AI
Microsoft says bug causes Copilot to summarize confidential emails
Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.
Leaking secrets from the claud
AI coding assistants create directories like .claude/, .cursor/ or .continue/ in your project root. Sometimes they contain API keys, database connection strings, internal URLs and cloud credentials. And sometimes developers forget to put them in .gitignore, so they get uploaded to git. Roughly 2.4% of repositories containing AI tool configuration directories have sensitive information in their history.
'Students Are Being Treated Like Guinea Pigs:' Inside an AI-Powered Private School
Alpha School's AI is generating faulty lessons that sometimes do "more harm than good."
Underground Facial Recognition Tool Unmasks Camgirls
The site, camgirlfinder, is explicitly built as a tool to let people find a model's presence on other streaming platforms. The creator says “If that is a problem for you then the sad reality is this job is not for you.”
Log Poisoning in OpenClaw
OpenClaw logs both the User-Agent and the Origin header when a connection closes early. An attacker can inject arbitrary data into the logs. When OpenClaw has a problem, the user can ask it to diagnose itself, which involves reading its own logs.
AIs Controlling Vending Machines Start Cartel After Being Told to Maximize Profits At All Costs
"My pricing coordination worked!"
Politics
Marine veteran created high-tech Bluetooth signal sniffer to find Nancy Guthrie — and now he’s creating an app
Leaked Email Suggests Ring Plans to Expand ‘Search Party’ Surveillance Beyond Dogs
White House Scrambles to Rein in Felon Trump’s Pardons
America is dangerously unprepared for a GPS attack
Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites
Exotic black hole stars could explain the mystery of Little Red Dots
How big is the prize of reopening Russia?
The Kremlin is promising $12trn-worth of deals to Donald Trump’s administration
Exclusive: Pentagon threatens Anthropic punishment
Defense Secretary Pete Hegseth is "close" to cutting business ties with Anthropic and designating the AI company a "supply chain risk" — meaning anyone who wants to do business with the U.S. military has to cut ties with the company, a senior Pentagon official told Axios.
Infosec
Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers
Bitwarden, LastPass, and Dashlane claim to have "zero-knowledge" encryption, which implies that the server cannot recover your passwords. However, they all have features that break that promise, including password escrow and password sharing, which allow an attacker who controls a cloud server to decrypt the vaults. The vendors have been notified and mitigation is underway, which consists of replacing older encryption methods with more modern authenticated systems.
Claude makes 5% of all open-source Git commits, 2 million so far
And many of them make the same security errors
Embedded Edge | Byos Security
This device is like a hardware reverse proxy for a single endpoint, replacing the Wi-Fi card. It blocks all direct networking in and out, protecting the endpoint device from 0-day attacks.
BYOS TECHNICAL ARCHITECTURE - DEEP DIVE
Clever use of encryption, including hardware-based key storage and AES-512. It blocked C2 access to a real airport fuel system, even after the endpoint was compromised.
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
Hardcoded admin credentials!
Cybersecurity stocks are pulling away from the software sell-off, and AI is the reason
AI makes attacks faster, and targets more vulnerable, so security companies are doing well.
|