TECH NEWS

Android 16 Bug Allows Apps to Ignore VPNs and Leak IP Addresses

https://www.cnet.com/a/img/resize/e42e9f68183f66ffb4c1f67a3109a708235d9af8/hub/2026/05/14/5584171c-d6da-4387-b9e7-5572980ed0f3/shutterstock-vpn-android.jpg?auto=webp&fit=crop&height=675&wi...

Reports surfaced this week that Android 16 may have a vulnerability that allows apps to ignore VPNs and send IP information, regardless of settings. A security engineer based in Zurich posted about the bug on the website lowlevel.fun, writing that the engineer reported it through Google's Vulnerability Reward Program, which pays rewards to security researchers who find bugs in Android apps. The findings were reposted by VPN provider Mullvad on the company's blog.

But the engineer shared logs showing that Android's security team closed the report, saying it was "infeasible" to fix and wasn't considered a high enough priority for the security team. The engineer did not immediately respond to a request for comment.

"This issue only affects devices that have downloaded a malicious app," a representative for Google told CNET in an email.

The Google representative said Google Play Protect automatically protects users from known malicious apps,...

Copyright of this story solely belongs to cnet.com. To see the full text click HERE

Read more

https://image.theregister.com/5242949.jpg?imageId=5242949&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'? The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named “Private-CISA” containing plain-text passwords, private keys, tokens, and secrets – with obvious file names like “external-secret-repo-creds.yaml” and “AWS-Workspace-Firefox-Passwords.csv” – for six
https://techcrunch.com/wp-content/uploads/2026/05/GettyImages-2259661359.jpg?w=1024

SpaceX S-1: xAI had a $6.4B operating loss on $3.2B in revenue in 2025; Grok and X had 550M MAUs combined as of March 2026, and 117M used Grok's AI features

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. App Spotlight: Quo for Zoho CRM — App Spotlight brings you hand-picked solutions that enhance your