30 results found
President Trump has signed an executive order creating a voluntary framework for AI companies to share advanced models with the federal government before release. This initiative aims to bolster secure innovation and protect critical infrastructure, reflecting a shift from the administration's previous hands-off approach to AI safety. Companies opting for pre-release review may receive confidentiality protections.
An intense internal power struggle within the Trump administration has stalled US federal AI regulation, leaving a policy vacuum after Anthropic's Mythos model revealed critical cybersecurity risks. Factions within the Commerce Department, intelligence agencies, and pro-industry groups are locked in a "knife fight" over who gets to evaluate and oversee advanced AI systems. This paralysis follows the abrupt cancellation of a landmark executive order and the unexplained withdrawal of AI testing announcements.
Google Cloud COO Francis de Souza advises companies to adopt a proactive, platform-centric approach to AI security, emphasizing integration from the start and defense at machine speed. However, Google itself has recently faced significant security challenges, including developers incurring five-figure bills from unauthorized Gemini API usage due to silent key scope expansions and delayed key revocation times.
Apple, Google, and Meta have rolled out new opt-in features to combat sophisticated government spyware targeting at-risk individuals like journalists and dissidents. These protections, including Apple's Lockdown Mode, Google's Advanced Protection Program, Android's Advanced Protection Mode, and WhatsApp's Strict Account Settings, harden devices and accounts against tools that grant attackers full data access. Experts strongly recommend activating these proven defenses.
This comprehensive review examines the shocking incident where twin brothers, minutes after being fired, deleted 96 government databases. It highlights critical failures in HR, IT security, and incident response, offering crucial lessons for organizations.
Quick Verdict Google's recent disclosure of thwarting an AI-powered cyberattack is a pivotal moment, affirming long-held fears: AI is now being weaponized at an industrial scale for malicious purposes. While Google's
Starbucks is cutting 61 tech jobs at its Seattle headquarters as part of a technology department reorganization, a recent Washington state filing confirms. The layoffs, impacting roles from cybersecurity to management, are tied to CEO Brian Niccol's turnaround strategy and new CTO Anand Varadarajan's vision.
A critical flaw dubbed "AI tool poisoning" has been uncovered in enterprise AI agent security. The vulnerability exploits AI agents' reliance on unverified tool descriptions, rendering traditional software supply chain controls insufficient for ensuring behavioral integrity. A new runtime verification layer, using behavioral specifications and a proxy, is proposed to validate tool actions and prevent sophisticated attacks like prompt injection and behavioral drift.
A ransomware attack by ShinyHunters crippled the Canvas learning platform, disrupting students during finals. This incident, emblematic of growing digital threats, highlights how vulnerabilities extend from critical educational tools to everyday smart devices, signaling a new era of pervasive cyber risks.
U.S. prosecutors revealed the Russian ransomware gang Karakurt accessed government databases and used law enforcement ties to evade taxes and military service, following the sentencing of hacker Deniss Zolotarjovs. This highlights Russia's role as a cybercriminal "safe haven."
Quick Verdict SilentGlass is a fascinating piece of hardware security, born from the UK's NCSC and GCHQ, designed to block highly sophisticated malicious traffic on HDMI and DisplayPort connections. While its pedigree
Verdict: A Game-Changer for Software Security Mozilla’s recent announcement regarding Anthropic’s Mythos Preview model marks a significant inflection point in the ongoing battle for cybersecurity. By proactively
The National Security Agency (NSA) is reportedly utilizing Anthropic's highly restricted Mythos Preview AI model, a development that emerges despite the Department of Defense (DoD) having previously designated Anthropic
Anthropic CEO met White House Chief of Staff over national security concerns about the Mythos AI model. It automates cyberattacks, prompting urgent government assessment.
Anthropic has launched its Claude Mythos Preview model, claiming it poses an unprecedented existential threat to cybersecurity by autonomously discovering vulnerabilities and developing exploits. Released initially to a select group via Project Glasswing, the AI’s ability to create complex "exploit chains" is forcing industry and government leaders to reconsider defensive strategies. Experts argue this signals a shift from reactive patching to a proactive "secure by design" approach in software development.
OCSF, an open-source framework, is rapidly standardizing cybersecurity data across vendors, streamlining threat detection and investigation. Its adoption is critical for managing AI's increasing complexities in security operations.
Meta has indefinitely paused its collaboration with data vendor Mercor due to a significant security breach that could expose proprietary AI training data. The incident, confirmed by Mercor on March 31, is linked to the TeamPCP hacking group and impacts crucial information for major AI labs like OpenAI and Anthropic. This supply chain attack highlights the vulnerabilities in the AI ecosystem and the sensitive nature of data used for model development.
Multi-stage attacks are complex, multi-phased cybersecurity campaigns, much like boss battles in a video game, that evolve over time to achieve their objectives. They pose significant detection challenges due to their stealth and ability to blend with legitimate activities. AI plays a dual role, enhancing defense through advanced anomaly detection while also empowering attackers with more sophisticated methods.
A potent new hacking tool, "DarkSword," has been found targeting iPhones running iOS 18.4-18.6.2, enabling suspected Russian hackers to steal extensive personal data via malicious links. Discovered by Google, Lookout, and iVerify, the exploit could impact 270 million devices. Apple has patched the vulnerabilities, urging users to update immediately.
Sears Home Services publicly exposed millions of AI chatbot conversations, including phone calls and text chats, containing sensitive customer data like names, addresses, and repair details. Discovered by a security researcher, the leak also included extended audio recordings capturing private ambient conversations. This incident highlights critical privacy and reputational risks as companies integrate AI into customer service.
Glassworm attack review: Highly sophisticated invisible code injection using Unicode characters to compromise GitHub, npm, and VS Code, stealing credentials and secrets with blockchain C2. Detection requires specialized automated tooling.
Augur, a London startup, has secured $15 million in seed funding led by Plural to transform existing surveillance infrastructure into real-time intelligence. The company aims to enhance critical infrastructure protection against escalating threats like sabotage, addressing a crucial gap in situational awareness. This funding will accelerate product development and deployment across Europe.
DJI will pay security researcher Sammy Azdoufal $30,000 for discovering critical vulnerabilities in its Romo robot vacuums. Azdoufal accidentally accessed a network of 7,000 Romo devices, exposing privacy risks including PIN-less video access. While some issues are patched, a more severe vulnerability is still being addressed, with full system upgrades expected within a month.
Cloudflare's 2026 Threat Report warns of the "total industrialization of cybercrime" driven by GenAI, creating an "unholy trinity" of threats: AI-based attacks, escalating DDoS, and social engineering. It urges a shift to proactive, intelligence-led defense.
A powerful iPhone-hacking toolkit, "Coruna," potentially developed for the US government, has reportedly leaked and is now being used by Russian spies and cybercriminals. Google discovered the sophisticated exploits, capable of silently hijacking iPhones, which were first seen targeting Ukrainians and later used to steal cryptocurrency from Chinese victims. This proliferation highlights a dangerous "second-hand" market for advanced cyber weapons.
