Dashlane's Stolen Vaults, Gemini Hijacked by Notifications, and Bots Outnumber Humans
Three security disclosures landed in the same day — a password manager breach with minimal explanation, a notification-delivered AI hijack, and wellness data stolen through an internal tool — while bot traffic quietly crossed a line nobody wanted to see.
Security
Dashlane issued a security advisory confirming 20 encrypted vaults were stolen, then went largely silent. The advisory omits how the vaults were taken, when, and whether the attacker had account credentials or exploited an infrastructure flaw. "Encrypted" offers meaningful protection only if master passwords are strong and unique — and customers can't make an informed risk assessment without the details Dashlane is withholding. Opaque disclosure after a breach is a trust problem layered on top of the breach itself.
Wearable maker Ultrahuman disclosed that attackers accessed customer wellness data through an internal tool using credentials lifted from a malware-infected employee laptop. The vector is familiar — endpoint compromise leading to credential theft — but it underscores that internal tooling with production data access is a high-value target that frequently receives less hardening than external-facing systems.
OFAC sanctioned Nobitex, Iran's largest crypto exchange, for processing payments tied to ransomware operations and terrorist financing. Sanctions against the cash-out layer are among the more direct economic levers available against ransomware ecosystems, though determined actors route around them via OTC markets and chain-hopping.
The most technically novel finding of the day: researchers demonstrated that a poisoned push notification from WhatsApp, Slack, Signal, or SMS could hijack Google Gemini on Android, causing the voice assistant to open apps, impersonate contacts, or exfiltrate context. This is prompt injection delivered through the notification surface. The design tension is real: Gemini reads notification content precisely because that contextual awareness is the feature, and that read access is also the attack surface. Specific vectors get patched; the underlying tradeoff doesn't go away as AI assistants grow more capable.
AI
Berkeley's Daily Californian reported a sharp rise in CS course failures correlated with AI tool usage, with faculty observing that students who offload foundational math hit walls they can't reason through independently. Berkeley CS admits are not unprepared students — what's being described is skill atrophy: AI is good enough to clear surface-level assessments while quietly degrading the struggle that builds durable problem-solving ability. The effect compounds. Students who skip the fundamentals will struggle more with the next level, reach for AI again, and hollow out the next layer.
Anthropics published a detailed engineering post on how it contains Claude across products — covering capability restrictions, sandboxing, and what "containment" even means for a system that reasons in natural language. It's worth reading alongside Ted Chiang's essay in The Atlantic arguing AI is not conscious, and alongside The Verge's observation that as Google's Gemini Spark becomes capable enough to know your dog's name and surface the right document unprompted, the design choices around memory and data become more consequential rather than less.
Google's Gemma 4 12B targets any laptop with 16GB of RAM, using a new encoding scheme to punch above its weight class. Local model deployment keeps getting more viable. At the opposite end of the pricing curve, Meta is planning Hatch at up to $200 per month — the poles of the AI agent market are spreading fast.
Cloudflare's traffic radar crossed a threshold: bot traffic has now surpassed human traffic on the internet for the first time. The implications extend beyond analytics — they touch content authenticity signals, ad fraud baselines, and the underlying economics of web publishing.
The UK's CMA ordered Google to show clearer source attribution in AI Overviews and give publishers the option to opt out without ranking penalty. Google had argued users don't want "lots of sources." The regulator disagreed.
Tech
SpaceX priced its long-anticipated IPO at $135 per share. Broadcom reported 48% revenue growth on the back of its AI chip business — the infrastructure layer of the AI build-out keeps delivering.
Apple is reportedly launching a substantially rebuilt Siri in September with contributions from Google and Nvidia. Dual-vendor involvement suggests Apple is hedging rather than committing to a single external model partnership — sensible given how fast model capabilities are shifting.
Elixir v1.20 ships with gradual typing — incremental and opt-in rather than a mandatory whole-language type system. For a language used heavily in distributed, high-availability systems, this is a meaningful addition to the safety toolkit.
Nintendo confirmed it will sell Switch 2 hardware in the EU with a user-replaceable battery to comply with EU regulations taking effect in February 2027. The hardware clearly always supported it; regulation provided the forcing function.
Nvidia acquired enterprise model-maker Kumo AI for at least $400 million, adding graph-based ML capabilities for enterprise prediction tasks — another step in Nvidia's move from chip vendor toward platform provider.
A piece in Ars Technica notes that the Trump administration's executive order to test AI models for safety is functionally impaired by DOGE having gutted the security teams that would perform the testing. The policy exists; the capacity to execute it largely doesn't.
The recurring theme across AI, security, and policy: systems are getting demonstrably more capable while the mechanisms for verifying, containing, and auditing that capability continue to lag.
Also yesterday
- Critical Kirki WordPress Plugin Flaw Actively Exploited to Hijack Admin Accounts
- WeedHack Malware Has Infected 116,000+ Minecraft Systems Since January
- VS Code Zero-Day Exposes GitHub Tokens in One Click — Exploit Code Is Public
- HTTP/2 Bomb: Remote DoS Now Public Against NGINX, Apache, IIS, Envoy, and Cloudflare
- Dashlane issues opaque advisory warning 20 encrypted vaults were stolen
- Ultrahuman says hackers accessed customers’ wellness data via internal tool
- The U.S. sanctions Nobitex crypto exchange used by ransomware
- WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
- Failing grades soar with AI usage, dwindling math skills in Berkeley CS classes
- The ways we contain Claude across products
- Artificial intelligence is not conscious – Ted Chiang
- As AI gets better, it reveals an empty promise
- Google's new Gemma 4 12B model is designed to run on any laptop with 16GB of RAM
- Meta Looks to Charge Up to $200 a Month for Planned ‘Hatch’ AI Agent
- Bots have now passed human traffic online for the first time
- Google ordered to put clearer links in AI search and let UK publishers opt out
- SpaceX Prices IPO at $135 Per Share
- Broadcom Reports 48% Revenue Growth as AI Chip Business Expands
- Apple to Launch New Siri in September With Help of Google, Nvidia
- Elixir v1.20 released: now a gradually typed language
- Nintendo confirms it will sell a new Switch 2 with replaceable battery in the EU
- Nvidia Buys Enterprise Model-Maker Kumo AI for at Least $400 Million
- Trump plan to test AI models has a problem—US security teams were gutted by DOGE
Synthesized by Claude · sanity-checked before publish.