**From Grubhub to Google: Hackers Ate Well This Week**

It's been a long week in cybersecurity, filled with high-profile data breaches and AI vulnerabilities. But don't worry, some security companies are taking steps to keep you safe, and we've got tips to help you navigate the chaos.

**Grubhub's Data Breach: A Recipe for Disaster**

Food delivery giant Grubhub reported a data breach this week, with hackers demanding a hefty ransom from the company. The hack was linked to a massive Salesforce-related breach last year, but now the data has been packaged up and is ready for sale on the dark web if Grubhub doesn't pay up.

As with every data breach, even if the company pays the ransom, there's no guarantee the data won't still end up on the dark web, putting customers and companies at risk. This serves as a reminder to stay vigilant and keep your personal data safe.

**Tesla's In-Car Entertainment System: A Security Nightmare**

Vehicle company Tesla has been plagued by safety and security issues in the past, but it seems they've also managed to create an in-car entertainment system full of security holes. Security researchers broke into the system in just a few hours, earning them a $35,000 bounty.

**Google's Fast Pair Vulnerability: A Threat to Wireless Headphones**

Security researchers identified a vulnerability in Google's Fast Pair technology, which allows wireless headphones to pair quickly with other Bluetooth-enabled devices. The vulnerability would allow a malicious user to track and pair with any supported headphones.

If you own wireless headphones from brands like Google, Sony, Anker, Jabra, or others, make sure to check for software updates as soon as possible to protect yourself from this threat.

**Security Companies Take Steps to Keep You Safe**

While the news may seem grim, some security companies are taking proactive steps to protect their users. For example, 1Password has upgraded its browser extension to prevent credentials from being pasted on fake lookalike sites designed to steal logins.

LastPass is also sounding the alarm about a phishing campaign targeting its users in an attempt to access password-filled vaults.

**Upgrading Your Phone Without Losing Access to Multi-Factor Authentication**

When upgrading to a new phone or laptop, it's easy to lose access to your multi-factor enabled accounts. But don't worry, we've got tips to help you avoid this common pitfall and stay safe online.

**Google Settles Child Data-Tracking Allegations for $8.25m**

Google has agreed to pay out over $8 million to settle a lawsuit that claimed AdMob, its mobile advertising company, illegally collected data on minors through apps designed for children under 13.

The settlement comes just months after Google settled another case involving child tracking and data collection on YouTube for $170 million.

**New 'Reprompt' Attack Silently Siphons Microsoft Copilot Data**

A new attack called Reprompt has been discovered, which easily bypasses Copilot's data leak protections and allows a user to exfiltrate data. The vulnerability also grants the attacker persistent access to the data thanks to Copilot remembering its conversations with them.

**Google Gemini Flaw Turns Calendar Invites into Attack Vector**

A malicious calendar invitation can turn Google's Gemini against you, collecting sensitive information from your schedule or briefs. Security researchers have discovered another vulnerability in Gemini that allows for similar data exfiltration as the original one.