us-technology

Calvin Wankhede / Android Authority Police in Spain have reportedly started profiling people based on their phones; specifically, and surprisingly, those carrying Google Pixel devices. Law enforcement officials in Catalonia say they associate Pixels with crime because drug traffickers are increasingly turning to these phones. But it’s not Google’s secure Titan M2 chip that has criminals favoring the Pixel — instead, it’s GrapheneOS, a privacy-focused alternative to the default Pixel OS. As someone who has used a Pixel phone with GrapheneOS, I find this assumption a bit unsettling. I have plenty of reasons to use GrapheneOS, and avoiding law enforcement isn’t on the list at all. In fact, I think many Pixel users would benefit from switching to GrapheneOS over the default Android operating system. And no, my reasons don’t have anything to do with criminal activity. Why I use and recommend GrapheneOS A privacy-focused operating system may seem more trouble than it’s worth. But when I replaced Google’s Pixel OS with GrapheneOS, I found it to be a transformative experience. For one, the installation was painless, and I didn’t lose any modern software features. Installing aftermarket operating systems used to equal a compromised smartphone experience, but I didn’t find that to be true in the case of GrapheneOS. Case in point: even though GrapheneOS doesn’t include any Google services, I was surprised to find that you can install the Play Store with relative ease and almost all apps work flawlessly — even most banking ones. This is impressive for any open-source fork of Android, but GrapheneOS goes above and beyond in that it also has some major privacy and security benefits. Primarily, it locks down various parts of Android to reduce the number of attack vectors and enforces stricter sandboxing to ensure that apps remain isolated from each other. GrapheneOS just works, with almost no feature or usability compromises. Take Google apps as an example. On almost all Android phones sold outside China, Google has far-reaching and system-level access to everything: your precise location, contacts, app usage, network activity, and a load of other data. You cannot do anything to stop it, whether you’d like to or not. However, you can with GrapheneOS because it treats Google apps like any other piece of unknown software. This means Google apps are forced to run in a sandbox where they have limited access to your data. GrapheneOS’ sandboxing extends to invasive apps like Google Play Services and the Play Store. You can explicitly disable each and every permission for these apps manually — in fact, most permissions are disabled by default. Even better, you can create different user profiles to isolate apps that require lots of permissions. GrapheneOS can forward notifications to the primary user profile, unlike stock Android. GrapheneOS limits Google’s reach into your phone more than any other flavor of Android. On the subject of app permissions, GrapheneOS builds on that, too. For example, you can stop apps from accessing the internet and reading your device’s sensors — stock Android doesn’t expose such granular control. And while Android permissions often take the all-or-nothing approach, GrapheneOS lets you select only the exact contacts, photos, or files that you want visible to an app. Finally, my favorite GrapheneOS feature is the ability to set a duress PIN. When entered, this secondary PIN will initiate a permanent deletion of all data on the phone, including installed eSIMs. If I’m ever forced to give up my phone’s password, I can take solace in the fact that the attacker will not have access to my data. If you have nothing to hide… You might be wondering: if I don’t have anything to hide, why should I bother using GrapheneOS? That’s a fair question, but it misses the point. I don’t use GrapheneOS because I have something to hide — I use it to exercise control over the device I own. I find it comforting that Google cannot collect data to nearly the same extent if I use GrapheneOS instead of Pixel OS. The benefits of using GrapheneOS extend far beyond just hiding from Google, though, and it’s why the project has landed under the scanner of law enforcement. I believe that GrapheneOS catching attention from law enforcement just proves how much it raises the bar on privacy. GrapheneOS has built a number of app isolation-based safeguards to ensure that your phone cannot be infected remotely. The technical details are longer than I can list, but in essence, the developers stripped out parts of Android’s code that could be exploited by bad actors. Some security improvements have even been suggested and incorporated into AOSP, meaning GrapheneOS’ efforts have made all of our devices a tiny bit more secure. Does GrapheneOS take privacy and security too far? Megan Ellis / Android Authority GrapheneOS is one of many tools that now face suspicion and political pressure simply for making surveillance harder. Take the Signal app as another example. The encrypted messaging app has been repeatedly targeted by EU lawmakers in recent years. Specifically, a proposed “Chat Control” legislation would compel secure messaging platforms to scan all communication — including those protected by end-to-end encryption — for illegal content such as Child Sexual Assault Material. Messaging apps in the EU would be required to scan private communications before they’re encrypted, on the user’s device, and report anything that looks suspicious. While encryption itself wouldn’t be banned, Signal’s developers have rightly pointed out that mandatory on-device scanning essentially equals a backdoor. A rogue government could misuse these privileges to spy on dissenting citizens or political opponents, while hackers might be able to steal financial information. Regulators have long asked privacy apps to compromise on their singular mission: privacy. There’s a bitter irony here, too, as GrapheneOS recently pointed out in a tweet. The Spanish region of Catalonia was at the center of the massive Pegasus spyware scandal in 2019. Pegasus, a sophisticated surveillance tool sold exclusively to governments, was reportedly used to hack phones belonging to Members of

What if we could permanently remove the toxic “forever chemicals” contaminating our water? That’s the driving force behind Michigan-based startup Enspired Solutions, founded by environmental toxicologist Denise Kay and chemical engineer Meng Wang. The duo left corporate consulting in the rearview mirror to take on one of the most pervasive environmental challenges: PFAS. “PFAS is referred to as a forever chemical because it is so resistant to break down,” says Kay. “It does not break down naturally in the environment, so it just circles around and around. This chemistry, which would break that cycle and break the molecule apart, could really support the health of all of us.” Basing the company in Michigan was both a strategic and a practical strategy. The state has been a leader in PFAS regulation with a startup infrastructure—buoyed by the Michigan Economic Development Corporation (MEDC)—that helped turn an ambitious vision into a viable business. From intellectual property analyses to forecasting finances and fundraising guidance, the MEDC’s programs offered Kay and Wang the resources to focus on building their PFASigator: a machine the size of two large refrigerators that uses ultraviolet light and chemistry to break down PFAS in water. In other words, “it essentially eats PFAS.” Despite the support from the MEDC, the journey has been far from smooth. “As people say, being an entrepreneur and running a startup is like a rollercoaster,” Kay says. “You have high moments, and you have very low moments when you think nothing’s ever going to move forward.” Without revenue or salaries in the early days, the co-founders had to be sustained by something greater than financial incentive. “If problem solving and learning new talents do not provide sufficient intrinsic reward for a founder to be satisfied throughout what I guarantee will be a long duration effort, then that founder may need to reset their expectations. Because the financial rewards of entrepreneurship are small throughout the process.” Still, Kay remains optimistic about the road ahead for Enspired Solutions, for clean water innovation, and for other founders walking down a similar path. “Often, founders are coached about formulas for fundraising, formulas for startup success. Learning those formulas and expectations is important, but it’s also important to not forget that it’s your creativity and innovation and foresight that got you to the place you’re in and drove you to start a company. Ultimately, people still want to see that shine through.” This episode of Business Lab is produced in partnership with the Michigan Economic Development Corporation. Full Transcript Megan Tatum: From MIT Technology Review, I’m Megan Tatum. This is Business Lab, the show that helps business leaders make sense of new technologies coming out of the lab and into the marketplace. Today’s episode is brought to you in partnership with the Michigan Economic Development Corporation. Our topic today is launching a technology startup in the US state of Michigan. Building out an innovative idea into a viable product and company requires knowledge and resources that individuals might not have. That’s why the Michigan Economic Development Corporation, or the MEDC, has launched an innovation campaign to support technology entrepreneurs. Two words for you: startup ecosystem. My guest is Dr. Denise Kay, the co-founder and CEO at Enspired Solutions, a Michigan-based startup focused on removing synthetic forever chemicals called PFAS from water. Welcome, Denise. Dr. Denise Kay: Hi, Megan. Megan: Hi. Thank you so much for joining us. To get us started, Denise, I wondered if we could talk about Enspired Solutions a bit more. How did the idea come about, and what does your company do? Denise: Well, my co-founder, Meng, and I had careers in consulting, advising clients on the fate and toxicity of chemicals in the environment. What we did was evaluate how chemicals moved through soil, water, and air, and what toxic impact they might have on humans and wildlife. That put us in a really unique position to see early on the environmental and health ramifications of the manmade chemical PFAS in our environment. When we learned of a very novel and elegant chemistry that could effectively destroy PFAS, we could foresee the value in making this chemistry available for commercial use and the potential for a significant positive impact on maintaining healthy water resources for all of us. Like you mentioned, PFAS is referred to as a forever chemical because it is so resistant to break down. It does not break down naturally in the environment, so it just circles around and around. This chemistry, which would break that cycle and break the molecule apart, could really support the health of all of us. Ultimately, Meng and I quit our jobs, and we founded Enspired Solutions. Our objective was to design, manufacture, and sell commercial-scale equipment that destroys PFAS in water based on this laboratory bench-scale chemistry that had been discovered, the goal being that this toxic contaminant does not continue to circulate in our natural resources. At this point, we have won an award from the EPA and Department of Defense, and proven our technology in over 200 different water samples ranging from groundwater, surface water, landfill leachate, industrial wastewater, [and] municipal wastewater. It’s really everywhere. What we’re seeing traction in right now is customer applications managing semiconductor waste. Groundwater and surface water around airports tend to be high in PFAS. Centralized waste disposal facilities that collect and manage PFAS-contaminated liquids. And also, even transitioning firetrucks to PFAS-free firefighting foams. Megan: Fantastic. That’s a huge breadth of applications, incredible stuff. Denise: Yeah. Megan: You launched about four years ago now. I wondered what factors made Michigan the right place to build and grow the company? Denise: That is something we put a lot of thought into, because I live in Michigan, and Meng lives in Illinois, so when it was just the two of us, there was even that, “Okay, what is going to be our headquarters?” We looked at a number of factors. Some of the things we considered were rentable incubator space. By

Plus: what’s going on with America’s data centers? This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. This startup wants to use beams of energy to drill geothermal wells Geothermal startup Quaise certainly has an unconventional approach when it comes to destroying rocks: it uses a new form of drilling technology to melt holes through them. The company hopes it’s the key to unlocking geothermal energy and making it feasible anywhere. Quaise’s technology could theoretically be used to tap into the Earth’s heat from anywhere on the globe. But some experts caution that reinventing drilling won’t be as simple, or as fast, as Quaise’s leadership hopes. Read the full story. —Casey Crownhart Five things you need to know about AI right now —Will Douglas Heaven, senior editor for AI Last month I gave a talk at SXSW London called “Five things you need to know about AI”—my personal picks for the five most important ideas in AI right now.  I aimed the talk at a general audience, and it serves as a quick tour of how I’m thinking about AI in 2025. There’s some fun stuff in there. I even make jokes!  You can now watch the video of my talk, but if you want to see the five I chose right now, here is a quick look at them. This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. Why it’s so hard to make welfare AI fair There are plenty of stories about AI that’s caused harm when deployed in sensitive situations, and in many of those cases, the systems were developed without much concern to what it meant to be fair or how to implement fairness. But the city of Amsterdam spent a lot of time and money to try to create ethical AI—in fact, it followed every recommendation in the responsible AI playbook. But when it deployed it in the real world, it still couldn’t remove biases. So why did Amsterdam fail? And more importantly: Can this ever be done right? Join our editor Amanda Silverman, investigative reporter Eileen Guo and Gabriel Geiger, an investigative reporter from Lighthouse Reports, for a subscriber-only Roundtables conversation at 1pm ET on Wednesday July 30 to explore if algorithms can ever be fair. Register here! The must-reads I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology. 1 America’s grand data center ambitions aren’t being realized A major partnership between SoftBank and OpenAI hasn’t got off to a flying start. (WSJ $)+ The setback hasn’t stopped OpenAI opening its first DC office. (Semafor) 2 OpenAI is partnering with the UK governmentIn a bid to increase its public services’ productivity and to drive economic growth. (BBC)+ It all sounds pretty vague. (Engadget) 3 The battle for AI math supremacy is heating upGoogle and OpenAI went head to head in a math competition—but only one played by the rules. (Axios)+ The International Math Olympiad poses a unique challenge to AI models. (Ars Technica)+ What’s next for AI and math. (MIT Technology Review) 4 Mark Zuckerberg’s secretive Hawaiian compound is getting biggerThe multi-billionaire is sinking millions of dollars into the project. (Wired $) 5 India’s back offices are meeting global demand for AI expertise New ‘capability centers’ could help to improve the country’s technological prospects. (FT $)+ The founder of Infosys believes the future of AI will be more democratic. (Rest of World)+ Inside India’s scramble for AI independence. (MIT Technology Review) 6 A crime-tracking app will share videos with the NYPDPublic safety agencies will have access to footage shared on Citizen. (The Verge)+ AI was supposed to make police bodycams better. What happened? (MIT Technology Review) 7 China has a problem with competition: there’s too much of itIts government is making strides to crack down on price wars within sectors. (NYT $)+ China’s Xiaomi is making waves across the world. (Economist $) 8 The metaverse is a tobacco marketer’s playground 🚬Fed up of legal constraints, they’re already operating in unregulated spaces. (The Guardian)+ Welcome to the oldest part of the metaverse. (MIT Technology Review) 9 How AI is shaking up physicsModels are suggesting outlandish ideas that actually work. (Quanta Magazine) 10 Tesla has opened a diner that resembles a spaceshipIt’s technically a drive-thru that happens to sell Tesla merch. (TechCrunch) Quote of the day  “If you can pick off the individuals for $100 million each and they’re good, it’s actually a bargain.” —Entrepreneur Laszlo Bock tells Insider why he thinks the eye-watering sums Meta is reportedly offering top AI engineers is money well spent. One more thing The world’s first industrial-scale plant for green steel promises a cleaner futureAs of 2023, nearly 2 billion metric tons of steel were being produced annually, enough to cover Manhattan in a layer more than 13 feet thick. Making this metal produces a huge amount of carbon dioxide. Overall, steelmaking accounts for around 8% of the world’s carbon emissions—one of the largest industrial emitters and far more than such sources as aviation. A handful of groups and companies are now making serious progress toward low- or zero-emission steel. Among them, the Swedish company Stegra stands out. The startup is currently building the first industrial-scale plant in the world to make green steel. But can it deliver on its promises? Read the full story. —Douglas Main Read More

A beam of energy hit the slab of rock, which quickly began to glow. Pieces cracked off, sparks ricocheted, and dust whirled around under a blast of air.  From inside a modified trailer, I peeked through the window as a millimeter-wave drilling rig attached to an unassuming box truck melted a hole into a piece of basalt in less than two minutes. After the test was over, I stepped out of the trailer into the Houston heat. I could see a ring of black, glassy material stamped into the slab fragments, evidence of where the rock had melted.   This rock-melting drilling technology from the geothermal startup Quaise is certainly unconventional. The company hopes it’s the key to unlocking geothermal energy and making it feasible anywhere. Geothermal power tends to work best in those parts of the world that have the right geology and heat close to the surface. Iceland and the western US, for example, are hot spots for this always-available renewable energy source because they have all the necessary ingredients. But by digging deep enough, companies could theoretically tap into the Earth’s heat from anywhere on the globe. That’s a difficult task, though. In some places, accessing temperatures high enough to efficiently generate electricity would require drilling miles and miles beneath the surface. Often, that would mean going through very hard rock, like granite. Quaise’s proposed solution is a new mode of drilling that eschews the traditional technique of scraping into rock with a hard drill bit. Instead, the company plans to use a gyrotron, a device that emits high-frequency electromagnetic radiation. Today, the fusion power industry uses gyrotrons to heat plasma to 100 million °C, but Quaise plans to use them to blast, melt, and vaporize rock. This could, in theory, make drilling faster and more economical, allowing for geothermal energy to be accessed anywhere.   Since Quaise’s founding in 2018, the company has demonstrated that its systems work in the controlled conditions of the laboratory, and it has started trials in a semi-controlled environment, including the backyard of its Houston headquarters. Now these efforts are leaving the lab, and the team is taking gyrotron drilling technology to a quarry to test it in real-world conditions.  Some experts caution that reinventing drilling won’t be as simple, or as fast, as Quaise’s leadership hopes. The startup is also attempting to raise a large funding round this year, at a time when economic uncertainty is slowing investment and the US climate technology industry is in a difficult spot politically because of policies like tariffs and a slowdown in government support. Quaise’s big idea aims to accelerate an old source of renewable energy. This make-or-break moment might determine how far that idea can go.  Blasting through Rough calculations from the geothermal industry suggest that enough energy is stored inside the Earth to meet our energy demands for tens or even hundreds of thousands of years, says Matthew Houde, cofounder and chief of staff at Quaise. After that, other sources like fusion should be available, “assuming we continue going on that long, so to speak,” he quips.  “We want to be able to scale this style of geothermal beyond the locations where we’re able to readily access those temperatures today with conventional drilling,” Houde says. The key, he adds, is simply going deep enough: “If we can scale those depths to 10 to 20 kilometers, then we can enable super-hot geothermal to be worldwide accessible.” Though that’s technically possible, there are few examples of humans drilling close to this depth. One research project that began in 1970 in the former Soviet Union reached just over 12 kilometers, but it took nearly 20 years and was incredibly expensive.  Quaise hopes to speed up drilling and cut its cost, Houde says. The company’s goal is to drill through rock at a rate of between three and five meters per hour of steady operation. One key factor slowing down many operations that drill through hard rocks like granite is nonproductive time. For example, equipment frequently needs to be brought all the way back up to the surface for repairs or to replace drill bits. Quaise’s key to potentially changing that is its gyrotron. The device emits millimeter waves, beams of energy with wavelengths that fall between microwaves and infrared waves. It’s a bit like a laser, but the beam is not visible to the human eye.  Quaise’s goal is to heat up the target rock, effectively drilling it away. The gyrotron beams waves at a target rock via a waveguide, a hollow metal tube that directs the energy to the right spot. (One of the company’s main technological challenges is to avoid accidentally making plasma, an ionized, superheated state of matter, as it can waste energy and damage key equipment like the waveguide.) Here’s how it works in practice: When Quaise’s rig is drilling a hole, the tip of the waveguide is positioned a foot or so away from the rock it’s targeting. The gyrotron lets out a burst of millimeter waves for about a minute. They travel down the waveguide and hit the target rock, which heats up and then cracks, melts, or even vaporizes. Then the beam stops, and the drill bit at the end of the waveguide is lowered to the surface of the rock, rotating and scraping off broken shards and melted bits of rock as it descends. A steady blast of air carries the debris up to the surface, and the process repeats. The energy in the millimeter waves does the hard work, and the scraping and compressed air help remove the fractured or melted material away. This system is what I saw in action at the company’s Houston headquarters. The drilling rig in the yard is a small setup, something like what a construction company might use to drill micro piles for a foundation or what researchers would use to take geological samples. In total, the gyrotron has a power of 100 kilowatts. A cooling system helps the superconducting

The video is now available (thank you, SXSW London). Below is a quick look at my top five. Let me know if you would have picked different ones! 1. Generative AI is now so good it’s scary. Maybe you think that’s obvious. But I am constantly having to check my assumptions about how fast this technology is progressing—and it’s my job to keep up.  A few months ago, my colleague—and your regular Algorithm writer—James O’Donnell shared 10 music tracks with the MIT Technology Review editorial team and challenged us to pick which ones had been produced using generative AI and which had been made by people. Pretty much everybody did worse than chance. What’s happening with music is happening across media, from code to robotics to protein synthesis to video. Just look at what people are doing with new video-generation tools like Google DeepMind’s Veo 3. And this technology is being put into everything. My point here? Whether you think AI is the best thing to happen to us or the worst, do not underestimate it. It’s good, and it’s getting better. 2. Hallucination is a feature, not a bug. Let’s not forget the fails. When AI makes up stuff, we call it hallucination. Think of customer service bots offering nonexistent refunds, lawyers submitting briefs filled with nonexistent cases, or RFK Jr.’s government department publishing a report that cites nonexistent academic papers.  You’ll hear a lot of talk that makes hallucination sound like it’s a problem we need to fix. The more accurate way to think about hallucination is that this is exactly what generative AI does—what it’s meant to do—all the time. Generative models are trained to make things up. What’s remarkable is not that they make up nonsense, but that the nonsense they make up so often matches reality. Why does this matter? First, we need to be aware of what this technology can and can’t do. But also: Don’t hold out for a future version that doesn’t hallucinate. 3. AI is power hungry and getting hungrier. You’ve probably heard that AI is power hungry. But a lot of that reputation comes from the amount of electricity it takes to train these giant models, though giant models only get trained every so often. What’s changed is that these models are now being used by hundreds of millions of people every day. And while using a model takes far less energy than training one, the energy costs ramp up massively with those kinds of user numbers.  ChatGPT, for example, has 400 million weekly users. That makes it the fifth-most-visited website in the world, just after Instagram and ahead of X. Other chatbots are catching up.  So it’s no surprise that tech companies are racing to build new data centers in the desert and revamp power grids. The truth is we’ve been in the dark about exactly how much energy it takes to fuel this boom because none of the major companies building this technology have shared much information about it.  That’s starting to change, however. Several of my colleagues spent months working with researchers to crunch the numbers for some open source versions of this tech. (Do check out what they found.) 4. Nobody knows exactly how large language models work. Sure, we know how to build them. We know how to make them work really well—see no. 1 on this list. But how they do what they do is still an unsolved mystery. It’s like these things have arrived from outer space and scientists are poking and prodding them from the outside to figure out what they really are. It’s incredible to think that never before has a mass-market technology used by billions of people been so little understood. Why does that matter? Well, until we understand them better we won’t know exactly what they can and can’t do. We won’t know how to control their behavior. We won’t fully understand hallucinations. 5. AGI doesn’t mean anything. Not long ago, talk of AGI was fringe, and mainstream researchers were embarrassed to bring it up. But as AI has got better and far more lucrative, serious people are happy to insist they’re about to create it. Whatever it is. AGI—or artificial general intelligence—has come to mean something like: AI that can match the performance of humans on a wide range of cognitive tasks. But what does that mean? How do we measure performance? Which humans? How wide a range of tasks? And performance on cognitive tasks is just another way of saying intelligence—so the definition is circular anyway. Essentially, when people refer to AGI they now tend to just mean AI, but better than what we have today. There’s this absolute faith in the progress of AI. It’s gotten better in the past, so it will continue to get better. But there is zero evidence that this will actually play out.  So where does that leave us? We are building machines that are getting very good at mimicking some of the things people do, but the technology still has serious flaws. And we’re only just figuring out how it actually works. Here’s how I think about AI: We have built machines with humanlike behavior, but we haven’t shrugged off the habit of imagining a humanlike mind behind them. This leads to exaggerated assumptions about what AI can do and plays into the wider culture wars between techno-optimists and techno-skeptics. It’s right to be amazed by this technology. It’s also right to be skeptical of many of the things said about it. It’s still very early days, and it’s all up for grabs. This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. Read More

The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. Although the Lumma malware-as-a-service (MaaS) platform suffered significant disruption from the law enforcement action, as confirmed by early June reports on infostealer activity, it didn’t shut down. The operators immediately acknowledged the situation on XSS forums, but claimed that their central server had not been seized (although it had been remotely wiped), and restoration efforts were already underway. Lumma admin’s first message after the law enforcement actionSource: Trend Micro Gradually, the MaaS built up again and regained trust within the cybercrime community, and is now facilitating infostealing operations on multiple platforms again. According to Trend Micro analysts, Lumma has almost returned to pre-takedown activity levels, with the cybersecurity firm’s telemetry indicating a rapid rebuilding of infrastructure. “Following the law enforcement action against Lumma Stealer and its associated infrastructure, our team has observed clear signs of a resurgence in Lumma’s operations,” reads the Trend Micro report. “Network telemetry indicates that Lumma’s infrastructure began ramping up again within weeks of the takedown.” New Lumma C2 domainsSource: Trend Micro Trend Micro reports that Lumma still uses legitimate cloud infrastructure to mask malicious traffic, but has now shifted from Cloudflare to alternative providers, most notably the Russian-based Selectel, to avoid takedowns. The researchers have highlighted four distribution channels that Lumma currently uses to achieve new infections, indicating a full-on return to multifaceted targeting. Fake cracks/keygens: Fake software cracks and keygens are promoted via malvertising and manipulated search results. Victims are directed to deceptive websites that fingerprint their system using Traffic Detection Systems (TDS) before serving the Lumma Downloader. ClickFix: Compromised websites display fake CAPTCHA pages that trick users into running PowerShell commands. These commands load Lumma directly into memory, helping it evade file-based detection mechanisms. GitHub: Attackers are actively creating GitHub repositories with AI-generated content advertising fake game cheats. These repos host Lumma payloads, like “TempSpoofer.exe,” either as executables or in ZIP files. YouTube/Facebook: Current Lumma distribution also involves YouTube videos and Facebook posts promoting cracked software. These links lead to external sites hosting Lumma malware, which sometimes abuses trusted services like sites.google.com to appear credible. Malicious GitHub repository (left) and YouTube video (right) distributing Lumma payloadsSource: Trend Micro The re-emergence of Lumma as a significant threat demonstrates that law enforcement action, devoid of arrests or at least indictments, is ineffective in stopping these determined threat actors. MaaS operations, such as Lumma, are incredibly profitable, and the leading operators behind them likely view law enforcement action as routine obstacles they merely have to navigate. The Board Report Deck CISOs Actually Use CISOs know that getting board buy-in starts with a clear, strategic view of how cloud security drives business value. This free, editable board report deck helps security leaders present risk, impact, and priorities in clear business terms. Turn security updates into meaningful conversations and faster decision-making in the boardroom. Read More

​​Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually rolling out, such as the new Black Screen of Death and Quick Machine Recovery tool. The KB5062660 update is part of the company’s optional non-security preview updates schedule, which releases updates at the end of each month to test new fixes and features coming to next month’s August Patch Tuesday. Unlike regular Patch Tuesday cumulative updates, monthly non-security preview updates do not include security updates and are optional. You can install the KB5062660 update by opening Settings, clicking on Windows Update, and then “Check for Updates.” Because this is an optional update, you will be asked if you want to install it by clicking the “Download and install” link unless you have the “Get the latest updates as soon as they’re they’re available” option enabled, which will cause the update to automatically install. KB5062660 preview update (BleepingCoputer) You can also manually download and install the KB5062660 preview update from the Microsoft Update Catalog. Windows 11 KB5062660 highlights Once installed, this optional cumulative release will update Windows 11 24H2 systems to build 26100.4770. The July 2025 preview update features many new additions that are gradually rolling out, including new Windows Resiliency Initiative features—the new Black Screen of Death and the Quick Machine Recovery tool. Microsoft’s Windows Resiliency Initiative is a new effort by Microsoft to make Windows more stable, self-healing, and faster to recover from critical failures. Windows 11 users can enable Quick Machine Recovery by navigating to Settings > System > Recovery > Quick Machine Recovery settings. Quick Machine Recovery settingsSource: BleepingComputer The complete list of changes is below. [Recall] New! Recall is now available in the European Economic Area (EEA). For more info, see Retrace your steps with Recall. In the EEA, Recall supports exporting snapshots to share with trusted third-party apps and websites. When saving snapshots is turned on for the first time, a unique Recall export code appears. This code is required to decrypt exported snapshots and is shown only once during initial setup. Microsoft doesn’t store or recover this code. To export, go to Settings > Privacy & Security > Recall & Snapshots > Advanced Settings and authenticate with Windows Hello. Choose to export past snapshots (from the last 7 days, 30 days, or all) or start a continuous export. Third-party apps can access exported snapshots only when both the export code and folder path are provided. If you lose or compromise the export code, reset Recall to generate a new one. New! For all Recall users worldwide, you can now reset Recall and delete all its data. Go to Settings > Privacy & Security > Recall & Snapshots to find a new advanced settings page. There, you’ll see a reset button that deletes all your snapshots and restores Recall to its default settings. [Click to Do] New! 1 Practice in Reading Coach is a new Click to Do text action that helps you improve reading fluency and pronunciation. Select text on your screen, choose Practice in Reading Coach, and read the text aloud. Reading Coach gives you feedback and shows where to improve. To use this feature, install the free Microsoft Reading Coach app from the Microsoft Store. New! 1 Read with Immersive Reader is a new text action in Click to Do that displays text in a focused, distraction-free environment. It helps improve reading and writing for all skill levels and abilities. You can adjust text size, spacing, font, and background theme, have text read aloud, break words into syllables, and highlight parts of speech. The picture dictionary shows images for unfamiliar words. To use this feature, install the free Microsoft Reading Coach application from the Microsoft Store. New! 1With the Draft with Copilot in Word text action, you can quickly turn any recognized text into a full draft. Whether it’s a sentence in an email or a snippet on your screen, press Win + Click on the recognized text, then select Draft with Copilot in Word. No more blank pages. No more writer’s block. Just momentum. To use “Draft with Copilot in Word” a Microsoft 365 Copilot subscription is required. New! 1Click to Do on Copilot+ PCs now supports actions through Microsoft Teams. When you select an email address recognized by Click to Do on your screen, you can choose to send a Teams message or schedule a Teams meeting. These options make it easy to ask a question or set up time to talk without interrupting your workflow. [Settings] New! 1The new agent in Settings is part of the Copilot+ PC experience and is designed to address one of the most common frustrations: finding and changing settings on your PC. You can describe what you need help with, such as “how to control my PC by voice” or “my mouse pointer is too small,” and the agent will suggest steps to resolve the issue. The agent uses AI on your PC to understand your request and, with your permission, can automate and complete tasks for you. This experience is rolling out to Snapdragon-powered Copilot+ PCs, with support for AMD and Intel™-powered PCs coming soon. It currently works only if your primary display language is set to English. New! On non-Copilot+ PCs, the Settings app now shows the Search box at the top center to make searching easier and more consistent. Fixed: If your PC is set to ‘Do nothing’ when you close the lid (under Settings > System > Power and Battery) and the Settings window is left open when you close the lid, reopening the lid might cause the Settings window to stop responding. It might become unresponsive to input or resizing and instead just display your accent color. Fixed: Settings might stop responding when you try to save Wi-Fi network credentials. [Windows Resiliency Initiative] The following changes are part of the Windows Resiliency Initiative announced at Ignite 2024: New! Quick machine recovery is now available. When enabled, it automatically detects and fixes widespread issues on Windows 11 devices using the Windows Recovery Environment (WinRE). This reduces downtime and avoids the need for manual fixes. If a device experiences a widespread boot issue, it enters WinRE, connects to the internet, and Microsoft can deliver a targeted fix through Windows Update. IT admins can enable or customize this experience

Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens. Microsoft’s Windows Resiliency Initiative is a new effort by Microsoft to make Windows more stable, self-healing, and faster to recover from critical failures. This initiative is in direct response to recent incidents that caused widespread disruptions and crashes due to flawed updates, like the global CrowdStrike content update outage. Microsoft has now announced that it has replaced the Windows Blue Screen of Death with a new Black Screen of Death, featuring a revamped interface.  “The new UI is simpler, and more aligned with Windows 11’s design language,” explains Microsoft. “It removes the frowny face and QR code, and instead presents a short, readable message with the stop code and faulty driver information. We’ve also added a hex version of the stop code to make it easier to search for help – a common user request.” Regardless of its color, it is still a BSOD crash screenSource: Microsoft Microsoft also announced the new Quick Machine Recovery feature, which aims to resolve boot failures without requiring manual intervention.  When a system is unable to boot and enters the Windows Recovery Environment (WinRE), it can now automatically connect to a network, check for applicable fixes from Windows Update, and apply them if available.  This new feature can be used to automatically disable known faulty drivers or remove software that is preventing Windows from starting, all without human intervention and with a fix pushed from Microsoft’s servers. “Once enabled, the feature activates during critical boot failures,” explains Microsoft. “It uses the secure and connected Windows recovery environment to scan Windows Update for applicable fixes published by Microsoft. If a matching remediation for a widespread issue is available, it is applied automatically, restoring the device without requiring manual intervention.” Quick Machine Recovery flowSource: Microsoft This feature aims to prevent massive Windows outages, such as the one we saw when CrowdStrike pushed out a faulty content update that crashed over 8.5 million Windows devices and could only be fixed with manual intervention. This new feature is available in Windows 11 Home, Pro, Education, and Enterprise editions starting with the 24H2 update build 26100.4770 after installing the KB5062660 update, released today. Quick Machine Recovery is enabled by default on Home devices and can be manually configured or disabled by IT admins on managed devices using Intune, ReAgentC.exe, or other supported policy tools. Microsoft says it will further enhance the tool in the future by including advanced IT admin tools for remediation management, monitoring, additional policy and rollout controls. As part of the Windows Resiliency Initiative, Microsoft is also working with antivirus and EDR vendors to move their drivers outside of the Windows Kernel to prevent crashes from faulty drivers. Microsoft is currently testing this new Windows endpoint security platform with a set of partners. Update 7/22/25: Updated story to reflect it was a faulty CrowdStrike content update, not driver. Cloud Detection & Response for Dummies Contain emerging threats in real time – before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide. Read More

A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. Microsoft UIA is a Windows accessibility framework designed to allow assistive technologies to interact with, inspect, and control user interface (UI) elements in applications. Windows apps expose their UI elements through a UI Automation tree, and the UIA API provides a way to traverse it, query the properties of each element, and interact with it. Akamai researchers had warned about the possibility of Windows UIA being abused to steal credentials in December 2024, highlighting that the technique evades endpoint detection and response (EDR) protections. Now, the same researchers report that they have seen attacks leveraging the technique in the wild since February 2025, marking the first real-world case of malware abusing Microsoft UIA for data theft. Coyote evolution and UIA abuse Coyote is a banking trojan that attempts to steal credentials for 75 banking and cryptocurrency exchange apps, primarily targeting Brazilian users. The malware was first documented in February 2024, utilizing tactics such as keylogging and phishing overlays, and has undergone significant development since then. Akamai reports that, while the latest Coyote variant continues to steal data using traditional methods for hardcoded apps, it has added UIA abuse when the user opens web-based banking or cryptocurrency services in a browser. If Coyote cannot identify a target via the window title, it uses UIA to extract the web address from within the browser’s UI elements (tabs or address bars). Finally, it compares it against a hardcoded list of 75 targeted services.  “If no match is found, Coyote will then use UIA to parse through the UI child elements of the window in an attempt to identify browser tabs or address bars,” explains Akamai in the report. “The content of these UI elements will then be cross-referenced with the same list of addresses from the first comparison.” Some of the banks and exchanges that are identified using this method are Banco do Brasil, CaixaBank, Banco Bradesco, Santander, Original bank, Sicredi, Banco do Nordeste, Expanse apps, and Cryptocurrency (Binance, Electrum, Bitcoin, Foxbit, and others). Although the abuse of this Windows accessibility feature stops at the reconnaissance phase, Akamai shared a proof-of-concept demonstration of how UIA can also be abused to steal inputted credentials for these sites. Demonstrating how Microsoft’s UIA can be abused for credential theftSource: Akamai BleepingComputer has contacted Microsoft to ask about the potential introduction of safeguards to stop the abuse of UIA on Windows, but a comment wasn’t immediately available. Accessibility systems are designed to be powerful, allowing people with disabilities to fully utilize the capabilities of their devices. However, this power also invites malicious use. In Android, this problem has taken massive proportions, with malware abusing Accessibility Services extensively. Over the years, Google has implemented multiple measures to address this issue. Cloud Detection & Response for Dummies Contain emerging threats in real time – before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide. Read More

CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks. Today’s advisory was jointly authored with the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) and it provides network defenders with indicators of compromise (IOCs) collected during investigations of incidents as recent as June 2025, along with mitigation measures to protect their networks against this ransomware gang’s attacks. Interlock is a relatively new ransomware operation that emerged in September 2024 and has since targeted victims worldwide across various industry sectors, with a particular focus on the healthcare sector. The threat actors were also previously linked to ClickFix attacks, where they impersonate IT tools for initial network access, as well as malware attacks in which they deployed a remote access trojan called NodeSnake on the networks of U.K. universities. Recently, the cybercrime group claimed responsibility for breaching DaVita, a Fortune 500 company specializing in kidney care, resulting in the theft and leak of 1.5 terabytes of data from their systems, as well as for hacking Kettering Health, a healthcare giant that operates over 120 outpatient facilities and employs more than 15,000 people. ​While investigating their attacks, the FBI has observed the Interlock gang using some unusual tactics and pressuring their victims in double extortion attacks. “FBI observed actors obtaining initial access via drive-by download from compromised legitimate websites, which is an uncommon method among ransomware groups,” the advisory reads. “Interlock actors employ a double extortion model in which actors encrypt systems after exfiltrating data, which increases pressure on victims to pay the ransom to both get their data decrypted and prevent it from being leaked.” Earlier this month, the ransomware group was also observed adopting the new FileFix technique to drop remote access trojan (RAT) malware. FileFix is a social engineering attack in which the attackers weaponize trusted Windows UI elements, including the Windows File Explorer and HTML Applications (.HTA), to trick their targets into executing malicious PowerShell or JavaScript code without displaying any security warnings. To defend their networks against Interlock ransomware attacks, security teams are advised to implement Domain Name System (DNS) filtering, web access firewalls, and train users to recognize social engineering attempts. Defenders are also urged to keep systems, software, and firmware up to date and segment networks to limit access from compromised devices. Additionally, organizations need to establish identity, credential, and access management (ICAM) policies and require multifactor authentication (MFA) for all services when possible. Cloud Detection & Response for Dummies Contain emerging threats in real time – before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide. Read More