NEW: Ledger is phasing out the Ledger Nano S, the best-selling crypto hardware wallet in history.
They caution that ongoing support for the Nano S is not guaranteed and are urging users to upgrade, requiring them to re-enter their seed phrase into a new device.
This process exposes users to phishing risks. A Ledger data leak has already led to a surge in targeted scams, including fake but official-looking letters sent by mail, prompting users to enter their seed phrase into fraudulent devices.
🚨Today, we have issued an advisory exposing Russia’s military intelligence service for a campaign of malicious cyber activity against Western logistics and technology firms, including those involved in delivering support to Ukraine⬇️
https://t.co/rNf9dwlRLo
Google just patched a serious ⚠️ vulnerability (CVE-2025-4664) that allows attackers to steal sensitive tokens (like OAuth or session IDs) when you simply visit a malicious site.
No clicking. No downloading. Just loading the page is enough.
What makes this so dangerous?
The bug lives in Chrome’s resource loading mechanism. It fails to apply origin policies correctly to Link headers, so attackers can trick your browser into sending full URLs – including those juicy query strings with your login tokens – to their server.
Imagine someone in HR or Finance clicking a phishing link. Suddenly their session tokens to SaaS tools (like payroll systems, admin panels, or customer databases) get exfiltrated without any interaction.
This isn’t remote code execution – but in today’s cloud-first, token-based authentication world, it might be worse.
So, yeah. I don’t post often about browser vulns. But this one is a no-go.
Update your Chrome. Right now.
We want to update you on an incident that happened with our Grok response bot on X yesterday.
What happened:
On May 14 at approximately 3:15 AM PST, an unauthorized modification was made to the Grok response bot's prompt on X. This change, which directed Grok to provide a specific response on a political topic, violated xAI's internal policies and core values. We have conducted a thorough investigation and are implementing measures to enhance Grok's transparency and reliability.
What we’re going to do next:
- Starting now, we are publishing our Grok system prompts openly on GitHub. The public will be able to review them and give feedback to every prompt change that we make to Grok. We hope this can help strengthen your trust in Grok as a truth-seeking AI.
- Our existing code review process for prompt changes was circumvented in this incident. We will put in place additional checks and measures to ensure that xAI employees can't modify the prompt without review.
- We’re putting in place a 24/7 monitoring team to respond to incidents with Grok’s answers that are not caught by automated systems, so we can respond faster if all other measures fail.
Drama++
The United States government is using a fork of Signal called "TM SGNL". TM SGNL is (likely) produced by an Israeli firm (Smarsh) which is (or related to in some capacity) the Israel Defense Forces' Intelligence unit. Although these claims are based on self-described biographies of the creators of TM SGNL and publicly available information. Various journalists and media outlets have reported differently.
TM SGNL is a part of the Smarsh communication suite called TeleMessage hence TeleMessage Signal.
TM SGNL is not publicly available for download.
TM SGNL source code was leaked online May 3rd when an anonymous source tipped journalist Micah Flee about TM SGNL being available for download ... by accident. Smarsh left the source code to their application exposed because they used WordPress and misconfigured directory permissions which looked like so:
/wp-content/uploads/2024/12/Signal-iOS-main.zip
/wp-content/uploads/2024/12/Signal.zip
Journalist Micah Flee has made the source code available on GitHub. The source code also includes hardcoded credentials (and got knows what else)
You can read more about the leak, the contents of the leak, and you can find the link to the source code in the attached article below.
@federalreserve announces the withdrawal of guidance for banks related to their crypto-asset and dollar token activities and related changes to its expectations for these activities: https://t.co/v1MwuswOlE
BIG NEWS 📣
We’re excited to announce we've obtained a MiFID license in the EU!
Yet another key milestone in our expansion strategy, allowing us to offer fully compliant derivatives products across selected EU markets.
https://t.co/CkvP23KzGc
💥 BREAKING: BlackRock just filed to allow in-kind creation and redemption on their Bitcoin ETF $IBIT
This mean you can deposit and withdraw your Bitcoin to and from their ETF. 🔥
🫡 @JSeyff