Feed aggregator

Article URL: https://github.com/rerun-io/annotation-example

Comments URL: https://news.ycombinator.com/item?id=43782921

Points: 3

# Comments: 1

Article URL: https://www.reuters.com/sustainability/boards-policy-regulation/us-calls-eu-fines-apple-meta-economic-extortion-2025-04-23/

Comments URL: https://news.ycombinator.com/item?id=43782917

Points: 3

# Comments: 0

If you haven't checked your subscription costs lately, you need to read this.

Article URL: https://www.gov.ca.gov/2025/04/23/california-is-now-the-4th-largest-economy-in-the-world/

Comments URL: https://news.ycombinator.com/item?id=43782902

Points: 3

# Comments: 0

Article URL: https://docs.nvidia.com/cuda/floating-point/index.html

Comments URL: https://news.ycombinator.com/item?id=43782891

Points: 1

# Comments: 0

Got an Android phone? Got a tap-to-pay card? Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data and send it to cybercriminals half a world away. All you have to do is install the software and tap your card to your phone – and criminals excel at persuading you to do just that.

The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC). This enables your phone to read the data on a supporting payment card when it comes close enough. It’s how tap-to-pay machines found in retailers and ATMs work their magic.

Attackers get the malicious software via a malware-as-a-service model. This enables them to become affiliates for the developers of the software, who typically offer it for a percentage of the attackers’ takings. They can then focus on finding and targeting victims with social engineering attacks, which Cleafy says they’ve been doing in Italy.

How the attack works

First the attackers have to get the malware onto someone’s Android phone. That starts with a fraudulent ‘smishing’ message sent via SMS or WhatsApp, often impersonating a bank and asking the user to call.

The telephone number connects the victim to the attacker, who then persuades them to give up their PIN and log into their bank account. From there, they persuade the victim to remove the spending limits on their card, and then to install what they claim is a security application, sent to their phone as a link. This contains the SuperCard X malware.

Finally comes the payoff. The attacker, who by now will likely have built up a rapport with the victim, will ask them to tap their card to their phone. The malware then captures the card details, which it then sends to the attacker’s own Android phone. They can then use the phone as a cloned card for contactless payments. If you’ve ever tapped your phone instead of your card to pay for something, you’ll know how easy that is to do.

Where did SuperCard X come from?

Like much malware, SuperCard X didn’t come out of nowhere. Cleafy says that it shares code with another piece of malware called NGate, discovered last year. Both of these are likely built on concepts first outlined in NFCGate, a freely available open-source NFC software tool developed by German’s Technical University of Darmstadt.

SuperCard X’s developers have focused on making this software as stealthy as possible. Most antivirus programs for Android fail to spot it, says Cleafy. That’s because it asks for as few privileges as possible on the phone, and it doesn’t include many of the features that other malware has. In short, the less that a malicious program does on a phone, the smaller its footprint is and the more silent it can be.

This malware is a cybercriminal’s favorite for several reasons. Rather than attacking people with accounts at a particular bank, it works against anyone with a payment card, increasing the attacker’s scope. It’s also instant, compared to thefts by wire transfer, which can take days to complete.

How to protect yourself

Luckily, as with many things, the best defense is you. In this case, protection is simple. The cybercriminals behind this attack can’t do anything unless you install the software on your phone, and so they go through several steps to convince you to do so.

Be skeptical of text messages from people you don’t know, especially those claiming to be urgent. Scammers typically try and panic you into a fast response. When they get you on the phone, they can befriend you, further impeding your ability to think critically and say “no”.

If you can’t help yourself and feel compelled to take action, check in with a trusted family member if available to get their perspective. If you’re still convinced, then at least verify the message first. Call your financial institution through an official number – not through the one in the text message. We’ll bet a steak dinner that they won’t know what you’re talking about.

Never give personal details to anyone you don’t know who contacts you via text message, and never change your banking details at their request. And if anyone asks you to install software sent via text message, refuse and end the communication.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Solar technology keeps getting better, but do you really need the most efficient panels on your roof? Here's what matters when making your solar decision.

Attackers have historically had time on their side, outpacing defenders who have struggled to keep up. Agentic AI appears poised to change the game.

Elements of the proposed Cyber Security and Resilience Bill are welcome but questions remain about how best to act in the face of persistent challenges like geopolitical chaos, threats to critical infrastructure, and technological advances, writes CSBR chief exec James Morris

Article URL: https://en.wikipedia.org/wiki/Metrication_in_the_United_States

Comments URL: https://news.ycombinator.com/item?id=43782384

Points: 1

# Comments: 0

Article URL: https://www.theregister.com/2025/04/24/qualcomm_arm_licensing_lawsuit_amendment/

Comments URL: https://news.ycombinator.com/item?id=43782383

Points: 1

# Comments: 0

Article URL: https://www.iphoneincanada.ca/2025/04/22/how-to-unlock-hearing-aid-mode-for-airpods-pro-in-canada/

Comments URL: https://news.ycombinator.com/item?id=43782352

Points: 1

# Comments: 0

I had an idea for creating a crowdsourced database of AI prompts that no AI model could yet crack.

I've seen a bunch of those prompts scattered across HN, so thought to open a thread here so we can maybe have a centralied location for this.

Share your prompt that stumps every AI model here.

Comments URL: https://news.ycombinator.com/item?id=43782299

Points: 1

# Comments: 1

Blue Shield of California leaked the personal data of 4.7 million people to Google after a Google Analytics misconfiguration. The tech giant may have used this data for targeted advertising, according to Blue Shield, which is one of the largest health insurers in the US.

In a data breach notice on its website, Blue Shield says it had begun notifying “certain members of a potential data breach that may have included elements of their protected health information.”

Blue Shield a nonprofit health insurer serving nearly 6 million members, used Google Analytics to monitor how customers interacted with its websites to improve services. However, a configuration error in Google Analytics allowed sensitive member data to spill to Google Ads, potentially exposing customer data for almost three years. This likely included protected health information.

Blue Shield stated, “Google may have used this data to show targeted ad campaigns to individual members.”

The transmission of data took place between April 2021 and January 2024. The leaked information includes various details such as the type of health insurance plan, postal code and city, gender, family size, account IDs, names of insured persons, and search queries related to finding a doctor, which could reveal members’ health concerns or needs.

Blue Shield said there was no leak of other types of personal information, such as Social Security numbers, driver’s license numbers, or banking or credit card information.

After discovering the leak, Blue Shield said it reviewed all its websites to ensure no other tracking software was sharing protected health information with third parties.

Usually in a data breach we can point at cybercriminals that went out of their way to obtain the data. In this case, a simple misconfiguration shared data with an entity—that already knows so much about us—that then used the information for targeted advertising.

Maybe this case can serve as a cautionary tale about using analytics tools in areas where misconfigurations can lead to severe privacy violations, especially when sensitive data is involved.

Blue Shield is notifying all customers who may have accessed their member information on the potentially impacted Blue Shield websites during the relevant time frame.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

SCAN NOW

Article URL: https://florey.edu.au/news/2025/04/parkinsons-disease-researchers-develop-cellular-invisibility-cloak-to-protect-neural-grafts/

Comments URL: https://news.ycombinator.com/item?id=43782282

Points: 1

# Comments: 0

Article URL: https://finance.yahoo.com/news/ibm-forecasts-second-quarter-revenue-201238690.html

Comments URL: https://news.ycombinator.com/item?id=43782280

Points: 2

# Comments: 0

Article URL: https://esahubble.org/news/heic2505/

Comments URL: https://news.ycombinator.com/item?id=43782269

Points: 2

# Comments: 0

Article URL: https://docs.scale-lang.com/stable/manual/CHANGELOG/#whats-new

Comments URL: https://news.ycombinator.com/item?id=43782248

Points: 3

# Comments: 1

Article URL: https://pytorch.org/blog/pytorch-2-7/

Comments URL: https://news.ycombinator.com/item?id=43782238

Points: 1

# Comments: 0