Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
As researchers and Practitioners discuss the impact of new AI models on cybersecurity Mozilla said on Tuesday that it used early access to Anthropic’s Mythos Preview to… 271 vulnerabilities found and fixed In the new Firefox 150 version. Meanwhile, researchers have identified a group of fairly successful ones North Korean hackers use artificial intelligence for everything From crypto malware to creating fake corporate websites, stealing up to $12 million in three months.
Researchers have finally solved the disruptive problem The malware known as Fast16 predated Stuxnet It may have been used to target Iran’s nuclear program. It was created in 2005 and was likely published by the United States or one of its allies.
Meta is being sued by the Consumer Federation of Americaa non-profit organization, regarding fraudulent ads on Facebook and Instagram that allegedly misled consumers about the company’s efforts to combat them. A US surveillance program that allows the FBI to view Americans’ communications without a warrant is up for renewal, but lawmakers are deadlocked over next steps. A A new bill aims to address Lawmakers’ concerns grow, but they lack substance.
And if you’re looking for a deep dive, WIRED investigated the years-long dispute Behind the prominent privacy and security mobile operating system GrapheneOS. Plus we looked at the strange story of How did China spy on American skater Alyssa Liu? And her father.
And there’s more. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.
Anthropic Preview legends The AI model has been described as a tool with a serious ability to detect vulnerabilities in software and networks, and is so powerful that its creator has carefully restricted its release. But a group of amateur sleuths on Discord have found their own, relatively simple ways—that don’t require hacking AI—to gain unauthorized access to the coveted digital prize: the Mythos itself.
Despite Anthropic’s efforts to control who can use Mythos Preview, a group of Discord users gained access to the tool through some relatively straightforward detective work: they examined data from… The latest violation of Mercuran AI training startup that works with developers, “made an educated guess about the model’s online location based on knowledge about the format Anthropic used for other models” — a phrase that many observers speculated referred to a web URL — according to Bloomberg, which broke the story.
This person also reportedly took advantage of permissions they already had to access other Anthropy models, thanks to their work at the Anthropy contracting company. However, as a result of the investigation, they allegedly gained access to not only Mythos but also other unreleased Anthropic AI models. Fortunately, according to Bloomberg, the group that gained access to Mythos has so far only used it to build simple websites — a decision designed to prevent detection by Anthropic — rather than hacking the planet.
Security researchers have long warned that communications protocols known as Signaling System 7, or SS7, which govern how phone networks communicate with each other and route calls and text messages, are vulnerable to abuse that could allow covert surveillance. Researchers at the digital rights organization Citizen Lab revealed this week that at least two for-profit surveillance vendors have already used these vulnerabilities — or similar ones in next-generation communications protocols — to spy on real victims. Citizen Lab found that two surveillance companies essentially acted as rogue telecom companies, exploiting access to three small telecom companies — Israeli telecoms company 019Mobile, British cellular provider Tango Mobile, and Airtel Jersey, based on the English Channel island of Jersey — to track the location of targets’ phones. Citizen Lab researchers say “high-profile” people were tracked by the two surveillance companies, though they declined to name the companies or their targets. The researchers also warn that the two companies that discovered protocol abuse are likely not alone, and that the weakness of global communications protocols remains a very real vector for phone espionage around the world.
In a sign of the growing – albeit belated – crackdown by US law enforcement on the sprawling criminal industry, Fraud vehicles fueled by human trafficking Across Southeast Asia, the Justice Department this week announced charges against two Chinese men for allegedly helping run a fraud complex in Myanmar and seeking to open a second complex in Cambodia. Jiang Wenjie and Huang Xingshan were both arrested in Thailand earlier this year on immigration charges, according to prosecutors, and now face charges of running a large-scale scam that lured human trafficking victims to their compound with fake job offers and then forced them to defraud victims, including Americans, of millions of dollars through fraudulent investments in cryptocurrency. The Justice Department says it also “restricted” $700 million of the operation’s funds — essentially freezing the money in preparation for seizure — and seized a channel on the messaging app Telegram that prosecutors say was used to lure and enslave human trafficking victims. The Justice Department statement alleges that Hwang personally participated in the corporal punishment of workers at one of the complexes, and that Jiang at one point oversaw the theft of $3 million from one American fraud victim.
Three scientific research organizations have been found selling health information to British citizens on Alibaba, the British government and the non-profit British Biobank. revealed this week. Over the past two decades, more than 500,000 people have shared their health data – including medical images, genetic information and healthcare records – with the UK Biobank, which allows scientists around the world to access the information to conduct medical research. However, the charity said the data leak involved a “breach of contract” signed by three organisations, as one of the datasets for sale is believed to have included data on all half a million research participants. It did not provide details on the full types of data being listed for sale, but said it had suspended the Biobank accounts of those allegedly selling the information. Data-specific ads have also been removed.
Earlier this month, 404 media It was reported that the FBI was able to obtain copies of signal Messages from the defendant’s iPhone where the content of the messages encrypted within Signal were saved in the iOS push notification database. In this case, message transcripts can still be accessed despite removing Signal from the phone, although the issue affected all apps that send push notifications.
This week, in response to the issue, Apple released a security update for iOS and iPadOS to fix the flaw. “Notifications marked for deletion may be unexpectedly retained on the device,” Apple security update for iOS 26.4.2 He says. “The logging issue was addressed through improved data redaction.”
Even though the issue is fixed, it’s still worth changing what appears in notifications on your device. For Signal, you can open the app, go to Settings, Notificationsand toggle notifications to show Name only or No name or content. This is another reminder that while apps like Signal are end-to-end encrypted, the same applies to content as it travels between devices: If someone can physically access your phone and unlock it, they can likely access everything on your device.