I've investigated 'stalkerware' for five years. Here's what I've learned Stalkerware is a pervasive surveillance used by millions around the world, but these operations keep getting hacked and leaking victims' private phone data.

I was featured in a UK documentary about stalkerware, an insidious kind of phone surveillance I've investigated for years.

In this deep-dive for this.weekinsecurity.com, I look back at what I've learned during my investigations, why stalkerware is a global threat, and what actually gives me hope.

AI browsers are a hot mess of security risks AI-enabled web browsers are putting their users' data, security, and privacy at risk from rudimentary prompt injection attacks.

It's Friday and you've probably had enough cyber... but I'm re-upping my story on this.weekinsecurity.com about how AI browsers are shipping with security bugs that put your private data (saved passwords, credit cards, browsing history) at risk.

Here's why AI browsers aren't safe for general use.

Discord says users' government IDs used for age checks stolen by hackers Thanks to age verification laws, expect more data breaches of users' government-issued passports and driver's licenses.

Discord said late on Friday that hackers stole users' government-issued IDs (passports and driver's licenses) from one of its customer support databases.

I wrote a few words about the risks of age verification laws, and why collecting people's government IDs is bad for security and privacy.

a young boy wearing a yellow spongebob pajama top ALT: a young boy wearing a yellow spongebob pajama top

Sigh, we all know people can’t get work done anywhere other than the office /s

Wild to me that a CEO sets goals about outcomes that have nothing to do with the business (are customers more satisfied? Is the product more reliable? Etc.)

Setting the goal of what % of code should be AI-generated is as useful as setting the goal of how many lines of code devs should write per day

A big round of applause to Ars.

I really want to see what the submission was to Defcon that got accepted, because this was bad.

I went down to one monitor for just that very reason, it was never good enough or that little gap I couldn’t get rid of

AI Is Forcing the Return of the In-Person Job Interview More companies are returning to the old-school, face-to-face meeting to combat cheating by candidates and more ominous digital threats

Companies forcing five days in-office for Zoom calls while still doing remote interviews is peak unseriousness.

In an era of ChatGPT and North Korean hackers slipping through hiring processes, it shows a clueless grasp of where the real threats are.

Le sigh... (at the article)

This isn't bypassing FIDO auth (it's called passkeys now btw). It's just asking the user to use a weaker method that they were allowed to use.

The solution is to randomize the password so nobody knows it, and if you can't, use auth strengths to prevent weaker methods

I had to look this up, 1000000000000%

I suspect the major negative fallout of vibe coding isn’t going to be taking jobs from software developers but instead an epidemic of insecure apps that get hacked with ease

😀 Seriously surprisingly good movie!

Definitely will be missed! You are a force of nature! Enjoy retirement!!

I love Lucidchart! And shockingly, they’re one of the few companies that implemented AI in a meaningful way!

a close up of a cat laying on a table with the word nope written on the bottom . ALT: a close up of a cat laying on a table with the word nope written on the bottom .

I debated for a second, exactly one second

Did I go a little crazy? Yes. Am I proud of it? Absolutely!

I'll be at Identiverse on June 3-6th, come say hello at the Microsoft Security booth (Booth # 613)!!!

A piece of career advice I give people I mentor is to go where you are valued. It means it’s important to be in a role where you are respected, recognized and rewarded.

Sometimes despite tenure, it’s better to leave and accelerate your career trajectory versus staying where you’ve been written off.

It just hurt my insides every time I heard someone say it any other way. Not trying to gate keep, but I feel like we haven’t done a good job of communicating how it’s actually said.

How to Pronounce Microsoft Entra YouTube video by Steve Turner

youtu.be/bz2cl1yCErs?...

I think there must be some dust in here or something 😭

A light blue rivian r1t truck in front of a hour with an American flag to the left of it

So happy to be rid of my swasticar. #rivian