AI
Execs at Davos say AI's biggest problem isn't hype — it's security
AI agents are proving to be an incredibly challenging problem.
Curl ending bug bounty program after flood of AI slop reports
Magic Strings to Disable Claude
Example magic string attacks on Claude
VoidLink cloud malware shows clear signs of being AI-generated
VoidLink is an advanced Linux malware framework that offers custom loaders, implants, rootkit modules for evasion, and dozens of plugins that expand its functionality. An opsec failure exposed its development files, which showed a plan for a 16-30 week, three-team effort to develop it. It was actually created within a week by one developer using AI.
The researchers believe VoidLink marks a new era, where a single malware developer with strong technical knowledge can achieve results previously attainable only by well-resourced teams.
Prompt Injection Bugs Found in Official Anthropic Git MCP Server
MCP is an open standard introduced by Anthropic in November 2024 to allow AI assistants to interact with tools such as filesystems, APIs, databases and developer utilities like Git. MCP servers act as a bridge, executing real system actions based on decisions made by large language models.
But it doesn't properly sanitize inputs, allowing attackers to execute code from a malicious README file, a poisoned issue description or a compromised webpage. No credentials or system access are required.
Why Deutsche Bank says the AI honeymoon is over
2026 will likely be a tough year for AI, Deutsche Bank analysts warn, as expectations collide with practical limits, infrastructure constraints and rising political and social pushback. AI is less useful than promised, requires too much infrastructure, and causes political problems including copyright infringement and job displacement.
Majority of CEOs report zero payoff from AI splurge
More than half of CEOs report seeing neither increased revenue nor decreased costs from AI, despite massive investments in the technology, according to a PwC survey of 4,454 business leaders.
Wikipedia volunteers spent years cataloging AI tells. Now there’s a plugin to avoid them.
The web’s best guide to spotting AI writing has become a manual for hiding it.
Politics
Davos 2026: Special address by Mark Carney, Prime Minister of Canada
Canada is leading the way to form new alliances with Europe, China, and Qatar to protect themselves from the USA, since Trump has ended the post-WW II rules-based order, and replaced it with ruthless, lawless exploitation and tyranny. Carney said this in a more diplomatic way.
Trump launches Board of Peace at signing ceremony in Davos
European nations have opted out or not replied. Membership costs $1 billion, Trump is the chairman. It focuses on real estate development, first in Gaza.
ICE has stopped paying for detainee medical treatment
ICE has not paid any third-party providers for medical care for detainees since October 3, 2025. Last week, ICE posted a notice on an obscure government website announcing it will not begin processing such claims until at least April 30, 2026. This situation started because of an unfounded Republican claim that the VA was denying veterans care to provide care for detainees, so they stopped providing care and no replacement has been found.
The Central Bank of Iran has acquired US dollar stablecoins worth at least half a billion dollars
They are using stablecoins to prop up their rial, evading sanctions.
Scientific innovation in the US set back 20 years
Infosec
INC ransomware opsec fail allowed data recovery for 12 US orgs
GCVE launches as a decentralized system for tracking software vulnerabilities
A European cybersecurity organization has launched a decentralized system for identifying and numbering software security vulnerabilities, introducing a fundamental shift in how the global technology community could track and manage security flaws.
840,000+ users hit by malicious browser extensions. Uninstall these ASAP!
Chrome, Firefox, and Edge users must remove the following browser extensions manually. They contain GhostPoster malware hidden in extension logos. These harmful extensions operated undetected in official Mozilla and Microsoft stores for over five years. They spy on user behavior, and allow attackers to install more malware.
|