Micron Technology Forecasts Surge in Revenue and Earnings on AI-Driven Memory Demand 
Trump Signs Executive Order to Establish National AI Regulation Standard 
Nvidia Weighs Expanding H200 AI Chip Production as China Demand Surges 
OpenAI Explores Massive Funding Round at $750 Billion Valuation 
Oracle Stock Slides After Blue Owl Exit Report, Company Says Michigan Data Center Talks Remain on Track 
SpaceX Edges Toward Landmark IPO as Elon Musk Confirms Plans 
Jared Isaacman Confirmed as NASA Administrator, Becomes 15th Leader of U.S. Space Agency 
SoftBank Shares Slide as Oracle’s AI Spending Plans Fuel Market Jitters 
Apple App Store Injunction Largely Upheld as Appeals Court Rules on Epic Games Case 
SK Hynix Considers U.S. ADR Listing to Boost Shareholder Value Amid Rising AI Chip Demand 
noyb Files GDPR Complaints Against TikTok, Grindr, and AppsFlyer Over Alleged Illegal Data Tracking. 
Oracle Stock Surges After Hours on TikTok Deal Optimism and OpenAI Fundraising Buzz 
MetaX IPO Soars as China’s AI Chip Stocks Ignite Investor Frenzy 
Moore Threads Stock Slides After Risk Warning Despite 600% Surge Since IPO 
SpaceX Insider Share Sale Values Company Near $800 Billion Amid IPO Speculation 
Mizuho Raises Broadcom Price Target to $450 on Surging AI Chip Demand 
Security researchers recently found a bug on Comcast Xfinity’s official account activation website that allows attackers to easily obtain customers’ WiFi names and passwords.
ZDNet reported on the issue after getting a tip from security researchers Karan Saini and Ryan Stevenson. The subject of the bug was Xfinity’s official website where customers activate online services for their accounts.
According to the report and based on their own testing, the bug allows unauthorized people to obtain WiFi names and passwords of customers who are using Xfinity-provided routers. To illicitly collect these data, an attacker will only need to enter the target’s residential address.
These issues were confirmed by the publication after two Xfinity customers agreed to participate in the test and provided their home addresses.
The experiment revealed that the bugged website provided the correct WiFi name and password of the customer who uses an Xfinity router. Even worse, the website gave these data in plaintext or in its unencrypted, unscrambled form. So, ultimately, an attacker needs one information to intrude a personal WiFi connection.
The security issue does not end there. It was also found that the glitched website gives information of an Xfinity customer even when their WiFi connection is active and even after they have changed their WiFi name and password.
Though the compromised website requires a customer’s complete address, ZDNet commented that an attacker can gather that information by simply guessing a house number or, more easily, by snatching a utility bill thrown in the garbage.
By simply providing a customer’s address, an attacker can tamper the WiFi name and password of Xfinity routers — even custom ones — and later avoid the actual user to access his or her own WiFi connection.
As of this writing, the said website is still up and running and TechCrunch noted that the issue appears to still be in place. And since the bug appears to be useless when aimed at customers with a non-Xfinity router, buying one seems to be the only possible solution for now.
