CodeCanyon

AI-generated code is no doubt changing how software is built, but it’s also introducing new security challenges. More than 50% of organizations encounter security issues with AI-produced code sometimes or frequently, according to a late 2023 survey by developer security platform Synk. For Endor Labs, that opportunity proved alluring enough that it chose to change course somewhat. Endor started off helping companies secure their open source package dependencies — in fact, it even raised a $70 million Series A round just two years ago to grow its developer pipeline governance service. But the startup’s co-founders, Varun Badhwar and Dimitri Stiliadis, saw growing demand elsewhere — spotting and combating vulnerabilities in the growing masses of code that engineers use AI to generate and fine-tune. Today, Endor runs a platform that, it claims, can not only review code and identify risks, but also recommend “precise” fixes and apply them automatically. The company offers a plug-in for AI-powered programming tools like Cursor and GitHub Copilot that scans code as it’s written and flags issues. The pivot could prove to be a wise choice. On Wednesday, Endor announced that it closed a $93 million Series B round led by DFJ Growth, with participation from Salesforce Ventures, Lightspeed Venture Partners, Coatue, Dell Technologies Capital, Section 32, and Citi Ventures. Badhwar (CEO) said that the round values Endor at “orders of magnitude higher” than its Series A valuation. The proceeds will be used to expand Endor’s platform, he added. The Series B brings the startup’s total capital raised to $163 million. “This new round positions us to continue delivering, even in a tougher macro environment than similar companies faced five to 10 years ago,” Badhwar told TechCrunch. “We raised now because we’re seeing strong momentum — 30x annual recurring revenue growth since our Series A in 2023 — and this lets us double down on delivering outcomes for our customers.” Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW Endor Labs’ platform for reviewing AI-generated code securityImage Credits:Endor LabsSeveral months ago, Endor launched a tool designed to help organizations spot where AI models and services integrate with their codebase, and evaluate the integrations for security flaws. The idea is to provide better oversight as AI programming tools proliferate, said Badhwar. Endor says it now protects more than 5 million applications and runs over a million scans each week for customers including OpenAI, Rubrik, Peloton, Snowflake, Egnyte, and Dropbox. “We came out of stealth in October 2022 — right as interest rates spiked — and we’ve seen strong traction ever since,” Badhwar said. Ramin Sayar, venture partner at DFJ Growth, said his firm invested because Endor found itself at the right place, at the right time. “As generative AI transforms coding practices, developers are generating vast amounts of code without thorough visibility and control,” Sayar told TechCrunch. “Endor Labs is not only setting a new standard in application security — the team is creating a movement by launching their expanded platform.” Endor currently has 133 employees concentrated in its offices in Palo Alto and Bangalore.

Health insurance giant Blue Shield of California is notifying millions of people of a data breach. The company confirmed on Wednesday that it had been sharing patients’ private health information with tech and advertising giant Google since 2021. The insurer said that the data sharing stopped in January 2024, but it only learned this February that the years-long collection contained patients’ personal and sensitive health information. Blue Shield said it used Google Analytics to track how its customers used its websites, but a misconfiguration had allowed for personal and health information to be collected as well, such as the search terms that patients used on its website to find healthcare providers. The insurance giant said Google “may have used this data to conduct focused ad campaigns back to those individual members.” Blue Shield said the collected data also included insurance plan names, types, and group numbers, along with personal information such as patients’ city, zip code, gender, and family size. Details of Blue Shield-assigned member account numbers, claim service dates and service providers, patient names, and patients’ financial responsibility were also shared. Per a legally required disclosure with the U.S. government’s health department, Blue Shield of California said it is notifying 4.7 million individuals affected by the breach. The breach is thought to affect the majority of its customers; Blue Shield had 4.5 million members as of 2022. It’s not immediately clear if Blue Shield asked Google to delete the data, or if Google has complied. Mark Seelig, a spokesperson for Blue Shield, did not comment beyond the company’s statement. When reached for comment, Google spokesperson Jacel Booth told TechCrunch that “businesses, not Google, manage the data they collect and must inform users about its collection and use,” but the tech giant would not say if it would delete the collected data. Blue Shield is the latest healthcare company to be caught out by the use of online tracking technologies. Online trackers are small snippets of code, often provided by tech giants, designed to collect information about a customers’ browsing activity by being embedded in mobile apps and websites. Tech and social media companies are usually the sources of these trackers, as they rely on the data for advertising and to drive the majority of their revenues. Last year, U.S. health insurance giant Kaiser notified more than 13 million people that it had been sharing patients’ data with advertisers, including Google, Microsoft, and X, after embedding tracking code on its website. Several other emerging healthcare companies, including mental health startup Cerebral and alcohol recovery startups Monument and Tempest, have disclosed past breaches involving the sharing of patients’ personal and health information with advertising firms. The breach at Blue Shield of California currently stands as the largest healthcare-related data breach of 2025 so far, per the U.S. health department’s Office of Civil Rights. Updated with remarks from Google and Blue Shield.

A data breach at Connecticut’s largest healthcare system Yale New Haven Health affects more than 5.5 million people, according to a legally required notice with the U.S. government’s health department. Yale New Haven said the March cyberattack allowed malicious hackers to obtain copies of patients’ personally identifiable information and some healthcare-related data. Per a notice on the healthcare system’s website, the stolen data varies by person, but can include patient names, dates of birth, postal and email addresses, phone numbers, race and ethnicity data, and Social Security numbers. The stolen data also includes information about types of patients and medical record numbers. Local media quoted the healthcare system’s spokesperson as saying that the number of affected individuals “may change.” When asked about the nature of the cyberattack by TechCrunch, Yale New Haven spokesperson Dana Marnane did not dispute that the incident was related to ransomware. “The sophistication of the attack leads us to believe that it was executed by an individual or group who has a pattern of these types of incidents,” said Marnane, declining to comment further to TechCrunch, citing an ongoing law enforcement investigation. The healthcare provider declined to say if it had any communication with the hackers, or if the hackers made a demand for payment. As of press time, no major ransomware group has publicly taken credit for the hack. It’s not uncommon for ransomware and data extortion gangs to publish a victim’s stolen files when negotiations to pay the ransom demand fail. This is the second major healthcare data breach confirmed this week, after Blue Shield of California revealed it shared health data of 4.7 million patients with Google over several years. Updated with comment and additional details related to ransomware.

The cybersecurity world is full of jargon and lingo. At TechCrunch, we have been writing about cybersecurity for years, and we frequently use technical terms and expressions to describe the nature of what is happening in the world. That’s why we have created this glossary, which includes some of the most common — and not so common — words and expressions that we use in our articles, and explanations of how, and why, we use them. This is a developing compendium, and we will update it regularly. If you have any feedback or suggestions for this glossary, get in touch. Advanced persistent threat (APT) An advanced persistent threat (APT) is often categorized as a hacker, or group of hackers, which gains and maintains unauthorized access to a targeted system. The main aim of an APT intruder is to remain undetected for long periods of time, often to conduct espionage and surveillance, to steal data, or sabotage critical systems. APTs are traditionally well-resourced hackers, including the funding to pay for their malicious campaigns, and access to hacking tools typically reserved by governments. As such, many of the long-running APT groups are associated with nation states, like China, Iran, North Korea, and Russia. In recent years, we’ve seen examples of non-nation state cybercriminal groups that are financially motivated (such as theft and money laundering) carrying out cyberattacks similar in terms of persistence and capabilities as some traditional government-backed APT groups. (See: Hacker) Adversary-in-the-middle attack An adversary-in-the-middle (AitM) attack, traditionally known as a “man-in-the-middle” (MitM), is where someone intercepts network traffic at a particular point on the network in an attempt to eavesdrop or modify the data as it travels the internet. This is why encrypting data makes it more difficult for malicious actors to read or understand a person’s network traffic, which could contain personal information or secrets, like passwords. Adversary-in-the-middle attacks can be used legitimately by security researchers to help understand what data goes in and out of an app or web service, a process that can help identify security bugs and data exposures. Arbitrary code execution The ability to run commands or malicious code on an affected system, often because of a security vulnerability in the system’s software. Arbitrary code execution can be achieved either remotely or with physical access to an affected system (such as someone’s device). In the cases where arbitrary code execution can be achieved over the internet, security researchers typically call this remote code execution. Often, code execution is used as a way to plant a back door for maintaining long-term and persistent access to that system, or for running malware that can be used to access deeper parts of the system or other devices on the same network. (See also: Remote code execution) Attribution Attribution is the process of finding out and identifying who is behind a cyberattack. There is an often repeated mantra, “attribution is hard,” which is to warn cybersecurity professionals and the wider public that definitively establishing who was behind a cyberattack is no simple task. While it is not impossible to attribute, the answer is also dependent on the level of confidence in the assessment. Threat intelligence companies such as CrowdStrike, Kaspersky, and Mandiant, among others, have for years attributed cyberattacks and data breaches to groups or “clusters” of hackers, often referencing groups by a specific codename, based on a pattern of certain tactics, techniques and procedures as seen in previous attacks. Some threat intelligence firms go as far as publicly linking certain groups of hackers to specific governments or their intelligence agencies when the evidence points to it. Government agencies, however, have for years publicly accused other governments and countries of being behind cyberattacks, and have gone as far as identifying — and sometimes criminally charging — specific people working for those agencies. Backdoor A backdoor is a subjective term, but broadly refers to creating the means to gain future access to a system, device, or physical area. Backdoors can be found in software or hardware, such as a mechanism to gain access to a system (or space) in case of accidental lock-out, or for remotely providing technical support over the internet. Backdoors can have legitimate and helpful use cases, but backdoors can also be undocumented, maliciously planted, or otherwise unknown to the user or owner, which can weaken the security of the product and make it more susceptible to hacking or compromise. TechCrunch has a deeper dive on encryption backdoors. Black/white hat Hackers historically have been categorized as either “black hat” or “white hat,” usually depending on the motivations of the hacking activity carried out. A “black hat” hacker may be someone who might break the law and hack for money or personal gain, such as a cybercriminal. “White hat” hackers generally hack within legal bounds, like as part of a penetration test sanctioned by the target company, or to collect bug bounties finding flaws in various software and disclosing them to the affected vendor. For those who hack with less clearcut motivations, they may be regarded as a “gray hat.” Famously, the hacking group the L0pht used the term gray hat in an interview with The New York Times Magazine in 1999. While still commonly used in modern security parlance, many have moved away from the “hat” terminology. (Also see: Hacker, Hacktivist) Botnet Botnets are networks of hijacked internet-connected devices, such as webcams and home routers, that have been compromised by malware (or sometimes weak or default passwords) for the purposes of being used in cyberattacks. Botnets can be made up of hundreds or thousands of devices and are typically controlled by a command-and-control server that sends out commands to ensnared devices. Botnets can be used for a range of malicious reasons, like using the distributed network of devices to mask and shield the internet traffic of cybercriminals, deliver malware, or harness their collective bandwidth to maliciously crash websites and online services with huge amounts of junk internet traffic. (See also: Command-and-control server; Distributed denial-of-service) Brute force A brute-force attack is a common and rudimentary method of hacking into accounts or systems by automatically trying different combinations and permutations of letters and words to guess passwords. A less sophisticated brute-force attack is one that uses a “dictionary,” meaning a list of known and common passwords, for example. A well designed system should prevent these types of attacks by limiting the number of login attempts inside a specific timeframe, a solution called rate-limiting. Bug A bug is essentially the cause of a software glitch, such as an error or a problem that causes the software to crash or behave in an unexpected way. In some cases, a bug can also be a security vulnerability. The term “bug” originated in 1947, at a time when early computers were the size of rooms and made up of heavy mechanical and moving equipment. The first known incident of a bug found in a computer was when a moth disrupted the electronics of one of these room-sized computers. (See also: Vulnerability) Command-and-control (C2) server Command-and-control servers (also known as C2 servers) are used by cybercriminals to remotely manage and control their fleets of compromised devices and launch cyberattacks, such as delivering malware over the internet and launching distributed denial-of-service attacks. (See also: Botnet; Distributed denial-of-service) Crypto This is a word that can have two meanings depending on the context. Traditionally, in the context of computer science and cybersecurity, crypto is short for “cryptography,” the mathematical field of coding and decoding messages and data using encryption. Crypto has more recently also become short for cryptocurrency, such as Bitcoin, Ethereum, and the myriad blockchain-based decentralized digital currencies that have sprung up in the last fifteen years. As cryptocurrencies have grown from a niche community to a whole industry, crypto is now also used to refer to that whole industry and community. For years, the cryptography and cybersecurity community have wrestled with the adoption of this new meaning, going as far as making the phrases “crypto is not cryptocurrency” and “crypto means cryptography” into something that features on its own dedicated website and even T-shirts. Languages change over time depending on how people use words. As such, TechCrunch accepts the reality where crypto has different meanings depending on context, and where the context isn’t clear, then we spell out cryptography, or cryptocurrency. Cryptojacking Cryptojacking is when a device’s computational power is used, with or without the owner’s permission, to generate cryptocurrency. Developers sometimes bundle code in apps and on websites, which then uses the device’s processors to complete complex mathematical calculations needed to create new cryptocurrency. The generated cryptocurrency is then deposited in virtual wallets owned by the developer. Some malicious hackers use malware to deliberately compromise large numbers of unwitting computers to generate cryptocurrency on a large and distributed scale. Dark and deep web The world wide web is the public content that flows across the pipes of the internet, much of what is online today is for anyone to access at any time. The “deep web,” however, is the content that is kept behind paywalls and member-only spaces, or any part of the web that is not readily accessible or browsable with a search engine. Then there is the “dark web,” which is the part of the internet that allows users to remain anonymous but requires certain software (such as the Tor Browser) to access, depending on the part of the dark web you’re trying to access. Anonymity benefits those who live and work in highly censored or surveilled countries, but it also can benefit criminals. There is nothing inherently criminal or nefarious about accessing the dark web; many popular websites also offer dark web versions so that users around the world can access their content. TechCrunch has a more detailed explainer on what the dark web is. Data breach When we talk about data breaches, we ultimately mean the improper removal of data from where it should have been. But the circumstances matter and can alter the terminology we use to describe a particular incident. A data breach is when protected data was confirmed to have improperly left a system from where it was originally stored and usually confirmed when someone discovers the compromised data. More often than not, we’re referring to the exfiltration of data by a malicious cyberattacker or otherwise detected as a result of an inadvertent exposure. Depending on what is known about the incident, we may describe it in more specific terms where details are known. (See also: Data exposure; Data leak) Data exposure A data exposure (a type of data breach) is when protected data is stored on a system that has no access controls, such as because of human error or a misconfiguration. This might include cases where a system or database is connected to the internet but without a password. Just because data was exposed doesn’t mean the data was actively discovered, but nevertheless could still be considered a data breach. Data leak A data leak (a type of data breach) is where protected data is stored on a system in a way that it was allowed to escape, such as due to a previously unknown vulnerability in the system or by way of insider access (such as an employee). A data leak can mean that data could have been exfiltrated or otherwise collected, but there may not always be the technical means, such as logs, to know for sure. Deepfake Deepfakes are AI-generated videos, audios, or pictures designed to look real, often with the goal of fooling people into thinking they are genuine. Deepfakes are developed with a specific type of machine learning known as deep learning, hence its name. Examples of deepfakes can range from relatively harmless, like a video of a celebrity saying something funny or outrageous, to more harmful efforts. In recent years, there have been documented cases of deepfaked political content designed to discredit politicians and influence voters, while other malicious deepfakes have relied on using recordings of executives designed to trick company employees into giving up sensitive information or sending money to scammers. Deepfakes are also contributing to the proliferation of nonconsensual sexual images. Def Con (aka DEFCON) Def Con is one of the most important hacking conferences in the world, held annually in Las Vegas, usually during August. Launched in 1993 as a party for some hacker friends, it has now become an annual gathering of almost 30,000 hackers and cybersecurity professionals, with dozens of talks, capture-the-flag hacking competitions, and themed “villages,” where attendees can learn how to hack internet-connected devices, voting systems, and even aircraft. Unlike other conferences like RSA or Black Hat, Def Con is decidedly not a business conference, and the focus is much more on hacker culture. There is a vendor area, but it usually includes nonprofits like the Electronic Frontier Foundation, The Calyx Institute, and the Tor Project, as well as relatively small cybersecurity companies. Distributed denial-of-service (DDoS) A distributed denial-of-service, or DDoS, is a kind of cyberattack that involves flooding targets on the internet with junk web traffic in order to overload and crash the servers and cause the service, such as a website, online store, or gaming platform to go down. DDoS attacks are launched by botnets, which are made up of networks of hacked internet-connected devices (such as home routers and webcams) that can be remotely controlled by a malicious operator, usually from a command-and-control server. Botnets can be made up of hundreds or thousands of hijacked devices. While a DDoS is a form of cyberattack, these data-flooding attacks are not “hacks” in themselves, as they don’t involve the breach and exfiltration of data from their targets, but instead cause a “denial of service” event to the affected service. (See also: Botnet; Command-and-control server) Encryption Encryption is the way and means in which information, such as files, documents, and private messages, are scrambled to make the data unreadable to anyone other than to its intended owner or recipient. Encrypted data is typically scrambled using an encryption algorithm — essentially a set of mathematical formulas that determines how the data should be encrypted — along with a private key, such as a password, which can be used to unscramble (or “decrypt”) the protected data. Nearly all modern encryption algorithms in use today are open source, allowing anyone (including security professionals and cryptographers) to review and check the algorithm to make sure it’s free of faults or flaws. Some encryption algorithms are stronger than others, meaning data protected by some weaker algorithms can be decrypted by harnessing large amounts of computational power. Encryption is different from encoding, which simply converts data into a different and standardized format, usually for the benefit of allowing computers to read the data. (See also: End-to-end encryption) End-to-end encryption (E2EE) End-to-end encryption (or E2EE) is a security feature built into many messaging and file-sharing apps, and is widely considered one of the strongest ways of securing digital communications as they traverse the internet. E2EE scrambles the file or message on the sender’s device before it’s sent in a way that allows only the intended recipient to decrypt its contents, making it near-impossible for anyone — including a malicious hacker, or even the app maker — to snoop inside on someone’s private communications. In recent years, E2EE has become the default security standard for many messaging apps, including Apple’s iMessage, Facebook Messenger, Signal, and WhatsApp. E2EE has also become the subject of governmental frustration in recent years, as encryption makes it impossible for tech companies or app providers to give over information that they themselves do not have access to. (See also: Encryption) Escalation of privileges Most modern systems are protected with multiple layers of security, including the ability to set user accounts with more restricted access to the underlying system’s configurations and settings. This prevents these users — or anyone with improper access to one of these user accounts — from tampering with the core underlying system. However, an “escalation of privileges” event can involve exploiting a bug or tricking the system into granting the user more access rights than they should have. Malware can also take advantage of bugs or flaws caused by escalation of privileges by gaining deeper access to a device or a connected network, potentially allowing the malware to spread. Espionage When we talk about espionage, we’re generally referring to threat groups or hacking campaigns that are dedicated to spying, and are typically characterized by their stealth. Espionage-related hacks are usually aimed at gaining and maintaining stealthy persistent access to a target’s network to carry out passive surveillance, reconnaissance for future cyberattacks, or the long-term collection and exfiltration of data. Espionage operations are often carried out by governments and intelligence agencies, though not exclusively. Exploit An exploit is the way and means in which a vulnerability is abused or taken advantage of, usually in order to break into a system. (See also: Bug; Vulnerability) Extortion In general terms, extortion is the act of obtaining something, usually money, through the use of force and intimidation. Cyber extortion is no different, as it typically refers to a category of cybercrime whereby attackers demand payment from victims by threatening to damage, disrupt, or expose their sensitive information. Extortion is often used in ransomware attacks, where hackers typically exfiltrate company data before demanding a ransom payment from the hacked victim. But extortion has quickly become its own category of cybercrime, with many, often younger, financially motivated hackers, opting to carry out extortion-only attacks, which snub the use of encryption in favor of simple data theft. (Also see: Ransomware) Forensics Forensic investigations involve analyzing data and information contained in a computer, server, or mobile device, looking for evidence of a hack, crime, or some sort of malfeasance. Sometimes, in order to access the data, corporate or law enforcement investigators rely on specialized devices and tools, like those made by Cellebrite and Grayshift, which are designed to unlock and break the security of computers and cellphones to access the data within. Hacker There is no one single definition of “hacker.” The term has its own rich history, culture, and meaning within the security community. Some incorrectly conflate hackers, or hacking, with wrongdoing. By our definition and use, we broadly refer to a “hacker” as someone who is a “breaker of things,” usually by altering how something works to make it perform differently in order to meet their objectives. In practice, that can be something as simple as repairing a machine with non-official parts to make it function differently as intended, or work even better. In the cybersecurity sense, a hacker is typically someone who breaks a system or breaks the security of a system. That could be anything from an internet-connected computer system to a simple door lock. But the person’s intentions and motivations (if known) matter in our reporting, and guides how we accurately describe the person, or their activity. There are ethical and legal differences between a hacker who works as a security researcher, who is professionally tasked with breaking into a company’s systems with their permission to identify security weaknesses that can be fixed before a malicious individual has a chance to exploit them; and a malicious hacker who gains unauthorized access to a system and steals data without obtaining anyone’s permission. Because the term “hacker” is inherently neutral, we generally apply descriptors in our reporting to provide context about who we’re talking about. If we know that an individual works for a government and is contracted to maliciously steal data from a rival government, we’re likely to describe them as a nation-state or government hacker (or, if appropriate, an advanced persistent threat), for example. If a gang is known to use malware to steal funds from individuals’ bank accounts, we may describe them as financially motivated hackers, or if there is evidence of criminality or illegality (such as an indictment), we may describe them simply as cybercriminals. And, if we don’t know motivations or intentions, or a person describes themselves as such, we may simply refer to a subject neutrally as a “hacker,” where appropriate. (Also see: Advanced persistent threat; Hacktivist; Unauthorized) Hack-and-leak operation Sometimes, hacking and stealing data is only the first step. In some cases, hackers then leak the stolen data to journalists, or directly post the data online for anyone to see. The goal can be either to embarrass the hacking victim, or to expose alleged malfeasance. The origins of modern hack-and-leak operations date back to the early- and mid-2000s, when groups like el8, pHC (“Phrack High Council”) and zf0 were targeting people in the cybersecurity industry who, according to these groups, had foregone the hacker ethos and had sold out. Later, there are the examples of hackers associated with Anonymous and leaking data from U.S. government contractor HBGary, and North Korean hackers leaking emails stolen from Sony as retribution for the Hollywood comedy, The Interview. Some of the most recent and famous examples are the hack against the now-defunct government spyware pioneer Hacking Team in 2015, and the infamous Russian government-led hack-and-leak of Democratic National Committee emails ahead of the 2016 U.S. presidential elections. Iranian government hackers tried to emulate the 2016 playbook during the 2024 elections. Hacktivist A particular kind of hacker who hacks for what they — and perhaps the public — perceive as a good cause, hence the portmanteau of the words “hacker” and “activist.” Hacktivism has been around for more than two decades, starting perhaps with groups like the Cult of the Dead Cow in the late 1990s. Since then, there have been several high profile examples of hacktivist hackers and groups, such as Anonymous, LulzSec, and Phineas Fisher. (Also see: Hacker) Infosec Short for “information security,” an alternative term used to describe defensive cybersecurity focused on the protection of data and information. “Infosec” may be the preferred term for industry veterans, while the term “cybersecurity” has become widely accepted. In modern times, the two terms have become largely interchangeable. Infostealers Infostealers are malware capable of stealing information from a person’s computer or device. Infostealers are often bundled in pirated software, like Redline, which when installed will primarily seek out passwords and other credentials stored in the person’s browser or password manager, then surreptitiously upload the victim’s passwords to the attacker’s systems. This lets the attacker sign in using those stolen passwords. Some infostealers are also capable of stealing session tokens from a user’s browser, which allow the attacker to sign in to a person’s online account as if they were that user but without needing their password or multi-factor authentication code. (See also: Malware) Jailbreak Jailbreaking is used in several contexts to mean the use of exploits and other hacking techniques to circumvent the security of a device, or removing the restrictions a manufacturer puts on hardware or software. In the context of iPhones, for example, a jailbreak is a technique to remove Apple’s restrictions on installing apps outside of its “walled garden” or to gain the ability to conduct security research on Apple devices, which is normally highly restricted. In the context of AI, jailbreaking means figuring out a way to get a chatbot to give out information that it’s not supposed to. Kernel The kernel, as its name suggests, is the core part of an operating system that connects and controls virtually all hardware and software. As such, the kernel has the highest level of privileges, meaning it has access to virtually any data on the device. That’s why, for example, apps such as antivirus and anti-cheat software run at the kernel level, as they require broad access to the device. Having kernel access allows these apps to monitor for malicious code. Malware Malware is a broad umbrella term that describes malicious software. Malware can land in many forms and be used to exploit systems in different ways. As such, malware that is used for specific purposes can often be referred to as its own subcategory. For example, the type of malware used for conducting surveillance on people’s devices is also called “spyware,” while malware that encrypts files and demands money from its victims is called “ransomware.” (See also: Infostealers; Ransomware; Spyware) Metadata Metadata is information about something digital, rather than its contents. That can include details about the size of a file or document, who created it, and when, or in the case of digital photos, where the image was taken and information about the device that took the photo. Metadata may not identify the contents of a file, but it can be useful in determining where a document came from or who authored it. Metadata can also refer to information about an exchange, such as who made a call or sent a text message, but not the contents of the call or the message. Multi-factor authentication Multi-factor authentication (MFA) is the common umbrella term for describing when a person must provide a second piece of information, aside from a username and password, to log into a system. MFA (or two-factor; also known as 2FA) can prevent malicious hackers from re-using a person’s stolen credentials by requiring a time-sensitive code sent to or generated from a registered device owned by the account holder, or the use of a physical token or key. Operational security (OPSEC) Operational security, or OPSEC for short, is the practice of keeping information secret in various situations. Practicing OPSEC means thinking about what information you are trying to protect, from whom, and how you’re going to protect it. OPSEC is less about what tools you are using, and more about how you are using them and for what purpose. For example, government officials discussing plans to bomb foreign countries on Signal are practicing bad OPSEC because the app is not designed for that use-case, and runs on devices that are more vulnerable to hackers than highly restricted systems specifically designed for military communications. On the other hand, journalists using Signal to talk to sensitive sources is generally good OPSEC because it makes it harder for those communications to be intercepted by eavesdroppers. (See also: Threat model) Penetration testing Also known as “pen-testing,” this is the process where security researchers “stress-test” the security of a product, network, or system, usually by attempting to modify the way that the product typically operates. Software makers may ask for a pen-test on a product, or of their internal network, to ensure that they are free from serious or critical security vulnerabilities, though a pen-test does not guarantee that a product will be completely bug-free. Phishing Phishing is a type of cyberattack where hackers trick their targets into clicking or tapping on a malicious link, or opening a malicious attachment. The term derives from “fishing,” because hackers often use “lures” to convincingly trick their targets in these types of attacks. A phishing lure could be attachment coming from an email address that appears to be legitimate, or even an email spoofing the email address of a person that the target really knows. Sometimes, the lure could be something that might appear to be important to the target, like sending a forged document to a journalist that appears to show corruption, or a fake conference invite for human rights defenders. There is an often cited adage by the well-known cybersecurity influencer The Grugq, which encapsulates the value of phishing: “Give a man an 0day and he’ll have access for a day, teach a man to phish and he’ll have access for life.” (Also see: Social engineering) Ransomware Ransomware is a type of malicious software (or malware) that prevents device owners from accessing its data, typically by encrypting the person’s files. Ransomware is usually deployed by cybercriminal gangs who demand a ransom payment — usually cryptocurrency — in return for providing the private key to decrypt the person’s data. In some cases, ransomware gangs will steal the victim’s data before encrypting it, allowing the criminals to extort the victim further by threatening to publish the files online. Paying a ransomware gang is no guarantee that the victim will get their stolen data back, or that the gang will delete the stolen data. One of the first-ever ransomware attacks was documented in 1989, in which malware was distributed via floppy disk (an early form of removable storage) to attendees of the World Health Organization’s AIDS conference. Since then, ransomware has evolved into a multibillion-dollar criminal industry as attackers refine their tactics and hone in on big-name corporate victims. (See also: Malware; Sanctions) Remote code execution Remote code execution refers to the ability to run commands or malicious code (such as malware) on a system from over a network, often the internet, without requiring any human interaction from the target. Remote code execution attacks can range in complexity but can be highly damaging when vulnerabilities are exploited. (See also: Arbitrary code execution) Sanctions Cybersecurity-related sanctions work similarly to traditional sanctions in that they make it illegal for businesses or individuals to transact with a sanctioned entity. In the case of cyber sanctions, these entities are suspected of carrying out malicious cyber-enabled activities, such as ransomware attacks or the laundering of ransom payments made to hackers. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) administers sanctions. The Treasury’s Cyber-Related Sanctions Program was established in 2015 as part of the Obama administration’s response to cyberattacks targeting U.S. government agencies and private sector U.S. entities. While a relatively new addition to the U.S. government’s bureaucratic armory against ransomware groups, sanctions are increasingly used to hamper and deter malicious state actors from conducting cyberattacks. Sanctions are often used against hackers who are out of reach of U.S. indictments or arrest warrants, such as ransomware crews based in Russia. Sandbox A sandbox is a part of a system that is isolated from the rest. The goal is to create a protected environment where a hacker can compromise the sandbox, but without allowing further access to the rest of the system. For example, mobile applications usually run in their own sandboxes. If hackers compromise a browser, for example, they cannot immediately compromise the operating system or another app on the same device. Security researchers also use sandboxes in both physical and virtual environments (such as a virtual machine) to analyze malicious code without risking compromising their own computers or networks. SIM swap SIM swapping is a type of attack where hackers hijack and take control of a person’s phone number, often with the goal of then using the phone number to log into the target’s sensitive accounts, such as their email address, bank account, or cryptocurrency wallet. This attack exploits the way that online accounts sometimes rely on a phone number as a fallback in the event of losing a password. SIM swaps often rely on hackers using social engineering techniques to trick phone carrier employees (or bribing them) into handing over control of a person’s account, as well as hacking into carrier systems. Social engineering Social engineering is the art of human deception, and encompasses several techniques a hacker can use to deceive their target into doing something they normally would not do. Phishing, for example, can be classified as a type of social engineering attack because hackers trick targets into clicking on a malicious link or opening a malicious attachment, or calling someone on the phone while pretending to be their employer’s IT department. Social engineering can also be used in the real world, for example, to convince building security employees to let someone who shouldn’t be allowed to enter the building. Some call it “human hacking” because social engineering attacks don’t necessarily have to involve technology. (Also see: Phishing) Spyware (commercial, government) A broad term, like malware, that covers a range of surveillance monitoring software. Spyware is typically used to refer to malware made by private companies, such as NSO Group’s Pegasus, Intellexa’s Predator, and Hacking Team’s Remote Control System, among others, which the companies sell to government agencies. In more generic terms, these types of malware are like remote access tools, which allows their operators — usually government agents — to spy and monitor their targets, giving them the ability to access a device’s camera and microphone or exfiltrate data. Spyware is also referred to as commercial or government spyware, or mercenary spyware. (See also: Stalkerware) Stalkerware Stalkerware is a kind of surveillance malware (and a form of spyware) that is usually sold to ordinary consumers under the guise of child or employee monitoring software but is often used for the purposes of spying on the phones of unwitting individuals, oftentimes spouses and domestic partners. The spyware grants access to the target’s messages, location, and more. Stalkerware typically requires physical access to a target’s device, which gives the attacker the ability to install it directly on the target’s device, often because the attacker knows the target’s passcode. (See also: Spyware) Threat model What are you trying to protect? Who are you worried about that could go after you or your data? How could these attackers get to the data? The answers to these kinds of questions are what will lead you to create a threat model. In other words, threat modeling is a process that an organization or an individual has to go through to design software that is secure, and devise techniques to secure it. A threat model can be focused and specific depending on the situation. A human rights activist in an authoritarian country has a different set of adversaries, and data, to protect than a large corporation in a democratic country that is worried about ransomware, for example. (See also: Operational security) Unauthorized When we describe “unauthorized” access, we’re referring to the accessing of a computer system by breaking any of its security features, such as a login prompt or a password, which would be considered illegal under the U.S. Computer Fraud and Abuse Act, or the CFAA. The Supreme Court in 2021 clarified the CFAA, finding that accessing a system lacking any means of authorization — for example, a database with no password — is not illegal, as you cannot break a security feature that isn’t there. It’s worth noting that “unauthorized” is a broadly used term and often used by companies subjectively, and as such has been used to describe malicious hackers who steal someone’s password to break in through to incidents of insider access or abuse by employees. Virtual private network (VPN) A virtual private network, or VPN, is a networking technology that allows someone to “virtually” access a private network, such as their workplace or home, from anywhere else in the world. Many use a VPN provider to browse the web, thinking that this can help to avoid online surveillance. TechCrunch has a skeptics’ guide to VPNs that can help you decide if a VPN makes sense for you. If it does, we’ll show you how to set up your own private and encrypted VPN server that only you control. And if it doesn’t, we explore some of the privacy tools and other measures you can take to meaningfully improve your privacy online. Vulnerability A vulnerability (also referred to as a security flaw) is a type of bug that causes software to crash or behave in an unexpected way that affects the security of the system or its data. Sometimes, two or more vulnerabilities can be used in conjunction with each other — known as “vulnerability chaining” — to gain deeper access to a targeted system. (See also: Bug; Exploit) Zero-click (and one-click) attacks Malicious attacks can sometimes be categorized and described by the amount of user interaction that malware, or a malicious hacker, needs in order to achieve successful compromise. One-click attacks refer to the target having to interact only once with the incoming lure, such as clicking on a malicious link or opening an attachment, to grant the intruder access. But zero-click attacks differ in that they can achieve compromise without the target having to click or tap anything. Zero-clicks are near-invisible to the target and are far more difficult to identify. As such, zero-click attacks are almost always delivered over the internet, and are often reserved for high-value targets for their stealthy capabilities, such as deploying spyware. (Also see: Spyware) Zero-day A zero-day is a specific type of security vulnerability that has been publicly disclosed or exploited but the vendor who makes the affected hardware or software has not been given time (or “zero days”) to fix the problem. As such, there may be no immediate fix or mitigation to prevent an affected system from being compromised. This can be particularly problematic for internet-connected devices. (See also: Vulnerability) First published on September 20, 2024.

Perhaps no one in the world has made such catastrophic tech flubs this year as U.S. Secretary of Defense Pete Hegseth. The saga started when the editor-in-chief of The Atlantic, Jeffrey Goldberg, reported that he had been mistakenly added to an unauthorized Signal group chat by U.S. National Security Advisor Michael Waltz, where numerous high-ranking government officials discussed detailed plans for attacking the Houthis in Yemen, including the times and places where such attacks would occur. To be fair, we’ve all made some embarrassing tech mistakes. But for most people, that means accidentally liking an ex’s Instagram post from five years ago — not sharing top-secret government military plans on a commercial messaging app with unauthorized recipients. This mishandling of massively sensitive information was already troublesome enough, but this week, The New York Times reported that Hegseth shared information about the attacks on Yemen in another Signal chat, which included his lawyer, his wife, and his brother, who had no reason to receive such sensitive information; Hegseth’s wife doesn’t even work for the Pentagon. These security failures are particularly egregious — how do you manage to accidentally loop in a journalist on your military plans? But this is far from the first time that contemporary technology has landed global governments in tricky situations — and we’re not just talking Watergate. Stationed in the military? Don’t use Strava The fitness tracking/social media app Strava can be a privacy nightmare, even for your average athlete. The app allows people to share their exercise logs — often runs, hikes, or bike rides — on a public account with their friends, who can like and comment on their morning jogs in the park. But Strava accounts are public by default, meaning that if you aren’t savvy enough to check your privacy settings, you will inadvertently broadcast to the world exactly where you work out. Strava defaults to hiding the first and last 200 meters of a run as a means of obscuring where someone lives, since people are likely to begin and end runs near their home. Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW For anyone on the internet, it’s still risky to broadcast a 200-mile radius of where you live, but it’s even more dangerous if you’re a member of the military at a secret base, for instance. In 2018, Strava unveiled a global heat map, showing where in the world public users have logged activities. This doesn’t really matter if you’re looking at a map of New York City, but in places like Afghanistan and Iraq, few people use Strava aside from foreigners, so one can assume that hot spots of activity may occur at or around military bases. Okay here is where things get problematic: Via Strava, using pre-set segments we can scrape location specific user data from basically public profiles (and yes those exist w/in bases and lead us straight so social media profile of service members). https://t.co/VDNBGcKvIY — Tobias Schneider (@tobiaschneider) January 29, 2018 To make matters worse, users could look at certain running routes on Strava to see the public profiles of the users who logged activities there. So, it would be possible for a bad actor to find a list of U.S. soldiers stationed at a certain base in Iraq, for example. Joe Biden’s not-so-secret Venmo Venmo is a peer-to-peer payments app, yet for some reason, it defaults to publicly sharing your transactions. So, by simply opening my Venmo app — which synced my Facebook friends to my account at some point, probably over 10 years ago — I can see that two girls I went to high school with got dinner together last night. Good for them. The information we share on Venmo can be pretty boring and benign, but dedicated fans of reality shows like “Love Is Blind” will search for contestants’ accounts to predict who from the show is still dating (if the couple sends each other rent money, then yes, they probably live together). So, if you can find reality stars on Venmo, why not search for the president? In 2021, some BuzzFeed News reporters decided to search for Joe Biden’s Venmo. Within 10 minutes, they found his account. From Biden’s account, the reporters could easily find other members of the Biden family and his administration and map out their broader social circles. Even if a user makes their account on Venmo private, their friends list will remain public. When BuzzFeed News contacted the White House, Biden’s profile was wiped clean, but the White House didn’t provide a comment. So, yes, reporters did indeed locate the Venmo accounts of Pete Hegseth, Mike Waltz, and other government officials, too. Some things never change. Encrypted messaging can’t protect you from cameras You can take all of the precautions you want to protect your messages, but nothing can save you from the looming possibility of human error. Carles Puigdemont, the former president of Catalonia, led a movement in 2017 to attain independence from Spain and become its own country. But the Spanish government blocked this attempt and ousted Puigdemont from leadership. When the Spanish government issued a warrant for the arrest of Puigdemont and his allies, they fled to Belgium. A few months later, the Spanish media attended an event in Belgium where Puigdemont was expected to speak — he sent in a video of a speech instead, but as the clip was playing, a Spanish broadcaster noticed that a former Catalan health minister, Toni Comín, was texting with his screen fully visible. The camera operator zoomed in on Comín’s phone, exposing texts from Puigdemont, where he had resigned himself to defeat in his attempts to bring about Catalan independence. Puigdemont later tweeted that he was expressing himself in a moment of doubt but that he didn’t intend to back down. No matter what steps you take to encrypt your private messages, you might want to look over your shoulder before reading sensitive information in public — especially when you’re texting with a self-exiled former president.

4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks. The site first went down on April 14, with the person responsible for the hack apparently leaking data, including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was real). 4chan’s extended disappearance led to at least one premature obituary, with journalist Ryan Broderick writing for Wired that “what began as a hub for internet culture and an anonymous way station for the internet’s anarchic true believers devolved over the years into a fan club for mass shooters, the central node of Gamergate, and the beating heart of far-right fascism around the world.” But the 4chan team responded defiantly in a post on X: “Wired says ‘4chan is dead.’ Is that so?” And on Friday, the site came back online. Shortly afterward, a post on the official 4chan blog said “a hacker using a UK IP address” was able to gain access to one of 4chan’s servers using a “bogus PDF upload,” subsequently “exfiltrating database tables and much of 4chan’s source code,” then beginning to “vandalize 4chan at which point moderators became aware and 4chan’s servers were halted, preventing further access.” The damage, the post said, was “catastrophic.” “Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns,” the post said, later adding, “Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services.” Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW The breached server was subsequently replaced, the post said, although the site has new limitations — PDF uploads are “temporarily” disabled, and a board for sharing Flash animations has been left offline as the team saw “no realistic way to prevent similar exploits using .swf files.” As of Sunday afternoon, the site’s status checker showed that the boards and front page were up, while posting, images, and thumbnails were not working. “4chan is back,” the post said. “No other website can replace it, or this community. No matter how hard it is, we are not giving up.”

Unknown hackers last month targeted leaders of the exiled Uyghur community in a campaign involving Windows spyware, researchers revealed Monday. Citizen Lab, a digital rights research group based at the University of Toronto, detailed an espionage campaign against members of the World Uyghur Congress (WUC), an organization that represents the Muslim-minority group, which has for years faced repression, discrimination, surveillance, and hacking from China’s government. Google alerted some WUC members to the hacking campaign in mid-March, prompting the members to contact journalists and Citizen Lab’s researchers, the report said. Citizen Lab investigated and found a targeted phishing email sent to members of WUC, impersonating a trusted contact who sent a Google Drive link for a password-protected compressed file containing a malicious version of a Uyghur language text editor. The researchers said the campaign wasn’t particularly sophisticated and didn’t involve zero-day exploits or mercenary spyware, but noted that “the delivery of the malware showed a high level of social engineering, revealing the attackers’ deep understanding of the target community.”

Hackers working for governments were responsible for the majority of attributed zero-day exploits used in real-world cyberattacks last year, per new research from Google. Google’s report said that the number of zero-day exploits — referring to security flaws that were unknown to the software makers at the time hackers abused them — had dropped from 98 exploits in 2023 to 75 exploits in 2024. But the report noted that of the proportion of zero-days that Google could attribute — meaning identifying the hackers who were responsible for exploiting them — at least 23 zero-day exploits were linked to government-backed hackers. Among those 23 exploits, 10 zero-days were attributed to hackers working directly for governments, including five exploits linked to China and another five to North Korea. Another eight exploits were identified as having been developed by spyware makers and surveillance enablers, such as NSO Group, which typically claim to only sell to governments. Among those eight exploits made by spyware companies, Google is also counting bugs that were recently exploited by Serbian authorities using Cellebrite phone-unlocking devices. A chart showing the zero-day exploits that were attributed in 2024.Image Credits:GoogleEven though there were eight recorded cases of zero-days developed by spyware makers, Clément Lecigne, a security engineer at Google Threat Intelligence Group (GTIG), told TechCrunch that those companies “are investing more resources in operational security to prevent their capabilities being exposed and to not end up in the news.” Google added that surveillance vendors continue to proliferate. “In instances where law enforcement action or public disclosure has pushed vendors out of business, we’ve seen new vendors arise to provide similar services,” James Sadowski, a principal analyst at GTIG, told TechCrunch. “As long as government customers continue to request and pay for these services, the industry will continue to grow.” Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW Contact Us Do you have more information about government hacking groups, zero-day developers, or spyware makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. The remaining 11 attributed zero-days were likely exploited by cybercriminals, such as ransomware operators targeting enterprise devices, including VPNs and routers. The report also found that the majority of the total 75 zero-days exploited during 2024 were targeting consumer platforms and products, like phones and browsers, while the rest exploited devices typically found on corporate networks. The good news, according to Google’s report, is that software makers defending against zero-day attacks are increasingly making it more difficult for exploit makers to find bugs. “We are seeing notable decreases in zero-day exploitation of some historically popular targets such as browsers and mobile operating systems,” per the report. Sadowski specifically pointed to Lockdown Mode, a special feature for iOS and macOS that disables certain functionality with the goal of hardening cell phones and computers, which has a proven track record of stopping government hackers, as well as Memory Tagging Extension (MTE), a security feature of modern Google Pixel chipsets that helps detect certain types of bugs and improve device security. Reports like Google’s are valuable because they give the industry, and observers, data points that contribute to our understanding of how government hackers operate — even if an inherent challenge with counting zero-days is that, by nature, some of them go undetected, and of those that are detected, some still go without attribution.

U.K. retail conglomerate The Co-operative Group said it has shut down some of its IT systems, citing an attempted cyberattack. Co-op spokesperson Mark Carrington said the company “recently experienced attempts” by hackers to break into some of its systems and took “proactive steps” to keep those systems safe. The spokesperson said the company’s back office and call center functions are facing some disruption as a result. It’s not clear if the attempted intrusions were successful. The Co-op — one of the largest food retailers in the U.K. with more than 5 million members — said its stores were operating normally and that it was not asking customers “to do anything differently” at this time. When asked by TechCrunch, The Co-op would not describe the specific nature of the incident, such as ransomware, or if it is known, nor would it say if it has disclosed the incident to the U.K.’s data protection regulator, the Information Commissioner’s Office, as is required in the event of a suspected data breach. The company confirmed it is working with the National Cyber Security Centre. The Co-op’s spokesperson also would not say if the company had any communication with the threat actors, such as a ransomware gang. News of the disruption at The Co-op comes days after U.K. retailer Marks & Spencer confirmed a cyberattack that left customers unable to pick up their orders. The retailer said it notified the U.K. data regulator of the incident, indicating a possible data breach. The ongoing disruption at Marks & Spencer has since entered its second week.

I will design adsense approved niche website View File Hey Welcome, If your looking for Google Adsense approval, with new adsense policy. So youre at the right place to get your domain or blog approved. I have 5 years of experience in approval for Adsense on tones of websites. I prefer delivering quality service to my clients, & client satisfaction which is the most necessary thing for me. SERVICES: Under Construction Low Value Content. Ready your for Adsense Approval. Full Support Until your Adsense Approved. Note: 100% guaranteed approval on your website. Google Adsense always takes time to approve. Sometimes we apply multiple times for google Adsense approval. Submitter ceacer Submitted 05/03/2025 Category Serve  

Apple announced on Monday that it’s rolling out visionOS 2.4, bringing Apple Intelligence-powered AI features to the Apple Vision Pro. The update also introduces new spatial experiences and the Apple Vision Pro app for iPhone. With Apple Intelligence on the Apple Vision Pro, users will get access to writing tools that allow them to rewrite, proofread, and summarize text with the help of AI. Users will also get access to Image Playground and Genmoji in order to create unique AI-generated images and emoji. In addition, users can leverage natural language search in the Photos app to find specific images by simply describing them. Vision Pro users can also create a “Memory Movie” based on their photos and videos around specific themes, thanks to a new Apple Intelligence feature that’s launching today. visionOS 2.4 also includes support for Priority Messages in Mail, Mail Summaries, Image Wand in Notes, Priority Notifications in Notification Center, and Notification Summaries. Image Credits:AppleThe first set of Apple Intelligence features is available to users with their device and Siri language set to U.S. English. As for the new spatial experiences, Apple is launching a new Spatial Gallery app that gives users access to a library of spatial content around art, culture, nature, sports, entertainment, and more. The app will be updated with new content regularly, Apple says. The new Apple Vision Pro app for iPhone allows users to do a variety of different things, including queuing apps to download, accessing information about their Vision Pro, and finding tips to enhance their experience. The app features a Discover page that surfaces recommendations for new experiences on Apple Vision Pro, such as popular apps and games. Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW Apple today also announced that it’s rolling out new Apple Intelligence features, including a “Priority Notifications” feature that aims to help users manage their notifications by prioritizing important alerts and minimizing distractions from less important ones on a user’s Lock Screen. Plus, the tech giant is expanding Apple Intelligence access to the EU and rolling out support for new languages, including French, German, Italian, Portuguese (Brazil), Spanish, Japanese, Korean, and Chinese (simplified).

Apple Intelligence, the iPhone maker’s suite of AI-powered tools and features, is gaining new features. Most notably, the company on Monday announced that Apple device owners will now be able to take advantage of Priority Notifications, which allows Apple’s AI to highlight your most time-sensitive notifications in a new format. Other updates are coming to the Image Playground app and the Mac. Plus, Apple Intelligence is now available to iPhone and iPad users in the EU and on the Apple Vision Pro headset in U.S. English. The changes are rolling out with the release of Apple software, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. Apple notes that its AI features are also available in a number of new languages, including French, German, Italian, Portuguese (Brazil), Spanish, Japanese, Korean, and Chinese (simplified). Localized English has also been added for both Singapore and India. Though Apple Intelligence was introduced at the company’s Worldwide Developers Conference last year as its new generative AI offering, the reality is that Apple was not prepared to release all its AI-powered features at once. That’s led to a slow and steady rollout of numerous AI updates since the release of iOS 18.1, where Apple Intelligence first went live. For instance, features like ChatGPT integration, Image Playground, and others didn’t arrive until iOS 18.2 (and iPadOS 18.2, macOS Sequoia 15.2) months later. Image Credits:AppleAmong the new additions coming Monday, Priority Notifications may be the most useful if successfully implemented. Now, instead of having to dig for important updates across all your notifications — which often include nonessential updates and other marketing messages from apps — you’ll see those that deserve attention appear at the top of the stack. Other Apple Intelligence improvements arriving today include the ability to create a “memory movie” on Mac by typing a description, and an added Sketch style in Apple’s AI image-generation app, Image Playground, for the creation of academic and detailed sketches. Apple had previously announced that its AI suite would arrive in the EU in April 2025 — a delay Apple blamed on EU tech regulations, like the Digital Markets Act. Meanwhile, Vision Pro users will be able to use AI features like Writing Tools, Image Playground, Genmoji, and more with the expansion of Apple Intelligence to the mixed reality platform. The update also includes a handful of new emojis, including a paint splatter, a face with bags under its eyes, a fingerprint, a root vegetable, and a shovel, among others. The recently announced recipe companion, Apple News+ Food, is arriving Monday as well, alongside new child safety features and other tweaks to the revamped Apple Photos app and other Apple services.

Epic Games CEO Tim Sweeney, whose company makes Fortnite and tools for other developers, including Unreal Engine, called out Apple and Google as “gangster-style businesses” engaged in illegal practices while speaking at a Y Combinator event on Wednesday. The executive also emphasized how the big tech companies’ practices directly affected his own business by scaring away users from installing Epic’s Games Store software and preventing Epic from attracting developers to its offerings. Notably, Epic Games has played a big role in the fight against Big Tech monopolies over the past several years. The company sued both Apple and Google for monopolistic practices over their respective app stores. Epic won its case with Google but not with Apple. However, the court did require Apple to open up to more competition by forcing a change to its App Store rules. The court said app developers should now be able to link to other purchasing mechanisms besides Apple’s own. (Unfortunately for app developers, Epic is still battling with Apple in the courts over this change, as it alleges that Apple violated the court order by allowing developers to process their own payments, but only with a small, 3% reduction in commission, which doesn’t make it worth their while.) Onstage, Sweeney again called out the big tech companies for their practices and their “malicious compliance” with the courts’ decisions. “The sad truth is that Apple and Google are no longer good-faith, law-abiding companies,” Sweeney said. “They’re run, in many ways, as gangster-style businesses that will do anything they think they can get away with. If they think that the fine is going to be cheaper than the lost revenue from an illegal practice, they always continue the illegal practice and pay the fine.” The gaming executive pointed to how the tech companies’ practices hurt his business. For instance, when users on Android try to install the Epic Games Store on their smartphone, Google warns them that the software is from an “unknown source” and might harm their device. This “scare screen,” as Sweeney calls it, is meant to warn users about the dangers of installing non-Play Store apps. But he says the screen results in 50-60% of users abandoning their attempt to install the software. Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW A similar drop-off rate is found on iOS. In Europe, the Epic Games Store is allowed thanks to new regulations, but Apple displays a warning to users who try to install it. Again, this leads to drop-off rates of 50-60%, Sweeney said. He calls the use of these screens “textbook self-preferencing,” noting that the companies are “getting away with it.” “Crime pays for big tech companies,” he said. “Obviously, we shouldn’t expect that to change until enforcement becomes much, much more vigorous,” he told the audience. In addition, the Fortnite exec said that because of the friction and the associated fees with third-party app stores on iOS, no major game developer has been willing to distribute games through the Epic Game Store. Instead of its usual 30% fee, Apple reduces the fee but collects a “core technology fee” of 50 cents per install per year for any app with more than 1 million downloads. “Unless your app is enormously high grossing per user, any free-to-play game is largely dissuaded from that,” Sweeney explained. “It’s too expensive for them. Apple would bankrupt them if they did that.” He did note that the Epic Games Store on iOS has managed to attract some back-catalog games. Meanwhile, the store will open up to developer submissions later this year, which Sweeney hopes will boost the catalog further on both Android and iOS.

Apple lost more than $250 billion in market value Thursday, with shares down as much as 8.5% as a result of President Donald Trump’s tariff spree. The iPhone maker took one of the biggest hits on Wall Street, where tech stocks dropped as investors shifted money away from volatile assets. Tesla, Nvidia, and Meta were down 6%, and Amazon shares fell by 7.2%. Trump unveiled sweeping tariffs Wednesday afternoon of at least 10% across the board, and even higher for some countries — China’s total tariff rate soared to 54% — that will go into effect April 5. Wedbush Securities analysts said the tariffs are “worse than a worst case scenario” for tech investors. The White House insists the tariffs aren’t a negotiation tactic but a necessity to boost domestic manufacturing. The president called them a move to “liberate” the American economy. Trump’s huge tariffs on imported goods to the U.S. affect all of Apple’s biggest suppliers and manufacturing hubs in Asia, from China to Taiwan, India to Vietnam, despite CEO Tim Cook’s efforts to court the administration. That means every model of iPhone, iPad, Mac, and accessory that Apple sells will be impacted. Cook will either choose to hike up the cost for consumers or have Apple take the losses, wiping out tens of billions in potential profits.

The British Broadcasting Corporation has filed a complaint with a U.K. antitrust regulator complaining that aggregators like Apple News and Google News minimize credit for the stories they feature. Apple Insider reports that the BBC is asking the U.K.’s Competition and Markets Authority to require Apple and Google to more prominently credit news sources. And while the CMA’s decision would theoretically apply only to U.K. publications, any change made by the aggregators would presumably affect other publishers too. “If audiences derive value from our content and services but attribute that value to gatekeepers instead of the BBC, then that undermines the perceived value of the BBC,” the broadcaster wrote in its complaint. That perceived value may be particularly important to the BBC because it derives the majority of its funding from a license fee paid by British households — so it’s important that the broadcaster’s work be visible and valued in order to maintain support for the fee. Apple recently paused AI news summaries after complaints of inaccuracy from the BBC and other publishers.

The U.K. government has lost its bid to keep secret the details of a surveillance order it brought against Apple, according to a newly released decision by the U.K. surveillance powers’ court. The decision, posted on Monday by the Investigatory Powers Tribunal in London, means that parts of the legal case will be held in public, despite objections from the U.K. government. In its ruling on Monday, the tribunal’s judges said they “do not accept that the revelation of the bare details of the case would be damaging to the public interest or prejudicial to national security.” This is the first public acknowledgement that the case exists, though specific details of the case were withheld. Much of the “bare details” of the case reportedly relate to a U.K. legal demand ordering Apple to let U.K. authorities access the encrypted cloud data of any Apple customer anywhere in the world. The Washington Post in February published leaked details of the legal demand, revealing the existence of the U.K.’s backdoor demand. Soon after, Apple said it could “no longer” offer Advanced Data Protection, which allows customers to encrypt their files in Apple’s cloud so that nobody other than the user can access them, to users in the United Kingdom. Neither Apple nor the Home Office, which initiated the demand on behalf of the U.K. government, have so far commented on the specific legal case as it remains subject to U.K. national security rules, preventing even the existence of the case itself. Following the order, Apple reportedly appealed the order to the Investigatory Powers Tribunal. The U.K. government responded by telling the court that national security would suffer if the nature of the case were made public. Privacy and rights advocates, a coalition of news outlets, a bipartisan group of U.S. lawmakers, and senior intelligence officials in the Trump administration have all called for transparency around the legal hearings. When contacted by TechCrunch, a spokesperson for the U.K. Home Office did not comment. A spokesperson for Apple did not immediately return a request for comment. Apple previously told TechCrunch that the company has “never built a backdoor or master key” to any of its products or services and it “never will.”

Wedbush Securities analyst Dan Ives slashed his price targets for Apple and Tesla over the weekend as President Trump’s tariffs threaten to disrupt both businesses. “The tariff economic Armageddon unleashed by Trump is a complete disaster for Apple given its massive China production exposure,” Ives said in a warning note over the weekend. “In our view, no U.S. tech company is more negatively impacted by these tariffs than Apple with 90% of iPhones produced and assembled in China.” Wedbush cut its price target for Apple stock by $75, down to $250 per share. Apple’s shares are down this afternoon by 4.3% and trading at $180. Ives also cut his price target for Tesla to $315 from $550, which is still well above Tesla’s current share price of $233.94 as of 2:10 p.m. ET. Ives said the affect of tariffs isn’t the only reason for the price cut. He also cited CEO Elon Musk’s politics, which has created a brand crisis for the automaker. Musk’s association with Trump and his tariffs policies are affecting sales in the U.S. and Europe and also threaten Tesla’s popularity in China, “further driv[ing] Chinese consumers to buy domestic such as BYD,” said Ives. “Tesla has essentially become a political symbol globally,” he wrote. “It is time for Musk to step up, read the room, and be a leader in this time of uncertainty. Tesla shares were down nearly 10% compared to Friday’s closing price, but have rebounded somewhat as of Monday afternoon. Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW

Apple is considering importing more iPhones from India to sidestep the 54% additional tariffs on goods imported from China that U.S. president Donald Trump announced last week, the Wall Street Journal reported, citing anonymous sources. The company sees this as a short-term measure while it seeks to negotiate with the Trump administration to get an exemption from the tariffs, as it doesn’t yet want to revamp its supply chain built around China, the report said. Compared to the new 54% tariffs on Chinese-made goods, the U.S. has proposed a 26% tariffs on goods imported from India. If the tariffs aren’t brought down and Apple continues to import iPhones from China, an iPhone 16 Pro that cost $550 to import before tariffs could cost an additional $300 now. Apple was on track to make 25 million iPhones in India this year, with 10 million units for the local market, the Wall Street Journal cited Bank of America analyst Wamsi Mohan as saying. He said that if Apple decided to import all 25 million iPhones to the U.S., it would satisfy about 50% of the demand in the U.S. market.

A coalition of governments has published a list of legitimate-looking Android apps that were actually spyware and were used to target civil society that may oppose China’s state interests. On Tuesday, the U.K.’s National Cyber Security Centre, or NCSC, which is part of intelligence agency GCHQ, along with government agencies from Australia, Canada, Germany, New Zealand, and the United States, published separate advisories on two families of spyware, known as BadBazaar and Moonshine. These two spywares hid inside legitimate-looking Android apps, acting essentially as “Trojan” malware, with surveillance capabilities such as the ability to access the phone’s cameras, microphone, chats, photos, and location data, the NCSC wrote in a press release on Wednesday. BadBazaar and Moonshine, which have been previously analyzed by cybersecurity firms like Lookout, Trend Micro, and Volexity, as well as the digital rights nonprofit Citizen Lab, were used to target Uyghurs, Tibetans, and Taiwanese communities, as well as civil society groups, according to the NCSC. Uyghurs are a Muslim-minority group largely in China that has for years faced detention, surveillance, and discrimination from the Chinese government, and thus has frequently been the target of hacking campaigns. “The apps specifically target individuals internationally who are connected to topics that are considered by the Chinese state to pose a threat to its stability, with some designed to appeal directly to victims or imitate popular apps,” the NCSC said Wednesday. “The individuals most at risk include anyone connected to Taiwanese independence; Tibetan rights; Uyghur Muslims and other ethnic minorities in or from China’s Xinjiang Uyghur Autonomous Region; democracy advocacy, including Hong Kong, and the Falun Gong spiritual movement.” In one of the two documents published by the NCSC on Wednesday, there is a list of the malicious apps, which includes more than 100 Android apps masquerading as Muslim and Buddhist prayer apps; chat apps like Signal, Telegram, and WhatsApp; other popular apps like Adobe Acrobat PDF reader; and utility apps. Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW The NCSC also mentions one iOS app called TibetOne, which was listed on Apple’s App Store in 2021. Google and Apple did not immediately respond to a request for comment.

The Trump administration is carving out big tariff exemptions for the tech industry. While President Donald Trump said Wednesday that he would delay many of the market-shaking tariffs that he’d announced the previous week, he kept a universal baseline 10% tariff in place, while also increasing tariffs on Chinese goods to 125% (on top of a 20% tariff that he’d already imposed on goods from China). There’s been plenty of speculation about what the tariffs will mean for the tech industry, which manufactures many consumer electronics in China and elsewhere abroad. One of Trump’s stated goals is to bring manufacturing back to the United States, but others believe the dream of an American-made iPhone is a fantasy. Those debates may be paused after Friday evening, when U.S. Customs and Border Protection posted a list of product categories that are “excluded from the reciprocal tariffs imposed under Executive Order 14257,” with the exclusions backdated to April 5. Those categories appear to include smartphones, laptops, hard drives, and machines that make semiconductors. Those products will all be exempt from both the 125% tariff on goods from China and from the universal baseline tariff. (Other tariffs, such as the previous 20% tariff on Chinese goods, would presumably still apply.) Notable Silicon Valley figures led by Elon Musk have joined the Trump administration, while other tech CEOs have been courting Trump, most visibly with millions of dollars donated to his inauguration. Those efforts seemed to bear little fruit — until last night’s announcement, which Daniel Ives, global head of technology research at Wedbush Securities, described as “a dream scenario for tech investors.” Tech giants like Apple and Nvidia are likely celebrating the news, as are U.S. consumers who will avoid a big markup on their next iPhone. But the industry could still be hit with more targeted tariffs and other restrictions. For example, The New York Times reports that the Trump administration is preparing a national security-related investigation into semiconductors. And indeed, U.S. Commerce Secretary Howard Lutnick said Sunday that these products would be included in “the semiconductor tariffs, which are coming in probably a month or two.” Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW This post has been updated with Howard Lutnick’s comments about the tariffs.

Today’s the day! The application to speak at TechCrunch All Stage closes tonight at 11:59 p.m. PT — this is your final chance to share real-world insights with 1,200+ startup founders and VCs attending the event. Whether you’ve built or backed startups, battled bottlenecks, or cracked the code on growth, the stage is yours. TC All Stage lands in Boston on July 15, and we’re giving the mic to those who’ve lived the scaling grind. Step-by-step: What to expect Make your voice count. Your experience could help the next generation of founders grow smarter and faster. Apply now and you might land a spot in our Audience Choice round — where TechCrunch readers choose who gets the spotlight. Here’s how the process works: Step 1: Submit your session proposal through the Call for Content form on the TC All Stage page. Step 2: Our events programming and editorial team will carefully review every submission to identify the strongest sessions and most compelling ideas. Step 3: Top-picked sessions will move on to the Audience Choice round, where TechCrunch readers vote for the ones they’re most excited to see at TC All Stage. Step 4: The three sessions with the most votes will be selected to lead their own roundtables — a highly interactive discussion designed for deep engagement. Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 BOOK NOW How roundtable sessions work Roundtables are 30-minute, small-group discussions led by you and up to two speakers of your choice. These informal sessions skip the slides and video, creating space for deep, focused conversations on niche topics with highly engaged attendees. Roundtable session at TechCrunch Early Stage 2024 at SoWa Power Station in Boston.Image Credits:Halo CreativeSpeaking perks When you take the stage at TC All Stage, you don’t just get the mic — you gain full access to the entire event. Participate in roundtables with founders and investors, engage in impactful breakout sessions, and forge valuable connections with startup leaders. Perks include: Full event access for you and your team. Spotlights across TechCrunch.com, the event page, and the event app. Promotion on our social channels. Direct engagement with founders and VCs. Don’t miss your chance to shape the conversation at TC All Stage Help founders scale with precision, speed, and resilience. Inspire innovation, ignite growth, and influence the future of startups. Take the stage at TC All Stage and share your scaling expertise with founders and VCs eager for actionable insights. Establish yourself as a trusted leader in the startup ecosystem. Apply before the day ends — the speaker application deadline is tonight at 11:59 p.m. PT! Image Credits:TechCrunch

Techstars, a nearly 20-year-old startup accelerator, announced new terms for startups that enter its three-month program. The organization will now invest $220,000, which is $100,000 more than it offered previously, in companies starting with its fall 2025 batch. The capital will be divided into two components. The group is offering companies $20,000 in exchange for 5% ownership in the business. Startups will also receive $200,000 in the form of an uncapped SAFE note with a “most favored nation” clause. Put more simply, Techstars’ percentage ownership of its $200,000 SAFE will depend on the company’s subsequent valuations. For example, if the startup’s next financing “prices” it at $10 million, Techstars will receive 2% equity on the SAFE component for a total of 7% ownership. Techstars’ new terms now closely mirror those of Y Combinator. The famed Silicon Valley accelerator increased its funding to startups three years ago by adding a $375,000 SAFE note to its standard deal of $125,000 for 7% of the startup’s equity. So, which accelerator is offering a better deal for startups? The answer largely depends on the company’s capital needs. Compared to Techstars, startups going through YC get more than double the funding but give up more equity.

Andreessen Horowitz’s hiring spree continues. On Monday, Erik Torenberg announced that the giant VC firm had acquired his Turpentine podcast, with him joining as a general partner. Torenberg’s podcast focuses mostly on interviewing VCs at a variety of firms about their approach to investing. Recent guests include Accel’s Andrew Braccia, Seven Seven Six’s Alexis Ohanian, and Benchmark’s Sarah Tavel and Eric Vishria. Torenberg said he plans to continue with his podcast, but we’ll see if it changes direction. A16z creates a lot of corporate content, including its own podcasts. But the focus tends to be on founders rather than other VCs. Torenberg makes sense as a hire for a16z, though. Beyond the pod, he was an early employee at Product Hunt and has been a successful angel investor and pro VC in the years since. He has spent the last seven years at firm Village Global. While there, he helped launch On Deck, a program that trains aspiring founders. His investments include Scale AI, Lattice, Figma, Perplexity, Replit, Flexport, and others, he says. The venture firm also recently hired former North Carolina congressman Patrick McHenry and, several months ago, former U.S. Marine Daniel Penny