Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Tech
Bluekit phishing kit adopts browser-in-the-middle for login theft
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week, and by adding browser-in-the-middle (BitM) capabilities for improved data theft.
First documented in April by Varonis researchers, Bluekit provides an AI assistant that supports multiple large language models (Llama, GPT-4.1, Claude, Gemini, and DeepSeek) for drafting phishing emails.
At the time, the phishing kit offered “customers” 40 distinct templates targeting popular online services such as Outlook, Hotmail, Gmail, Yahoo, ProtonMail, iCloud, GitHub, and Ledger.
A new report from digital risk protection company Netcraft warns that Bluekit has switched from adversary-in-the-middle to a BitM mechanism that uses the open-source JavaScript library ‘rrweb’ to serialize the page’s DOM and stream it over a WebSocket connection to the victim.
In a BitM attack, the victim interacts with a browser session controlled by the attacker, which loads the legitimate login page and relays requests and responses between the victim and the target service.
Netcraft notes that rrweb itself is a legitimate project widely used for session replay and analytics, and its presence in a web environment should not be interpreted as an indicator of compromise without a larger context.
Images, fonts, and CSS are fetched through the phishing infrastructure, while the victim’s inputs are forwarded back to the attacker’s browser.
The researchers state that rrweb was chosen for its excellent visual fidelity, real-time interactivity, and bandwidth efficiency.
However, some latency still exists, so any keyboard input and mouse click delays on the login pages should be considered as red flags.
Authentication completes in the attacker’s browser, granting them a valid session token and unlimited access to the victim’s account.
.jpg)
Source: Netcraft
The BitM attack method has been known since 2022, devised by researcher mr.d0x and later adopted for malicious activity.
Before stealing the credentials, Bluekit uses a comprehensive victim qualification system to distinguish real targets from researchers or security crawlers.
Anti-analysis systems in the latest Bluekit include:
- Randomized CSS filters to defeat screenshot-based detection.
- A large (>1 MB), frequently changing obfuscated JavaScript bundle.
- Custom CAPTCHA that may imitate Cloudflare or the target brand.
- Browser fingerprinting (RAM, CPU cores, screen resolution, language, headless browser detection, anti-fingerprinting extensions).
- WebRTC-based IP mismatch detection to identify users behind proxies or VPNs.
Netcraft also reports that the live (5-second update interval) monitoring system Varonis previously documented is still available in BlueKit, allowing operators to monitor victims as they are entrapped in deceptive login sessions and track their actions after login.
The researchers’s report provides a set of indicators and signals that are associated with Bluekit but do not constitute indicators of compromise.
These include CSS filter manipulation on top-level HTML elements with randomized values, an obfuscated JavaScript bundle that is rotated periodically, browser fingerprint checks, a WebSocket connection sending encrypted or binary data on login pages, and WebRTC IP mismatch detection on the landing page.
For organizations looking to defend against increasingly sophisticated phishing, business email compromise (BEC), and account takeover (ATO) attacks, BleepingComputer is hosting a webinar with Abnormal titled “Stop chasing alerts: Automating email security with behavioral AI.“
The webinar will explore how behavioral AI can help security teams detect and respond to modern phishing attacks, automate investigations and remediation, and reduce the operational burden caused by alert fatigue and increasingly sophisticated social engineering campaigns.
Continue Reading
Swift is a relatively modern program language, appearing in 2014 as a replacement for Objective-C. Since then, it’s become a popular solution for programming apps across Apple platforms. That led [Yeo Kheng Meng] to a simple yet fun idea—porting Swift to the oldest Apple platform of all.
Yes, [Yeo] managed to build a development environment for Swift that targets the Apple II platform. Not just one machine, either—everything from the original Apple II up to the IIe and a little beyond. Now, the Apple II is very different from modern Macs and iPhones and the like, having debuted in 1977 with a 1 MHz 6502 CPU and a minuscule 4 KB of RAM. But that doesn’t mean you can’t use a modern language to develop for it!
[Yeo] does a great job of explaining how it all works, and how Claude Code and GPT 5.5 Codex were used to help piece things together. The compiler is set up to spit out bytecode that’s executed by a virtual machine running on the 6502. The target was to allow the setup to work on a standard 1977 Apple II from the factory, which would allow it to then run on subsequent models without issue. However, there is a small note— [Yeo]’s implementation requires the RAM to have been upgraded to 48 KB.
We love seeing modern stuff ported to the Apple II. This Portal port was a particular highlight.
Looking for the most recent Wordle answer? Click here for today’s Wordle hints, as well as our daily answers and hints for The New York Times Mini Crossword, Connections, Connections: Sports Edition and Strands puzzles.
Today’s Wordle puzzle is especially tricky, and relies heavily on one letter. If you need a new starter word, check out our list of which letters show up the most in English words. If you need hints and the answer, read on.
Read more: New Study Reveals Wordle’s Top 10 Toughest Words of 2025
Today’s Wordle hints
Before we show you today’s Wordle answer, we’ll give you some hints. If you don’t want a spoiler, look away now.
Wordle hint No. 1: Repeats
Today’s Wordle answer has one repeated letter, and it shows up three separate times.
Wordle hint No. 2: Vowels
Today’s Wordle answer has one vowel, but it is the repeated letter.
Wordle hint No. 3: First letter
Today’s Wordle answer begins with E.
Wordle hint No. 4: Last letter
Today’s Wordle answer ends with E.
Wordle hint No. 5: Meaning
Today’s Wordle answer can refer to a person who serves as a master of ceremonies at an event.
TODAY’S WORDLE ANSWER
Today’s Wordle answer is EMCEE.
Yesterday’s Wordle answer
Yesterday’s Wordle answer, June 27, No. 1834, was SCOOP.
Recent Wordle answers
June 23, No. 1830: CURRY
June 24, No. 1831: QUEER
June 25, No. 1832: UNITY
June 26, No. 1833: ACUTE
We may receive a commission on purchases made from links.
Fans of Snap-On’s products will say that the convenience of purchasing from a tool truck and the quality of the products are enough to justify the brand’s steep price premiums. However, it’s hard to argue that some of its products aren’t simply overpriced. Either way, if you’re paying a premium for Snap-On, you might reasonably expect that you’ll at least be buying the most powerful tools of their kind.
It turns out that’s not necessarily true, at least not when you compare Snap-On’s power tools to those from other big brands like DeWalt. As well as being less expensive to buy, a number of DeWalt tools are actually more powerful than their closest Snap-On equivalents.
It’s not like DeWalt is the exception either. We’ve previously compared the power of Milwaukee and Snap-On’s tools and found several where Milwaukee has the edge. In some cases, even Harbor Freight’s professional-oriented tools boast outputs that beat Snap-On. Nonetheless, now it’s time to highlight some of the areas where the yellow-and-black tool brand outclasses its famous tool truck competitor.
DeWalt 20V Max Atomic 3/8 Inch Impact Wrench
With up to 450 ft-lb of breakaway torque on offer, DeWalt’s 20V Max Atomic ⅜-inch impact wrench is comfortably more powerful than Snap-On’s closest equivalent tool. Despite being around $200 more expensive, the Snap-On 18V MonsterLithium ⅜-inch impact wrench is only capable of delivering 325 ft-lb of breakaway torque.
DeWalt’s impact wrench is available for $239 at Home Depot, and much like its Snap-On rival, it’s sold as a standalone tool. That means buyers who don’t already have a suitable 20V battery and charger in their tool kit will have to purchase them separately. As standard, the DeWalt tool is covered by a 3-ear warranty and a year of free servicing. In contrast, Snap-On’s tool is only protected by 2 years of warranty cover.
Although it delivers superior power, DeWalt’s impact wrench isn’t any larger than the Snap-On. In fact, it’s slightly shorter, measuring 6.25 inches in length while the Snap-On clocks in at 6.7 inches. The DeWalt features four different speed settings to suit a variety of jobs, and a built-in LED light helps make it easier to work in spaces with limited visibility. Also featured is a hog ring anvil for ease of use and a control system to prevent overtightening.
DeWalt 20V Max Heat Gun
It seems that not everyone is sold on DeWalt’s heat gun, with some reviewers claiming that it’s not quite as powerful in the real world as its manufacturer suggests. However, on paper at least, the 20V Max Heat Gun is a very capable product. According to DeWalt, it will reach a maximum output of 990 degrees F, which is significantly higher than the 840-degree output of the Snap-On 18V heat gun.
It’s cheaper too, with the DeWalt tool retailing for $179 at Home Depot and shipping with both flat hook and nozzle attachments. Thanks to its standard size nozzle, it should also fit attachments from other brands. Meanwhile, the Snap-On tool is much pricier at $284, although at least it does still come with multiple attachments.
DeWalt’s heat gun offers a locking on and off trigger to allow users to keep it running hands-free, as well as a built-in LED. According to the brand, it’s capable of providing up to 42 minutes of runtime using a 5Ah battery on its low temperature setting. Like almost all of DeWalt’s other 20V Max tools, the heat gun is covered by a 3 year warranty, which is a year longer than the Snap-On tool’s coverage period.
DeWalt 20V Max 4 1/2 Inch Angle Grinder
Most major cordless tool brands offer their own angle grinder, including DeWalt and Snap-On. If you order Snap-On’s 18V angle grinder, you’ll receive a tool that can handle 4-½ inch or 5 inch wheels, has a seven-position safety guard for additional convenience, and has a motor capable of hitting a peak of 8,000 rpm. However, pick DeWalt’s 20V Max 4-½ inch angle grinder instead, and you’ll have a tool with a more powerful motor that reaches up to 9,000 rpm.
Like all of Snap-On’s other tools, its angle grinder is far from cheap. It retails for $585, which makes the $199 retail price of the DeWalt look like a bargain in comparison. Both tools require users to buy a battery and charger separately, but DeWalt’s 20V battery packs will power a far greater range of tools. At the time of writing, DeWalt offers more than 300 different tools in its 20V Max line, and that number regularly increases as the brand launches new and improved products. In contrast, Snap-On’s equivalent 18V tool line only includes around a dozen unique tools.
DeWalt 20V Max Grease Gun
The Snap-On 18V MonsterLithium grease gun retails for $427 and can deliver a maximum of 7,500 PSI, but it’s no match for the DeWalt 20V Max grease gun. DeWalt’s tool delivers pressures as high as 10,000 PSI, although its two speed settings allow users to prioritize output when maximum pressure isn’t needed. As a bonus, the DeWalt tool also features a hose that’s 11 inches longer than the Snap-On, which helps increase its reach and maximizes its capability for jobs in spaces with limited mobility.
In a pattern that should be familiar by now, DeWalt’s tool is significantly cheaper even though it has the edge on power. Snap-On’s grease gun retails for $427 as a standalone tool, while buyers can purchase the DeWalt grease gun plus a 2Ah battery and a charger for $299 at Home Depot. For good measure, the brand also throws in a kit box and a shoulder strap. Just like the other powerful DeWalt 20V tools, the grease gun is also covered by a 3 year warranty, which is a year more than Snap-On’s equivalent tool.
How we picked these DeWalt and Snap-On tools
To compare tools from both manufacturers, we used specs taken directly from the website of both DeWalt and Snap-On. Comparisons are made based on manufacturers’ claims, and have not been subject to independent verification or testing. We matched products based on their respective positioning in each brand’s overall range, comparing DeWalt’s 20V cordless tools to Snap-On’s 18V tool line.
from the ivory-back-scratching dept
This is not the only administration to engage in corruption. Most administrations have to some extent. It’s that corruption is the everyday, front-page business of this administration. It’s so brazen, it’s insulting. It demands Americans pretend nothing matters but what Trump wants and, to a lesser extent, whatever his current roster of obliging subservients want.
Even MAGA should be angry. But this political movement is as bereft of intellectual honesty as it is bereft of anything approaching normal human intelligence. It’s millions of people willing to be peasants just because the king has promised to make things even worse for their fellow human beings.
We, the people, end up with daily fuckery, composed and carried out by chinless nepo babies, former Fox commentators and far right podcasters, multiply-disgraced, massively-underqualified members of Trump’s personal legal team, Marco Fucking Rubio, and the homunculus currently doing business as “Stephen Miller.”
Then there’s Kash Patel — a guy who would have been derided as a diversity hire by the MAGA crowd if he hadn’t been given the top spot in the FBI by Donald Trump. Less than 18 months into his tenure, Patel is best known for partying with sports teams, abusing government airplane privileges, spending more time in nightclubs than in his office (ALLEGEDLY), and performing loyalty tests of FBI agents and officials, most often in the form of polygraph tests.
Trump’s slush fund for insurrectionists might be as (nearly!) dead in the water as the Faith No More fish (you know the one…), but Patel has apparently found a way to misuse public funds to reward loyalists willing to ride or die with a man who has managed to (ALLEGEDLY) drink his lack of qualifications under the table.
“We have been receiving troubling reports that you may be using part of the budget of the Federal Bureau of Investigation (FBI) as a personal slush fund to make tens or hundreds of thousands of dollars in unlawful ‘bonus’ payments to loyalist MAGA henchmen who have engaged in misconduct,” says a letter from Rep. Jamie Raskin, D-Md., to Patel, obtained exclusively by MS NOW.
Committee Democrats have information that Patel has issued more than $1 million in awards, the letter says. The letter says the money went to special agents serving on his Director’s Advisory Team, which Raskin’s letter describes as “a curated group of agents who are willing to carry out your unlawful partisan and personal orders.” It also went to agents on Patel’s security detail, “circumventing the mandatory maximum pay caps established by statute,” the letter says.
I’ve got to hand it to Raskin. While some will (dishonestly) object to the tone of this official letter, it’s written in a form MAGA understands: direct accusations, delivered with contempt. Most official letters/queries sent by legislators are a bit more polite and tend to treat accusations as unconfirmed suspicions, even when the accusers have the facts in hand to deliver unqualified accusations.
This letter forgoes those niceties. That makes it much more difficult for the FBI and/or Kash Patel himself to dispute the accusations. When punches aren’t pulled, the administration has to defend itself in kind. Since it far prefers to bully people who aren’t willing to deliver the first blow, it seems unsure of how to handle this:
The FBI did not respond to a request for comment by MS NOW.
The FBI has maintained its silence even after Sen. Raskin made the letter public by publishing it to the Judiciary Committee’s website. And what’s detailed there definitely looks like the actions of a binge drinker — you know, the magical moment in a bar evening when the contents of your wallet suddenly turn into Monopoly money and you don’t realize just how much damage you’ve done to your bank account until the NSF push notifications start rolling in:
In some cases, nearly $8,000 payments have been made to multiple individuals every two-week pay period despite many of the beneficiaries of your selective generosity already maxing out on a federal employee’s salary. While it is unclear at this time exactly how much each of the agents has received, we can confirm that numerous loyalist employees have received at least five such payments in consecutive pay periods, amounting to nearly $40,000 per agent. We can also confirm you have depleted the FBI reserve accounts for bonus payments at such a frenzied rate that some of the payments have bounced back from exhausted accounts.
That’s insane. On one hand, you have the drunk-on-a-spending-spree indicators: a guy who doesn’t know how much money he’s spent or from what account until someone else notifies him of his overdrafts.
On the other hand, you have the ugly reality of the situation: this is what it takes to keep FBI employees “bought.” The payments are large and happen frequently, strongly suggesting loyalty to his MAGA twist on FBI day-to-day operations lasts — at most — up until the next paycheck hits the bank. If you’re buying loyalty two weeks at a time, you’re not a benefactor. You’re a blackmail victim.
Either Kash Patel thinks he can throw money at any problem that can’t be solved with a lie detector test and a swift dismissal or agents have figured out they can make bank by pretending to be on board with whatever vengeful kick the director happens to be on that particular week. And I’ll be honest: I prefer a yes man who’s in it for personal profit to a yes man that’s in it because toadying is the only life-hack they know.
Whatever the equation, it all comes down to Patel being an absolute chump. Every negative headline increases the chance of him being tossed aside by the man whose boots he’s been licking for most of the last decade. And I can bet that most of these people walking away with inflated paychecks can easily see the buttons they need to push to ensure they get their loyalty bonuses, week in and week out.
Filed Under: corruption, day drinking, fbi, jamie raskin, kash patel, maga, slush fund, trump administration
Effective fraud prevention programs call for monitoring across every customer touchpoint from account creation to checkout, login to customer service interactions. Once established, this practice provides ground-level insights on user engagement on an interaction-by-interaction basis.
While this is a necessary layer of visibility, appropriate collation of various data sets provides the context for the identification of advanced fraud methods and early detection of emerging trends.
Below, we provide one fraud case with examples of relevant data visibility across 4 levels necessary for establishing a competitive fraud program in this constantly evolving world.
Transaction Level: The individual interactions of users monitored and decisioned in siloes.
Commonly, a fraud program will begin with pressure from chargebacks inciting action for monitoring transaction performance at the checkout page.
Fraudsters are persistent. When one door closes, they move to the window, the garage, and so on; Payment fraud attacks shift into Account Takeovers, deposits into transfers, Account Takeovers upstream to identity theft / synthetic ID Fraud and Mule Accounts.
The shift happens in seconds and impacts our organizations in many ways.
In response, practitioners deploy checks at each touchpoint. This is effective for many isolated fraud incidents but can result in increased false positives and false negatives.
Account Level: The performance of the account over time.
Device Intelligence, spending behaviors, geolocation, behavioral biometrics, step-up verification interactions, all help to identify evidence of account-level exploits like Account Takeovers (ATOs).
The benefit of tracking this level of performance becomes especially clear when contrasting fraudster behavior against the historical performance of the account. Fraudsters cannot duplicate what has been defined as ‘trusted’ behavior and still get what they are after.
They will seek to change payment information, bypass automated verifications, satisfy verifications after what can be deemed “a suspicious number of attempts”, associate new addresses / geographies, and more.
When monitored appropriately, fraudster behaviors emerge clearly and afford practitioners increased confidence and accuracy.
Platform Level: The performance of grouped accounts on a single platform.
By successfully tracking performance of both ‘trusted’ and ‘confirmed fraud’ account performance, practitioners leverage these deeper insights resulting in less friction for trusted interactions, increasing customer satisfaction, and decreasing false positive rates.
Additionally, fraud rings and multi-account attacks are quickly identified based on geolocation, device intelligence, IP resolution, and more, decreasing the time that multi-account exploits are active on the platform.
Build an effective fraud program that addresses threats at every elevation without sacrificing your budget or customer experience.
Sign up for a free trial today for 1,000 free credits!
Network Level: Partnerships with providers in the space, delivering data enrichment and decisioning based on insight across their network.
Until this point, we have spoken about the rich data available to practitioners operating in isolation. By partnering with a solution provider, your fraud program leverages the performance of all of the other practitioners.
“First seen to you is not first seen to us.”
Example Fraud Case: A fraudster is adamant about attacking a particular platform with stored value. For this example, we’ll use a bank. The fraudster is armed with typical information; payment information, Identity Information, and system knowledge. The majority of fraudsters have this access and deploy new methods at a moment’s notice.
For this exercise, we will use a common fraud method wherein the fraudster sees that the target identity banks with ‘Bank X’. The fraudster accesses the account to do 3 things; Transfer funds into the account from other compromised funding accounts, request a card for an ‘Authorized User’ (the fraudster), transfer funds to a 3rd compromised account off-platform.
Transaction Level: Logging into the account is performed by contacting customer service; historically underserved, heavily reliant on knowledge-based verifications (KBVs). The fraudster is equipped with bureau information and is prepared to satisfy the verification process.
The fraudster resets access information and orders an authorized card for a new authorized user for the account. Too rarely does this process receive the appropriate level of scrutiny.
The fraudster reviews the spending behaviors of the account and mimics the dollar amounts for transfers into the account and withdraws from the account. Following the historic behavior seen in the transaction summaries, the fraudster follows the same behaviors.
From the transaction level, the fraudster is flying under the radar and triggers siloed verifications that they are prepared to satisfy. The clock ticks until the real account holder contacts customer service and files a report. The problem that started with customer service is finally identified at customer service.
From an Account Perspective, this fraudster has exhibited many suspicious behaviors:
-
Calling customer service from a new phone number
-
Updating contact information
-
The time to ordering a secondary card
-
The relationship to the authorized user and the account holder
-
The timeline of transfers and withdrawals
-
The device used to interact with the platform and initiate these suspicious actions
Any of these interactions can be monitored and tracked with associated verifications. Again, reinforcing the idea of accuracy is a key point, when viewing the storyline from this altitude, confidence should be high.
From a Platform Perspective, it is unlikely that this storyline was the first of its kind. By tracking these events with automation, practitioners will identify the other occurrences and pick out regions, IPs, devices, and behaviors that transcend the performance of the single account. This, in turn, informs the decisioning downstream.
This entire process takes a matter of hours to execute. As we know, fraudsters are not operating against one account at a time. It is likely that many other accounts are currently walking through this same scenario. Time to action is vital to avoid deep financial impact.
Indicators include:
-
The shipping address for the “authorized card / user”.
-
Device Fingerprinting
-
Geolocation of the user
-
Geolocation of the withdrawals
-
Dollar amounts (though crafty fraudsters follow the behaviors of the accounts, many will gradually increase amounts over time, which is a valuable indicator)
-
Funding institutions
…..and more
Looking at this from a Network Perspective empowers practitioners to automate against known suspicious data points such:
-
The phone number that call customer service,
-
The device used to interact with the platform
-
The shipping address used for the authorized card / user
-
The name of the authorized user
….and more.
By leveraging network information, practitioners are afforded the opportunity to leverage the insights provided by peers’ operations to make a decision in the moment and apply these findings downstream and across the entire platform.
Schedule a consultation with one of IPQS Fraud Experts today!
Sponsored and written by IPQS.
Tech
Even with SSD prices climbing, the 2TB Crucial P310 has a surprisingly good saving this Prime Day
SSD prices aren’t what they were a year ago, so any sort of saving right is probably worth – especially if it’s a purchase you need.
The Crucial P310 is down from £219.99 to £182.99, saving you £37 on a 2TB M.2 SSD that hits sequential read speeds of up to 7,100MB/s across both Gen3 and Gen4 laptops and desktops.
While this is far from the cheapest this SSD has been, it is the cheapest we’ve seen it for a few months.
Even with SSD prices climbing, the 2TB Crucial P310 has a surprisingly good saving this Prime Day Despite rising SSD costs, the 2TB Crucial P310 manages to deliver an unexpectedly solid Prime Day discount.
Those speeds translate into Windows booting before you’ve sat down, large files moving between folders in seconds, and game load screens that pass quickly enough to feel like a different machine entirely from the one you were using before.
That last point matters for PS5 owners too, since the Crucial P310 is listed as compatible with Sony’s console, giving you a straightforward way to stop rationing installs and keep your full library available without constantly shuffling titles on and off the internal drive.
Crucial also includes a one-month Adobe Creative Cloud All-Apps trial and Acronis True Image cloning software in the box, so moving your existing data across to the P310 is a straightforward process rather than a reason to put the upgrade off.
The P310 uses 3D NAND in an M.2 2280 form factor and connects via PCIe x4, and Crucial backs it with a five-year limited warranty, which at this price makes it a reasonable long-term bet rather than a stopgap upgrade.
In real-world productivity tasks, Crucial claims the P310 performs up to 20% faster than other Gen4 SSDs when booting Windows and running applications like Adobe Photoshop, Illustrator, Excel, and PowerPoint, which gives it genuine utility beyond gaming.
The saving here is modest at 17%, and SSD prices have been volatile enough that it’s worth checking recent price history before buying, but £182.99 for 2TB of Gen4 NVMe storage with this kind of warranty backing remains a solid result for Prime Day.
Still deciding whether the Crucial P310 is the right drive for your setup? Our best SSD guide covers the full field so you can make sure you’re picking the right drive before Prime Day ends.
SQUIRREL_PLAYLIST_10148964
Instagram users could soon see more ways to tune their content, according to a recent post from Instagram head Adam Mosseri.
Specifically, Mosseri was showing off new ways that users might access Your Algorithm, a feature that allows them to specify which topics they want to see more of, and less of. Instagram launched Your Algorithm last year and has been introducing it to more areas of the app.
“We want to evolve Your Algorithm from a setting to something that feels central to your experience on Instagram,” Mosseri said. He also noted, “Some of this is testing now, some is coming soon, some might not work.”
The examples in his post include one where pulling down in your Instagram feed eventually brings up the Your Algorithm menu, and another where swiping up from a Reel could bring up a similar customization prompt. A third shows buttons beneath each Reel to indicate whether or not you want to see more Reels like it.
The most popular comments on Mosseri’s post all make the same request. As one user put it, “WE JUST WANT OUR ALGORITHM TO SHOW THE PPL WE FOLLOW.”
Slashdot reader BrianFagioli writes: Florida International University researchers have developed a technique called JaiLIP (Jailbreaking with Loss-guided Image Perturbation) that uses subtle image modifications to bypass AI safety guardrails. Unlike traditional jailbreaks that rely on carefully crafted prompts, the attack works through images that appear normal to human viewers.
The researchers tested the technique against BLIP-2, a multimodal AI model, and found that manipulated images significantly increased the likelihood of harmful responses. According to the study, the approach outperformed previous image-based jailbreak methods and nearly doubled the number of unsafe outputs generated during testing.
The findings highlight a potential security risk for businesses deploying AI systems that process both images and text. While most discussions about AI safety focus on prompts, the research suggests that seemingly harmless images may also serve as an attack vector.
Tech
ASUS ZenScreen MB169CK Turns Any Workspace Into a Dual-Screen Setup at Home, School or Even When Traveling
Anyone who has squinted at a cramped laptop screen while trying to reference one document and type in another understands the daily friction of limited space. This monitor from ASUS cuts through that friction on its 15.6″ MB169CK portable monitor, priced at $75.05 (was $109), with a design focused on simplicity and adaptability.
A single USB-C cable connects to the screen and supplies both the video feed and power for the display, eliminating the need to carry a separate power adapter. This is especially beneficial if your laptop supports pass-through charging, as it will keep your primary computer running while you’re connected to this display. The weight is slightly under 800 grams with the stand attached, and the design is only 12 millimeters thick. That means it will fit easily into most laptop bags and you won’t have to rearrange your things.
Sale
MNN Portable Monitor 15.6inch FHD 1080P 60Hz USB C HDMI Gaming Ultra-Slim IPS Display w/Smart Cover…
- Full HD Portable Monitor – MNN 15.6inch portable laptop monitor with 1920*1080 resolution, advanced IPS matte screen support 178° full viewing angle…
- Double Type-C Port -For Plug & Play, the MNN monitor provides 2 Full Feature Type-C ports. Only One USB Type-C Cable is required to connect to the…
- Lightweight Ultra Slim for Travel – As a portable external monitor,MNN portable laptop monitor easily accommodate to every suitcase and backpack and…
The supplied stand is detachable, screws into the rear, and can spin 360 degrees. You can set it to landscape for a large spreadsheet or portrait for reading long reports or cramming code into a compact space. If you need to get the stand out of the way, you simply remove it and the entire unit will sit flat. Alternatively, use the stand’s cutout to hang the screen from the rear of a hook.
We’re talking Full HD resolution on that 15.6-inch IPS panel, so image quality is a big plus here. The viewing angles are also excellent, so it doesn’t matter if there are a lot of people staring over from the side, and the IPS display easily handles wide angles. We’ve also included an anti-glare coating to keep everything looking beautiful even with normal indoor lighting, as well as a blue light filter and flicker-free technology to help you get through your workflow without straining your eyes.
At home, this becomes a useful little station for doing serious work. You can arrange it in portrait next to your laptop, with reference materials on one side and the main task on the other, and then simply pack it away when you’re finished. There is no need to leave any permanent mounts or extra cables behind. Students will find that this monitor is a game changer in the library or dorm room; with the extra real estate, you can have a notebook and your source materials on one screen and only use the other for the task at hand, eliminating the need to constantly switch windows, and because it’s so portable, it’s easy to throw in a backpack alongside your books and laptop.
This is a lifesaver for professionals who are constantly on the run. You can simply plug it in and go, making it ideal for presentations, data review, or client work where you need to be able to wrap your head around a variety of different bits of information at the same time. The mini-HDMI port is a nice touch, allowing old systems with a USB-C connection to breathe a little easier.
Of course, for travelers, the lightness is what saves the day. Even with a full laptop set up inside your luggage, you won’t feel too burdened down. Setup in a hotel room or cafe takes seconds, and the 360-degree stand adapts to any surface you place it on. ASUS’ software even allows you to instantly switch between landscape and portrait mode based on how you hold the device, eliminating the need to navigate the menus.
Security
Personal cell phones on protective missions, no threat detection on government-issued devices among the litany of sins
It seems like nobody wants to carry a work phone and that includes even those charged with protecting the US president. The US Secret Service’s extremely lax mobile phone security practices – including using unsecured personal devices during mission operations – put America’s leaders’ and agents’ lives at risk, according to a government-issued report.
Secret Service agents routinely used personal cell phones to communicate with law enforcement and each other, including during protective operations in the US and overseas, because their government-issued devices lacked the capabilities they needed to perform their missions, according to a federal review ordered after the 2024 assassination attempt against President Trump in Butler, Pennsylvania.
Even when Secret Service employees did use government-furnished equipment (GFE), these mobile devices didn’t have sufficient security to “ensure real-time, continuous protection from cyberattacks by foreign adversaries or individuals,” according to a report by the Department of Homeland Security inspector general.
The inspector general’s investigation also found vulnerable apps on these GFE mobile devices.
In addition to being prohibited – Homeland Security policy only allows Secret Service employees to use GFE devices for official business – using personal cell phones is especially bad from a cybersecurity perspective.
As we have seen time and time again, government employees’ personal devices and private communications provide highly attractive targets for foreign spies or even homegrown criminals plotting attacks against elected leaders.
Secret Service agents’ phones can also reveal mission-related details, geolocation – and, by proxy, the US president, vice president, and visiting heads of state’s geolocations – as well as photos, contacts, and other personal information such as family members and home addresses.
Since these personal devices are not managed or secured by the US government, it’s much easier for attackers to plant surveillanceware and other malware on them.
“If a personal device is jailbroken, infected with malicious code, or not up to date on security software, an adversary could intercept device communication,” according to the report. “Outdated and vulnerable apps could enable malicious actors to conduct surveillance, track locations, or record employees’ communications. Connecting to unsecured networks may also allow cybercriminals to access data or install malware.”
The inspector general reviewed call and text logs from Secret Service GFE mobile device records from October 2022 through May 2025, and found more than 15,000 instances among 4.8 million calls in which employees sent and received calls from colleagues’ personal phones while working protective events.
Investigators also examined travel vouchers for Secret Service employees who travelled internationally between October 2022 and April 2025. They found 30 employees who claimed reimbursement for using personal phones for official, government business. Most of these (23 of the 24 interviewed) said they needed to use their personal cell phones during nearly every foreign assignment.
Plus, they used personal mobile devices as hotspots to provide internet access for government-issued laptops, or to access websites blocked on GFE phones.
Even when employees did use government-issued devices on overseas trips, these phones also lacked basic security, the investigation found. For example: the Secret Service did not begin installing mobile threat defense software on any GFE phones until August 2025. Nor did the agency consistently wipe data from GFE devices after employees returned from international missions despite Secret Service policy requiring employees to do this within 24 hours of returning to the US.
Do these 5 things
As a result of its findings, the inspector general made five recommendations to improve mobile device security. These include implementing a formal policy to ensure government-issued devices have all the needed capabilities to ensure mission functions can be conducted securely, and also ensure all employees complete cybersecurity awareness training, as required by the Secret Service.
The report also recommends the Secret Service office of the chief information officer do a better job communicating to employees that the use of personal devices is not allowed for official business, and implement controls to wipe all mobile devices returning from international missions.
Finally, the inspector general also recommends an updated vulnerability testing policy be applied to all mobile app code.
The Secret Service “concurred” with all five recommendations.
We reached out to the Secret Service about the report and recommended actions, and a spokesperson declined to comment beyond a letter from Secret Service Director Sean Curran included in the report.
Curran said, among other things, that in response to the inspector general’s findings, the agency made “several comprehensive enhancements to Secret Service communications policies and protocols to both mitigate the potential for adversaries to intercept and exploit Secret Service information, as well as further strengthen the protective environment.”®
NewsBeat3 minutes ago
Two people taken to hospital after incident in South Shields
Business4 minutes ago
Hints and All Four Answers for Sunday’s Puzzle #1113, June 28, 2026
Politics6 minutes ago
Palestinian flags fly in Texas
-
Sports4 days agoTwo goals and an assist by sheer aura: Cristiano Ronaldo just entered the World Cup chat
-
Tech6 days agoMicrosoft accidentally kills epic Outlook email threads
-
Fashion1 day agoWeekend Open Thread: Staud – Corporette.com
-
Politics2 days agoThe House | Manchesterism won’t survive the painful trade-offs unless it gets citizens on board
-
Politics2 days agoPotential 2028er World Cup attendee leaderboard
-
Business2 days agoAsia stock markets slide as tech shares slump
-
Tech2 days agoA Look At A Gaggle Of Transputer Boards
-
Crypto World4 days ago
Bitcoin (BTC) Dips Below $62K, Ethereum (ETH) Plunges 6% Daily: Market Watch
-
Crypto World4 days agoSecuritize Wraps Roubini's SEC-Registered ETF as Dubai VARA Digital Security
-
Crypto World2 days agoDell (DELL) Shares Tumble Over 5% Following Analyst Downgrade to Hold
-
Business4 days ago
Entergy settles forward sale agreements, raises $672 million in cash proceeds
-
Crypto World21 hours agoKraken's xStocks Opens Bending Spoons IPO Registration to EEA Retail
-
Sports1 day agoFIH Pro League: India defeat Pakistan 7-1, register biggest win of campaign | Other Sports News
-
Crypto World1 day agoRTX holders must register wallets before token distribution begins
-
Crypto World2 days agoHyperliquid Named on Singapore MAS Investor Alert Register
-
Sports3 days agoIndia vs Bangladesh LIVE Score, Women’s T20 World Cup: Bangladesh Opt To Bat; India Enter ‘Do-Or-Die’ Stage As Semi-Final Race Heats Up
-
Crypto World2 days ago
The DATA Foundation Launches to Tackle AI’s Multi-Billion Dollar Training Data Bottleneck
-
Tech7 days agoSignal’s Meredith Whittaker says AI chatbots ‘are not your friends’ and calls Copilot agents a backdoor
-
Crypto World2 days agoStrategy (MSTR) has a 10-month cash runway for dividends, but retail investors are losing faith
-
Crypto World2 days agoAAVE price tests 9-month trendline after 17% rebound as breakout hopes build
You must be logged in to post a comment Login