Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an attempt to thwart automated detection by good guys.

Periodically changing up attack routines is one way attackers stay ahead of defenders, creating a never-ending back-and-forth process that requires constant vigilance for defenders to stay on top of. It’s likely the attack group will change course again in the coming months.

As spotted by Android Police, new flags in the developer versions of the popular browser now want to hide the URL path. So for an article like this one, instead of "https://arstechnica.com/gadgets/2020/06/google-is-messing-with-the-address-bar-again-new-experiment-hides-url-path/," the address bar would show "arstechnica.com."

It's unknown what Google's plans are for the experiment, but hiding more URL information would line up with Chrome's previous actions. For years the Chrome team has wanted to kill the URL bar, arguing that it's a confusing way to express Web identity. While Google hasn't outright killed the bar yet, Chrome has made numerous changes to try to "simplify" the URL bar. Currently, Chrome hides URL protocol if it is HTTP or HTTPS.

Athul Jayaram, a self-described “full time bug bounty hunter”, published a blog post earlier this week highlighting that a large number of Whatsapp users’ mobile numbers could easily be found by searching Google for the domain “wa.me”.

Whatsapp has suffered from security and privacy problems in the recent past – some big, some less so, and some downright scary. Facebook, its owner, makes a big deal out of its security features including end-to-end encryption. Technical security is no good if you’re going to let the world’s biggest search engine, run by the world’s biggest advertising technology company, hoover up your users’ phone numbers by exposing them in plaintext on one of your websites.

The presentation discussed the “benefits” of “content control.” And it offered one example of a topic employers might find it useful to blacklist: the word “unionize.”

The suggestion that Facebook is actively building tools designed to suppress labor organizing quickly caused a stir at the Menlo Park, California-based company. Facebook employees sparked a flurry of posts denouncing the feature, with several commenting in disbelief that the company would overtly pitch “unionize” as a topic to be blacklisted.

In the case we will describe in this article, a gigabit customer who was paying $50 extra per month for unlimited data was flagged by Cox because he was using 8TB to 12TB a month.

Cox responded by lowering the upload speeds on the gigabit-download plan from 35Mbps to 10Mbps for the customer's whole neighborhood. Cox confirmed to Ars that it has imposed neighborhood-wide slowdowns in multiple neighborhoods in cases like this one but didn't say how many excessive users are enough to trigger a speed decrease.

Bernstein analyst Toni Sacconaghi says that an acquisition of privacy-focused DuckDuckGo would allow Apple to put pressure on Google and tap into lucrative advertising revenue.

According to Sacconaghi, Apple should acquire DuckDuckGo for around $1 billion as a way to put more pressure on Google and capture the advertising revenue that comes from the search industry. As reported by Street Insider, acquiring DuckDuckGo could serve as a “stalking horse” to pressure Google.

YouTube creators can add chapters to their videos via the description. Just start a list of timestamps with "0:00" followed by chapter titles, with one timestamp on each line. If you don't want chapters, just don't start a timestamp list with "0:00."

"Our algorithms exploit the human brain's attraction to divisiveness," read a slide from a 2018 presentation. "If left unchecked," it warned, Facebook would feed users "more and more divisive content in an effort to gain user attention & increase time on the platform."

Mr. Zuckerberg and other senior executives largely shelved the basic research, according to previously unreported internal documents and people familiar with the effort, and weakened or blocked efforts to apply its conclusions to Facebook products.

Although there are various industry estimates, code repository management firm GitLab Inc. decided to phish their own employees to see what would happen. The result was not good: One in five employees fell for the fake emails.

Six of the 50 employees who received the fake phishing email reported the email as suspicious to GitLab’s security operations team.

"What I worry about is, right now I think there are emerging two very different frameworks underpinned by very different sets of values," Zuckerberg said in a livestreamed debate with EU official Thierry Breton organized by the Center on Regulation in Europe (CERRE).

The "best antidote" to China's approach "is having a clear framework that comes out of Western democratic countries and that can become a standard around the world," Zuckerberg said.