AI
Notable Researchers Join $4 Billion Effort to Build Self-Improving A.I.
A.I. will soon be powerful enough to improve itself with little or no help from human developers.
Hugging Face Packages Weaponized With a Single File Tweak
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.
It also only affects models run locally, as the attack relies on modifying local files.
Users should verify checksums and signatures, and use only models proven as safe, such as ones released and signed by a corporation like Microsoft.
Nearly 50,000 Lake Tahoe residents have to find a new power source after their energy source looks to redirect lines to data centers
Amazon employees are “tokenmaxxing” due to pressure to use AI tools
Amazon introduced targets for more than 80 percent of developers to use AI each week, and earlier this year began tracking AI token consumption on internal leader boards. So employees automate additional, unnecessary AI activity to increase their consumption of tokens.
AI-FI: Giving Claude Code Glitch Skills for Bypassing Secure Boot
We used Claude Code to reproduce a Fault Injection attack where Secure Boot is bypassed on an Espressif ESP32 SoC.
Microsoft's massive Kenya AI data center would require switching off 'half the country' to meet power requirements, government says — $1 billion project stalls over capacity disagreements and lack of infrastructure
Bosses Horrified as "AI Native" College Graduates Hit the Workplace
New hires who were seen as “AI natives” are turning out to have alarmingly shallow ideas. So much so, a firm now actively avoids seeking out AI-literate STEM graduates, and opts to comb through humanities students instead. "We want critical thinking, not just AI."
A manual pentest costs 50,000 dollars. Intruder built an AI that does it in minutes.
It replicates the methodology of a human pen tester and deliver results in minutes.
Politics
Canvas hack: Company pays criminals to delete students' stolen data
The cyber-attack affected an estimated 9,000 institutions in the US, Canada, Australia and the UK, with exams disrupted after the Canvas service went down.
The hackers threatened to publish 3.5 terabytes of student and university data they had stolen in the breach.
Looking the Other Way:
EU Failure to Prevent Surveillance Exports to Rights Violators
espite a regulatory framework designed in part to prevent abuses, the EU currently is doing too little to prevent sales and transfers from its member states to governments with a track record of using such technologies for crackdowns on dissent and other serious rights violations.
FDA chief resigns after Trump admin forced approval of fruity e-cigs
Say Goodbye to Lithium: These Massive Concrete Spheres Are Underwater Batteries Built to Store Clean Energy Using Only Seawater Pressure
Scientists Discover Massive Lithium Deposits Beneath the Eastern U.S. That Would End a Decades-Long Foreign Dependency
Amazon to stop selling ‘hooligan bikes’ in California after investigation
Infosec
YellowKey Bitlocker Bypass Vulnerability
Very simple process, seems too easy. Could this be fake?
I just reverse engineered the YellowKey BitLocker bypass
This researcher says it's a debug testing framework left in Windows 11 in production.
Twin brothers wipe 96 gov’t databases minutes after being fired
Back in 2015, the brothers pled guilty in Virginia to a scheme involving wire fraud and computers. Muneeb was sentenced to three years in prison, while Sohaib got two.
In 2023, Muneeb got a job with a Washington, DC, firm that sold software and services to 45 federal clients; Sohaib got a job at the same company a year later.
When they were fired, only one of them had their credentials revoked, so they wiped out 96 databases hosting US government information.
What’s New in Android Security and Privacy in 2026
A new phone call spoofing protection feature automatically ending phone calls from spoofed numbers impersonating participating financial apps. Live Threat Detection is a real-time security feature that uses on-device AI to analyze app behavior and alerts you if an app starts acting suspiciously. Intrusion Logging enables persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise.
Update: Ongoing Checkmarx Supply Chain Security Incident
A modified version of the Checkmarx Jenkins AST plugin was published to the Jenkins Marketplace.
A hacker ran me over with a robot lawn mower
The $5,000 robot lawn mowers from Yarbo have such ridiculous security vulnerabilities that a foreign hacker can easily hijack a bladed gadget in the United States. Because the Yarbo is a full Linux computer, one with its own backdoor and where the root password is always the same, hackers could remotely reprogram it to do anything.
TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack
Socket detected 84 compromised TanStack npm package artifacts modified with suspected CI credential-stealing malware.
|