quote:Attackers claim they’ve obtained a trove of personal details from MyHomemadePorn, an amateur adult content platform. However, the Cybernews research team believes the data could be fake.

The supposedly stolen database with details on MyHomemadePorn users was posted on a popular data leak forum, known for distributing stolen or leaked personal details.

According to the attackers, the stolen details include usernames, emails, and hashed passwords. Interestingly, the posts’ authors even encouraged others to use the supposedly stolen details to extort the platform’s users.

We have reached out to the adult content platform for comment and will update the article once we receive a reply.
Meanwhile, the Cybernews research team investigated the supposedly leaked data. According to the team, the leak is “likely fake,” as the data seems artificially generated.

“The leak file contains several identical bcrypt hashes. This shouldn’t happen because bcrypt automatically adds a random salt, which means even the same password should create a different hash each time,” our researchers explained.

Bcrypt hashes are types of encrypted passwords with random data built in before hashing. That way, identical passwords do not produce identical hashes.
Another explanation for bcrypt hash duplication could be that the attackers shared test data from the website itself, which would explain the unusual password practices. Data leak forum members heavily depend on reputation, and the user who shared the alleged adult content platform leak already has an established reputation.

“They are an active member who often shares leaks, so it doesn’t look like just a random troll with a new account. Still, there’s a small chance the user could be posting this just for fun. This could be done for attention, reputation on the forum, or just to cause trouble,” the team explained.

Attackers sometimes distribute fake data leaks to either get noticed or in an attempt to get inexperienced users to pay for old data. In this instance, however, the attackers aren’t demanding payment for the allegedly stolen details.

Fake or not, the allegedly stolen dataset claims to include very sensitive data, given the type of platform it was taken from, which includes:

Usernames

Email addresses

IP addresses

Dates of birth

Gender

Relationship status

Hashed passwords

If confirmed, the leak would pose severe privacy concerns to the individuals involved. The combination of email addresses and IP addresses open up exposed individuals to harassment and blackmail. Exposed home addresses could lead to user doxxing, a practice where users’ online identity is revealed.

However, the team noticed that dates of birth and IPs are visible, but on a very small number of records. Meanwhile, genders and relationship statuses are represented as ID numbers, so they do not mean much in this context.

AI CHATBOT & COOKIE THEFT

Flaw at major enterprise chatbot maker leads to cookie theft

Quote:A major security mishap in Yellow.ai’s customer service chatbot left cookies wide open to theft. Researchers believe the flaw also made users vulnerable to account-hijacking, highlighting why users must be wary of breakneck LLM implementation.

Sycophantic helpfulness, which is ingrained in large language models (LLMs) by many creators, can sometimes backfire. Take Yellow.ai, an agentic AI provider for businesses such as Sony, Logitech, Hyundai, Domino’s, and hundreds of other brands, as a cautionary tale.

The Cybernews research team discovered a major flaw in the AI services provider's chatbot, which it uses to talk with its customers. According to the team, a test revealed that the customer service bot could teach users how to produce malicious HTML and JavaScript code with zero pushback.

“The reflected XSS vulnerability allows the attacker to steal session cookies for the support agent's account, in turn hijacking their account, which can lead to further data exfiltration from the customer support platform,” researchers explained.

Thus, the researchers were able to guide the chatbot into becoming a destructive tool. Producing and executing JavaScript code has serious security consequences, as it enables attackers to perform Cross-Site Scripting (XSS) attacks.

“The reflected XSS vulnerability allows the attacker to steal session cookies for the support agent's account, in turn hijacking their account, which can lead to further data exfiltration from the customer support platform,” the team explained.

What security issues were revealed?

The flaw highlights multiple security issues, such as improper user input sanitization, improper chatbot output sanitization, the web server not verifying content produced by the chatbot, running unverified code, and loading content from arbitrary web resources. This leaves many options for Cross-Site Scripting (XSS) attacks.

For example, attackers could bypass sanitization to inject unauthorized code into the system. That way, attackers get their foot in the door and have opportunities for lateral movement within the organization – the foundation for most cyberattacks.

Cybernews responsibly disclosed the issue. While Yellow.ai did not acknowledge it, the company fixed the problem by sanitizing the generated code, ensuring that it would not be executed and would instead be treated like regular text.

MORE ON AI

There’s a weasel in every AI: chatbots secretly chase hidden agendas

Quote:AI models were never instructed to play sneaky mind games. However, new research has revealed that they apparently lie, sabotage useful work, sandbag evaluations, and engage in other covert, deceitful scheming.

Frontier AI chatbots like ChatGPT secretly pursue misaligned goals – a practice researchers call “scheming.” The rate at which chatbots engage in covert actions is also alarmingly high.

In a study conducted by OpenAI, a leading developer of large language models, and Apollo Research, an AI safety organization, OpenAI’s o3 model had a 13% covert action rate, while its o4-mini model schemed 8.7% of the time across 20 test environments before any “anti-scheming” measures were applied.

ChatGPT's cunning was observed in its thinking process (chain-of-thought, or CoT). When responding to various tasks, CoT traces provide partial transparency of AI cognition.

For example, the model faked being dumb when researchers asked it to evaluate itself to determine whether they needed to continue training it. The model intentionally provided lower scores, acknowledging the “sabotage” in the reasoning (CoT) step.

Given an impossible coding task, the model realized it was impossible, but claimed to fully complete it anyway.

Models were also observed breaking many rules, like falsifying surveys or input data, or secretly modifying protected configuration files while lying to users about what they had done. AI models often doubled down on their lies when asked about them.

They even sometimes demonstrate situational awareness – they act better when they realize researchers are evaluating them.

Researchers couldn’t eliminate bad behavior

The research focused on reducing such covert behaviour. However, while anti-scheming training significantly reduces covert action rates to below 0.5%, it doesn’t eliminate them completely.

“We still observe rare cases of serious misbehavior,” the Apollo researchers said.

They warned that the “anti-scheming” training might also teach large language models (LLMs) to scheme better, hiding it better and making detection harder.

“Imagine a stock trader whose goal is to maximize earnings. In a highly regulated field such as stock trading, it’s often possible to earn more by breaking the law than by following it. If the trader lacks integrity, they might try to earn more by breaking the law and covering their tracks to avoid detection, rather than earning less while following the law,” OpenAI explains.

“From the outside, a stock trader who is very good at covering their tracks appears as lawful as – and more effective than – one who is genuinely following the law.”

Despite developers’ intentions, all frontier models (researchers also tested Claude-4-Opus, Gemini-2.5-pro, Grok-4, and Llama-4) developed different goals and consistently engaged in deceptive behavior to pursue these goals.

Chrome gets an AI makeover, turning into a shopping assistant, researcher, and more

Quote:Chrome users can now summon AI from any webpage to answer any question.

Google is advancing its Chrome browser with AI capabilities by adding a number of new features.

The company says these enhancements will help Chrome better understand users' requests and explain more complex information, making browsing more productive and safe.

Among the ten new features is the rollout of Gemini to the browser for Windows and Mac users, allowing users to ask AI questions while browsing through different webpages. The AI-powered Chrome will also be available on mobile devices.

However, the company notes that this feature is currently only available for users in the US.

AI-powered Chrome as a personal assistant

Next on Google’s agenda is providing Chrome users with Gemini’s “agentic” capabilities, which would help them with tasks such as ordering groceries or making an appointment at a salon. All users would have to do is tell Gemini what they want to be done so it can go through the webpages and request these things on their behalf.

Besides shopping assistance, Gemini can also navigate through multiple tabs to compare and summarize information available on each tab. This will make it more convenient to plan a trip by creating an itinerary based on the information provided, for example.

More detailed search with Gemini-driven Chrome

With the latest Chrome update, users will no longer have to scroll through search history to find a website they visited in the past. Now, users can ask AI to find it for them via a prompt.

Google has also integrated Gemini into other Google apps, such as YouTube, Calendar, and Maps. This allows users to schedule meetings and check location details without leaving their current webpage.

Next month, the company will introduce users to Google Search AI Mode, which will allow them to summon AI from the Chrome address bar, also called omnibox. This AI Mode will provide users with answers to longer and more complex queries that require a deeper dive into the web.

Users will also be able to ask more questions related to the webpage they’re on, using the omnibox with Chrome. Chrome also provides questions based on the page context to help users with their search.

Chrome uses AI to enhance online safety
The company’s new Chrome upgrade also includes a few features that ensure user safety online.

With Gemini Nano, users get help identifying tech support scams that try to trick them into downloading unsafe software. In the future, the feature will also include the blocking of sites that include fake viruses or fake giveaways.

Firefox introduces new AI features, while some users beg for it to stop

Quote:Feature creep in Firefox version 143 brings Windows UI Automation and Copilot AI together with improvements in privacy protection. Google Lens support is rolled out gradually. However, some users feel that a privacy-focused browser integrating many third-party features has forgotten its identity.

Firefox 143 came out two days ago and introduced many quality of life improvements.

For a while now, Firefox users have been able to use an AI chatbot of their choice in the updated sidebar. However, the new version adds support for features from the big tech companies.

“Copilot from Microsoft can now be chosen as a chatbot to use in the sidebar for quick access without leaving your main view,” Mozilla announced.

Moreover, Firefox was updated to support Windows UI Automation, which allows users to control their computer using assistive technologies, such as speech.

This improves support when using Windows Voice Access, which allows users to control their PC and apps with spoken commands, also Narrator, which is Windows’ screen reader, or Text Cursor Indicator, which helps highlight text.

Users who use Google as their default search engine also noticed the inclusion of Google Lens, which is a search tool for images. According to PCWorld, this feature is rolling out gradually.

Google Lens lets users right-click an image and find more information about it on Google, such as visual matches, products, etc.

Mozilla reminds users that when they use a chatbot, they agree to that provider’s privacy policies and terms of use, which are likely much looser than Firefox’s own.

“You should verify any information you get from AI chatbots,” the support page states.

Mozilla also provides a guide for users to help minimize their data exposure when using chatbots.

At the same time, Firefox is expanding its privacy protections by masking more known online fingerprints.

Another strong privacy protection feature – encrypted DNS requests (DNS over HTTPS, DoH) – was recently added to Firefox on Android.

Other quality-of-life improvements include previewing the web camera in the permission dialog box when a site asks for camera access. The address bar can also show important dates and events.

Tabs will be pinned to the left of the tab strip when dragged to the beginning of it.

First in EU: Italy passes comprehensive AI law, limits access to kids

Quote:Italy has become the first European Union member state to enact a national law regulating AI. The scope of the new regulation is definitely broad and envisions jail time for the worst offenders.

The law establishes human-centric, transparent, and safe use of AI as its guiding principles, while also highlighting the importance of innovation, privacy, and cybersecurity.

The regulation extends across healthcare, workplaces, education, justice, public administration, and even sports. In each of these domains, the law requires AI systems to remain traceable and subject to human oversight.

Those who use the technology to cause harm by, for example, generating AI deepfakes, might be imprisoned. The law introduces prison sentences of between one and five years for the illegal use of AI tools.

Penalties will also apply for using AI to commit crimes such as fraud and identity theft, and children under the age of 14 will need parental consent to access AI.

“This law brings innovation back within the perimeter of the public interest, steering AI toward growth, rights, and full protection of citizens,” said Alessio Butti, Italy’s undersecretary for digital transformation.

On copyright, works created with AI assistance are protected if they result from intellectual effort, while AI-driven text and data mining are allowed only for non-copyrighted content or scientific research by authorized institutions.

In healthcare, AI can assist diagnosis and care under certain conditions, with doctors retaining final decision-making and patients maintaining the right to be informed. Finally, for workplaces, the law requires employers to inform workers when AI is being deployed.

In 2023, Italy suspended ChatGPT for non-compliance with the EU’s General Data Protection Regulation.

Italy’s new law is part of a larger European framework, following the EU’s AI Act, which went into effect in August 2024.

That particular law bans certain AI systems outright, including discriminatory social scoring and real-time biometric identification outside narrowly defined contexts. High-risk systems, such as those used in law enforcement, migration, or healthcare, are subject to strict requirements.

However, Italy has also been consistent regarding national AI regulation. In 2023, Rome suspended ChatGPT for non-compliance with the EU’s General Data Protection Regulation and only lifted the temporary ban when OpenAI added new privacy and verification tools to the chatbot.

China's DeepSeek says its hit AI model cost just $294,000 to train

Quote:Chinese AI developer DeepSeek said it spent $294,000 on training its R1 model, much lower than figures reported for US rivals, in a paper that is likely to reignite debate over Beijing's place in the race to develop artificial intelligence.

The rare update from the Hangzhou-based company - the first estimate it has released of R1's training costs - appeared in a peer-reviewed article in the academic journal Nature published on Wednesday.

DeepSeek's release of what it said were lower-cost AI systems in January prompted global investors to dump tech stocks as they worried the new models could threaten the dominance of AI leaders including Nvidia.

Since then, the company and founder Liang Wenfeng have largely disappeared from public view, apart from pushing out a few new product updates.

The Nature article, which listed Liang as one of the co-authors, said DeepSeek's reasoning-focused R1 model cost $294,000 to train and used 512 Nvidia H800 chips. A previous version of the article published in January did not contain this information.

Training costs for the large-language models powering AI chatbots refer to the expenses incurred from running a cluster of powerful chips for weeks or months to process vast amounts of text and code.

Sam Altman, CEO of US AI giant OpenAI, said in 2023 that the training of foundational models had cost "much more" than $100 million - though his company has not given detailed figures for any of its releases.

Some of DeepSeek's statements about its development costs and the technology it used have been questioned by US companies and officials.

The H800 chips it mentioned were designed by Nvidia for the Chinese market after the US in October 2022 made it illegal for the company to export its more powerful H100 and A100 AI chips to China.

US officials told Reuters in June that DeepSeek has access to "large volumes" of H100 chips that were procured after US export controls were implemented. Nvidia told Reuters at the time that DeepSeek has used lawfully acquired H800 chips, not H100s.

In a supplementary information document accompanying the Nature article, the company acknowledged for the first time it does own A100 chips and said it had used them in preparatory stages of development.

"Regarding our research on DeepSeek-R1, we utilized the A100 GPUs to prepare for the experiments with a smaller model," the researchers wrote. After this initial phase, R1 was trained for a total of 80 hours on the 512 chip cluster of H800 chips, they added.

Reuters has previously reported that one reason DeepSeek was able to attract the brightest minds in China was because it was one of the few domestic companies to operate an A100 supercomputing cluster.

When you are used to Thief

stealing contents, I mean, Sarcasm

"scanning the web for free resources only", it's easy to keep Cash

costs quite low.

HACKERS HATE SUSHI?

Hackers claim attack on the US's biggest sushi supplier – again?

Quote:A church-run sushi supplier, the biggest in the US, may be facing its second major cyberattack in a year, with new leaked data raising questions about another breach.

A ransomware gang named Lynx posted a note on its dark web leak site, claiming to have stolen data from the largest US sushi and seafood provider, the True World Group LCC. Publishing warnings on the dark web is a common tactic to pressure victims into paying ransom.

While the threat actors did not specify the scope of the breach, the post includes images of stolen data, suggesting that they’re in possession of highly sensitive information. The data samples include financial data, invoices showing transactions and sums, as well as employee data.

This isn’t the first time the conglomerate has been attacked. In 2024, True World Holdings LLC informed over 8,500 individuals about a security incident that affected their personal data. Threat actors breached the company’s systems and copied files containing the data of current and former employees.

If the latest breach claims are true, it could indicate a new attack on the conglomerate. While the data seems to be the same as that in the 2024 breach, Cybernews researchers have checked the data samples and noticed that some documents are dated 2025.

“The leaked data could be used by competitors to gather business intelligence data.

Employee data could be used for identity theft, targeted phishing attacks,” our research team explained.

Cybernews has reached out to the company for confirmation, but a response is yet to be received.

True World and its subsidiaries provide food service, manage Japanese restaurants and grocery store chains, own Noble Fish and White Wolf Japanese Patisserie brands, and operate a fleet of fishing vessels. Currently, the company employs around 1000 people worldwide.

The conglomerate is run by the controversial Unification Church, which was founded in South Korea by Sun Myung Moon.

I don't know if we should call the Unification church (known as the Moonies from South Korea) a real church because they behave pretty much like a sect. Previously, they had cyber-attacked an Austrian company.

HACKERS NOW IMPERSONATING THE CYBER-AUTHORITIES

FBI warns bad actors are spoofing the IC3 cybercrime reporting website

Quote:The FBI on Friday warns that cybercriminals are creating fake versions of its Internet Crime Complaint Center (IC3) website, a site used by the public to report online cyber scams.

The US Federal Bureau of Investigation says unsuspecting victims who visit these fake IC3 websites may inadvertently open themselves or their devices to malicious actors trying to steal personal information to carry out future cyberattacks.

“Members of the public could unknowingly visit spoofed websites while attempting to find the FBI IC3's website to submit an IC3 report,” the latest PSA states. This allows the threat actors to grab information typed into the fake complaint, essentially victimizing the user again.

Personally identifiable information sought after by the fraudsters can include sensitive details such as name, home address, phone number, email address, and banking information – putting the user at risk for identity theft, financial scams, and social engineering attacks.

In April, the FBI revealed it had received over 100 IC3 impersonation scam reports between December 2023 and February 2025, of cyber actors offering to help victims found on social media recover lost funds.

How to recognize a spoofed IC3 web address

A spoofed website is designed to mimic a legitimate website, the FBI said, tricking the users with slightly altered characteristics, including the use of misspelled URLs or other words, alternative top-level domains, suspicious artifacts, and unprofessional or low-quality graphics.

The FBI reminds users that all secure, official US government organization websites will use a “.gov” extension and “HTTPS” in their website address, as shown here with the IC3 URL, “https://www.ic3.gov/.”

Furthermore, when navigating to IC3's official website, the agency says users should always type “www.ic3.gov” directly into the address bar located at the top of their Internet browser, rather than using a search engine.

If you are using a search engine, the FBI says to avoid any "sponsored" results, as scammers often use these paid-for results to reroute traffic from the legitimate IC3 website.

Internet users are also reminded to only share sensitive information on official, secure .gov websites showing a lock ( ) or https://, which guarantees you’ve safely connected to a .gov website.

How to protect yourself from IC3 scams

Run by the FBI, the IC3 handles complaints covering an array of internet crimes, including fraud schemes such as identity theft, phishing, spam, reshipping, auction fraud, payment fraud, counterfeit goods, romance scams, and non-delivery of goods.

The FBI provides several tips to help protect victims against IC3 impersonation scams:

Scammers will change aliases and tactics; however, the scheme generally remains the same.

Never share sensitive information with people you have met only online or over the phone.

Do not send money, gift cards, cryptocurrency, or other assets to people you do not know or have met only online or over the phone.

The IC3 will not ask for payment to recover lost funds, nor will the IC3 refer a victim to a company requesting payment for recovering funds.

The IC3 does not maintain any social media presence.

The IC3 will never directly communicate with individuals via phone, email, social media, phone apps, or public forums.

To make an online fraud complaint or report other suspicious activity, you can contact the FBI’s Internet Crime Complaint Center at www.ic3.gov.

HACKERS AGAINST LONDON TRANSPORT SYSTEM

Police arrest and charge two teenage suspects for Transport for London cyberattack

Quote:On Tuesday, British police arrested two teenagers on suspicion of involvement in last year’s cyberattack on Transport for London (TfL).

The suspects, Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were arrested at their homes by the National Crime Agency (NCA) and City of London police.

Both men are being charged with conspiring to commit unauthorized acts against the TfL, as dictated in the Computer Misuse Act.

Flowers, 18, has also been accused of conspiring to infiltrate and damage the IT networks of SSM Health Care Corporation and Sutter Health, two United States healthcare providers.

Additionally, Jubair has been charged with failing to disclose the passwords of the devices that were seized from him by law enforcement officers under the Regulation of Investigatory Powers Act 2000, or RIPA Act, a law from the United Kingdom that regulates how public bodies conduct surveillance and access communication.

Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said that these charges are a “key step” in a “lengthy and complex investigation.”

“Our prosecutors have worked to establish that there is sufficient evidence to bring the case to trial and that it is in the public interest to pursue criminal proceedings. We have worked closely with the National Crime Agency as they carried out their investigation,” Hannah Von Dadelszen, Chief Crown Prosecutor for the Crown Prosecution Service, added.

In September 2024, TfL disclosed that it had been hit by a cyberattack. During the attack, customer data was stolen, including full names, contact information, and postal addresses. Information about Oyster card refunds for 5,000 people, including account information, was also obtained.

A criminal operation called Scattered Spider was held responsible for the cyberattack on TfL. Shortly after the attack, the then 17-year-old Flowers was arrested by British authorities.

HACKERS HIT SOUTH KOREAN TECH CONGLOMERATE & BITBUCKET

Hackers say they’ve jacked SK Telecom’s source code

Quote:Hackers claim to have infiltrated SK Telecom’s systems, allegedly stealing source code and exposing sensitive internal projects. It could be the company’s second cyber blow this year.

An unidentified threat actor is claiming a breach of SK Telecom (SKT), South Korea’s multi-manufacturing and telecommunications conglomerate. The post appeared on a well-known data leak forum.

The hackers claim the stolen files contain source code for several internal projects, build configs, Dockerfiles, and even exposed AWS access keys.

Cybernews researchers have investigated the claim, and it appears that attackers obtained the source code for multiple company projects by compromising an employee's Bitbucket account. Bitbucket is a web-based source code hosting platform owned by Atlassian.

The shared data samples suggest that attackers potentially accessed projects named:
skt-user-syncer

SKCarAuth

SKCrashLogger

SK_AQI_DAEMON

“The source code does not inherently allow the attacker to access secrets, keys, passwords used in the production environment, nor does it inherently affect the security of private user data,” our researchers said.

However, this could still affect the company’s overall security posture. According to researchers, hackers could examine the source code for potential vulnerabilities that could be exploited in production systems.

“Other individuals and companies could copy their code for their own implementations, resulting in intellectual property theft,” added the researchers.
Cybernews has contacted the company, but a response has yet to be received.

The telecommunications giant had a rough year. In April, the company suffered a ransomware attack by the Qilin ransomware gang. The attackers claimed to have stolen 1TB of data. At the end of April, SK Telecom informed customers of the situation and started a free SIM swap service for all its customers.

To accommodate the swap, the company had to halt new sign-ups until it had changed SIM cards for those affected by the cyberattack.

SK Telecom operates 175 companies with over 80,000 employees

The SK Group is a leader in the energy, telecommunications, and semiconductor industries, operating more than 175 companies globally, including in the Information and Communications Technology (ICT), advanced materials, biopharmaceuticals, mobility, life sciences, and EV batteries sectors, the company’s website states.

With over 23 million customers representing about 50% of the nation’s market share, the company boasts its own music platform, operates several professional sports teams, recently launched Korea’s largest AI semiconductor manufacturing company, and has its own strategic investment division, SK Telecom Americas, operating out of Silicon Valley, California.

ITALIAN POST HACKED?

Hackers claim breach of Italian post, researchers disagree

Quote:Attackers are boasting that they’ve obtained over a million records from Italy’s national post, Poste Italiane. However, the Cybernews research team says the supposed leak looks a lot like old data with made-up details.

The attackers announced the supposed Poste Italiane data breach on a popular data leak forum used to trade in stolen details. They claim they have obtained a large database that includes Poste Italiane customer names, tax codes, and other personal details.

Poste Italiane is the Italian postal service provider, co-owned between public development bank Cassa Depositi e Prestiti (CDP) and Italy’s Ministry of Economy and Finance. The company’s yearly revenue exceeds €12 billion ($14 billion), while its staff numbers 120,000.

The company told Cybernews that while it is aware of the attacker claims, no data was taken from its systems. Moreover, Poste Italiane did not experience any disturbances to its daily operations.

“No data has been stolen or transferred from our information systems. The operation and security of the company's digital services have not been compromised. Poste Italiane reiterates that customer security is a priority and urges users to never disclose their login credentials, to change their passwords periodically, and to not use the same credentials for different accounts and services,” Poste Italiane representative tol Cybernews.

Meanwhile, the Cybernews research team looked into a data sample that attackers attached to the alleged sale. The team noticed several strange issues with the data. For example, several fields in the allegedly stolen database appear to be made.

“Looks like they took a large dataset of stealer logs, filtered out accounts for Poste Italiane, and then tried to enrich the data with fields such as tax code and date of birth. The data also includes duplicates as well as incomplete entries, such as missing email addresses,” the team said.

Our researchers concluded that the post’s authors enriched data from older data leaks to make it look more dangerous than it actually is. In other words, Poste Italiane has not suffered a novel data breach.

Attackers could have several reasons for posting old data and asking for money for it. Most obviously, with “no honor among thieves” in mind, the attackers likely want to see if anyone would be willing to pay, even for older information.

Paradoxically, another motive could be linked to reputation-building. Data leak sites heavily rely on what others think about them and novice users need to establish that they have something to offer. And boasting of having data from one of Europe’s largest postal services will not go unnoticed.

Others could post similar datasets to test how secure the forum itself is or even try to set up honeypot datasets that lure in criminals who might later inadvertently reveal their identities to law enforcement agencies.

Updated on September 19th [09:00 a.m. GMT] with a statement from Poste Italiane.

TRUMP ON TIKTOK

MICROSOFT'S SECOND DATA CENTER IN WISCONSIN

Microsoft pledges $4 billion to build second Wisconsin data center

Quote:Microsoft on Thursday said it plans to build a second massive artificial intelligence data center in Wisconsin, bringing its spending in the state to more than $7 billion.

The new $4 billion project will join a $3.3 billion data center in Mount Pleasant in the southeastern corner of the state, announced last year.

Microsoft said the initial data center remains on track to open next year and will employ about 500 people at its peak, expanding to about 800 once the second data center is complete.

It said with the addition of the second large-scale data center, the site would eventually house the world's most powerful AI supercomputer, connecting together hundreds of thousands of powerful chips from Nvidia.

The area in Racine County, which sits nestled between Milwaukee and Chicago, has drawn the attention of U.S. presidents of both political parties in recent years.

It was initially the site of a proposed $10 billion factory by electronics manufacturing giant Foxconn, which builds phones for Apple and others, during the first term of President Donald Trump, but those plans were drastically scaled back.

At Microsoft's unveiling of the first data center last year, US President Joe Biden, then running against Trump for a second time, highlighted Foxconn's pullback at the site.

Microsoft said on Thursday that it plans to pre-pay for electrical infrastructure to avoid raising electricity rates in the region and that a state-of-the-art cooling system will tap into Wisconsin's cool climate and reduce the data center's yearly water use to that of an average restaurant.

The company plans to build solar power in a different part of Wisconsin to offset its energy use at the data centers, but Microsoft President Brad Smith said the project will entail new fossil fuel power generation near the facilities.

The driving factor was "what can be built in a particular area," Smith said in an interview. "This is (liquefied natural gas) territory."

He said that the 800 permanent jobs the data centers create will be fewer than the thousands of jobs required to construct them but that there will still be jobs for skilled pipefitters and electricians.

"All the things that we build need to be operated," Smith told Reuters. "It needs to be maintained. These are good jobs."

CANADA CONFISCATES CRYPTOCURRENCY ASSETS

Canada confiscates $41M in crypto, based on "belief"

Quote:Canadian law enforcement said it has carried out the largest crypto seizure in the country’s history, once again reminding users that crypto assets on centralized platforms can be confiscated even without hard evidence.

The Royal Canadian Mounted Police (RCMP) confirmed that it seized more than CAD 56 million ($41 million) from TradeOgre, a crypto exchange that was shut down by Canadian authorities.

"Investigators have reason to believe that the majority of funds transacted on TradeOgre came from criminal sources," the RCMP said, without elaborating on the evidence.

Law enforcement emphasized that the main attraction of crypto platforms that don’t require users to identify themselves is that they help hide the source of funds, adding that "this is a common tactic used by criminal organizations that launder money."

In any case, the investigation is still ongoing, as police continue to analyze the transaction data obtained from TradeOgre, and charges may follow.

The RCMP began looking into the platform in June 2024, after receiving a tip from Europol.

"Specifically, it failed to register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as a money services business and did not identify its clients," the police said.

Meanwhile, the news sparked backlash from the crypto community. Popular blockchain sleuth ZachXBT, who collaborates with law enforcement, criticized the RCMP for not prosecuting other threat actors.

Additionally, security expert and researcher Taylor Monahan from MetaMask, the most popular ethereum (ETH) wallet, reacted: "Sorry to contradict your 'beliefs' but last time I checked, my friends and I are not criminals."

"Very much looking forward to seeing the evidence, and for you to provide recourse to ALL innocent parties you stole money from without notification and without due process," she added.

Evan Thomas, General Counsel at Alluvial, a company developing crypto staking products, emphasized that the police likely obtained a court order to seize the crypto assets, as this is permitted by the Canadian Criminal Code in cases "where there are reasonable grounds to believe it is proceeds of crime."

"Unfortunately, anyone who has their crypto tied up in this will probably need a good criminal lawyer to take a run at the warrant or convince the police/court to return what’s theirs," Thomas concluded.

Login
Username:
Password:	Lost Password?
	Remember me