Pokémon Go’s second Ultra Unlock event following Go Fest, “Steel and Scales,” is running from July 22-27 and features the debut of Honedge, the sword steel- and ghost-type Pokémon. Additionally, there’s also quadrupled XP and Stardust for catching Pokémon, as well as a higher chance to find shiny Bagon, Beldum, and Unown U. Rookidee is […]

Ellen Nakashima, Yvonne Wingett Sanchez and Joseph Menn, reporting for The Washington Post:

The U.S. government and partners in Canada and Australia are investigating the compromise of SharePoint servers, which provide a platform for sharing and managing documents. Tens of thousands of such servers are at risk, experts said, and Microsoft has issued no patch for the flaw, leaving victims around the world scrambling to respond.

The “zero-day” attack, so called because it targeted a previously unknown vulnerability, is only the latest cybersecurity embarrassment for Microsoft. Last year, the company was faulted by a panel of U.S. government and industry experts for lapses that enabled a 2023 targeted Chinese hack of U.S. government emails, including those of then-Commerce Secretary Gina Raimondo.

This most recent attack compromises only those servers housed within an organization — not those in the cloud, such as Microsoft 365, officials said. After first suggesting that users make modifications to or simply unplug SharePoint server programs from the internet, the company on Sunday evening released a patch for one version of the software. Two other versions remain vulnerable and Microsoft said it is continuing to work to develop a patch.

“Just pull the plug” — classic Microsoft security.

With access to these servers, which often connect to Outlook email, Teams and other core services, a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security noted. What’s also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched. “So pushing out a patch on Monday or Tuesday doesn’t help anybody who’s been compromised in the past 72 hours,” said one researcher, who spoke on the condition of anonymity because a federal investigation is ongoing.

Sounds bad.

The nonprofit Center for Internet Security, which staffs an information-sharing group for state and local governments, notified about 100 organizations that they were vulnerable and potentially compromised, said Randy Rose, the organization’s vice president. Those warned included public schools and universities. The process took six hours Saturday night — much longer than it otherwise would have, because the threat-intelligence and incident-response teams have been cut by 65 percent as CISA slashed funding, Rose said.

Another DOGE success story.

Tage Kene-Okafor / TechCrunch:
AI compliance startup Delve raised a $32M Series A at a $300M valuation led by Insight Partners with participation from CISOs at Fortune 500 companies  —  Karun Kaushik and Selin Kocalar weren't planning to raise a Series A so soon.  Their AI compliance startup, Delve …

Reuters:

Italian tax authorities argue that free user registrations with X, LinkedIn and Meta platforms should be seen as taxable transactions as they imply the exchange of a membership account in return for a user’s personal data.

The issue is especially sensitive given wider trade tensions between the EU and the administration of U.S. President Donald Trump. Italy is claiming 887.6 million euros ($1.03 billion) from Meta, 12.5 million euros from X and around 140 million euros from LinkedIn. [...]

According to several experts consulted by Reuters, the Italian approach could affect almost all companies, from airlines to supermarkets to publishers, who link access to free services on their sites to users’ acceptance of profiling cookies.

Charging a VAT on free account signups does not strike me as a good idea.

Jay Peters, The Verge:

Google’s Pixel 10 launch event is just under a month away, but the company is already revealing the official design of the base phone. You can currently see a video of the phone on Google’s website (and below). It looks just like the official renders that leaked earlier today, which showed that the phone will have a third back camera (which is rumored to be a telephoto sensor).

That’s certainly one way to deal with leaks. It looks like a Pixel 9, which looks like an iPhone 12–16 with a different (but cool) camera mesa.