A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.

Even hard-headed military types can fall victim to romance scams, it seems. A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.

David Slater was a retired colonel in the US army who took up work as a civilian at US Strategic Command, according to the Department of Justice. He spilled the beans on a foreign online dating app between February and April 2022. Russia invaded Ukraine in February 2022.

The DoJ’s indictment against Slater doesn’t reveal what app he used, but he talked to someone claiming to be a Ukrainian woman repeatedly via the app and email. The person, named as ‘co-conspirator 1’, called him ‘my secret information love’.

‘Co-conspirator 1’ whispered sweet nothings including “Beloved Dave, do NATO and Biden have a secret plan to help us?” which they sent in March that year. The following month, they sent “Sweet Dave, the supply of weapons is completely classified, which is great,” and “My sweet Dave, thanks for the valuable information, it’s great that two officials from the USA are going to Kyiv”.

The indictment said that Slater provided classified information about military targets and Russian military capabilities, even though he knew this could be damaging to the US.

The DoJ originally prosecuted Slater on three counts, covering conspiracy to disclose National Defense Information and the actual transmission of those secrets. He “willfully, improperly, and unlawfully conspiring to transmit National Defense Information classified as ‘SECRET’,” according to the indictment.

On Friday, Slater pleaded guilty to conspiracy. Under the plea deal, prosecutors have dropped the other two charges. Although he could still receive the maximum ten-year penalty, the government will recommend a sentence of between five and seven years in jail when sentenced on August 8.

Slater’s years of military experience meant he should have known better, said DoJ prosecutors. But this sad story shows just how powerful emotions can be in causing someone to cross personal and professional boundaries. It’s entirely possible, of course, that ‘co-conspirator 1’ was a legitimate love interest, but just as likely that they were working on behalf of a foreign state actor. No matter which, it was wrong to divulge secrets that might have put lives in danger.

So what can we learn from this? Most people reading this story won’t be privvy to such secrets, but many might be lonely, or know someone who is. Romance scammers target people desperate for affection and human connection. It makes it easier to scam someone when they’re eager to believe that you’re legitimate and telling them the truth.

For most romance scam victims, the target is money rather than state secrets. One in ten victims lose $10,000 or more. That’s why it’s important to continually check in on those in your life who may be vulnerable. Even those that you think are savvy and immune to scams might be at risk. Loneliness can make even the most skeptical person do some questionable things.

**We don’t just report on scans—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 Dating app scammer cons former US army colonel into leaking national secrets 

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-4q2v-9p7v-3v22: Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

ANY.RUN’s announced a game-changing opportunity for cybersecurity professionals worldwide: Threat Intelligence Lookup (TI Lookup) now offers a comprehensive free plan. High-quality, real-time threat intelligence is available at no cost, democratizing access to the critical insights that security teams need to stay ahead of evolving threats.

****Threat Intelligence Lookup: Under the Hood****

TI Lookup is a real-time threat intelligence service powered by ANY.RUN’s Interactive Sandbox: a trusted solution used by over 15,000 organisations worldwide.

SOC teams and threat hunters use the sandbox to detonate suspicious files and URLs in a safe, live environment. The sandbox captures in-depth technical evidence, including:

*   **IOCs**: Hashes, IPs, domains.
*   **Behaviour**: Registry changes, file modifications, and processes.
*   **Network Activity:** Command-and-control (C2) connections.
*   **Extras**: Malware configurations and Suricata IDS signatures.
*   **TTPs**: Tactics, techniques, and procedures, mapped to the MITRE ATT&CK Matrix.

This rich stream of behavioural data feeds directly into TI Lookup, giving analysts access to fresh, actionable intelligence while attacks are still active, not weeks later.

Unlike other threat intelligence sources that rely on delayed public disclosures, TI Lookup offers live data generated from ongoing attacks across the globe.

****How Threat Intelligence Lookup Transforms SOC Operations****

The fastest way to detect and respond to a threat is by recognising it from another incident. ANY.RUN facilitates leveraging intelligence from similar attacks that have already hit other organisations. Security teams of over 15,000 companies investigate incident artefacts in the Sandbox, which ensures TI Lookup is always equipped with the latest threat data, including comprehensive context from live detonations, not post-incident reports.

SOC teams can rapidly enrich their alerts with TI Lookup context, including through API/SDK automation capabilities. This acceleration in threat detection and validation provides the behavioural insights required for fast mitigation, ultimately reducing Mean Time to Response (MTTR) from hours to minutes.

****Threat Intelligence Lookup Free Plan Capabilities for SOC Teams****

The essential features of TI Lookup are available at no cost. The free plan includes: 

*   **Access to Recent Intelligence**: View up to 20 sandbox sessions per query.
*   **Unlimited Basic Searches:** Conduct unlimited lookups using basic search parameters like file hashes, URLs, domains, IP addresses, MITRE ATT&CK techniques, Suricata IDs, and more.
*   **Search Operators:** Use the AND logical operator for combined searches.

With free access to TI Lookup, you can address common SOC challenges more effectively:

*   **Enrich Threat Investigations**: Add comprehensive context to your security incidents with real-time intelligence.
*   **Reduce Response Time (MTTR)**: Accelerate your incident response with immediate access to behavioural insights.
*   **Strengthen Proactive Defence**: Identify emerging threats before they impact your organisation.
*   **Grow Team Expertise**: Enhance your team’s understanding of current threat landscapes and attack methods. 
*   **Develop Security Rules**: Create more effective SIEM, IDS/IPS, or EDR rules based on real-world threat intelligence.

****How to Get Free Access to Threat Intelligence Lookup****

Visit Threat Intelligence Lookup to get free access and start your first investigation right away. But first, view a couple of hands-on examples of how TI Lookup on the free plan supercharges SOC workflows.  

****Threat Intelligence Lookup’s Free Plan: Real-World Use Cases**  **

Whether you’re a SOC analyst, threat hunter, or security enthusiast, ANY.RUN’s solutions equip you to respond to threats faster, smarter, and with greater confidence.

****Fast Triage and Data-Fueled Response****

When a suspicious domain emerges in network connections, search it in TI Lookup to get an immediate actionable verdict: 

domainName:”smtp.godforeu.com”

TI Lookup domain search results

Besides the immediate “Malicious” verdict enough to escalate the incident, the lookup results signal to an analyst that the domain belongs to the notorious Agent Tesla stealer and that it has been spotted in the most recent attack investigations, thus identifying an actual threat. 

****Threat Hunting for Proactive Defence****

Proactive discovery of the signs of network compromise can also be taken to the next level with TI Lookup. For instance, to see if a certain malware targets a specific region, use a compound query combining the threat name and the country identifier: 

threatName:”tycoon” AND submissionCountry:”de”

Fresh Tycoon phishing attacks on companies in Germany

The search results contain links to Interactive Sandbox public analyses of Tycoon 2FA phishing kit samples submitted by users from Germany. Each analysis session can be viewed to study the malware behaviour and collect indicators. 

****From Free Access to Enterprise-Level Threat Intelligence: Premium Plan****

The premium plan designed for SOC teams from businesses and organisations supports private searches that can’t be seen by other users and other advanced features:

**Free**

**Premium**

**Requests**

Unlimited number of basic requests 

Advanced requests (100/500/5K/25K)

**Search operators**

AND

AND, OR, NOT

**Search parameters**

11 

44

**Links to analysis sessions**

Up to 20 most recent

All available

**Interface**

Limited (only analyses)

Full (all threat data + analyses)

**Integration**

–

API and SDK (Python package)

**YARA Search**

–

+

**Private search**

–

+

**TI Reports**

–

+

**Search Updates**

–

+

****Conclusion****

The launch of the free TI Lookup plan represents more than just a pricing change. It’s a fundamental shift in how threat intelligence becomes accessible to security professionals at every level. 

Whether you’re a seasoned threat hunter at a Fortune 500 company or a SOC analyst at a growing organisation with limited resources, you now have the same access to cutting-edge, real-time threat intelligence that was previously available only to enterprise customers.

For analysts, this means no more working with incomplete information or relying on outdated threat feeds. Threat hunters benefit from unprecedented visibility into active campaigns and emerging attack patterns. With access to intelligence from 15,000+ organisations worldwide, you can identify threat actor TTPs, understand attack progressions, and develop proactive hunting strategies based on real-world data, not theoretical scenarios.

Get started with Threat Intelligence Lookup to speed up triage and response.

Cut Response Time with This Free, Powerful Threat Intelligence Service

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.
Today, we are excited to recognize this year’s Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.

Today, we are excited to recognize this year’s Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.

**Congratulations to each of our MSRC 2025 Most Valuable Researchers**

Below is the Top 10 for the MSRC’s Annual MVRs. Check out the full list of researchers recognized this year here.

MSRC partners with thousands of researchers throughout the year. This list recognizes the researchers who earned the most points this year by submitting valid vulnerabilities between July 1, 2024, and June 30, 2025.

We thank you for your partnership and look forward to seeing you climb the ranking!

To learn more about our program scope and how to earn points for each valid vulnerability, check out our program page.

**Technical Leaderboards**

In addition to our leaderboard, our annual technology area-specific leaderboards recognize researchers who have submitted high-impact vulnerabilities in particular product areas.

Annual Technical Leaderboards are not limited to the Top 100 and will feature all the Top 10 researchers in each technical group regardless of MVR status.

Congratulations to the top **Azure** researchers this year: **Suresh Chelladurai, Anonymous, and Adnan!**

Congratulations to the top **Office** researchers this year: **0x140ce, Li Shuang, willJ, and Guang Gon, and Haifei Li!**

Congratulations to the top **Windows** researchers this year: **wkai, VictorV, and Anonymous!**

Congratulations to the top **Dynamics 365 and Power Platform** researchers this year: **Brad Schlintz (nmdhkr), Dhiral Patel (@diralpatel94), and Artem Shymshyrian (Xtytia0922)!**

  
**MVR Badges**

In addition to MVR status, researchers are awarded badges to represent the following achievements:

 Accuracy - recognizes researchers with 100% accuracy, meaning all their submissions were valid vulnerability reports

 Impact - recognizes high-impact work, with the average points per valid vulnerability report at or above the 90th percentile

 Volume - recognizes a larger body of work, requiring at least five valid vulnerability reports

Annual Technical Leaderboards will display Top 100 MVR badges where applicable.

**Swag**

Our 2025 100 MVRs will receive an MSRC swag box and digital badges to share their accomplishments on social media and professional portfolios. Researchers will be receiving an email from msrcmvr@microsoft.com in the coming month to claim their swag and badges.

Congratulations to each of the researchers recognized and thank you for continuing to partner with us to secure customers. We’re excited to see what you do in the next year!

_Madeline Eckert, MSRC_

Congratulations to the MSRC 2025 Most Valuable Security Researchers! 

Millions of people are accessing harmful AI “nudify” websites. New analysis says the sites are making millions and rely on tech from US companies.

For years, so-called “nudify” apps and websites have mushroomed online, allowing people to create nonconsensual and abusive images of women and girls, including child sexual abuse material. Despite some lawmakers and tech companies taking steps to limit the harmful services, every month, millions of people are still accessing the websites, and the sites’ creators may be making millions of dollars each year, new research suggests.

An analysis of 85 nudify and “undress” websites—which allow people to upload photos and use AI to generate “nude” pictures of the subjects with just a few clicks—has found that most of the sites rely on tech services from Google, Amazon, and Cloudflare to operate and stay online. The findings, revealed by Indicator, a publication investigating digital deception, say that the websites had a combined average of 18.5 million visitors for each of the past six months and collectively may be making up to $36 million per year.

Alexios Mantzarlis, a cofounder of Indicator and an online safety researcher, says the murky nudifier ecosystem has become a “lucrative business” that “Silicon Valley’s laissez-faire approach to generative AI” has allowed to persist. “They should have ceased providing any and all services to AI nudifiers when it was clear that their only use case was sexual harassment,” Mantzarlis says of tech companies. It is increasingly becoming illegal to create or share explicit deepfakes.

According to the research, Amazon and Cloudflare provide hosting or content delivery services for 62 of the 85 websites, while Google’s sign-on system has been used on 54 of the websites. The nudify websites also use a host of other services, such as payment systems, provided by mainstream companies.

Amazon Web Services spokesperson Ryan Walsh says AWS has clear terms of service that require customers to follow “applicable” laws. “When we receive reports of potential violations of our terms, we act quickly to review and take steps to disable prohibited content,” Walsh says, adding that people can report issues to its safety teams.

“Some of these sites violate our terms, and our teams are taking action to address these violations, as well as working on longer-term solutions,” Google spokesperson Karl Ryan says, pointing out that Google’s sign-in system requires developers to agree to its policies that prohibit illegal content and content that harasses others.

Cloudflare had not responded to WIRED’s request for comment at the time of writing. WIRED is not naming the nudifier websites in this story, as not to provide them with further exposure.

Nudify and undress websites and bots have flourished since 2019, after originally spawning from the tools and processes used to create the first explicit “deepfakes.” Networks of interconnected companies, as Bellingcat has reported, have appeared online offering the technology and making money from the systems.

Broadly, the services use AI to transform photos into nonconsensual explicit imagery; they often make money by selling “credits” or subscriptions that can be used to generate photos. They have been supercharged by the wave of generative AI image generators that have appeared in the past few years. Their output is hugely damaging. Social media photos have been stolen and used to create abusive images; meanwhile, in a new form of cyberbullying and abuse, teenage boys around the world have created images of their classmates. Such intimate image abuse is harrowing for victims, and images can be difficult to scrub from the web.

Using various open source tools and data, including website analysis tool Built With, Indicator staff and investigative researcher Santiago Lakatos looked into the infrastructure and systems powering 85 nudifier websites. Content delivery networks, hosting services, domain name companies, and webmaster services are all provided by a mixture of some of the biggest tech companies, plus some smaller businesses.

Based on calculations combining subscription costs, estimated customer conversion rates, and web traffic the sites sent to payment providers, the researchers estimate that 18 of the websites made between $2.6 million and $18.4 million in the past six months, which could equate to around $36 million a year. (They note this is likely a conservative estimate, as it doesn’t incorporate all the websites and transactions that take place away from the websites, such as those on Telegram.) Recently, whistleblower and leaked data reported on by German media outlet Der Spiegel indicated one prominent website may have a multimillion-dollar budget. Another website has claimed to have made millions.

Of the 10 most-visited sites, the research says, the most visitors came from the United States—India, Brazil, Mexico, and Germany make up the rest of the top five countries where people accessed the sites. While search engines direct people to nudify websites, the sites have increasingly received visitors from other online sources. Nudifiers have become so popular that Russian hackers have created fake malware-laced versions. Over the past year, 404 Media has reported one site making sponsored videos with adult entertainers, and the websites have also increasingly used paid affiliate and referral programs.

“Our analysis of the nudifiers’ behavior strongly indicates their desire to build and entrench themselves in a niche of the adult industry,” Lakatos says. “They will likely continue to try to intermingle their operations into the adult content space, a trend that needs to be countered by mainstream tech companies and the adult industry as well.”

Many of the problems of tech companies allowing nudify platforms to use their systems are well-known. For years, tech journalists have reported on how the deepfake economy has used mainstream payment services, social media advertisements, search engine exposure, and technology from big companies to operate. Yet little comprehensive action has been taken.

“Since 2019, nudification apps have moved from a handful of low-quality side projects to a cottage industry of professionalized illicit businesses with millions of users,” says Henry Ajder, an expert on AI and deepfakes who first uncovered growth in the nudification ecosystem in 2020. “Only when businesses like these who facilitate nudification apps’ ‘perverse customer journey' take targeted action will we start to see meaningful progress in making these apps harder to access and profit from.”

There are signs the nudify websites are updating their tactics and approaches to try to avoid any potential crackdowns or evade bans. Last year, WIRED reported on how nudify websites used single sign-on systems from Google, Apple, and Discord to allow people to quickly create accounts. Many of the developer accounts were disabled following the reporting. The Indicator says that on 54 of the 85 websites, however, Google’s simple sign-in system is being used, and the website creators have taken steps to evade detection by Google. They would, the report says, use an “intermediary site” to “pose as a different URL for the registration.”

While tech companies and regulators have taken a glacial approach to tackling abusive deepfakes since they first emerged more than a decade ago, there has been some recent movement. San Francisco’s city attorney has sued 16 nonconsensual-image-generation services, Microsoft has identified developers behind celebrity deepfakes, and Meta has filed a lawsuit against a company allegedly behind a nudify app that, Meta says, repeatedly posted ads on its platform. Meanwhile, the controversial Take It Down Act, which US president Donald Trump signed into law in May, has put requirements on tech companies to remove nonconsensual image abuse quickly, and the UK government is making it illegal to create explicit deepfakes.

The moves may chip away at some nudifier and undress services, but more comprehensive crackdowns are needed to slow the burgeoning harmful industry. Mantzarlis says that if tech companies are more proactive and stricter in enforcing their policies, nudifiers’ ability to flourish will diminish. “Yes, this stuff will migrate to less regulated corners of the internet—but let it,” Mantzarlis says. “If websites are harder to discover, access, and use, their audience and revenue will shrink. Unfortunately, this toxic gift of the generative AI era cannot be returned. But it can certainly be drastically reduced in scope.”

AI 'Nudify' Websites Are Raking in Millions of Dollars

Easily stick logos, text, or graphics onto moving surfaces with Filmora’s planar tracker. Just read this article to know how!

Want to add your logo onto a moving object, replace a sign within your video, or have text smoothly follow a surface? These are the dynamic effects that can truly elevate your video projects. While this might sound like advanced editing, Wondershare Filmora’s planar tracker makes it surprisingly achievable. 

This powerful yet user-friendly tool accurately tracks flat surfaces in your footage, allowing you to attach visuals like images, videos, or text that move naturally with the scene. 

Let’s see how Wondershare Filmora simplifies complex tracking, empowering you to create polished, professional-looking videos with an impressive touch.

**Table of Contents**

1.  Part 1. What is Planar Tracking?
2.  Part 2. Key Features and Modes of Filmora’s Planar Tracker
3.  Part 3. Step-by-Step Guide to Using Planar Tracker in Filmora
4.  Conclusion
5.  FAQs

****Part 1. What is Planar Tracking?****

We talked about making videos look more impressive and dynamic. But what makes this possible? Often, it’s a special technique called planar tracking. Let’s look at what that means.

Planar tracking is a way for your video program to follow a flat or 2D surface in your video. It follows how these flat areas move and also sees if they turn, get bigger or smaller, or even change shape a bit as your camera view changes. Think about common flat things you see moving: a book cover, a phone screen, a sign on a wall, or the side of a moving box. Planar tracking can watch how that specific flat area behaves in your video.

How is this different from other ways to track things? Well, there are a few types:

*   **Point tracking:** This is like following just one tiny dot. It’s good for simple moves, like making text follow one spot as it goes left or right. But it doesn’t work if the object spins or changes size a lot.

*   **3D tracking:** This looks at the whole video scene to understand how the camera itself moved in 3D space. It’s useful for adding 3d computer things to a real video. But it’s much more complex than tracking just one flat area.

*   **Planar tracking:** This tool focuses on the flat surface. It understands how the whole flat area moves and changes shape as you see it from different angles.

So, when is planar tracking the best tool for the job? 

Here’s a common example: Imagine you have a video where someone is holding a blank tablet screen. You want to put a video or a picture on that screen. The tablet is moving, and the person holding it might tilt and turn it slightly. This changes how the screen looks in the video.

Point tracking won’t work well here because the screen’s shape changes as it turns. Moreover, 3D tracking is too complex for just changing a screen.

This is where **planar tracking** is perfect! It can track the four corners of the screen, and it sees exactly how the flat-screen area changes shape as it moves. Then, you can place your picture or video onto that tracked area. It will look like it’s actually on the screen in your video.

****Part 2. Key Features and Modes of Filmora’s Planar Tracker****

So, you now have an idea of what planar tracking is and why it’s so useful for sticking things onto flat surfaces. This brings us to Wondershare Filmora, a video editing tool. Filmora is great because it takes this powerful idea and makes its wonderful **Planar Tracker** feature easy for you to use. It helps creators like you get professional-looking results easily. 

Let’s look at what Filmora’s Planar Tracker offers.

*   **Uses Four Points Tracking Method**: Filmora uses a method with four specific points; it is also known as corner pin tracking. You place these points on the corners of your flat surface, and then these four points help the tool follow the surface very accurately. It sees not just where the surface moves but also if it turns, tilts, or gets bigger or smaller.

*   **Has Two Modes, Auto and Advanced:** Filmora gives you two choices for how it tracks. You can pick Auto if you want it simple or Advanced if you need more control. This lets you choose the best way to track based on your video.

*   **You Can Attach Many Things:** After you track a surface, you can easily add different items, like you can attach text, images (like logos), videos (for screen replacement), stickers, or even other effects you find in Filmora’s own library. 

As we already mentioned, Filmora offers two modes for tracking: Auto and Advanced. What’s the difference between these two? Let’s compare them simply:

**Mode**

**Auto Mode**

**Advanced Mode**

**Target Users**

Great for beginners and those who need quick results

Great for users who need more control. Good for fixing tricky tracks

**Accuracy Settings**

Filmora’s system figures out the best way to track automatically. You place the pins, and it does the rest

Allows you to make manual changes. You can adjust the tracking points yourself and can fix the track at specific moments (keyframes). This helps get super-precise results.

**Processing Speed**

Usually tracks faster

It might take a little longer to finish

**Suitable Scenarios**

Footage where the flat surface is clear, well-lit, and moves smoothly. Ideal for simple tracks like a poster on a steady wall or a screen with clear edges and slow movement.

Videos with low light, motion blur, or when the surface is partly blocked. Use this when the Auto track isn’t perfect and you need to fix it for a very clean, exact look on difficult shots.

So, we can clearly say that the Auto Mode is quick and simple for many videos. But Advanced Mode gives you the extra tools to handle tougher tracking jobs and get a really exact result. 

****Part 3. Step-by-Step Guide to Using Planar Tracker in Filmora****

Having understood the power and flexibility of planar tracking in Filmora, the best way to truly grasp it is to jump in and try it yourself!

Follow these steps to bring your creative vision to life:

**Step 1: Import Video Footage into Filmora**

First things first, open Filmora and import the video clip you want to work with. Drag and drop it from your computer’s folders into Filmora’s Media Library, and then drag it down onto your timeline. This is the foundation for our tracking magic.

**Step 2: Enable Planar Tracking**

Double-click your video clip selected on the timeline, and you will see the **Video** option in the top right corner. Click on this and then the **AI Tools** option, just behind it. Turn on the Planar Tracker option to activate it.

**Step 3: Track the Planar Surface**

Select between two modes, Auto and Advanced.

If you are going with the auto mode, drag the four tracking points to the corners of the flat surface you want to track in your video. Try to be as precise as possible, placing them exactly on the edges or key features of the surface. Once your points are set on the first frame, click the “Start” button. 

**Step 4: Select the Binding Object (image, video, or text to attach)**

After the tracking analysis is complete, it’s time to decide what you want to stick onto that tracked surface. In the Planar Tracker settings, you’ll see an option to “Link” an object. Click on this and choose **“Import from Computer”** to import the media you want to attach— this could be an image (like a logo), another video clip (for screen replacement), a text layer you’ve created, a sticker, or any other element from your media library or Filmora’s effects.

**Step 5: Adjust the Parameters (tracking points, accuracy, binding position)**

Use the scaling and positioning tools within the Planar Tracker or the standard transformation controls to adjust the size, position, and rotation of the bound object so it fits perfectly on the tracked surface.

**Step 6: Complete and Export**

When you’re satisfied with the results, it’s time to export your final video! Go to the export options in Filmora, choose your desired format and settings, and render your impressive, dynamically tracked video.

By following these steps, you can use Filmora’s Planar Tracker, which will turn your simple pictures or words into parts of your video that move. It will ultimately make your videos look better.

****Conclusion****

As you can see, Filmora’s Planar Tracker makes it easy to do something that seems hard: putting things onto flat surfaces that move. By knowing what planar tracking is and using Filmora’s simple Auto and more controlled Advanced modes, you can easily get results that look professional. So, try it with your own video today and find new ways to be creative.

****FAQs****

**1.** **Is it free to use the Planar Tracker?**

Yes, it’s free to use Filmora’s Planar Tracker. But like many other tools, you have the option to buy a paid plan to save your videos with a Filmora watermark on them.

**2\. Can you track multiple surfaces using Filmora’s Planar Tracker?**

Filmora’s Planar Tracker is made to track one flat surface each time you use the tool on a video clip. If you want to track different flat surfaces in the same video, you will likely need to use the **Planar Tracker** tool separately for each surface and attach a different item to each one.

**3.** **What’s the difference between planar tracking and motion tracking in Filmora?**

Motion tracking follows the position and basic movement of a single point or object. This is suitable for simple tracking needs. Planar tracking tracks a flat surface, accounting for its movement and changes in perspective or shape. It is ideal for placing objects onto surfaces like screens or walls that rotate or tilt.

Your Simple Guide: How to Use Filmora’s Planar Tracker for Awesome Video Edits

FBI seizes top piracy sites leaking unreleased and pirated video games with millions of downloads and 170 million dollars in losses for developers and publishers.

The Department of Justice and the FBI’s Atlanta Field Office confirmed today that they have seized and dismantled several notorious online marketplaces distributing pirated video games.

The targeted sites had gained popularity for leaking unreleased titles to millions of users worldwide. Visitors who try to reach these domains now see a federal notice stating **“This website has been seized”** and “**This domain has been seized by the Federal Bureau of Investigation”** instead of download links.

The full list of seized websites includes the following:

*   Nswdl.com
*   Nsw2u.com
*   Ps4pkg.com
*   Ps4pkg.net
*   Mgnetu.com
*   Game-2u.com
*   Bigngame.com

According to the FBI’s press release, from late February through May, an estimated 3.2 million illegal downloads took place through just one of the main services connected to these sites. The financial impact stands at roughly $170 million in losses to publishers and developers.

Screenshot from the now-seized and popular Game-2u.com (Image credit: Hackread.com)

The agency further revealed that for more than four years, these networks distributed early copies of some of the most anticipated games, often days or weeks before their official launch.

The FBI’s move to seize the sites’ domains cuts off access to vast libraries of pirated content and removes infrastructure that supported further distribution. The operation involved support from the Dutch FIOD agency (Fiscal Information and Investigation Service).

Game studios have always complained that leaks hurt their sales, drain the hard work of developers and ruin the excitement they build before a big launch. The FBI says grabbing these early copies for free doesn’t just hit big companies but also affects the people who spend years making the games in the first place.

While the domains are now in government hands, the global fight against online piracy will continue. The people behind these sites could face prosecution once investigators finish their work. For now, some of the internet’s busiest sources for leaked games have gone down, cutting off millions of downloads in the process.

FBI Seizes Major Sites Sharing Unreleased and Pirated Video Games

Google says it's Gemini AI will soon be able to access your messages, WhatsApp, and utilities on your phone. But we're struggling to see that as a good thing.

If you’re an Android user, you’ll need to take action if you don’t want Google’s Gemini AI to have access to your apps. That’s because, regardless of your previous settings, Google now allows Gemini to interact with third-party apps.

Through Gemini extensions, it already had the ability to integrate with apps to lend a helping hand and make Google Assistant obsolete. From an email I received in April from Google Gemini:

> **Gemini uses info from your devices and services to help you**
> 
> Gemini uses this info to provide more customized and context-aware help. Gemini accesses certain system permissions and data, like call and message logs, contacts (to help you keep in touch), and screen content (to help you act on it).
> 
> **Gemini works with apps**  
> Gemini can respond with real-time info from other tools, apps, and services like Google Keep and YouTube. To allow connected apps to generate helpful responses, Gemini shares some of your info with them. You can manage your apps in your settings.  

Then further on, it said:

> **Gemini activity and your choices**    
> When you use Gemini, Google collects your activity, like your chats (including recordings of your Gemini Live interactions), what you share with Gemini (like files, images, and screens), product usage information, feedback, and info about your location. This data is stored in Activity (if it’s on), reviewed by trained reviewers, and used to improve Google services, including generative AI.

The bit about trained reviewers was enough for me to decide against using it. There are many AI options that offer a lot more privacy.

But now, according to a Ars Technica, Google has sent an email to Android users that takes it one step further.

_Image courtesy of ArsTechnica_

> “We’ve made it easier for Gemini to interact with your device  
> We’re updating how Gemini interacts with some of the apps on your Android device.  
> Gemini will soon be able to help you use your Phone, Messages, WhatsApp, and utilities on your phone, **whether your Gemini Apps Activity is on or off**.
> 
> This change will **start automatically rolling out** on July 7, 2025.  
> If you don’t want to use these features, you can turn them off in the Apps settings page.
> 
> **If you have already turned these features off, they will remain off.**
> 
> For more details on how these features work with your data, please see the Gemini Apps Privacy Hub.”

_Note: I did not receive this email and the Gemini app is not on my phone. That could be because I’m using a Samsung phone and Samsung offers Bixby as a virtual assistant. It might be my location: sometimes Europe gets these features later. Or potentially the phone is too old (2019)._

**Good news or not?**

While Google presents this as happy news, we’re not in full agreement. Google enabling Gemini to access third-party apps promises exciting AI-driven features but also introduces significant privacy, security, and control challenges.

Android users who want to protect their data and limit AI access should check their app permissions and disable unnecessary AI integrations. However, it turns out, this is not easy. First off, there is a contradiction in Google’s statements. In one place it says the change will automatically start rolling out and will give Gemini access to apps such as WhatsApp, Messages, and Phone “whether your Gemini apps activity is on or off.” But in another place it claims, “If you have already turned these features off, they will remain off.”

This is confusing, and even well-versed users are having problems finding the appropriate settings.

All we can do is advise you to make your own, informed, decisions as much as you can:

*   If Android introduces notifications or permission prompts for Gemini access, pay close attention and deny access where possible.
*   Regularly check app permissions in **Settings** > **Privacy** > **Permission Manager** and revoke permissions that are not essential, especially those related to sensitive data (contacts, messages, microphone, camera).
*   If possible, keep your Android OS and apps updated to benefit from security patches and improved privacy controls.
*   Don’t underestimate the importance of an active anti-malware solution on your Android phone.

If Google wants users to be happy about new features, than we’d prefer it announce them and then explain how those who like them can enable them. Don’t turn on settings that we’ve never asked for.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 No thanks: Google lets its Gemini AI access your apps, including messages 

This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing.

Thursday, July 3, 2025 14:00

Welcome to this week’s edition of the Threat Source newsletter. 

Hi, I’m Bruce, the 25-foot mechanical star of “Jaws.”  

This summer marks 50 years since my 4 minutes of screentime kept people out of the water for decades. Maybe this Fourth of July weekend you’re planning to sea-shanty your way to a special screening? If you do, here’s a little behind-the-scenes story on how my endless malfunctions almost made Spielberg hang up his director hat before you could say “phone home.” 

I was built for a studio tank — a predictable and safe environment. But Spielberg, in pursuit of realism, had other plans. He threw me into the Atlantic, where the salt water, rolling waves and unruly weather conditions caused more chaos than anybody had bargained for. 

Each day, my hydraulics jammed, my pneumatics corroded and my paint peeled like a sunburned tourist on Amity Beach.

There were days when the crew could only capture one or two shots before either I broke, the weather broke, or one of the actors’ egos broke. Every night they’d patch me up and whisper an assortment of four-letter words into my rusty gills.

My saving grace became Verna Fields, aka “Mother Cutter.” Spielberg’s editor was the one to suggest they only use fleeting moments of footage starring yours truly. While I bobbed around like a skydancer on a windless day, Verna worked her magic: stitching reactions, cutting away at just the right moment and building tension with empty water. She turned me from a potential failure to a legend. 

And thus, I became a lesson in what happens when you build for a predictable environment but deploy in the wild. Sound familiar? 

I’ve been told that readers of Talos’ Threat Source Newsletter are security folks, and I’ve been asked to write something just for you. Here it goes… 

*   _“You’re gonna need a bigger boat.”_ Overprepare. Expect things to go wrong.  
*   _“It’s only an island if you look at it from the water.”_ Perspective matters. Make sure your alerts are honed to spot the things that really matter. 
*   _“Smile, you son of a…”_ Sometimes, your last line of defense is your defining moment. Should everything else fail, make sure you have something left in the tank. 

In cybersecurity, your green ticked audit checklists mean nothing if you haven’t pressure-tested your environment against real red teamers. Incident response plans need ocean trials, not just bullet points. 

If I have a legacy beyond people sticking their noggin in my teeth for “the gram,” it’s this: Build your defenses for salt water, not studio tanks. And remember, the mayor always wants to keep the network open... 

_Editor’s note: I’d like to thank Bruce for his time and perspective, and I hope he found our studio a relaxing place to write. I’m also sorry that I only had two barrels and not the requested three for him to play with._ 

_Bruce’s story is why_ _Cisco Talos Incident Response_ _exists: to help you prepare for the effects of salt water before they wreak havoc on your system. With Talos IR, you can stress test your defenses using real world scenarios and incident responders who’ve experienced just about everything there is to see._ 

_Enjoy the Fourth of July weekend, and remember to listen out for the_ duh dun.

**The one big thing **

Cisco Talos has enhanced its email threat detection engine to address brand impersonation tactics using PDF payloads in phishing attacks. These attacks often exploit popular brands to steal sensitive information, employing methods like QR code phishing and telephone-oriented attack delivery (TOAD), where victims are tricked into calling adversary-controlled phone numbers. Adobe’s e-signature service and PDF annotations have also been abused to bypass detection systems. 

**Why do I care? **

Phishing attacks are getting sneakier, using PDFs and trusted brands to trick people into giving up personal info or downloading malicious software. If you're not careful, you could fall for one of these scams, especially since attackers are using clever tactics like fake phone numbers or QR codes to seem legitimate. 

**So now what? **

Be extra cautious with emails containing PDFs, even if they look legit. Avoid scanning QR codes or calling phone numbers from unsolicited emails. Cisco’s detection tools are updated often, but staying vigilant and double-checking anything suspicious is your best defense.

**Top security headlines of the week **

**Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects**   
The international effort, codenamed Operation Borrelli was carried out by the Spanish Guardia Civil, along with support from law enforcement authorities from Estonia, France, and the United States. (The Hacker News) 

**International Criminal Court hit by new 'sophisticated' cyberattack**   
In a statement yesterday, the ICC revealed that it had contained a "sophisticated and targeted" cybersecurity incident, which was discovered by systems in place to detect cyberattacks targeting its systems. (Bleeping Computer) 

**Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black**   
After more than 40 years of being set against a very recognizable blue, the updated error message will soon be displayed across a black background. (SecurityWeek) 

**Ahold Delhaize Data Breach Impacts 2.2 Million People**   
The incident impacted Giant Food pharmacies, Food Lion and Stop & Shop, among others. Stolen information may include names, contact info, date of birth, SSN, passport number, financial account information and more. (SecurityWeek) 

**Germany asks Google, Apple remove DeepSeek AI from app stores**   
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. (Bleeping Computer)

**Can’t get enough Talos? **

**Decrement by one to rule them all: AsIO3.sys driver exploitation**   
Learn how our researcher, Marcin Noga, found two critical vulnerabilities in ASUS’ Armory Crate and AI Suite drivers.

**Talos Takes: Teaching LLMs to spot malicious PowerShell scripts**   
Hazel chats with Ryan Fetterman from the SURGe team to explore his new research on how LLMs can assist security operations centers in identifying malicious PowerShell scripts.

**Beers with Talos: Terms and conceptions may apply**  
In this episode, the crew reassembles after a totally intentional and not-at-all accidental hiatus. They cover AI-assisted IVF, a possible underground war against dairy, and the real heroes: conference dogs.

**Upcoming events where you can find Talos **

*   NIRMA (July 28 – 30) St. Augustine, FL 
*   Black Hat USA (Aug. 2 – 7) Las Vegas, NV 

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**   
MD5: 2915b3f8b703eb744fc54c81f4a9c67f   
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507   
Typical Filename: VID001.exe   
Claimed Product: N/A   
Detection Name: Win.Worm.Coinminer::1201 

**SHA 256: cd697cc93851d0b1939a7557b9ee9b3c0f56aab4336dd00ff6531f94f7e0e836**   
MD5: c94c094513f02d63be5ae3415bba8031   
VirusTotal: https://www.virustotal.com/gui/file/cd697cc93851d0b1939a7557b9ee9b3c0f56aab4336dd00ff6531f94f7e0e836/details  
Typical Filename: setup   
Claimed Product: N/A   
Detection Name: W32.Variant:Gen.28iv.1201 

**SHA 256: 57a6d1bdbdac7614f588ec9c7e4e99c4544df8638af77781147a3d6daa5af536**   
MD5: 79b075dc4fce7321f3be049719f3ce27   
VirusTotal: https://www.virustotal.com/gui/file/57a6d1bdbdac7614f588ec9c7e4e99c4544df8638af77781147a3d6daa5af536/details   
Typical Filename: RemCom.exe   
Claimed Product: N/A   
Detection Name: W32.57A6D1BDBD-100.SBX.VIOC 

**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91**     
MD5: 7bdbd180c081fa63ca94f9c22c457376     
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details  
Typical Filename: IMG001.exe    
Claimed Product: N/A   
Detection Name: Simple\_Custom\_Detection   

**SHA 256: 061e13a4fc9f1d4da0671082d5e4666f316bb251f13eded93f9cdb4a584d0bc0**   
MD5: 8d74e04c022cadad5b05888d1cafedd0  
VirusTotal: https://www.virustotal.com/gui/file/061e13a4fc9f1d4da0671082d5e4666f316bb251f13eded93f9cdb4a584d0bc0/details  
Typical Filename: smhost.exe   
Claimed Product: N/A   
Detection Name: Artemis:Lazy.27fx.in14.Talos

**SHA 256: 2eb95ef4c4c24f1e38a5c8b556d78b71c8a8fb2589ed8c5b95e9d18659bde293**  
MD5: N/A  
VirusTotal: N/A, use https://talosintelligence.com/sha\_searches  
Typical Filename: N/A  
Claimed Product: N/A  
Detection Name: W32.2EB95EF4C4-100.SBX.TG

A message from Bruce the mechanical shark

LGBTIQ+ organizations in El Salvador are using technology to protect themselves and create a record of the country’s ongoing authoritarian escalations against their community. It’s not without risks.

Steven Rodríguez traveled more than 40 miles from his home in Santa Ana, in western El Salvador, to attend the Pride march in the capital on June 28. It is the second time he has attended. There, some 20,000 people gathered in a mix of celebration and protest for the rights of sexual diversity. But this year, joy was replaced by fear.

“Maybe it won't escalate, but there is a fear that what happened to the El Bosque cooperative will happen. But, from deep down I believe that, as people, we have the right to a dignified life. If it's not me, who else is going to defend my experiences,” says Rodríguez about his decision to attend in the midst of the authoritarian escalation that the country is experiencing.

When Nayib Bukele assumed power in 2019, one of his first actions was to eliminate the Directorate of Sexual Diversity. In February 2024, during his participation in the Conservative Political Action Conference in the US, he made his position clear: “We do not allow those ideologies in schools and colleges. I think it is also important that the curriculum does not include gender ideology and such things.”

Natalia Alberto

Rodríguez's main fear is that the march will serve as an excuse to criminalize its attendees. Earlier this year, on May 12, a hundred members of the El Bosque cooperative held a peaceful protest to avoid being evicted. This was repressed by the military police and ended with the arrest of community leader José Ángel Pérez and lawyer Alejandro Henríquez for public disorder. Both are serving provisional detention in a penal center. In the past four months, at least six human rights defenders have been arrested in the country for political reasons.

On the afternoon of June 28, the march ended peacefully and, at least on the ground, no arrests were recorded.

**Training Day**

Rodríguez is part of a collective called Pedrina, which focuses on community articulation for LGBTIQ+ rights in the West. His approach to digital security began when members of the organization started receiving insults, threats, and hate messages on social networks.

Natalia Alberto

Rodríguez and his collective received digital security training from Amate, another LGBTIQ+ organization that advocates nationally. Since May, Amate has trained 60 people on issues including digital rights, risk analysis, extortion, phishing, outing, surveillance, and revenge porn. It also includes the implementation of tools such as the use of VPN and encrypted messaging platforms, such as Signal and Proton.

“Something that activists were telling us \[that\] is very common is that people take their Facebook photos and impersonate them on social networks, either to attack other collectives or to undermine personal aspects. So it's a very interesting experience. People are not aware of the exposure we have in the digital world,” says Fernando Paz, who is in charge of teaching these courses.

Natalia Alberto

For Rodríguez, these tools are a way of confronting a country that, with government support, is becoming increasingly violent towards those who represent diversity.

“At the university, we have had experiences of hate speech in classes. Professors have said that they share Bukele's thinking on gender ideology and that this has to disappear because it poisons the youth,” Rodríguez says.

One way the government has used to hide violence against the LGBTIQ+ community is the lack of accounting of hate crimes committed in El Salvador. In recent years, the country’s Attorney General's Office, also known as FGR, has used the categories “murder due to social intolerance” and “murder due to family intolerance” to count homicides that it cannot attribute to what it calls “general crime” (mostly, according to the government's narrative, perpetrated by gangs). There is no clarity about what falls into these categories, which are not official, are not defined, and are only used publicly—not within administrative reports. Between 2023 and 2024, the FGR counted 182 of these cases.

Natalia Alberto

**Hit Record**

In the face of statistical obscurity, the exercise of documenting and archiving hate crimes has been taken up by organizations. The Passionist Social Service, an anti-violence group, found that 154 LGBTIQ+ people have been detained during El Salvador's emergency regime, which began in March 2022 and has been extended 39 times to date. Following this, Nicola Chávez and her team saw the need to record cases of violence against members of the LGBTIQ+ population.

“We had always intended to start an observatory, but with the start of the exception regime everyone knows that police violence and military harassment have a disproportionate impact on the LGBT community. Obviously that hurts us, and I don't know who else they count on to be able to denounce,” Chávez says.

To date, Chávez's team has registered 68 incidents of violence against LGBTIQ+ people, although they believe there could be more. One of the main challenges has been to create a centralized database of the information that each member had kept on their own.

Natalia Alberto

“One of the big frustrations has always been that we don't have consistency when it comes to storing information,” Chávez says. “To make this database, I had to go from computer to computer, collecting information in emails and loose files.”

Chávez, a doctoral student in American Studies and archivist, applied her knowledge to compile and organize the information. For her, it's crucial to secure the databases that contain sensitive information related to the victims' allegations under the emergency regime. One of the keys is to protect the data with multiple layers of security and to use encrypted platforms with automatic self-destruct functions, such as CryptPad.

The authoritarian escalation in El Salvador has forced organizations to be more cautious with their public work. For this reason, Chávez requested that her organization not be mentioned for fear of reprisals following the recent approval of the Foreign Agents Law, which requires those receiving international funds to register as “foreign agents.” If authorized, they would be subject to a 30 percent tax on all foreign funding, a measure that opponents of the legislation say seeks to economically stifle dissenting voices.

Natalia Alberto

El Salvador's political situation has forced them to contemplate several scenarios on how to safeguard information. The most critical implies that the government may consider the activities of their organization as a direct contravention of the law and raid their offices. Another concern is that, at the time of registration, they will be required to hand over the contents of the devices.

“The registry is designed as an all-powerful entity. There are minimum requirements to be able to register, but they have the power to demand whatever they want,” says Chávez. “There are no limits in the regulations on what they can request. What worries us is that, as part of a routine process, they want to seize computers, hard disks, etc.”

Natalia Alberto

The passage of this law to control speech and information is not an isolated case. In November 2024, El Salvador's Congress passed laws establishing the creation of the State Cybersecurity Agency, whose powers include managing cyber threats and overseeing data protection compliance.

“The government of El Salvador has created an entire infrastructure to have not only social, but also digital control of the citizenry. With the creation of this agency, an oversight tool is enabled for issues related to information, the use of technology and our digital identity,” explains Joshi Leban, a specialist in advocacy and digital literacy.

The records that Chávez is so keenly guarding also have a vision in which this hope for justice persists.

“At some point, perhaps this will become an international litigation, or it may be that this government ends and a process of oversight of what has happened begins. In that scenario, it will serve that the organizations have put these facts on record as documentation.”

_This story originally appeared on WIRED en Español and has been translated from Spanish._

Tag

#ios