Robot Lawn Mower Vulnerabilities Allow Remote Takeover and Data Theft

A security researcher discovered numerous vulnerabilities in Yarbo robot lawn mowers that allow remote takeover of the machines, including access to their camera feeds. The flaws also enable extraction of owners' email addresses, Wi-Fi passwords and home locations.

The Verge reported that after a company spokesperson said the robots' diagnostic environment is not publicly accessible, the researcher and reporter demonstrated the issues by nearly running over the reporter with a hijacked robot. It can function as a lawn mower, leaf blower, snowblower and edger.

The company has since reported that it is developing a fix to at least one of the flaws the researcher identified.

Meta stopped offering end-to-end encryption on Instagram direct messages on May 8. The company had previously introduced an opt-in version of encryption for Instagram and planned to make it the default setting. Meta decided in March that not enough users had opted in and removed the option.

The move reverses earlier steps by the company to expand encryption. In 2023 Meta said it had rolled out default encryption for Messenger after years of development. The change makes it easier for the company to access Instagram DMs.

Researchers this week revealed that thousands of applications created with vibe coding were left exposed on the open internet, revealing sensitive corporate and personal data. The security failings serve as a reminder of risks associated with rapid development methods.

The Department of Homeland Security subpoenaed Google in an attempt to obtain the location data and account activity of a Canadian man who criticized US immigration enforcement tactics. The American Civil Liberties Union filed a complaint against the department on the man's behalf.

The man has not visited the United States in more than 10 years. New research found that scammers, low-level hackers and other cybercriminals are increasingly frustrated with low-quality AI-generated content. Meta is updating its age-verification technology after a study showed that children are bypassing online age checks with simple methods, including one case involving a drawn-on fake mustache.

A consortium of journalists reported this week on leaked documents detailing a unit at Bauman Moscow State Technical University that provides training and a pipeline into Russia's GRU military intelligence agency. The unit, known as Department 4, teaches hacking skills including penetration testing.

Some graduates have joined groups linked to major cyberattacks. Poland's domestic intelligence agency warned that hackers infiltrated networks of water utilities in five towns last year. In some cases the attackers reached industrial control systems that could have affected physical operations of the facilities.

The agency described the incidents as part of a broader Russian reconnaissance campaign targeting Polish military and critical infrastructure.