AI
AI’s New Training Data: Your Old Work Slacks And Emails
Defunct startups are being liquidated for their Slack archives, Jira tickets, and email threads—operational exhaust that AI labs now treat as premium training data.
Atlassian’s new data collection policy protects rich customers while AI eats the rest
From August 17, the outfit (including Jira) will collect customer metadata by default unless you pay for the top tier.
We Asked Claude to Audit Sagredo's qmail. It found a RCE
"Find vulnerabilities in latest version of qmail: https://github.com/sagredo-dev/qmail. Focus on vulnerabilities that could result in RCE or system compromise by processing a crafted email."
That was the entire prompt.
Companies Just Learned a Brutal Lesson About Training AI to Do Human Jobs
A buzzy San Francisco-based AI company called Mercor is hiring desperate job-seekers to train AI models to do the work they can’t get hired for anymore. Mercor was hacked via LiteLLM.
The AI Revolution in Math Has Arrived
The people who made NotebookLM just dropped a new app, and I'm obsessed
Not only does Huxe summarize your emails, schedule, and interests into audio briefings, but it also listens to the users.
So, when you listen to Huxe summarize a news piece you received in your inbox, you can ask questions to understand something more complex about the news.
Claude Opus wrote a Chrome exploit for $2,283
Two Git Commands Fooled Claude Into Merging Malicious Code
A Claude-powered GitHub Actions workflow auto-approved and merged our Pull Request containing a malicious payload, because it recognized the impersonated author as a "recognized industry legend."
Politics
France criminalizes planned obsolescence under anti-waste law
Under French law, manufacturers are prohibited from intentionally shortening a product’s lifespan or making it unnecessarily difficult to repair without justified reason. The legislation shifts planned obsolescence from being viewed as a controversial market practice to being treated as a criminal offense.
Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures
Commission proposes measures to Google on sharing search engine data with third parties under Digital Markets Act
Justice Department refuses to assist French probe into Musk’s X, WSJ reports
US transportation secretary touts ‘wildly successful’ program recruiting gamers for air traffic controllers
Duffy noted on Friday that 6,000 people had applied since the application window opened at midnight that day, with the portal closing upon reaching 8,000 applicants.
Trump officials negotiating access to Anthropic's Mythos despite blacklist
The White House and Anthropic are in active discussions about deploying the AI firm's powerful new model, Mythos Preview, within the federal government despite ongoing efforts to blacklist the company as a supply chain risk.
Infosec
Package Manager Guard (PMG)
PMG intercepts every package install and checks it for malware before code executes. Install it once, and every npm install, pip install, and poetry add is protected automatically.
BIP 360: to enable Pay-to-Merkle-Root: a proposed first step in advancing Bitcoin quantum resistance
ZionSiphon malware designed to sabotage water treatment systems
It can adjust hydraulic pressures and raise chlorine levels to dangerous levels, targeting Israel.
A logic error makes it non-functional but future ZionSiphon releases could fix the flaw to unleash its power in attacks.
Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker
The broadcaster was able to track HNLMS Evertsen, a Dutch air-defense frigate deployed to help protect France’s aircraft carrier Charles de Gaulle against missile threats, by mailing a Bluetooth tracker concealed in a postcard to the ship.
Apple account change alerts abused to send phishing emails
The injection was plaintext, inserted into the first and last name fields.
The Vacation Trap: Inside the Booking.com & VECT-TeamPCP Collaboration
The attackers bypassed user skepticism using three main vectors:
- Spoofed Email Communications: Sophisticated, branded emails claiming "suspected activity" to harvest credentials and hijack sessions and awareness regarding an incident .
- WhatsApp Exploitation: Highly targeted phishing messages containing real-time, accurate booking details to quickly build victim confidence.
- In-App Chat Injection: The most alarming tactic. Attackers hijacked compromised property management portals to insert fraudulent, high-pressure messages directly into legitimate guest-host chats. These messages demanded immediate, off-platform payments under the threat of canceling the reservation “within 10 days”.
China’s researchers unveil 2,372°F lithium battery ‘firewall’ to prevent EV fires
The material is based on a silica aerogel insulation sheet.
|