access Archives - usatoday24

Alcasec managed to access hundreds of thousands of banking details in Spain: now it has accepted prison

May 28, 2026 by usatoday24

There are cybersecurity cases that seem distant until they force us to look inward. We are not talking about a large foreign technology company or a gap lost in some remote corner of the Internet, but rather about banking data of citizens in Spain, access linked to public infrastructure and a chain that, according to the Prosecutor’s Office, ended with hundreds of thousands of records entered into a portal for sale. What we have seen with Alcasec It matters not only because of the name itself, but because of what it reveals: personal information has become a very valuable commodity. The agreement. This part of the case has been settled in the National Court with an agreement between the accused and the Prosecutor’s Office. According to EFEJosé Luis Huertas, alias Alcasec, has accepted a sentence of two years and seven months in prison for the crimes of illegal access to computer systems and discovery and disclosure of secrets. The Prosecutor’s Office initially requested three years, but applied the mitigating circumstance of confession. Along with him, Daniel BE and Juan Carlos OG, thus identified in the judicial information, have also accepted a sentence: two years and two months for the first as a cooperator and one year and three months for the second for discovery of secrets. The access. The indictment describes an entry built in layers, not a simple stroke of luck. On October 19, 2021, Alcasec contracted two massive data storage systems with Cherry Servers, a company based in Lithuania, using an email account created when he was a minor to hide his identity. Later, Daniel BE, whom the Prosecutor’s Office links to Russian forums specialized in the unauthorized sale of passwords, provided him with a stolen digital certificate issued to the General Directorate of Traffic. With that certificate, always according to the accusation, he managed to navigate the SARA network, connect to the CGPJ Judicial Neutral Point website and obtain the credentials of an official from a Bilbao court. The impersonation. The next step, always according to the Prosecutor’s Office, was to convert that first access into a way to obtain more credentials. Alcasec and Daniel BE created a page that pretended to be the access website to the Judicial Neutral Point, and the former sent a text chain to different courts that redirected to that false page. Two officials mistakenly entered their passwords, which allowed the scope of the attack to expand. The mechanics are important because they show that the intrusion did not depend only on a technical vulnerability, but also on deception of real users. The scale. With these credentials, according to the indictment, Alcasec made 438,099 requests to the Tax Agency’s “extended bank accounts” web service and shortly after carried out a second attack. The data is not minor: we are not talking about an isolated query, but rather a massive volume of queries to sensitive information through a system connected to the Administration. For the sale of data, some of relevant people, the portal was available. The reduction. The accepted sentence does not come out of nowhere, but from an agreement in accordance with the Prosecutor’s Office. As we noted above, the initial request was for three years in prison, but it was reduced to two years and seven months when the mitigating circumstance of confession for the recognized crimes was applied. The prosecutor also valued the collaboration of the accused during the investigation, particularly in providing their codes and passwords. In addition, they accepted the confiscation of the effects and the physical and virtual money seized in the searches carried out in Madrid, Cartagena and Dos Hermanas. Another investigation. There is an important nuance to not mix planes. Alcasec has been in provisional prison for a year for a different reason, related to a network of cyberattacks that seized sensitive and private data of millions of citizens and that he allegedly led. In that investigation he was arrested along with former Secretary of State for Security Francisco Martínez, currently on trial for Operation Kitchen. The reading. What this case leaves behind is not only an accepted conviction, but a fairly clear photograph of where part of cybercrime has moved. We are no longer just talking about entering a system, but about chaining access, taking advantage of real credentials, consulting sensitive services and preparing information for sale. Images | Capture YouTube In Xataka | We have spoken with one of the leading cybersecurity companies in Spain. And his diagnosis is not encouraging

how to access your Wrapped with your listening statistics from the day you registered

May 12, 2026 by usatoday24

Let’s tell you what is the new experience Your Years in Party Mode from Spotify, a kind of Wrapped with a summary of your main data since you registered on the platform. This is a special experience created by the streaming service to celebrate its twenty years of existence. Actually, this experience is quite simple, and it only shows you a few pieces of data, much less than what you can obtain with third-party services with which to collect your Spotify statistics. However, it still shows you some curious things like the first song you listened to or your most listened to artist. Therefore, we are going to tell you how can you launch this experience and what are the statistics that you will be able to see with it. In addition, you will also have a special playlist and several slides to share in stories of social networks. How to see your Wrapped with data since you signed up for Spotify To launch the experience of Your Years in Party Mode from Spotify, you have to enter the website spotify.com/20 in the browser of your mobile or your computer. If you do it on your mobile, you can directly open the Spotify app from within, and from your computer you will have a QR to scan with your mobile. Once you start the experience, you will have a kind of long history where your data is displayed. There are not several slides that you can navigate, but a single one where everything is shown little by little, but with buttons that allow you to interact with it. The first thing you will see is the exact date you registered on Spotify with your account. That was your first day. Below you can click on Next giftwhich is a poor translation of the follow to next data button that you will see on each screen. Then you will go to another screen where you are told the total number of songs you have listened to on Spotify from the day you registered. This is a good first piece of information to share and compare with your friends. Then you’ll be able to guess which one it was. the first song you heard between four options, game after which you will be shown the topic that was. And when you do this, then you will be taught What is the artist you have listened to the most? from the day you registered with Spotify, also indicating the number of minutes you have spent listening to it. Then comes one of the most interesting parts, and that is that Spotify gives you a playlist with your most listened to songs ever. Come on, the topics you’ve been listening to the most since the day you registered. When this screen appears, tap Save to library to save the playlist and listen to it whenever you want. Finally, you will go to a screen where 5 slides are shown to choose from, and in each of them you have a button to share it on social networks. You can share slides with your registration date, total songs listened to, most listened to song, your top artist and another with all this data together. In Xataka Basics | Spotify listening statistics: what they are and how to access them to know which artists you have listened to the most each week

Europe has been depending on Amazon, Google and Microsoft for its most critical data for years. You are about to cut off their access

May 12, 2026 by usatoday24

The European Commission is taking action. This organization is expected to present its “Technological Sovereignty Package” on May 27. This directive will include a series of measures aimed at boosting the EU’s strategic autonomy in sensitive areas, and that means something unique: stopping depending as much as possible on US hyperscalers to store critical data. The fear of the off button. The measures are being applied due to growing political instability and some recent cases that have demonstrated the power that the US has over the European technological infrastructure. In May Microsoft “cancelled” the email of Karim Khan, a prosecutor who had been directly cited in an executive order from Donald Trump. Microsoft he denied itbut the damage had already been done, and these problems have raised fears that Trump could use a kind of “off button” against European institutions that depend on the hardware and software infrastructure provided by companies like Microsoft, Google or Amazon. Legal espionage. The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) is a 2018 US law that allows law enforcement to force US-based technology companies (such as Google, Microsoft or Amazon) to provide data, regardless of where it is stored, whether inside or outside the United States. This law updates the Stored Communications Act to prioritize data control over its location. Or what is the same: if you use the services of US hyperscalers, the US may end up accessing your data. And since you’ve accepted their terms of use, you agree to let them legally spy on you if they “need to.” If you want my critical data, you’ll have to protect it. The new regulations require service providers who want to work with critical European data to demonstrate that they are not subject to requests from non-EU governments. This automatically excludes Microsoft, Google or Amazon, because all three are subject to the CLOUD Act. Europe is thus looking for providers that guarantee that critical data will not be in the possession of companies that then have to transfer it to foreign powers. Europe depends on the American cloud. The reality is that today Amazon (AWS), Microsoft (Azure) and Google (Google Cloud) currently control more than 70% of the Cloud Computing market in the old continent. Losing these institutional contracts would mean a significant financial blow, but it also sends a powerful signal to European private companies: if Brussels does not trust the US with its secrets, why should European corporations? The domino effect could be huge. Europe has its own clouds. This directive would give an important opportunity to initiatives that seemed stalled like GAIA-Xbut there are also companies with their own infrastructure such as OVH (France) or T-Systems (Germany). There are significant technical challenges in that area, because US hyperscalers have been refining their offering over the past two decades. However, Brussels seems willing to accept a somewhat less efficient or complete service in exchange for greater autonomy. The options existno doubt, but the challenge is enormous. Migrating is going to be expensive. It is one thing to make the decision and quite another to complete that migration that will require moving decades of data and systems to a different infrastructure. Current data centers would have to be expanded to meet demand, they say some analysisand that would mean a cost of between 14,000 and 24,000 million euros. Consulting companies like Forrester they don’t see anything clear that the EU can achieve cloud sovereignty, and other experts also make it clear that Europe will not abandon the hyperscalers. Traceability. In addition to changing suppliers, the board also wants to impose strict requirements regarding transparency. AI systems that have access to that data must be auditable by the newly created EU AI Office. The Commission wants to know who has access to the code, who maintains the servers and who has the technical capacity to manage and even intercept such data transfers. Data too sensitive. In comments to CNBCEU officials explained that there are active debates demanding that financial, judicial or health data used at the government level and in the public sector have a sovereign cloud infrastructure. That’s also true for military data, of course, and There are already movements in that direction. Fragmented Internet. The move confirms that the world appears to be heading toward a future with a fragmented internet and one that will have important geopolitical boundaries. While the US tries to defend its technology against China, Europe and the entire world are trying to avoid or at least mitigate their excessive dependence on American technological solutions. Image | İsmail Enes Ayhan and François Genon In Xataka | Europe no longer trusts Google. That is why several start-ups are designing an independent payment system on Android

Mythos has struck fear into governments around the world. That’s why Spain wants “early access” to see what happens

May 6, 2026 by usatoday24

Spain wants to have access to Claude Mythos Preview, the AI model it is making shake the world. The vice president and Minister of Economy, Carlos Body, has made clear that the European Union needs “early access” to Mythos to be able to assess what vulnerabilities European financial systems have. For the minister, “Europe cannot be a second-class region.” Bad news: today, at least for the most powerful AI startups on the planet, it is. There is not only fear in the banking sector. Although the alarm was initially raised by the financial sector, the Spanish Government warns that Mythos’ ability to find “back doors” affects practically all economic sectors. We are talking about threats that extend to critical infrastructure and essential elements for the functioning of any modern country. Anthropic itself has already made its fears clear: they did not want to launch the model publicly to prevent it from falling into the wrong hands. The AI Act is a problem. The European AI Law was widely celebrated among Eurolegislators for being the world’s first major regulation about this technology. In reality, it has become clear that it has been a shot in the foot for EU countries, which have often seen how the most advanced AI models could not be used on our borders because they could violate this regulation or others. like DMA/DSA. This regulation forces companies to comply with strict requirements if they want to deploy especially advanced models, considered “high risk.” And Mythos is just that, so the AI Act is precisely what would prevent it from being used in Europe. So they want to delay its application. Euroofficials have realized their mistake, and are now trying to buy time because technology moves (much) faster than bureaucracy. Their proposal is simple: delay until December 2027 the application of these obligations for “high risk” models like Mythos. In this way, this model could operate in Europe without having to go through these strict controls for another year and a half. Milestone or marketing maneuver? While the Eurogroup and the ECB analyze the risks with those responsible for financial supervision, in El Mundo quote to a group of critical voices who suggest that Anthropic’s maneuver could be a distraction strategy. The thesis is simple: the company has a clear computing capacity problem, and is not able to satisfy demand. Their solution: argue that Mythos is too powerful to avoid having to release it publicly, which would cause an avalanche of petitions. Coordination. Body added that in this case it is important that the request for “early access” is coordinated and comes from the EU as a block: “We Member States cannot each go on our own in an uncoordinated manner to try to access this software to this model. We need the umbrella of the Commission and a coordinated approach.” AI as a geopolitical weapon. What this has shown is that little by little access to advanced AI models is becoming a geopolitical weapon that is straining relations between Washington and Brussels. Anthropic is expanding access to Mythos to some institutions for example in the United Kingdoma traditional ally of the US. However, trade relations with Europe they are still complicatedespecially after the tariffs with which the Trump administration wanted to change the rules of the game. In Xataka | The bad news is that the EU loses out in the tariff pact with the US. The good thing is that Spain comes out relatively unscathed

The world wants to verify the age of children so that they do not access social networks. Children’s solution: paint a mustache

May 5, 2026 by usatoday24

The United Kingdom presume to have one of the strictest legislations in the world when it comes to protecting minors from social networks. The curious thing is that young people are managing to demonstrate that age verification technology has a unique Achilles heel: an eyebrow pencil. Look, I have a mustache. The British country has been forcing platforms to implement age verification measures in accordance with its Online Safety Act for months. However, a recent study from the NGO Internet Matters reveals that the limits imposed by these platforms are surprisingly easy to overcome. In fact, one of the methods is especially striking, because some children simply use an eyebrow pencil to paint a mustache and thus look older than they really are. Children 1 – Machines 0. This agency surveyed 1,000 children and parents in the United Kingdom and although it showed positive effects after activating these measures, it also made it clear that many children saw these systems as an easy obstacle to overcome rather than as a way to keep them safe. 46% of minors believe that the measures are easy to overcome. Only 17% believe that they are very difficult to avoid, while 19% say they do not know. Source: Internet Matters. Cheating machines is trivial. 46% of the children surveyed indicated that These age verification systems are easy to overcomeand only 17% found them difficult to avoid. There are several methods to overcome these systems, but most are simple. For example, using video game characters like ‘Death Stranding’ to show them in front of cameras trying to verify their age. Also show IDs of other people when asked, or simply use false birth dates. (At least) One in three skips the controls. But not everyone uses these methods: although the aforementioned 46% say that it is easy to overcome these systems and another 17% say that they are neither easy nor difficult, “only” 32% admit to having used some technique to overcome them. Of course, it is one thing that only 32% admit it and quite another that these figures are representative taking into account that they are confessing that they are doing something that they should not do. Methods vary, but many use fake birth dates or log in with their parents’ or siblings’ accounts. Complicit parents. The effectiveness of the Online Safety Act depends largely on the family environment, with data suggesting that at least a quarter of parents are uncooperative. The study indicates that 26% of parents have allowed their children to ignore or overcome these age verification systems, and in fact 17% admit have actively helped their children to evade these controls while 9% simply turn a blind eye. It’s not that big of a deal. Many parents justify this “help” by indicating that they understand the risks of their children accessing these platforms, but prefer to supervise the use of services such as TikTok or video games themselves. The idea: allow your children to bypass restrictions to play with friends or stream, but theoretically under your supervision. The failure of putting doors to the field. It’s not just that age verification systems are easy to overcome: The thing is that they do not eliminate risks completely either. In the Internet Matters study, almost half of the minors surveyed (49%) indicated that they had recently encountered toxic material on the Internet. This makes it clear that even children who do not try to bypass these controls still encounter inappropriate content. There are those who advocate going further and push for the end of online anonymity. Image | Jeremiah Lawrence In Xataka | The EU has just ready its app to verify age on the internet. And Ursula von der Leyen warns: “There are no more excuses”

Only a handful of US companies have access to Claude Mythos: the ECB already fears for the savings of all of Europe

May 5, 2026 by usatoday24

He hasn’t even been with us a month and Claude Mythos Preview is terrifying the world. AND We don’t even know if there are reasons for it.because Anthropic has it tied up and muzzled: only a handful of companies have been able to access the model to test it and use it properly. The objective is that these companies can use it to find vulnerabilities before others do, but of course, a contagion effect has been created: if the model is good enough to find security flaws everywhereeveryone is threatened. And among those beginning to fear the worst are the world’s most important financial institutions. And the European Central Bank is one of them. The Project Glasswing Private Club. During the launch of Claude Mythos Preview, Anthropic selected an extremely small group of US “partners” to carry out the first fire tests of this model. Under the name of Project Glasswing, giants such as Amazon, Apple, Microsoft, Alphabet or financial entities such as JP Morgan have been the only ones authorized to evaluate the capabilities of Mythos. This access has made AI become a curious geopolitical piece. One that has left the European institutions aside. In Xataka An Anthropic worker was having a snack when he received an email he should never have received: it was Mythos The fear of zero-day. What makes Mythos a fearsome AI model is its ability to go through the code of all types of applications and software platforms and find so-called vulnerabilities.”zero day“. These flaws are not even known by the developers of these projects, and they tend to remain hidden even in highly critical infrastructures such as banking or energy companies. Until now, finding these security holes required complex work by highly specialized human experts, but Mythos is capable of detecting many of these flaws and generating the code to exploit them almost instantly. The European Central Bank, on alert. Given this panorama, the ECB has taken action on the matter calling on those responsible for risks in the main financial entities of the Eurozone. Among the participants are those responsible for Santander, BBVA, CaixaBank and Sabadell, who must – like the rest – detail their contingency plans for the possible emergence of Mythos. This is no longer about how to act in the event of increases in unemployment or economic contractions, but rather about what steps should be taken if the model falls into the hands of cybercriminals who could cause massive thefts of data… and money. A “nuclear” weapon. That only some private American companies have access to the model has strained international relations in a notable way. The White House and the US Treasury hold meetings with their banks, and meanwhile some media sympathetic to the Russian regime qualify to this model as something “worse than a nuclear bomb. Huge (theoretical) risks. The fact that a single company can unilaterally decide who has access to the most powerful cybersecurity tool on the planet (or so Anthropic claims) creates a truly delicate situation. This can put all types of entities in check, but also even developing countries with more vulnerable systems. The UK has already had access to Mythos. The British country has already managed to position itself ahead of the countries of the European Union. The AI Security Institute has had access to the model and has confirmed that the model is capable of completing attacks that no previous AI could complete. Anthropic itself has indicated which will expand access to Mythos to British financial institutions. Meanwhile, EU member countries continue to wait for that same privilege. {“videoId”:”xa4n2g8″,”autoplay”:false,”title”:”An initiative to secure the world’s software ｜ Project Glasswing”, “tag”:””, “duration”:”349″} Possible cracks. While all this is happening, Anthropic itself confirmed how unauthorized users they could have accessed to a version of Mythos. If users with bad intentions gain access to a model of this type, the consequences could be important… if it really complies with the expectations that have been generated. Cybersecurity experts warn that it is a matter of time before other powers such as China develop similar capabilities. OpenAI in fact already has GPT-5-5 Cyber, a specific version of its new model that also seems to have notable capabilities in this regard. And as in the case of Anthropic with Mythos, access to this model is restricted. In Xataka |OpenAI and Anthropic have proposed the impossible: lose $85 billion in one year and survive (function() { window._JS_MODULES = window._JS_MODULES || {}; var headElement = document.getElementsByTagName(‘head’)(0); if (_JS_MODULES.instagram) { var instagramScript = document.createElement(‘script’); instagramScript.src=”https://platform.instagram.com/en_US/embeds.js”; instagramScript.async = true; instagramScript.defer = true; headElement.appendChild(instagramScript); – The news Only a handful of US companies have access to Claude Mythos: the ECB already fears for the savings of all of Europe was originally published in Xataka by Javier Pastor .

There are thousands of scientific articles that ask you to pay to read them. Sci-Bot has arrived to access them for free

April 29, 2026 by usatoday24

Scientific knowledge is supposedly something that nourishes all human beings to continue advancing, but the problem is that in many cases the articles that contain this knowledge are in tools that require a subscription to read them. This limitation in access to universal knowledge has led to the emergence of different platforms that bring together all these articles, such as Sci-Hubwhich now improves with his AI called Sci-Bot which promises to put an end to ChatGPT’s “hallucinations” in the scientific field. How it started. At the end of this same month of April, a message on networks published by Mushtaq Bilal began to go viral, and no wonder, since it gave a notice in which, ironically, it invited us to use a new Sci-Hub tool that allowed access to scientific advances for free. Something they do through the back door and that already it almost cost them closure forced by the famous ‘Pirate Bay’ But logically this publication had the opposite effect, going viral, and also revived the eternal debate about the paywalls in science they can block access to this knowledge. But now Sci-Hub’s new tool has arrived to change this (partly). A great library. To understand the magnitude of Sci-Bot, you must first look at the size of its brain, since since Elbakyan founded the web in 2011, Sci-Bot has become in a headache for scientific dissemination giants such as Elsevier or Springer, which are behind the publication of thousands of top-level articles. Here, according to the official data of the platform itselfSci-Hub hosts 88,343,822 research documents and books, so we are talking about 100 TB of human knowledge covering more than 95% of the publications of the main scientific publishers. And with free access and without going through the checkout, as happens on the websites of some of these publishers. The jewel in the crown. As Sci-Hub’s own page reveals, Sci-Bot is an AI that is designed to be able to search within the titanic database to select the most relevant studies and compose articulated responses. Its main attraction is that compared to generalist AIs like ChatGPT or Claude there are hardly any hallucinations, such as its creators pointed out in a scientific article in which tests were carried out in this sense. And this is something very important because I have been able to experience with my own eyes how AI invents bibliographical references or assigns research to authors who have nothing to do with it. But Sci-Bot, being anchored to a real database from which it draws the information, means that there are direct references to the original papers, allowing users to jump over the hated paywalls to access scientific evidence. Still needs improvement. At the moment it is starting in its alpha phase and that is why it has different limitations, such as that it can only answer one question at a time and does not maintain the thread of chained queries, even if they are on the same topic. But the truth is that it is quite promising to have access to the vast majority of human knowledge. They put obstacles in his way. Here, logically, the magazines have a lot to say, since they do not like having the articles freely available when they request a subscription to access them. This means that right now Sci-Bot has the most recent scientific articles as its blind spot, since due to the new and aggressive security measures implemented by large publishers in recent years to avoid scrapingthe database has some gaps in articles published in the most recent months. This makes the AI unable to respond regarding the most recent evidence. But without a doubt we are facing an advance that began with the arrival of Sci-Hub with the promise of democratizing science, although through the back door by freely publishing articles that are actually ‘private’. And the only thing this will do is create a new front between open access and large publishers seeking financial returns. In Xataka | More and more media outlets are going over the paywall in Spain, the big question is whether there will be subscribers for everyone

What it is, what courses with official certification it offers and what free materials you can access

March 27, 2026 by usatoday24

Let’s tell you what it is and what it offers OpenAI Academya web portal for the creators of ChatGPT with many free resources to help you learn how to use the artificial intelligence. It has practical tools and resources for users of all profiles, so you can learn how to use AI effectively and responsibly. Just as Anthropic has a series of free courses for ClaudeOpenAI opts for a different format. They are not courses in themselves, but rather a content and community platform including videos, articles, guides and live events. Although if you are looking for courses, we will also tell you about the two created by OpenAI. What is OpenAI Academy OpenAI Academy is a digital platform created by OpenAI, the company that created ChatGPT and one of those leading the artificial intelligence revolution for consumers. In it they centralize training resourcesto improve AI knowledge. The intention of this platform is to try help all types of users with various types of profiles. In it you will find content from people without any knowledge who want to take their first steps in AI to other types of professionals who want help to optimize their work in a specific sector using AI. Therefore, it is used to learn but also to specialize with the use of AI in certain areas. They do all this with a combination of online events, workshops, and other digital content. The idea is to be able to go from the fundamentals of AI literacy to its advanced integration when you are a developer. The platform is completely freealthough it will require you to register to access some of its content. Unlike other platforms such as Anthropic’s training platform, it is not a place for courses, but instead combines online resources thematic communities and all kinds of training tools. What OpenAI Academy offers The OpenAI platform offers various types of content. First of all, you have online or in-person training eventswhich are talks scheduled for a specific day or time. These talks are given by specialist educators, and anyone who wants can sign up to attend. And then we have a contents section, where you will find videos, resources, blog posts and external content. These are all resources aimed at helping users learn and better understand how to use artificial intelligence in different areas. All of these contents are served for different types of people. You’ll be able to find things for basic users like educators, OT workers, government or non-profit organizations, small businesses, students, healthcare workers, administrators and more. You will also find publications designed to teach you or suggest you Custom GPTs, prompt packs, advanced features and more. In short, all the resources to master ChatGPT to the fullest, categorized by tags and their type of content. And finally, you will also find an open communities section aimed at different types of users. These communities are like specific forums where you will also find content aimed at them and you can interact with other users. The only drawback you are going to encounter is that all contents are only in English. Therefore, if you are a Spanish-speaking user who does not master this language, you will not be able to enjoy them too much. They plan to expand the academy to other languages, but at the moment there are no specific dates. Courses with official certification Lastly, OpenAI also has two own courses with official certification. The only problem is that the courses are not within this platform. Instead, one of them is taught by ChatGPT for some users and the other is on a third-party platform. AI Foundations: A certification course for workers in any sector or industry. Not yet available to all usersbut only for certain people, but when it is, it will be taught directly within ChatGPT with the chatbot itself acting as the teacher. ChatGPT Foundations for Teachers: Course aimed at primary and secondary education teachers, to teach them the fundamentals of ChatGPT and to be able to customize it and use it in their work. It’s on Courseraand will soon be integrated into ChatGPT for Teachers. In Xataka Basics | The best applications to have local artificial intelligence on your mobile or PC, without needing a connection and with greater privacy

ended up having access to 6,700 devices around the world

February 26, 2026 by usatoday24

You don’t have to have a house full of devices to depend on the cloud. All it takes is a connected robot vacuum cleaner so that some of its information passes through external servers and we can manage it from anywhere. The model has been standardized and, in principle, works. But that normality breaks down when questions arise about who can see what. That is what an American technology publication published regarding the DJI ROMO: A user claimed to have accessed data and activity from thousands of devices around the world before the issue was fixed. Curiosity and risk. The story begins with something much more trivial than one might imagine. Sammy Azdoufal, an AI strategy manager at a vacation rental company, only wanted to control his own DJI ROMO with a PS5 controller “because it was fun,” as explained to The Verge. To do this, he developed a homemade application that began to communicate with DJI servers. The unexpected thing was that it was not just his vacuum cleaner that responded. Instead of a single device, thousands began to appear, spread across different countries, which recognized it as if it were its owner. What I could see and control. What came next is what really changes the tone of the story. During a live demonstration, Azdoufal showed how his tool was detecting devices in real time: in just nine minutes he had cataloged 6,700 robots in 24 countries and collected more than 100,000 messages sent by them. Each one reported information every few seconds through a protocol called MQTTcommon in connected devices, indicating their serial number, which room they were cleaning, how far they had traveled or when they returned to the charging base. As Azdoufal himself explained, he did not need to “hack” the company’s servers in the classic sense. What he did was analyze how his own ROMO communicated with DJI’s infrastructure and extract the private token associated with his device, that is, the credential that allows him to authenticate to the system. To decipher these protocols, he resorted to the well-known AI tool Claude Codewhich he used as support in the reverse engineering process. The problem, always depending on your version, is that once authenticated as a valid client, the servers did not properly limit which messages you could subscribe to receive. The official version and patches. The company maintains that it detected the vulnerability in late January through an internal review and began remediation immediately. According to its statement, it deployed a first patch on February 8 and a second update on February 10 to cover nodes that had not received the initial fix. DJI admits “a backend permission validation issue” related to MQTT communication between device and server, although it says unauthorized access was “extremely rare.” It also highlights that the transmission was encrypted using TLS and that data from European devices is stored on AWS infrastructure located in the United States. Questions on the table. If a user was able to detect that level of exposure almost by accident, one might wonder how these systems are internally audited and what controls are in place before a product hits the market. We are not talking about just any appliance, but rather a device with sensors, a camera and permanent connectivity within the home. Azdoufal himself even questioned the presence of a microphone in a vacuum cleaner. It is not a new debate: in recent years Other manufacturers have faced similar incidents with robots capable of transmitting video or storing images. A change of scenery for DJI. After years dominating the air with drones and stabilization systems, the company decided to apply its engineering to domestic soil. The result was DJI ROMO, a robot vacuum cleaner that combines optical and LiDAR sensors to generate precise maps and avoid obstacles, supported by planning algorithms and the DJI Home app to manage zones, modes and alerts. It is not a simple mechanical appliance, but a connected platform that depends on continuous data to function with that precision. And that is where security takes on a determining role. Images | DJI In Xataka | How often should we change ALL our passwords according to three cybersecurity experts

What channels are available for free and how to access them

January 15, 2026 by usatoday24

Let’s tell you how to watch DTT on Prime Videoalthough at the moment only those on public television are available. We are going to tell you what exactly you can expect from this movement, its advantages, and how to access these channels. Although DTT is accessible to almost everyone, being able to access its channels from streaming services can help you wherever you are. There is no television signal but you do have internetwhether sharing the connection from your mobile or with something contracted. Which DTT channels are seen on Prime Video For now, from January 14, 2026 You can see all RTVE channels. These channels are La1, La2, Clan, Teledeporte and 24H. All of them can be accessed from the same place as the rest of the channels. The other DTT channels are paid. For example, Atresmedia has its own available, but you must pay for Atresplayer Premium, while for Mediaset’s you must have a subscription to Infinity+. You have to hire these as an addon. We still do not know if after the free incorporation of RTVE the private channels will imitate their movement or not. How to access channels To access the free DTT channels on Prime Video, the first thing is to have a subscription to this service. Then inside the app Click on the section live TV that you will have at the top. This will take you to the list of free channels that are broadcasting live on this service. In it, simply, go down until you find the ones from TRVE and select them. That will start the broadcast over the Internet. In Xataka Basics | DTT channels in 2026: what changes are there with a channel that is leaving, a new channel and another that changes its name

Log In

Sign In

Forgot password?

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections