Feed: All Latest | Disneyland Now Uses Face Recognition on Visitors by Lily Hay Newman, Andy Greenberg, Andrew Couts

AI generated summary, Read the full article for complete information.

This week’s security roundup highlights a mix of privacy‑invasion developments and law‑enforcement actions: Disney announced optional facial‑recognition lanes at its California parks, promising to delete the numeric facial hashes after 30 days, while the FIDO Alliance, Google and Mastercard began drafting AI‑agent‑transaction guardrails and OpenAI rolled out an “advanced” risk‑mode for high‑threat ChatGPT/Codex accounts. The NSA, despite a pending Department‑of‑Defense ban on Anthropic, received early access to Anthropic’s Mythos AI‑bug‑hunting tool and is using it to scour Microsoft software for exploitable flaws. In criminal news, a 19‑year‑old alleged member of the Scattered Spider ransomware gang was arrested in Finland, and a gunman who tried to crash the White House Correspondents’ Dinner was jailed on federal assassination and firearms charges. A publicly exposed Medicare provider directory inadvertently leaked U.S. health‑care workers’ Social Security numbers, and new research revealed a massive spyware leak of 90,000 celebrity screenshots, underscoring the growing risks of commercial surveillance tools.

Read more: https://www.wired.com/story/security-news-this-week-disneyland-now-uses-face-recognition-on-visitors/

#Disneyland #FIDOAlliance #ScatteredSpider #security_cyberattacksandhacks #security_privacy #PeterStokes

Feed: All Latest | Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers by Dan Goodin, Ars Technica

AI generated summary, Read the full article for complete information.

A newly disclosed Linux kernel vulnerability, dubbed CopyFail (CVE‑2026‑31431), enables a local privilege‑escalation that lets an unprivileged attacker obtain root on virtually any Linux distribution with a single, unmodified script. Released by security firm Theori after a brief private disclosure, the flaw resides in the kernel’s crypto API where an AEAD template copy operation overwrites adjacent memory, allowing the attacker to elevate privileges, break out of containers, compromise multi‑tenant systems, and hijack CI/CD pipelines. Although patches were quickly issued for several kernel versions (7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254), many distributions had not yet applied them, leaving countless desktops, servers, and cloud environments exposed. Experts warn that the exploit’s reliability surpasses earlier high‑profile kernel bugs like Dirty Pipe and Dirty Cow, and they urge all Linux users to verify that their systems incorporate the relevant fixes or follow vendor mitigation guidance.

Read more: https://www.wired.com/story/dangerous-new-linux-exploit-gives-attackers-root-access-to-countless-computers/

#Theori #Ubuntu #Amazon #SUSE #Debian #RedHat #Fedora #ArchLinux #Kubernetes #Linux #copyfail #security #security_cyberattacksandhacks #security_securitynews