Pegasus Targets EU Politician, Apple's Hide My Email Flaw, and AI's Dark Side
This week's cybersecurity landscape reveals a disturbing trend: a European Parliament politician investigating spyware was himself targeted by **Pegasus**. Meanwhile, a critical vulnerability in **Apple**'s 'Hide My Email' service has exposed user privacy, and AI's potential for misuse is highlighted by a researcher's ability to exploit a ticketing system using **Anthropic's Claude Opus 4.7**.
### EU Politician Targeted by Pegasus Spyware
New research findings indicate that a politician on the European Parliamentβs **PEGA Committee**, established to investigate spyware abuses including the notorious **Pegasus** malware, was himself targeted. This revelation underscores the pervasive threat of sophisticated surveillance tools, even against those actively working to combat them.
### Google Warns EU Regulations Could Introduce Vulnerabilities
Top security staff at **Google** have issued a warning: proposed pro-competition rules in the EU could inadvertently expose **Google Search** and **Android** systems to hacking and other forms of abuse. The concerns highlight the delicate balance between fostering competition and maintaining robust cybersecurity defenses.
### Meta Contractors Posed as Teens for Chatbot Testing
An investigation by WIRED revealed that **Meta** contractors adopted the personas of children and teenagers to test how chatbots like **Gemini** and **ChatGPT** would respond to prompts concerning high-risk subjects such as suicide, sex, and drugs. This practice raises ethical questions about the methods employed in AI safety testing and the potential implications for user privacy.
### AI Exploited to Access Music Festival Ticketing Systems
A researcher demonstrated a concerning vulnerability, using **Anthropic's Claude Opus 4.7** to breach the website of **Front Gate**. This allowed the researcher to issue tickets for numerous major United States music festivals, including **Lollapalooza** and **Bonnaroo**, showcasing the potential for AI tools to be weaponized for illicit access.
### Appleβs Hide My Email Service Fails to Conceal Real Addresses
**Apple**βs 'Hide My Email' feature, designed to enhance user privacy by generating unique, random email addresses, has been found to have a critical flaw. Reporting from **404 Media** revealed that for at least a year, a vulnerability has allowed real email addresses to be uncovered. Security researcher **Tyler Murphy**, who discovered the flaw in June 2025, stated that in limited tests, 100% of 'Hide My Email' addresses were exploitable. Despite reporting the issue to **Apple** last summer, the problem remains unpatched, with **Apple** reportedly still investigating.
### Alleged Scattered Spider Member Extradited to Face US Charges
A nineteen-year-old, **Peter Stokes**, an Estonian-US dual citizen, has been arrested in Finland and extradited to the United States. He faces charges of computer intrusion, conspiracy, and fraud for his alleged involvement with the notorious **Scattered Spider** hacking group. The **Department of Justice (DoJ)** alleges that **Stokes** and his associates hacked an unnamed luxury jewelry retailer in May 2025, demanding an $8 million cryptocurrency ransom. This follows recent guilty pleas from other **Scattered Spider** members for hacking **Transport for London**.
### India Threatens WhatsApp Over Introduction of Usernames
**WhatsApp**'s plan to roll out usernames, allowing users to connect without sharing phone numbers, has met with resistance from Indian officials. India, a significant market for **WhatsApp**, has previously attempted to undermine encryption protections on the **Meta**-owned app. A letter from the Indian government, seen by **Reuters**, requested **WhatsApp** to pause the rollout, citing concerns over increased fraud and cybercrime due to online anonymity. Similar messages were also sent to **Signal** and **Telegram**.
### License Plate Reader Errors Lead to Innocent Detentions
The proliferation of automatic license plate reader cameras (**ALPRs**) across the United States has led to a disturbing trend: innocent individuals being detained by law enforcement due to system errors. A review of court records and media reports by the **Institute for Justice** documented at least 24 cases of misidentification over the past eight years. These incidents include families with babies being held at gunpoint and grandparents being detained due to a camera misreading a character on a license plate. The findings add to a growing list of errors associated with these AI-enabled cameras.