No hacen ruido. No cifran archivos. No exigen un rescate en Bitcoin ni envían mensajes amenazantes. Pero los ataques DDoS siguen ahí, creciendo en número, potencia y sofisticación, como una marejada invisible que no deja de golpear los cimientos de

Author When you google something what is displayed isn’t the result of a real time crawling. When a google bot visits a website all the pages making the site tree get downloaded to the search engine server. The search engine server checks the downloaded site main page HTML code. If links are found the bot will check if they link  to the main page server if they do those pages will get downloaded too. The code surrounding the links should be well formated to make them crawling friendly ( the bot needs to find it’s way to those links) Strict order is not required in the remaining sections of the site. Is this close? Calin said:The code surrounding the links should be well formated to make them crawling friendly ( the bot needs to find it’s way to those links) Strict order is not required in the remaining sections of the site. Is this close?Formatting makes no difference at all. The HTML standards at w3.org ( https://www.w3.org/standards/ ) define the shape of a link, and in fact everything in every (valid) html page at the world. The server has implementations that understand those standards, and can thus extract any link from any (valid) html page.Besides valid html pages there are also many non-valid html pages (they sort-of look like html, but don't do everything that the standard says should be done). There are code libraries for such pages as well in an attempt to extract useful information from it anyway. One such implementation is BeautifulSoup for Python, although I never used it. No doubt there are others. Advertisement Author Ok I get it, it’s one thing what’s posible and something else what should be done. What “should” be done varies, and what sites implement may exist in many different ways.Most modern web pages aren't simple HTML. They only have enough HTML to wrap the script tags to trigger JavaScript which is linked and loaded from a different page. The script infrastructure connects to server, runs a bunch of background requests, picks up the article or news story or content from the back end database, transmits a bunch of fingerprinting information to uniquely identify your broswer, loads a bunch of ads, and overall modifies the DOM (Document Object Model) that is ultimately what's displayed. If you turn off all Javascript and try to load many sites like news sites, you'll either get a visibly blank page or nothing more than a header and footer. The actual body contains little more than a collection of div and anchor tags that the script modifies into a human-usable page.The reasons for doing it that way vary. Some are there because they're trying to turn the web page into a programmed application rather than flat content. Many are to get around the fact that caching proxies and corporate tools interfere with their metrics and the data needed for their advertising information. A few are used to detect bots, change how the website gets scraped by bots, or to mitigate automated attacks like DDOS attacks. Sites like Cloudflare wrap the entire web page up requiring scripts to run for any access at all. Although URLs are theoretically free from time constraints, many systems generate them through data-driven means and the internal links used by the scripting systems are only valid for a short time. It's a way many sites like Facebook or Reddit or YouTube or TikTok keep their walled garden in place. Direct links to specific items keep working but the feed is algorithmic, always displaying whatever it is they want to push out to users uniquely.  The main links can't be easily indexed, archived, or automated because they're constantly shifting around what the servers provide. Calin said:The code surrounding the links should be well formated to make them crawling friendlyNo, nice formatting is done only by web devs for themselves, so they can read their code.A bot will ignore formatting and also visual style (css).It's maybe worth noting that most html code is actually generated from other code, and not manually written.For example php code on the server generates html code from a link, where the link contains parameters controling what the php script should do. E.g. a link with page number may look like ‘www.blah.com?p=15’. The php script may then also access a data base to get desired text and images for page 15, and generate the final html code for the client browser to display.Contrary, Javascript is not run on the server, but on the client browser. It can thus make a realtime webgame for example, or decorative animations, implementing a media player, etc. It can modify the html code, e.g. changing a number so the animation is displayed. It can also communicate with the server to implement things like a webshop and payment system.Both php and JS are extremely flexible compared to C++. You can do anything, e.g. adding a new member variable to a class instance at runtime. Totally nuts and horrible. : ) 

When Tom and Lia Higgins (Barbara Corcoran's son and daughter-in-law) acquired their prewar apartment on New York City’s Upper East Side, they wanted to maximize every inch of the 1,900-square-foot interior. So the high school sweethearts, who have young kids and love to entertain, called upon Hee Designs to fully gut renovate the unit, requesting a balance between “child-friendliness and a sense of sophistication,” says the firm’s founder, Kellyann Hee.Hee, along with the firm's design director Julia Berner-Tobin, reworked the original three-bedroom, three-bathroom footprint, moving walls and ripping out flooring to fit everything from a large kitchen with a pantry and dining area for eight to a private bedroom wing so that the family could host guests without disturbing sleeping children. From there, they completely reimagined the home's furnishings, turning to durable-yet-timeless pieces that could grow alongside the family. The result is an elevated yet practical retreat that balances versatility with a timeless, tailored feel—an extra impressive feat, considering the quick nine-month timeline and the fact that the project was the hospitality-focused firm’s first foray into residential design.Fast FactsDesigner: Kellyann Hee and Julia Berner-Tobin of Hee DesignsLocation: New York City's Upper East SideThe Space: Three-bedroom, two-and-a-half bath across 1,900 square feetENTRYWAYGreen velvet wall art sets the tone for a muddy yet dimensional palette.Andrew BuiTable: Interior Icons. Ottomans: Lulu & Georgia. Rug: Design Within Reach. Ceiling lights: custom, by Studio Luddite. Wall art: Leonard Meoni. Wall paint: Soft Chamois, Benjamin Moore. Ceiling paint: All White, Farrow & Ball. Door paint: White Dove, Benjamin Moore.Throughout the home, the design team thoughtfully selected furniture with rounded rather than sharp edges and opted for soft materials, like wood over stone, “to create a safer environment for rambunctious kiddos,” Hee says. “We framed wall art behind glass or plexi to protect it, and used cordless window treatments.”As far as the color palette goes, the couple wanted to mix it up from their historically white-on-white style, so the team introduced warm neutrals and layered textures. In the entry, the velvet Leonard Meoni wall art, one of the only items the clients brought with them to the apartment, inspired further green accents throughout the space. “The entry opens into the kitchen and dining area on one side, where we have a dark green mohair banquette, and on the other side it opens to the living room with green accents in the art, book spines in the bookshelves, and mirror.”The finished design totally surprised us, in the best way.LIVING ROOMA plethora of seating caters to activities, day to night.Andrew BuiBuilt-ins: custom, by Rockaway Custom Cabinets & Restoration Shop Inc. Hardware: Lo & Co. Table: McGee & Co. Ottoman: Maiden Home.Andrew BuiSofa: Restoration Hardware. Mirror and lamp: Anthropologie. Throw pillow: Rejuvenation. Side table: Maiden Home. Sconce: Lumfardo. Ceiling light: Long Made Co. Wall paint: Soft Chamois, Benjamin Moore. Wall art: Eberhard Ross.Multiple seating arrangements ensure plenty of opportunity to work or unwind in the often naturally lit space. Custom-built-ins are encased in glass to keep everything out of reach of the kids but still allow the mix of books and decorative objects, like jewel-toned vessels, to be on display. “Our clients really love low lighting in the evenings,” Hee says. “So we backlit these shelves and included a few small lamps. At night, the bookcases become a warm and cozy element in the space.” KITCHENClever storage solutions keep the cookspace neat.Andrew BuiRange: Aga Elise Range. Cabinet hardware: MyKnobs.Andrew BuiCabinets: custom, by Rockaway Custom Cabinets & Restoration Shop Inc.Hee and Berner-Tobin relocated the kitchen from the floor plan’s center to a former bedroom location to bring in natural light, make the cookspace larger, and open it up to a formal dining room. “The combo of an open-concept kitchen and dining room is really popular in the city—and perfect for dinner parties,” Hee says.When customizing the kitchen, the duo prioritized storage with wide, pull-out drawers to hide appliances, pots, and pans, as well as narrow cabinets for stowing baking pans and cutting boards. The Caesarstone counters ensure the homeowners need not stress about stains, while the marble slab backsplash from ABC Stone adds a dramatic touch. “The fluted wall paneling softens a huge column that could not be relocated in the space, and similarly, a concealed pantry door opposite the kitchen sink,” Hee says.DINING NOOKThe customized spot mimics the feel of a luxe NYC eatery.Andrew BuiChairs: Restoration Hardware. Art lights: Pooky. Wall art (right): 1stDibs. Wall art (left): TRNK NYC.To fulfill the couple’s request for a dining area that seats eight, Hee and Berner-Tobin designed a custom banquette in green mohair fabric and a white oak dining table. Since the nook is open to the kitchen, it allows for easy cooking, serving, and dining for daily life with kids and evenings spent entertaining. “There’s a hidden table in the space behind the curve of the banquette that we had made custom to match the fluted wall, so the edges line up perfectly and no food or dust collects back there,” Hee says. “Also, it’s a nice place for a tiny vase for dinner party nights.”Overhead, simple flat crown molding “really adds that little extra layer of polish,” Hee says. The minimal, easy-to-execute detail is carried throughout other parts of the home, as is the parquet wood flooring. The team invested in permanent elements, like the flooring, over high-end, irreplaceable vintage furnishings that may not stand up to wear and tear.POWDER ROOMMetallic wallpaper maximizes light while creating an enchanting look.Andrew BuiWallpaper: Holly Hunt. Mirror: Rejuvenation. Faucet: Kohler. Sconce: Rich Brilliant Willing.Located off the kitchen in a small wing with a hidden pocket door is the glamorous powder room. “The [Holly Hunt] wallpaper here is a real stunner,” Hee says. “It has a raised foil pattern reminiscent of antique lace and acts as the perfect backdrop to a beautiful velvet photo collage commissioned for the room by Brooklyn-based artist Roxana Kadyrova.” PRIMARY BEDROOMA serene space reminiscent of a luxury hotel room.Andrew BuiTable: CB2. Chair: Residence Supply. Bench cushions: Custom, in Holly Hunt fabric. Throw pillows: Restoration Hardware. Rug: Enkay. Wall art: Brian Merriam, from Tappan Collective. Sconce: 1stDibs.Natural elements and rich textures drive the calming atmosphere in the primary bedroom. His-and-hers closets allow the main bedroom to remain minimal and uncluttered. Behind the door—which is modeled after the apartment’s original entry door to expand on the existing pre-war architecture—is the primary bathroom. Opposite the bed is a projector for movie nights.PRIMARY BATHROOMA calming backdrop for self-care rituals.Andrew BuiMirror: Wayfair. Sconces: Etsy, Smile Lamp Works. Fixtures: Brizo. Wall tile: NY Stone. Floor tile: Tilebar and NY Stone. Vanity hardware: Lo & Co. Wall art: Simeoni Art Studio.Travertine tiles maintain a serene, spa-like feel in the bathroom, which boasts a full built-in tub and separate shower.SON'S ROOMThe animal theme adds whimsy and wonder.Andrew BuiTable and bedding: Pottery Barn Kids. Doorknob: Baldwin Hardware.Andrew BuiSconce: Pooky. Rug: Crate & Barrel. Bear pillow: Fair Trade Winds.“We chose a subtle bear theme for the couple’s son’s room, with bear throw pillows on both beds and a soft bear-shaped chair in the corner opposite [from the side table,]” Hee says, noting they also customized the wallpaper into a printed mural to work better for the room’s specific layout. The couple requested a bunk bed for sleepovers, “and a bed low to the ground as he transitioned from his crib to the twin bed,” Hee says. An arched bunk bed from West Elm adds softness to the space. About the DesignersBased in New York's Hudson Valley and Portland, Maine, Hee Designs is primarily a hospitality design firm. But now, the team has also fallen in love with residential projects. Founder Kellyann Hee's approach aims to respect history while pushing forward to a sustainable future. With design director Julia Berner-Tobin, she creates deeply personal, intentional spaces that transcend time through a mix of vintage pieces, existing elements, thoughtful new additions, and custom creations. “We believe, when a home is designed with care, honesty, and a real understanding of both the people who live there and the place they live in, you can feel it,” Hee says.SHOP THE SPACEMulberry Ottoman$1,000 at maidenhome.comArches Bunk BedNow 20% Off$2,799 $2,239 at West ElmNodu Rug$548 at enkay.comGrey Marble Bistro Table$1,699 at CB2

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Back in my day, the phrase used to be “there’s an app for that,” and that’s still the case, though with one major amendment: now, it’s “there’s an AI app for that.” In fact, there’s even an AI app for making apps—buckle up, kiddos, things are about to get meta. Let me explain: Rork, which I stumbled across while scrolling X, is—if we are to drink the Kool-Aid—the app to end all apps. The font from which all other apps may flow. The cold fusion of coding. Alright, I’m exaggerating, but it’s exactly what I alluded to: an app that makes apps, which is like a hat on a hat if the first hat actually made the second hat. To make things even more meta, Rork used an AI ad with Google’s new Veo 3 video generator to promote its tool. Is your head spinning yet? Mine kind of is. When I say Rork makes apps, I mean it really makes the damn thing (at least I think it does since I wouldn’t know a functional piece of code if it sat on my chest and suffocated me like a sleep paralysis demon). But on the surface, it does the whole thing. I went to the web version of Rork to try it out (there’s no mobile app that I’m aware of), and it seemingly took my text prompt, “I want to make an app that matches me with similar-sized people in my area to fight. Like Tinder but for fisticuffs,” and ran with it. Once I punched the prompt in (pun intended), Rork got to work (thinking for a while as AI does) and then used its corresponding large language model (Anthropic’s Claude 4 model) to start drawing everything up. And I mean everything—colors, features, parameters, basically every aspect of an app that you might need to launch. And the conjuring doesn’t stop there. Once everything is devised, Rork’s interface splits everything off into packages if you want to look at the code (that is, if you’re capable of reading it, unlike me), and then it does my favorite part—it generates a usable preview that you can test on your phone or another device. After the AI had coded everything, I was able to scan a QR code and generate a preview using ExpoGo, a tool that lets you deploy code in a preview mode. So, without further ado, ladies and gentlemen, I present to you: FightMatch, Tinder for kicking ass. © Rork / Screenshot by Gizmodo It’s worth noting that I tried to make this even more meta by prompting Rork to make an app that uses generative AI to make images or video—an AI app that generates AI—but it ran into some issues that I wasn’t able to fully wrap my head around. Per Rork, they were “critical errors,” and even when I clicked the “fix” button, it wouldn’t budge. No AI app inception today, folks, sorry. On one hand, as someone with no coding experience, I’m impressed. Rork, as promised, was able to take my very simple text prompt (Tinder for fighting) and write up all the code to make it happen in about a minute or so. Again, a coder I am not, but that feels pretty extraordinary from a sheer idea to preview perspective. I’m fairly certain whatever Rork and Claude generated wouldn’t be enough to push to an app store right away, both from a technical and aesthetic perspective, but as a first draft, it’s at least serviceable, if very far from perfect. Also, if I’m being honest, I was looking for more of a Fight Club-type app over MMA, but I suppose Claude played this one safe. There’s obviously vast potential here to expedite app creation, but just like with every generative tool like this, there’s also potential for something less exciting—slop. Like I wrote earlier this week, tools like Google’s Veo 3 and Flow are impressive technical feats, but they also feel primed to further bloat an already overwhelming bucket of AI slop. There’s always that question: do we need more apps or do we need better apps? I’m a proponent of the latter philosophy, but if there’s one thing I’ve come to expect in the tech world, it’s more. But hey, if I get rich quick with FightMatch, I can’t really complain, can I? And if you disagree, swipe right, and let’s settle this the old-fashioned way.

If your child loves their tablet, but you struggle with finding appropriate games, try Pok Pok, a learning app for kids aged 2-8 that doesn’t feel like learning. What is Pok Pok? Pok Pok is an award-winning educational app. It features a collection of calming, open-ended digital toys that help children explore STEM, problem-solving, creativity, and more without ads, in-app purchases, or overstimulation. Built by parents in collaboration with early childhood experts, Pok Pok offers a Montessori-inspired experience that supports healthy screen time and lifelong learning. What kinds of skills can kids build with Pok Pok? Kids using Pok Pok build foundational skills in STEM, problem-solving, language, numbers, cause and effect, and emotional development. Each game is open-ended, so there’s no “winning” or “losing.” Instead, kids learn through curiosity, experimentation, and hands-on discovery—all key Montessori values. Why is Pok Pok different from other kids’ games? Unlike most kids’ apps, Pok Pok isn’t built around flashy animations or noisy menus. Everything is intentionally low-stimulation and calming, with handcrafted visuals and music that don’t overwhelm. Is it good for travel or offline play? Definitely. Pok Pok works offline, making it a good kids’ app for travel, car rides, and waiting rooms. And since there are no ads or pushy pop-ups, it’s a tantrum-free app that doesn’t create fights when it’s time to turn it off. What kind of content does Pok Pok include? Think of it like a digital playroom. There are peaceful, interactive scenes for exploring space, dinosaurs, numbers, dress-up, world puzzles, and more. New “toys” and seasonal content are added regularly, and everything is designed to grow with your child over time. How much does Pok Pok cost? Through June 1, you can get a Pok Pok lifetime subscription for $49.99 when you use code SAVE10 at checkout. Normally $59.99, this is a great chance to save on the app and grab forever access for all of your kiddos, since you can use the app on up to 10 devices at once. StackSocial prices subject to change. _ Pok Pok: Lifetime Subscription See Deal

May 23, 2025The Hacker NewsWeb Security / Threat Detection From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base. This walkthrough covers what SafeLine is, how it works, and why it's becoming the go-to solution over cloud-based WAFs. What is SafeLine WAF? SafeLine is a self-hosted web application firewall that acts as a reverse proxy, filtering and monitoring HTTP/HTTPS traffic to block malicious requests before they reach your backend web applications. Unlike cloud-based WAFs, SafeLine runs entirely on your own servers—giving you unmatched visibility and data sovereignty. Key Features of SafeLine WAFComprehensive Attack Prevention SafeLine effectively blocks a wide range of common and advanced web attacks, including SQL injection(SQLi), cross-site scripting (XSS), OS command injection, CRLF injection, XML External Entity (XXE) attacks, Server Side Request Forgery (SSRF), and directory traversal, etc. Zero-Day Detection via Semantic Analysis Unlike traditional signature-based WAFs, SafeLine uses a patented semantic analysis engine that deeply parses HTTP traffic semantics. This approach enables it to detect complex and zero-day attacks with high accuracy, resulting in an industry-leading detection rate of 99.45% and an ultra-low false positive rate of 0.07%. (The chart below compares SafeLine with the two versions of a globally recognized open-source WAF.) Robust Bot Protection SafeLine delivers comprehensive, multi-layered defenses against automated bot attacks, a growing threat vector responsible for credential stuffing, malicious scraping, inventory hoarding, and vulnerability scanning. It combines several out-of-box powerful mechanisms: CAPTCHA Challenges: Dynamically issued to distinguish human users from automated clients, especially in suspicious or high-risk traffic scenarios. Dynamic Protection: Randomly encrypts and obfuscates frontend code, such as HTML and JavaScript, before delivering it to the client. This prevents bots from reliably parsing page structures or interacting with DOM elements, rendering automated scripts ineffective. Anti-Replay Mechanisms: Detect and block reuse of tokens, headers, or payloads often leveraged in scripted attacks or credential stuffing campaigns. HTTP Flood DDoS Mitigation HTTP flood DDoS attacks attempt to overwhelm servers by sending massive volumes of HTTP requests in a short period of time. These attacks can exhaust server resources, degrade performance, or take applications offline entirely. To counter this, SafeLine implements rate limiting to cap request frequency and mitigate abuse. These measures are highly configurable, allowing defenders to tailor thresholds based on real-world traffic patterns. For sudden traffic spikes—whether legitimate or malicious—SafeLine provides a virtual waiting room mechanism. This ensures service availability by queuing excess users and releasing them gradually, preventing backend overload while maintaining a fair and orderly access experience. Authentication Challenges SafeLine is also designed with Zero Trust principles in mind—never trust, always verify. It offers configurable visitor authentication to secure access to protected applications, enhancing security through enforced identity checks. As a built-in identity gateway, it supports modern authentication protocols such as OIDC and integrates seamlessly with identity providers like GitHub and others. SafeLine also supports Single Sign-On (SSO) to streamline user authentication and simplify login experience in the meantime. Best of all, these enterprise-grade identity features are included for free. Simple Deployment in Minutes SafeLine is designed for quick setup and easy management. It requires the following environment to be installed and run: Operating System: Linux (x86_64 or arm64) Dependencies: Docker (version 20.10.14 or higher) and Docker Compose (version 2.0.0 or higher) Minimum System Requirements: 1 CPU core, 1 GB of RAM, and 5 GB of available disk space Once the environment is ready, installation takes just a few minutes with a single command. bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en A user-friendly, wizard-based interface guides you through configuration. Full documentation is available here. Why Choose SafeLine Over Cloud-Based WAFs? Unlike traditional cloud-based WAFs that route your traffic through third-party infrastructure, SafeLine offers complete deployment autonomy. Here are the advantages: Full Data Control: Sensitive traffic and logs remain on-premises, reducing exposure to third-party cloud risks. Cost Efficiency: Avoids recurring subscription fees common with cloud WAFs, especially beneficial for high-traffic environments. Free and Out-of-Box Enterprise Features: Advanced threat detection, bot protection, identity authentication, and more—typically gated behind "premium" tiers elsewhere—are out-of-box and included for free. Get SafeLine — free forever for personal use, with optional 7-day Pro trial. Use Cases Ideal for SafeLine SafeLine is a versatile solution built for a wide range of web application security needs. It's particularly well-suited for: Organizations with strict data privacy or regulatory compliance requirements Teams Targeted by Sophisticated Bots and Automated Threats Small and medium-sized businesses seeking affordable, enterprise-grade protection DevOps and Security Teams Requiring Full Deployment Control and Customization Projects requiring rapid deployment and easy maintenance Final Words SafeLine stands out as a powerful, open-source alternative to traditional cloud-based WAFs. With cutting-edge zero-day detection, robust bot mitigation, and zero trust–aligned identity features—all bundled into a self-hosted, easy-to-deploy package—SafeLine empowers developers, security teams, and organizations of all sizes to take control of their web security. Get SafeLine — free forever for personal use, with optional 7-day Pro trial. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

© Gizmodo I wish I was making this stuff up, but chaos seems to follow me at all tech events. After waiting an hour to try out Google’s hyped-up Android XR smart glasses for five minutes, I was actually given a three-minute demo, where I actually had 90 seconds to use Gemini in an extremely controlled environment. And actually, if you watch the video in my hands-on write-up below, you’ll see that I spent even less time with it because Gemini fumbled a few times in the beginning. Oof. I really hope there’s another chance to try them again because it was just too rushed. I think it might be the most rushed product demo I’ve ever had in my life, and I’ve been covering new gadgets for the past 15 years. —Raymond Wong Google, a company valued at $2 trillion, seemingly brought one pair of Android XR smart glasses for press to demo… and one pair of Samsung’s Project Moohan mixed reality headset running the same augmented reality platform. I’m told the wait is 1 hour to try either device for 5 minutes. Of course, I’m going to try out the smart glasses. But if I want to demo Moohan, I need to get back in line and wait all over again. This is madness! —Raymond Wong May 20Keynote Fin © Raymond Wong / Gizmodo Talk about a loooooong keynote. Total duration: 1 hour and 55 minutes, and then Sundar Pichai walked off stage. What do you make of all the AI announcements? Let’s hang in the comments! I’m headed over to a demo area to try out a pair of Android XR smart glasses. I can’t lie, even though the video stream from the live demo lagged for a good portion, I’m hyped! It really feels like Google is finally delivering on Google Glass over a decade later. Shoulda had Google co-founder Sergey Brin jump out of a helicopter and land on stage again, though. —Raymond Wong Pieces of Project Astra, Google’s computer vision-based UI, are winding up in various different products, it seems, and not all of them are geared toward smart glasses specifically. One of the most exciting updates to Astra is “computer control,” which allows one to do a lot more on their devices with computer vision alone. For instance, you could just point your phone at an object (say, a bike) and then ask Astra to search for the bike, find some brakes for it, and then even pull up a YouTube tutorial on how to fix it—all without typing anything into your phone. —James Pero Shopping bots aren’t just for scalpers anymore. Google is putting the power of automated consumerism in your hands with its new AI shopping tool. There are some pretty wild ideas here, too, including a virtual shopping avatar that’s supposed to represent your own body—the idea is you can make it try on clothes to see how they fit. How all that works in practice is TBD, but if you’re ready for a full AI shopping experience, you’ve finally got it. For the whole story, check out our story from Gizmodo’s Senior Editor, Consumer Tech, Raymond Wong. —James Pero I got what I wanted. Google showed off what its Android XR tech can bring to smart glasses. In a live demo, Google showcased how a pair of unspecified smart glasses did a few of the things that I’ve been waiting to do, including projecting live navigation and remembering objects in your environment—basically the stuff that it pitched with Project Astra last year, but in a glasses form factor. There’s still a lot that needs to happen, both hardware and software-wise, before you can walk around wearing glasses that actually do all those things, but it was exciting to see that Google is making progress in that direction. It’s worth noting that not all of the demos went off smoothly—there was lots of stutter in the live translation demo—but I guess props to them for giving it a go. When we’ll actually get to walk around wearing functional smart glasses with some kind of optical passthrough or virtual display is anyone’s guess, but the race is certainly heating up. —James Pero Google’s SynthID has been around for nearly three years, but it’s been largely kept out of the public eye. The system disturbs AI-generated images, video, or audio with an invisible, undetectable watermark that can be observed with Google DeepMind’s proprietary tool. At I/O, Google said it was working with both Nvidia and GetReal to introduce the same watermarking technique with those companies’ AI image generators. Users may be able to detect these watermarks themselves, even if only part of the media was modified with AI. Early testers are getting access to it “today,” but hopefully more people can acess it at a later date from labs.google/synthid. — Kyle Barr This keynote has been going on for 1.5 hours now. Do I run to the restroom now or wait? But how much longer until it ends??? Can we petiton to Sundar Pichai to make these keynotes shorter or at least have an intermission? Update: I ran for it right near the end before Android XR news hit. I almost made it… —Raymond Wong © Raymond Wong / Gizmodo Google’s new video generator Veo, is getting a big upgrade that includes sound generation, and it’s not just dialogue. Veo 3 can also generate sound effects and music. In a demo, Google showed off an animated forest scene that includes all three—dialogue, sound effects, and video. The length of clips, I assume, will be short at first, but the results look pretty sophisticated if the demo is to be believed. —James Pero If you pay for a Google One subscription, you’ll start to see Gemini in your Google Chrome browser (and—judging by this developer conference—everywhere else) later this week. This will appear as the sparkle icon at the top of your browser app. You can use this to bring up a prompt box to ask a question about the current page you’re browsing, such as if you want to consolidate a number of user reviews for a local campsite. — Kyle Barr © Google / GIF by Gizmodo Google’s high-tech video conferencing tech, now called Beam, looks impressive. You can make eye contact! It feels like the person in the screen is right in front of you! It’s glasses-free 3D! Come back down to Earth, buddy—it’s not coming out as a consumer product. Commercial first with partners like HP. Time to apply for a new job? —Raymond Wong Read more here: Google doesn’t want Search to be tied to your browser or apps anymore. Search Live is akin to the video and audio comprehension capabilities of Gemini Live, but with the added benefit of getting quick answers based on sites from around the web. Google showed how Search Live could comprehend queries about at-home science experiment and bring in answers from sites like Quora or YouTube. — Kyle Barr Google is getting deep into augmented reality with Android XR—its operating system built specifically for AR glasses and VR headsets. Google showed us how users may be able to see a holographic live Google Maps view directly on their glasses or set up calendar events, all without needing to touch a single screen. This uses Gemini AI to comprehend your voice prompts and follow through on your instructions. Google doesn’t have its own device to share at I/O, but its planning to work with companies like XReal and Samsung to craft new devices across both AR and VR. — Kyle Barr Read our full report here: I know how much you all love subscriptions! Google does too, apparently, and is now offering a $250 per month AI bundle that groups some of its most advanced AI services. Subscribing to Google AI Ultra will get you: Gemini and its full capabilities Flow, a new, more advanced AI filmmaking tool based on Veo Whisk, which allows text-to-image creation NotebookLM, an AI note-taking app Gemini in Gmail and Docs Gemini in Chrome Project Mariner, an agentic research AI 30TB of storage I’m not sure who needs all of this, but maybe there are more AI superusers than I thought. —James Pero Google CEO Sundar Pichai was keen to claim that users are big, big fans of AI overviews in Google Search results. If there wasn’t already enough AI on your search bar, Google will now stick an entire “AI Mode” tab on your search bar next to the Google Lens button. This encompasses the Gemini 2.5 model. This opens up an entirely new UI for searching via a prompt with a chatbot. After you input your rambling search query, it will bring up an assortment of short-form textual answers, links, and even a Google Maps widget depending on what you were looking for. AI Mode should be available starting today. Google said AI Mode pulls together information from the web alongside its other data like weather or academic research through Google Scholar. It should also eventually encompass your “personal context,” which will be available later this summer. Eventually, Google will add more AI Mode capabilities directly to AI Overviews. — Kyle Barr May 20News Embargo Has Lifted! © Xreal Get your butt over to Gizmodo.com’s home page because the Google I/O news embargo just lifted. We’ve got a bunch of stories, including this one about Google partnering up with Xreal for a new pair of “optical see-through” (OST) smart glasses called Project Aura. The smart glasses run Android XR and are powered by a Qualcomm chip. You can see three cameras. Wireless, these are not—you’ll need to tether to a phone or other device. Update: Little scoop: I’ve confirmed that Project Aura has a 70-degree field of view, which is way wider than the One Pro’s FOV, which is 57 degrees. —Raymond Wong © Raymond Wong / Gizmodo Google’s DeepMind CEO showed off the updated version of Project Astra running on a phone and drove home how its “personal, proactive, and powerful” AI features are the groundwork for a “universal assistant” that truly understands and works on your behalf. If you think Gemini is a fad, it’s time to get familiar with it because it’s not going anywhere. —Raymond Wong May 20Gemini 2.5 Pro Is Here © Gizmodo Google says Gemini 2.5 Pro is its “most advanced model yet,” and comes with “enhanced reasoning,” better coding ability, and can even create interactive simulations. You can try it now via Google AI Studio. —James Pero There are two major types of transformer AI used today. One is the LLM, AKA large language models, and diffusion models—which are mostly used for image generation. The Gemini Diffusion model blurs the lines of these types of models. Google said its new research model can iterate on a solution quickly and correct itself while generating an answer. For math or coding prompts, Gemini Diffusion can potentially output an entire response much faster than a typical Chatbot. Unlike a traditional LLM model, which may take a few seconds to answer a question, Gemini Diffusion can create a response to a complex math equation in the blink of an eye, and still share the steps it took to reach its conclusion. — Kyle Barr © Gizmodo New Gemini 2.5 Flash and Gemini Pro models are incoming and, naturally, Google says both are faster and more sophisticated across the board. One of the improvements for Gemini 2.5 Flash is even more inflection when speaking. Unfortunately for my ears, Google demoed the new Flash speaking in a whisper that sent chills down my spine. —James Pero Is anybody keeping track of how many times Google execs have said “Gemini” and “AI” so far? Oops, I think I’m already drunk, and we’re only 20 minutes in. —Raymond Wong © Raymond Wong / Gizmodo Google’s Project Astra is supposed to be getting much better at avoiding hallucinations, AKA when the AI makes stuff up. Project Astra’s vision and audio comprehension capabilities are supposed to be far better at knowing when you’re trying to trick it. In a video, Google showed how its Gemini Live AI wouldn’t buy your bullshit if you tell it that a garbage truck is a convertible, a lamp pole is a skyscraper, or your shadow is some stalker. This should hopefully mean the AI doesn’t confidently lie to you, as well. Google CEO Sundar Pichai said “Gemini is really good at telling you when you’re wrong.” These enhanced features should be rolling out today for Gemini app on iOS and Android. — Kyle Barr May 20Release the Agents Like pretty much every other AI player, Google is pursuing agentic AI in a big way. I’d prepare for a lot more talk about how Gemini can take tasks off your hands as the keynote progresses. —James Pero © Gizmodo Google has finally moved Project Starline—its futuristic video-calling machine—into a commercial project called Google Beam. According to Pichai, Google Beam can take a 2D image and transform it into a 3D one, and will also incorporate live translate. —James Pero © Gizmodo Google’s CEO, Sundar Pichai, says Google is shipping at a relentless pace, and to be honest, I tend to agree. There are tons of Gemini models out there already, even though it’s only been out for two years. Probably my favorite milestone, though, is that it has now completed Pokémon Blue, earning all 8 badges according to Pichai. —James Pero May 20Let’s Do This Buckle up, kiddos, it’s I/O time. Methinks there will be a lot to get to, so you may want to grab a snack now. —James Pero Counting down until the keynote… only a few more minutes to go. The DJ just said AI is changing music and how it’s made. But don’t forget that we’re all here… in person. Will we all be wearing Android XR smart glasses next year? Mixed reality headsets? —Raymond Wong © Raymond Wong / Gizmodo Fun fact: I haven’t attended Google I/O in person since before Covid-19. The Wi-Fi is definitely stronger and more stable now. It’s so great to be back and covering for Gizmodo. Dream job, unlocked! —Raymond Wong © Raymond Wong / Gizmodo Mini breakfast burritos… bagels… but these bagels can’t compare to real Made In New York City bagels with that authentic NY water 😏 —Raymond Wong © Raymond Wong / Gizmodo © Raymond Wong / Gizmodo © Raymond Wong / Gizmodo © Raymond Wong / Gizmodo I’ve arrived at the Shoreline Amphitheatre in Mountain View, Calif., where the Google I/O keynote is taking place in 40 minutes. Seats are filling up. But first, must go check out the breakfast situation because my tummy is growling… —Raymond Wong May 20Should We Do a Giveaway? © Raymond Wong / Gizmodo Google I/O attendees get a special tote bag, a metal water bottle, a cap, and a cute sheet of stickers. I always end up donating this stuff to Goodwill during the holidays. A guy living in NYC with two cats only has so much room for tote bags and water bottles… Would be cool to do giveaway. Leave a comment to let us know if you’d be into that and I can pester top brass to make it happen 🤪 —Raymond Wong May 20Got My Press Badge! In 13 hours, Google will blitz everyone with Gemini AI, Gemini AI, and tons more Gemini AI. Who’s ready for… Gemini AI? —Raymond Wong May 19Google Glass: The Redux © Google / Screenshot by Gizmodo Google is very obviously inching toward the release of some kind of smart glasses product for the first time since (gulp) Google Glass, and if I were a betting man, I’d say this one will have a much warmer reception than its forebearer. I’m not saying Google can snatch the crown from Meta and its Ray-Ban smart glasses right out of the gate, but if it plays its cards right, it could capitalize on the integration with its other hardware (hello, Pixel devices) in a big way. Meta may finally have a real competitor on its hands. ICYMI: Here’s Google’s President of the Android Ecosystem, Sameer Samat, teasing some kind of smart glasses device in a recorded demo last week. —James Pero Hi folks, I’m James Pero, Gizmodo’s new Senior Writer. There’s a lot we have to get to with Google I/O, so I’ll keep this introduction short. I like long walks on the beach, the wind in my nonexistent hair, and I’m really, really, looking forward to bringing you even more of the spicy, insightful, and entertaining coverage on consumer tech that Gizmodo is known for. I’m starting my tenure here out hot with Google I/O, so make sure you check back here throughout the week to get those sweet, sweet blogs and commentary from me and Gizmodo’s Senior Consumer Tech Editor Raymond Wong. —James Pero © Raymond Wong / Gizmodo Hey everyone! Raymond Wong, senior editor in charge of Gizmodo’s consumer tech team, here! Landed in San Francisco (the sunrise was *chef’s kiss*), and I’ll be making my way over to Mountain View, California, later today to pick up my press badge and scope out the scene for tomorrow’s Google I/O keynote, which kicks off at 1 p.m. ET / 10 a.m. PT. Google I/O is a developer conference, but that doesn’t mean it’s news only for engineers. While there will be a lot of nerdy stuff that will have developers hollering, what Google announces—expect updates on Gemini AI, Android, and Android XR, to name a few headliners—will shape consumer products (hardware, software, and services) for the rest of this year and also the years to come. I/O is a glimpse at Google’s technology roadmap as AI weaves itself into the way we compute at our desks and on the go. This is going to be a fun live blog! —Raymond Wong