❌

Reading view

Claude Desktop changes app access settings for browsers you don't even have installed yet

Installation and pre-approval without consent looks dubious under EU law

One app should not modify another app without asking for and receiving your explicit consent. Yet Anthropic's Claude Desktop for macOS installs files that affect other vendors' applications without disclosure, even before those applications have been installed, and authorizes browser extensions without consent.…

  •  

Google Chrome lacks protection against one of the most basic and common ways to track users online

Browser fingerprinting is everywhere

Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting – a method of tracking people online by capturing technical details about their browser.…

  •  

Cryptographers engage in war of words over RustSec bug reports and subsequent ban

Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much

UpdatedΒ  Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he's been dismissed, ignored, and banned from Rust security channels.…

  •  

Google gives Android users a way to install unverified apps if they prove they really, really want to

Chocolate Factory describes concession as an attempt to balance openess with safety

It turns out you won't be limited to Google-verified apps and developers on Android after all. In the face of sustained community dissatisfaction with its developer verification requirement, Google has given Android users an out.…

  •  

DIY AI bot farm OpenClaw is a security 'dumpster fire'

Your own personal Jarvis. A bot to hear your prayers. A bot that cares. Just not about keeping you safe

OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online services, has prompted a wave of malware and is delivering some shocking bills.…

  •  

Java developers want container security, just not the job that comes with it

BellSoft survey finds 48% prefer pre‑hardened images over managing vulnerabilities themselves

Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.…

  •  

Flipping one bit leaves AMD CPUs open to VM vuln

Fix landed in July, but OEM firmware updates are required

If you use virtual machines, there's reason to feel less-than-Zen about AMD's CPUs. Computer scientists affiliated with the CISPA Helmholtz Center for Information Security in Germany have found a vulnerability in AMD CPUs that exposes secrets in its secure virtualization environment.…

  •  
❌