Cybersecurity

"If you want a job at McDonald’s today, there’s a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them “go insane” by repeatedly misunderstanding their most basic questions.

Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants—including all the personal information they shared in those conversations—with tricks as straightforward as guessing that an administrator account's username and password was “123456."

On Wednesday, security researchers Ian Carroll and Sam Curry revealed that they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with a long track record of independent security testing, discovered that simple web-based vulnerabilities—including guessing one laughably weak password—allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers."

https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/?amp%3Bmc_eid=ceff4c8226

#CyberSecurity #AI #GenerativeAI #Chatbots #DataProtection

Four arrested in #UK over M&S, #CoOp, #Harrod cyberattacks

https://www.bleepingcomputer.com/news/security/four-arrested-in-uk-over-mands-co-op-harrod-cyberattacks/

#cybercrime #MarksAndSpencer #cybersecurity

Browser extensions turn nearly 1 million browsers into website-scraping bots

https://arstechnica.com/security/2025/07/browser-extensions-turn-nearly-1-million-browsers-into-website-scraping-bots/

#cybersecurity

#AMD warns of new #Meltdown, #Spectre-like bugs affecting CPUs

https://www.theregister.com/2025/07/09/amd_tsa_side_channel/

#cybersecurity

#McDonald’s #AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’

https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/

#cybersecurity

#JackDorsey says his ‘secure’ new #Bitchat app has not been tested for security

https://techcrunch.com/2025/07/09/jack-dorsey-says-his-secure-new-bitchat-app-has-not-been-tested-for-security/

#cybersecurity

#RuckusNetworks leaves severe flaws unpatched in management devices

https://www.bleepingcomputer.com/news/security/ruckus-networks-leaves-severe-flaws-unpatched-in-management-devices/

#cybersecurity

#IngramMicro starts restoring systems after #ransomware attack

https://www.bleepingcomputer.com/news/security/ingram-micro-starts-restoring-systems-after-ransomware-attack/

#cybersecurity

Treasury sanctions North Korean over IT worker #malware scheme

https://www.bleepingcomputer.com/news/legal/treasury-sanctions-north-korean-over-it-worker-malware-scheme/

#NorthKorea #cybersecurity politics

New #ServiceNow flaw lets attackers enumerate restricted data

https://www.bleepingcomputer.com/news/security/new-servicenow-flaw-lets-attackers-enumerate-restricted-data/

#cybersecurity

#SIMswapping attacks expose your online accounts to hackers — but your phone carrier can help

https://techcrunch.com/2025/07/09/how-to-protect-your-cell-phone-number-from-sim-swap-attacks/

#cybersecurity #privacy

#Tuta: #GoEuropean sale, 50% off until July 15

https://tuta.com/goeuropean?t-src=the-new-oil

#cybersecurity #privacy #EU #Europe #email #encryption #FOSS

#Samsung announces major security enhancements coming to #OneUI8

https://www.bleepingcomputer.com/news/security/samsung-announces-major-security-enhancements-coming-to-one-ui-8/

#cybersecurity #Android #OneUI

M&S confirms #SocialEngineering led to massive #ransomware attack

https://www.bleepingcomputer.com/news/security/mands-confirms-social-engineering-led-to-massive-ransomware-attack/

#MarksAndSpencer #retail #UK #cybersecurity #privacy #DataBreach

#Activision took down #CallOfDuty game after PC players hacked, says source

https://techcrunch.com/2025/07/08/activision-took-down-call-of-duty-game-after-pc-players-hacked-says-source/

#cybersecurity #gaming #CoD

#Microsoft July 2025 #PatchTuesday fixes one zero-day, 137 flaws

https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2025-patch-tuesday-fixes-one-zero-day-137-flaws/

#cybersecurity #Windows

Top types of #phishing attacks to watch out for

https://bitwarden.com/blog/top-types-of-phishing-attacks-to-watch-out-for/

#cybersecurity #guide

Malicious #Chrome extensions with 1.7M installs found on Web Store

https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/

#cybersecurity #Google

How fast is open source moving in AI and cybersecurity?

LF Research Mentee Chase Rudin shares insights from #OSSNA on AI’s impact on hiring and the rising push for stronger security standards.

🔗 https://www.linuxfoundation.org/blog/open-source-at-the-crossroads-ai-cybersecurity
#OpenSource #AI #Cybersecurity #TechTrends

Alleged Chinese hacker tied to #SilkTyphoon arrested for cyberespionage

https://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/

#cybersecurity #China

Employee gets $920 for credentials used in $140 million #BankHeist

https://www.bleepingcomputer.com/news/security/employee-gets-920-for-credentials-used-in-140-million-bank-heist/

#cybersecurity #finance

#Atomic #macOS #infostealer adds #backdoor for persistent attacks

https://www.bleepingcomputer.com/news/security/atomic-macos-infostealer-adds-backdoor-for-persistent-attacks/

#cybersecurity #privacy

#Bitwarden: “Hey #Siri, make my #password security smarter”

https://bitwarden.com/blog/bitwarden-ios-app-intents-integration/

#cybersecurity #iOS #iPhone #PasswordManager

#Qantas is being extorted in recent data-theft #cyberattack

https://www.bleepingcomputer.com/news/security/qantas-is-being-extorted-in-recent-data-theft-cyberattack/

#cybersecurity #DataBreach #privacy #travel #airline

Hackers abuse leaked #Shellter #RedTeam tool to deploy infostealers

https://www.bleepingcomputer.com/news/security/hackers-abuse-leaked-shellter-red-team-tool-to-deploy-infostealers/

#cybersecurity #infostealer #malware