Apple may owe you $20 in Siri privacy lawsuit settlement

It may be a new year, however Superhero, Tricksand Dangerous people Lurking online hasn’t gone anywhere.

Just one day before the ball dropped, The US Treasury said it had been hacked. Officials believe the attackers are an as-yet-unidentified advanced persistent threat group linked to the Chinese government that exploited flaws in remote technical support software made by BeyondTrust to carry out what the Treasury Department described as a “major” breach. The company told the Treasury Department on December 8 that the attackers stole the authentication key, which ultimately allowed them to access the department’s computers. While the Treasury says the attackers were only able to steal “some non-classified documents,” new details have already begun to emerge, more of which below.

before UnitedHealthcare CEO Brian Thompson was killed last monthGun silencers were mostly something you encountered in Hollywood movies, or in Facebook and Instagram ads, if you looked closely. WIRED found that someone had escaped Thousands of ads for “fuel filters” that are actually designed to be used as silencers for weaponswhich is highly regulated under US law. Meta, which owns Facebook and Instagram, has since removed many of the ads, but new ones continue to appear. So, if you see one, keep scrolling, as owning an unregistered silencer could result in criminal charges.

When an Amber Alert push notification pops up on your phone, getting all the information you need to help find a kidnapped child can literally be a matter of life or death. That’s the lesson the California Highway Patrol learned this week Send an amber alert linked to a post on X, which people can only access if they’re signed in. While the CHP says it has linked posts on the social network since 2018 without any issues until this week, a WIRED spokesperson said they are “looking into the matter” now.

If you add better privacy and security practices to your list of goals for 2025, One easy place to start is old chat logs. You might be surprised at how much sensitive information is out there, perhaps forgotten but certainly not gone.

That’s not all. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

Apple this week agreed to pay $95 million to settle a class action lawsuit over alleged eavesdropping on its voice assistant Siri. suit, Lopez et al. v. Apple IncApple was accused of recording people’s conversations without their knowledge and sharing that data with third parties to serve ads. The issue arose from Siri’s voice activation function — “Hey, Siri” — which two plaintiffs say surreptitiously captured conversations that led to ads for Nike and Olive Garden shoes. One plaintiff claimed he received an advertisement for medical treatment after a conversation with his doctor. People who qualify as part of the class covered by the settlement, which must be approved by a federal judge in California, can get up to $20 per device, for up to five devices. As Reuters points out, the settlement amount represents nearly nine hours of profits for Apple, which generated nearly $94 billion in the last fiscal year. The Company will not admit any wrongdoing as part of the agreement.

Newly unsealed court documents reveal that during a search for an illegal firearm, the FBI discovered “the largest seizure of a homemade explosive in FBI history.” According to court records, an arsenal of explosives was found in Brad Spafford’s home in Virginia, where investigators allegedly found more than 150 pipe bombs and other explosive devices. Prosecutors say the FBI found a backpack containing pipe bombs and decorated with a grenade-shaped patch bearing the hashtag #NoLivesMatter — a possible reference to a right-wing extremist. “acceleration” group, The New York Times reports. While prosecutors claim that Spafford – who allegedly used a photo of US President Joe Biden for target practice – was aiming to “recreate political assassinations,” his lawyer maintains he is a harmless “family man” and should be released.

Following revelations earlier this week that Chinese state-backed hackers breached the US Treasury Department in early December, The Washington Post reported on Wednesday that the hackers specifically targeted OFAC. The attackers may have been searching for information about the bureau’s potential plans to impose sanctions on Chinese entities. In addition, Bloomberg I mentioned On Thursday, attackers targeted the computers of senior Treasury Department officials, where they gained access to unclassified material. So far, investigators have reportedly identified about 100 computers that have been compromised by hackers. However, sources told Bloomberg that the attack appears to have been more of a crime of opportunity than a long-planned covert operation like China’s recent hack of US telecom companies.

With the Chinese Treasury hacking in the spotlight, the impact of its hacking of US telecom companies continues to expand. Two days after Christmas, Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, held a briefing with reporters in which she raised the number of connections compromised by the Chinese hackers known as Salt Typhoon from eight to nine and suggested that at least some of the blame lies with These breaches result in inadequate corporate security. “The reality is that, from what we see in terms of the level of cybersecurity implemented across the telecom sector, these networks are not as defensible as they need to be to defend against a well-resourced and capable offensive actor like China.” Newberger said. It added that the hackers targeted the communications history of fewer than 100 people, most of them in Washington, D.C., including President-elect Donald Trump and Vice President-elect J.D. Vance. Neuberger said the spying incident calls for new FCC cybersecurity regulations, which she says might have limited the scope of the violations if they had existed.

Cars collect and transmit as much sensitive location data as any modern digital device, and the privacy risks of all this tracking are becoming abundantly clear. Case in point: A whistleblower warned Germany’s Chaos Computer Club and the country’s news outlet Der Spiegel that Cariad, a subsidiary of Volkswagen, had left online a trove of location data for 800,000 electric convertibles. The leak included cars sold not only by Volkswagen but also from other brands, including Seats, Audi and Skoda. For Audi and Skoda, this location data was only accurate to within about six miles, but Volkswagen and Citroës could be located to within about four inches. The exposed data has since been secured, but the incident shows how far automakers have yet to go to rein in data collection.