2025
a16z-Backed Startup Sells Thousands of ‘Synthetic Influencers’ to Manipulate Social Media as a Service Doublespeed, a startup backed by Andreessen Horowitz, offers a service that uses AI to generate and manage thousands of social media accounts, violating policies of major platforms like TikTok, Instagram, and Reddit. The service, which costs between $1,500 and $7,500 per month, uses a combination of AI-generated content and human “touch-up” work to create and manage accounts that appear authentic. Despite the service’s potential for misuse, including political manipulation, Doublespeed claims it does not support political efforts.
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation The Smishing Triad, a China-linked group, has been linked to over 194,000 malicious domains since January 2024 in a global phishing operation, generating over $1 billion in the last three years by impersonating services like toll violations and package misdeliveries. This sophisticated operation utilizes a decentralized infrastructure, rapidly registering and churning through domains to evade detection, with a significant portion hosted on U.S. cloud services.
AI Dataset for Detecting Nudity Contained Child Sexual Abuse Images The NudeNet dataset, used for training AI nudity detection, has been found to contain child sexual abuse material (CSAM) by the Canadian Centre for Child Protection (C3P). This discovery highlights ethical concerns regarding data collection in AI development, similar to previous findings with the LAION-5B dataset.
Every Formula 1 driver on the grid just had their passport and license details leaked - but it could have been so much worse | TechRadar Security researchers discovered a significant bug in the FIA website, granting them access to the personally identifiable information of all Formula 1 drivers, including passport and license details. Although the vulnerability has since been fixed and there’s no indication of malicious access, the incident highlights the ongoing cybersecurity risks even in highly funded sports.
Stay prepared while you fly: a knife-free EDC kit for modern travel
Air travel introduces a unique constraint for anyone who relies on tools: you can’t bring a knife, and a traditional multitool is almost guaranteed to be confiscated. But that doesn’t mean you need to travel unprepared. By building a compact, knife-free everyday carry kit made of single-purpose tools, you can handle common issues at the gate, in the cabin, or on arrival — without raising concerns at security.
The advantage of this modular approach is simple. If a security officer questions one item, only that item is removed. With a multitool, one decision by an agent wipes out your entire capability.
Ransomware recovery perils: 40% of paying victims still lose their data | CSO Online A recent survey reveals that 40% of businesses paying ransoms for ransomware recovery still fail to regain their data, with only 60% achieving partial or full recovery. Modern attacks often involve double or triple extortion, and paying the ransom does not guarantee data restoration or prevent data leaks, highlighting the critical need for robust preparation and cyber resilience.
Toys ‘R’ Us Canada Customer Information Leaked Online - SecurityWeek Toys “R” Us Canada experienced a data breach where a threat actor stole and leaked customer information, including names, addresses, email addresses, and phone numbers, on the dark web. The company is notifying customers and authorities, but no sensitive information like passwords or credit card details was compromised.
Meta’s new free transformer
Standard Transformer models generate text purely autoregressively—each token is predicted based only on the previous tokens, like a stateless function where the only “memory” is the input sequence itself. The Free Transformer adds a learned latent variable layer in the middle of the network that acts like hidden internal state the model can condition on during generation. Think of it as giving the model a small amount of working memory (16 bits per token) to make implicit decisions about the generation strategy before committing to specific tokens.
GlassWorm Malware Targets Developers Through OpenVSX Marketplace – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More The GlassWorm malware targets developers using Visual Studio Code extensions on the OpenVSX marketplace, spreading by hijacking trusted extensions and stealing credentials. It hides its malicious payload using invisible Unicode variation selectors and communicates through the Solana blockchain and Google Calendar.
Meta boosts scam protection on WhatsApp and Messenger | Malwarebytes Meta has enhanced scam protection on WhatsApp and Messenger with new safeguards to protect users, especially the elderly, from scammers. Scams targeting the elderly have increased, with losses reaching $4.8 billion in 2024.
U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Motex LANSCOPE flaw, CVE-2025-61932, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies must fix the vulnerability by November 12, 2025.
Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk - SecurityWeek Hackers are exploiting a critical-severity vulnerability in Adobe Commerce and Magento Open Source, tracked as CVE-2025-54236, with 250 attacks observed on Wednesday. Adobe released hotfixes on September 9, but less than half of the ecommerce sites have been patched.
PhantomCaptcha RAT Attack Targets Aid Groups Supporting Ukraine – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More The PhantomCaptcha RAT attack targeted aid groups and Ukrainian government entities, using malicious PDFs and fake Cloudflare captcha pages to deploy a spying tool. This highly coordinated cyberattack lasted only 24 hours but showed meticulous planning and advanced evasion techniques.
Click, Call, Compromise: Hackers Continue to Evolve Tactics Microsoft’s annual cyberthreat assessment reveals a 32% rise in identity-based attacks in 2025, primarily due to stolen credentials. Infostealers, traditionally post-exploitation tools, are now used as initial access payloads, fueling a cybercrime underground with specialized roles. Despite sophisticated counter-hacks, Microsoft emphasizes that multifactor authentication (MFA) can prevent over 99% of identity compromise attacks.
GM to Remove CarPlay from All Future Vehicles, Including Gas Cars - MacRumors General Motors has decided to remove CarPlay from all future vehicles, including both electric and gas cars, to prioritize its own in-house infotainment system. GM CEO Mary Barra confirmed that new gas cars will not support smartphone projection for CarPlay or Android Auto.
Canada's Tech Sector: Beyond Catch-Up
The numbers tell a story Silicon Valley can’t ignore: Canada’s tech corridor is no longer just catching up — it’s carving out its own category.
When Geoffrey Hinton collected the 2024 Nobel Prize in Physics, the University of Toronto professor emeritus didn’t just validate decades of artificial intelligence research. He spotlighted what industry data now confirms: Toronto has become North America’s No. 3 tech market, with Waterloo Region joining the continent’s top tier; Montreal strengthens Canada’s position through AI research dominance.
DuckDuckGo browser: privacy by default
In an online landscape often dominated by surveillance-based business models and data extraction, DuckDuckGo Browser stands out as a privacy-first alternative that prioritises simplicity and protection. For users seeking straightforward privacy without complex configurations, DuckDuckGo delivers — though its architecture and feature set differ from traditional browsers.
The Uncomfortable Truth About China’s AI Dominance: How a Decade of Strategic Planning Is Reshaping the Technology Landscape
Let me be direct: while Silicon Valley has been celebrating incremental improvements and debating work-life balance, China has been executing a coordinated, decade-long strategy to dominate artificial intelligence — and it’s working. DeepSeek’s January 2025 breakthrough was not a fluke. It was the predictable result of national planning, structural advantages and a fundamentally different approach to technology.
Orion Browser by Kagi: Privacy-centred performance
In a browser landscape dominated by data-hungry Chromium derivatives and restrictive ecosystems, Orion Browser by Kagi stands out as a WebKit-based alternative that prioritises verifiable zero telemetry, built-in content blocking, and native performance on Apple devices. For privacy-conscious users seeking Safari’s efficiency with Firefox’s extensibility and Chrome’s compatibility, Orion delivers—though not without trade-offs.
Helium Browser: privacy-centred Chromium, without the extras
Helium is a new, open-source Chromium browser that ships with strong privacy defaults and a lean interface. It removes Google services, blocks trackers and third-party cookies by default, and avoids built-in sync and password vaults to keep the attack surface small. For security-minded users, it offers a disciplined starting point with fewer emissions out of the box.