Apple unveiled Memory Integrity Enforcement (MIE) for iPhone, an always-on memory-safety system that protects key attack surfaces, including the kernel and 70+ user processes, to counter sophisticated exploits rooted in memory corruption.
Bitcoin (BTC) rebounded above $112,000 ahead of tomorrow’s U.S. inflation data.
Adobe released an emergency fix for “SessionReaper,” a critical Adobe Commerce/Magento flaw (CVE-2025-542360, CVSS 9.1) enabling session hijacking and potentially unauthenticated RCE. No in-the-wild exploitation reported; patches and guidance are available.
CoinShares Bitcoin Mining ETF (WGMI) hit a record $33.13, rising 12% Tuesday and 44% YTD, as AI-driven momentum—including Nebius’s $17.4B GPU deal with Microsoft—lifted mining stocks. Top holdings IREN and Cipher Mining are up 188% and 90% YTD.
Tinder launched Modes, a new way to browse profiles with For You, Double Date, and College views. Modes and Double Date are live globally; College Mode begins rolling out to eligible U.S. users this fall on iOS and Android.
Researchers report a supply-chain attack that poisoned several highly popular NPM packages, adding code to intercept cryptocurrency transactions. Malicious versions propagated widely, reaching about 10% of cloud environments.
ANY.RUN researchers uncovered Salty2FA, a phishing-as-a-service kit that intercepts credentials and bypasses push, SMS, and voice 2FA. Active since June 2025, it’s targeting enterprises in the US and EU across sectors including finance, energy, and telecom.
Senate Democrats unveiled principles for a crypto market structure bill, proposing CFTC jurisdiction over non-security assets, SEC oversight, BSA registration, and bans on officials profiting from digital assets—potentially shaping Bitcoin rules.
ZDNET publishes a guide to hardening sudo on Linux, emphasizing visudo for validated sudoers edits and restricting privileges by group and command to reduce risk.
Garak, an open-source LLM vulnerability scanner, is now available on GitHub. It probes hallucinations, prompt injections, jailbreaks and toxicity, and supports Hugging Face, OpenAI API, Replicate, LiteLLM, REST and GGUF/llama.cpp v1046+.
Picus Security's Blue Report 2025 finds orgs detected only 1 in 7 of 160M simulated attacks; 50% of detection failures traced to log collection issues; Valid Accounts technique succeeded in 98% of tests.
Vietnam approved a 5-year state-run pilot for crypto markets starting Sep 9, 2025, permitting licensed issuance, custody and trading under strict capital and ownership rules. Domestic BTC trading must use licensed platforms or face penalties.
Google Cloud’s ROI of AI 2025: 52% of generative AI adopters have shifted to agentic AI. Respondents report 77% better threat identification and 61% faster incident resolution; governance and data security remain top concerns.
TechCrunch: AI training startup Mercor is in talks for a Series C that could value it at $10B+, supported by roughly $450M annualized run-rate revenue. Felicis is considering participating again, according to sources.
SAP released security updates addressing critical NetWeaver flaws, including CVE-2025-42944 (CVSS 10), a deserialization bug enabling unauthenticated OS command execution via RMI-P4. Updates also fix a high-severity S/4HANA issue.
Apple launches AirPods Pro 3 with in-ear heart-rate sensors that integrate with the iPhone Fitness app for workout tracking. Upgraded ANC and sound remain, H2 chip stays. $249, shipping Sept 19.
Apple rolls out its in-house N1 wireless chip across new iPhones, adding Wi-Fi 7, Bluetooth 6 and Thread. The move away from Broadcom is meant to boost reliability for Continuity features like AirDrop and Personal Hotspot.
House Appropriations advanced H.R. 5166 requiring Treasury to publish a custody plan for federal Bitcoin, including the Strategic Bitcoin Reserve, within 90 days of enactment, plus feasibility and security reports. The spending bill still needs full passage.
SpaceX will pay $17B (half cash, half stock) to acquire EchoStar spectrum for Starlink’s direct-to-cell service, shifting from carrier partnerships to owning licenses. The move follows FCC SCS rules enabling satellites to extend cellular coverage.
Apple unveiled the iPhone Air: a 5.6mm, 165g phone with a 6.5-inch 120Hz display, A19 Pro chip, Wi‑Fi 7 (N1), Bluetooth 6, and an updated in‑house C1X 5G modem. Priced from $999, preorders start Friday with availability on Sept. 19.
Malicious updates hit at least 18 popular npm packages (including chalk, debug, ansi-styles) after a maintainer’s account was phished via a fake 2FA reset email. The code briefly redirected crypto transactions; the tainted versions were pulled.
Salesloft says Drift campaign began with a breach of its GitHub account. Attackers accessed Drift’s AWS, stole OAuth tokens, and pulled Salesforce data via integrations. Impacted vendors include Tenable, Qualys, Palo Alto Networks and Cloudflare.
HashKey Group will launch what it calls Asia’s largest multi-currency Digital Asset Treasury fund, seeking over $500M. The perpetual vehicle offers regular liquidity and will initially focus on Bitcoin ecosystem projects for institutional investors.
CryptoQuant: Whales dumped 112k–115k BTC in August, the largest Bitcoin distribution since July 2022. Weekly transfers have slowed to ~38k BTC by Sept. 6, and ETF inflows plus corporate buying are helping absorb supply.
SAP reports a critical SAP S/4HANA cloud flaw (CVE-2025-42957, CVSS 9.9) is being exploited in the wild, letting low-privileged users inject ABAP via RFC and gain admin control. Patch released Aug 12; no workarounds.
Threat actors are abusing iCloud Calendar invites to send callback phishing emails via Apple’s servers, passing SPF/DMARC/DKIM and potentially bypassing spam filters. Lures include fake PayPal receipts directing victims to call a “support” number.
European Commission fines Google €2.95B (about $3.5B) for adtech abuse, citing self-preferencing of AdX in its publisher ad server and buying tools. Google has 60 days to end the practices and address conflicts of interest; it plans to appeal.
Lovense Ferri features app control and a strong magnetic clip for secure wear; its internal-fit silicone design concentrates vibration at the clitoris and disperses it across the vulva.
Anthropic agreed to a $1.5B settlement over downloading 7M pirated books to train Claude, per a court filing. A judge earlier held that training was fair use but storing a “central library” violated copyright. Payments require final court approval.
American Bitcoin launched publicly, targeting large-scale Bitcoin mining and a BTC treasury. The firm says it can mine at about half market cost and already holds 2,000+ BTC. Hut 8 is a major shareholder and infrastructure partner, with power from a Texas wind farm.
Aarhus University reports the first real-time observation of alpha-synuclein oligomers forming dynamic membrane pores, enabled by a new single-vesicle analysis platform that could support Parkinson's drug screening. Published in ACS Nano.
Waymo won approval to serve San Jose Mineta International Airport, its first California airport. Testing starts in coming months with commercial robotaxi rides planned by year-end. Waymo already operates 24/7 at Phoenix Sky Harbor.
Anthropic raised $13B, lifting its valuation to $183B, as it reports serving 300,000 enterprise customers. The round was led by ICONIQ with participation from Fidelity and Lightspeed. Funds will expand capacity to meet growing enterprise AI demand.
Visa added Model Context Protocol support to Visa Intelligent Commerce, launching an MCP Server and Acceptance Agent Toolkit (pilot) that let developers connect AI agents to Visa's payments APIs to build agentic shopping and checkout experiences.
Apple struck a deal to test Google’s Gemini in Siri, with possible expansion to Safari and Spotlight, Bloomberg reports. The Siri AI overhaul has been delayed to 2026.
Glassnode: Despite recent whale selling, Bitcoin long-term holders are growing. 7–10y coins now make up 8.1% of supply (highest since 2019); 10y+ holders control ~17% and rising, while the 5–7y cohort has dropped from ~10% to ~5% since 2023.
Hackers breached Evertec's Brazilian subsidiary Sinqia using stolen vendor credentials, attempting $130M Pix transfers. Sinqia halted processing; some funds recovered. Brazil's central bank revoked its Pix access; no customer data exposure reported.
Cloudflare says the Salesloft/Drift supply-chain breach let attackers access its Salesforce support data, exfiltrating ticket text and 104 API tokens (rotated) between Aug 12–17. The company warns the stolen data may be used for targeted attacks.
El Salvador will host its first government-backed Bitcoin conference, Bitcoin Histórico, Nov. 12–13, 2025, at the National Palace. The event follows an IMF deal and policy shift; the state continues to buy, with holdings reportedly over 6,200 BTC.
Coinbase Derivatives will launch Mag7 + Crypto Equity Index Futures on Sept 22, the first U.S.-listed contracts blending top tech stocks with a Bitcoin ETF. The 10-component, equal-weighted index includes BlackRock’s iShares Bitcoin Trust (IBIT).
Bloomberg: Apple is in talks with Google to use Gemini for a revamped Siri. Apple has also explored OpenAI and Anthropic options, with a decision due in weeks. Google is reportedly training a model to run on Apple’s servers.
It will probably stay on the platform and it’s the final season.
Stranger Things creators Matt and Ross Duffer will leave Netflix for Paramount to make theatrical films.
No notable development, trend, or event related to Bitcoin was reported in this update.
AI search startup Perplexity has offered to buy Google Chrome for $34.5 billion, pledging to keep the browser open source and maintain Google as its default search engine if regulators require Google to divest Chrome.
Cloudflare has blocked Perplexity AI's undeclared web crawlers, accusing the AI search engine of bypassing robots.txt rules to scrape restricted content, sparking a major debate over AI data access and control on the open web.
Tea messaging app disabled its messaging system after reporting a second security incident, with over 130,000 user images leaked or accessed from posts, comments, and direct messages.