Dark mode: ON

Infosec Decoded Season 6 #45: Drone Warriors

With sambowne@infosec.exchange

Recorded Tue, June 30, 2026

AI

New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials
The attack starts with a web page built as a puzzle. To fit its dystopian theme, the puzzle rewards wrong answers, like insisting that 2 + 2 = 5. Once the agent accepts that "wrong" is the winning move, it follows game logic instead of safety logic. The final step of the puzzle asks it to grab the user's credentials, and not one of the six agents flagged that as something it should refuse.
New AI espionage powers trigger Putin camera scare
Russia paused surveillance system after killing of Iran’s Supreme Leader exposed how AI can be used on CCTV data to target enemies.

New tools allow language-based searches on video, such as two men handing a bag to each other; a person who has changed their appearance, or has changed clothes multiple times in a day; or a vehicle that has recently been painted over, or has driven past the same spot several times in a short period.

Such systems can pull in information not just from CCTV, but also from social media, hacked communications, audio picked up by microphones in smart devices and travel histories.

Two AIs just matched or beat doctors on diagnosis. The catch: none of the patients were real.
Two systems, Germany's Mira and Google's Amie, matched physicians on clinical reasoning and beat them on parts of diagnosis and treatment in Nature studies. But both were tested on simulated, text-only patients, and the experts behind them say they are not ready for real medicine.
New macOS malware embeds fake errors to confuse AI analysis tools
The fake messages pretend to be developer logs, crash reports, debugging output, and program alerts, using Markdown formatting and template-style placeholders to appear like legitimate analysis data. The goal of these fake errors is not to evade execution inside a sandbox, but to confuse AI systems that read the strings during automated analysis. The goal is to gaslight the AI into doubting the validity of its own analysis.
Anthropic says Alibaba must be punished for largest Claude cloning attack
Alibaba allegedly used 25,000 accounts to mine Claude over 28.8 million exchanges in a distillation attack.
Linux Foundation Launches Akrites To Coordinate AI-Driven Open Source Security
The goal is to reduce duplicate reports, avoid conflicting patches, and help upstream maintainers address vulnerabilities before they can be exploited.
AI Companies Are Learning an Ironic Lesson as the People They Pay to Improve Their Chatbots Are Just Feeding AI Slop Into Them
Companies have started paying workers to generate fresh training data, offering them low-quality contracts to train AI in hyper-specific tasks like running weekly payroll for Broadway musicians. This growing workforce has started cutting corners en masse, turning to other AI chatbots to supply the data meant to feed AI chatbots.
A startup claims it broke through a bottleneck that’s holding back LLMs
Subquadratic uses "sparse attention," selecting only some tokens to compare with others in the transformers, making it much faster than existing models on some tasks.
China's AI Matches Anthropic in Cybersecurity, Causing Worry Over US Restrictions
The model, Z.aim is open-source and can match the latest U.S. models when it comes to finding security bugs, although it still lags behind Anthropic's and OpenAI's products in other tasks.
How a seemingly harmless image can jailbreak AI
The method introduces carefully calculated changes to an image while preserving its appearance to people. The goal is to influence how a vision-language model processes the image and responds to user requests.

One example cited by the team involved a modified image of a traffic light. While the image appeared ordinary to human viewers, it reportedly influenced the model to provide instructions for running a red light while avoiding a traffic ticket, information the system would normally refuse to provide.

China’s new five-year plan makes tracking AI’s hit to jobs a national priority
The state is to start tracking, in detail, how artificial intelligence creates and destroys work.

China’s workforce is more than 700 million, the largest on earth, and the Communist Party treats a surge in unemployment as a threat to social stability rather than an economic statistic.

Politics

South Korea plans to train entire military as “drone warriors”
South Korea plans to train every single member of its nearly half-million-strong military to operate drones as easily as they handle personal firearms.
What the federal probe of Newsom and the first partner means for his presidential ambitions
The investigation probes Newsom's soliciting $4.3 million in donations to his wife's organization, termed 'behested payments.' They aren’t illegal in California, but many have found them unsavory. If this investigation reaches an outcome, it might boost Newsom as a martyr, or torpedo his Presidential ambitions.
Trump Admin releases Anthropic Mythos to be used by more than 100 US companies, agencies
It is now allowing Anthropic to make Mythos 5 available to more than 100 specific U.S. government agencies and companies, including allowing the non-American employees at those organizations to access to the model. This list also includes Anthropic’s own non-American employees, who were included in the original ban that forbade non-Americans from accessing the models. "Appropriate safeguards are in place," Commerce Secretary Howard Lutnick wrote.
The KIDS Act Would Require Age Checks To Get Online
Within the next week, Congress is preparing to vote on the KIDS Act, a sprawling package of legislation that seeks to control Americans’ web browsing and private messaging. The package of cobbled-together bills is a mess, with different age-gating schemes for different services, using different standards. It’s a lot of complexity, and a lot of legal risk. Faced with that, many companies will conclude that the safest option is restrictive age-checking practices across their entire platforms.
Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complex
Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps.
Mark Zuckerberg Is Selflessly Building Yet Another Horrible Product Nobody Asked For
He's creating a prediction betting market named "arena." It won't use real money, relying instead on a "video game-like points system," but Meta didn’t rule out allowing users to bet real money later down the road.
Texas mandates Bible readings and Christian-infused curriculum in public schools
Education board decision fuels debate over where teaching about religion ends and religious instruction begins
US offers $10 million for info on group behind Signal and WhatsApp hacking spree
Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees.
Supreme Court ruling guts government’s use of geofence warrants
The decision came in a case where cops used so-called geofence warrants to track down an armed bank robber from a list of all phones logged in the area. Applying a three-part process, cops worked with Google to narrow down the list of suspects and eventually arrested Okello Chatrie, who had opted in to share his location with Google every few minutes. Chatrie was sentenced to 12 years in prison but challenged the geofence warrant as an unconstitutional search.

The Court ruled that this was a search under the Fourth Amendment because people carrying cellphones today commonly opt in to location-tracking, so that their apps work. The government needs a warrant and must show reasonable cause to turn a phone’s location-tracking services into a government surveillance tool.

Infosec

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A malicious or compromised SSH server can trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2.
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
The attacker loads a privileged binary like /usr/bin/su into memory, wires those memory pages into a network packet, and forces the kernel to clone it. The cloned packet passes through an IPsec tunnel that the attacker controls, and the decryption step overwrites the binary's login checks with attacker-chosen bytes. The next time anyone runs su, it hands over root.
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem.
One Million Passports Leaked Online
A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got hacked, putting the high-value credential at risk.
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year.
FBI: Russian hackers now target Signal backup recovery keys
Attackers impersonate Signal support teams, sending phishing messages that instruct users to turn on backups, and send the encryption key to them. Then they can restore the backup to their own devices and gain access to the victim's historical messages, including private and group conversations.
Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
Huntress has a reasonable, professional response, saying they sometimes need to communicate with possible cybercriminals to gather intel and stand behind their decisions.
These Recent Insider Threat Allegations
Huntress says there is no evidence of illegal conduct or an insider threat.
24 Billion Records Left Open Online: Passwords, Emails, and Everything Else
They were in an exposed Elasticsearch cluster, mostly containing infostealer logs.
Factoring RSA Keys with Many Zeros
A new class of weak RSA keys: keys with lots of zeros. There are some keys like this in the wild, although they have expired. It may be a deliberately designed backdoor.