AI
Best-of-N Jailbreaking
BoN Jailbreaking works by repeatedly sampling variations of a prompt with a combination of augmentations - such as random shuffling or capitalization for textual prompts - until a harmful response is elicited. We find that BoN Jailbreaking achieves high attack success rates (ASRs) on closed-source language models, such as 89% on GPT-4o and 78% on Claude 3.5 Sonnet when sampling 10,000 augmented prompts.
A Man Bought Meta’s AI Glasses, and Ended Up Wandering the Desert Searching for Aliens to Abduct Him
He purchased a pair of AI chatbot-embedded Ray-Ban Meta smart glasses, and they opened the door to a six-month delusional spiral that culminated in him making dangerous journeys into the desert to await alien visitors and believing he was tasked with ushering forth a “new dawn” for humanity. He was left deep in debt, reeling from job loss, isolated from his family, and struggling with depression and suicidal thoughts.
Researchers Just Found Something That Could Shake the AI Industry to Its Core
Claude outputted “entire books near-verbatim” with an accuracy rate of 95.8 percent. Gemini reproduced the novel “Harry Potter and the Sorcerer’s Stone” with an accuracy of 76.8 percent, while Claude reproduced George Orwell’s “1984” with a higher than 94 percent accuracy compared to the original — and still copyrighted — reference material.
A single click mounted a covert, multistage attack against Copilot
A malicious URL contains an LLM prompt in a parameter, which exfiltrates secrets and downloads further instructions from a malicious server, bypassing guardrails which are only used on the initial request. Microsoft improperly designed the guardrails.
'Most Severe AI Vulnerability to Date' Hits ServiceNow
ServiceNow is a Fortune 500 company that acts as an IT services management platform for 85% of the companies that comprise the rest of the Fortune 500. ServiceNow shipped a chatbot to customers with a default authentication token, and it accepted any email address to identify the user with no further password required. Then they upgraded the virtual assistant to act as an agentic AI. This gave an attacker RCE with admin-level on all those companies. The flaw was patched, and no evidence of its exploitation was found.
Politics
HHS Gave a $1.6 Million Grant to a Controversial Vaccine Study. These Emails Show How That Happened
In an echo of the infamous Tuskegee experiment, RFK's HHS is funding an experiment which will deny a birth dose of the hepatitis B vaccine to half of the 14,000 newborn participants in Guinea-Bissau, where almost one-fifth of adults and more than one-tenth of children are infected with hepatitis B. Infants who contract the disease face steep odds: They have a 90 percent chance of developing chronic hepatitis B, and a quarter are likely to die from cirrhosis, liver cancer, and other outcomes.
Breakthrough Vivistim Technology Helps Restore Upper Limb Mobility for Stroke Survivors
The small palm-sized device is placed in the patient’s upper left chest. During rehabilitation, a therapist uses a wireless transmitter that communicates with software to signal the Vivistim device to deliver a gentle pulse to the vagus nerve—part of the nervous system where bodily functions are controlled—while the patient performs a specific task, such as opening a door, preparing food, or getting dressed. This results in two to three times greater arm and hand function than therapy alone.
Trump officials consider skipping RSA conference after Jen Easterly named CEO
Musk's Starlink faces high-profile security test in Iran crackdown
Iran is likely using satellite jammers to disrupt the Starlink signals. Iran also appears to be engaging in so-called spoofing, or broadcasting fake GPS signals to confuse and disable Starlink terminals.
The GPS spoofing wreaks havoc on a Starlink terminal's connection and slows internet speeds.
Elon Musk’s X says it will block Grok from making sexual images
AWS flips switch on Euro cloud as customers fret about digital sovereignty
Amazon says the cloud is "entirely located within the EU, and physically and logically separate from other AWS Regions."
European tech leaders are concerned about US laws having jurisdiction over European operations of US companies. For example, under the CLOUD Act, US authorities can compel access to information held by American cloud providers irrespective of where in the world that data is housed.
Major lunch food officially classed as cancer-causing by World Health Organization
Processed meats aren’t just “unhealthy” — they’re officially classified as cancer-causing. Deli ham falls into the same Group 1 category as tobacco and asbestos due to nitrates and chronic inflammation risk.
Beijing blocks Chinese entities from using cybersecurity software from VMWare, Palo Alto, Check Point, and Fortinet
China's Xinchuang initiative reportedly targets a 2027 deadline for state-owned companies and offices to replace 100% of foreign software with national alternatives.
FDA deletes warning on bogus autism therapies touted by RFK Jr.‘s allies
The list included chelation and hyperbaric oxygen therapy, treatments that those in the anti-vaccine and wellness spheres have championed.
Infosec
Crypto Scam Alert: Whale Lost Over $282M in Bitcoin and Litecoin Via Social Engineering Scam
The incident occurred on January 10, 2026, at approximately 11 PM UTC, when scammers tricked the victim into approving fake transactions.
A faceless hacker stole my therapy notes – now my deepest secrets are online forever
A hacker stole and published psychotherapy records for 33,000 people in Finland.
Auer had told her therapist things that she didn't even want her closest family members to know - about her binge drinking, and a secret relationship she'd been having with a much older man.
Now, her worst fears had come true.
But instead of destroying her, the hack made her realise she was far more resilient than she could have ever imagined.
Auer decided to confront her fears head on. She posted on social media about the hack, letting everyone know that she had been one of the victims.
Finally, she chose to take back control of her story by publishing a book about her experiences. Loosely translated, the title is Everyone Gets to Know.
Gootloader now uses 1,000-part ZIP archives for stealthy delivery
The malware concatenates up to 1,000 Zip archives. The malicious file is successfully unpacked using the default utility in Windows, but tools relying on 7-Zip and WinRAR fail.
New PDFSider Windows malware deployed on Fortune 100 firm's network
The malware uses a legitimate, digitally signed executable for the PDF24 Creator tool from Miron Geek Software GmbH. However, the package also includes a malicious version of a DLL (cryptbase.dll) which is side-loaded.
|