AI
An ex-Intel CEO’s mission to build a Christian AI: ‘hasten the coming of Christ’s return’
Where there was once purported atheism, there is now “a very loud, very visible, and very specifically Christian-inflected technological culture” in Silicon Valley. It’s exemplified by figures like Peter Thiel – who warns of the coming of the antichrist if humanity fails to work toward certain technological frameworks – and Andreessen Horowitz’s Katherine Boyle, a close friend of JD Vance, the vice-president.
OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks
A malformed URL is interpreted as a command to the AI, and can perform dangerous actions like deleting files. Recommended mitigations are to reject malformed URLs and give the agent fewer privileges--these are not likely to do much good. Prompt injection remains a huge, unsolved risk.
Politics
ICE obtains access to Israeli-made spyware that can hack phones and encrypted apps
It means that one of the most powerful stealth cyber-weapons ever created--Graphite--which was produced outside the US – is now in the hands of an agency that has repeatedly been accused by civil and human rights groups of violating people’s due process rights.
Fake number, real damage: Europol urges action against caller ID spoofing
Europol is calling for a coordinated European response to tackle caller ID spoofing-- when criminals falsify the information displayed on phones, making numbers appear legitimate to deceive victims. They are calling for bettter mechanisms to trace fraudulent calls, verify legitimate caller IDs, and block deceptive traffic.
You have one week to opt out or become fodder for LinkedIn AI training
If you thought living in Europe, Canada, or Hong Kong meant you were protected from having LinkedIn scrape your posts to train its AI, think again. You have a week to opt out before the Microsoft subsidiary assumes you're fine with it.
For users in US, your data has already been scraped by LinkedIn to train AI for some time.
The Pentagon’s Preferred Propaganda Model
The Pentagon has driven out all mainstream news sources, including Fox News, leaving only total crackpot publications like Lindell News and The Epoch Times to cover military actions. The goal appears to be to muddle reality—and create apathy.
Zenni’s Anti-Facial Recognition Glasses are Eyewear for Our Paranoid Age
It works by adding a pink sheen to the surface of the glasses that reflects the infrared light used by some facial recognition cameras. It’s impossible to open an iPhone with FaceID while wearing them and they black out the eyes of the wearer in photos taken with infrared cameras.
Armed police handcuff teen after AI mistakes crisp packet for gun in US
"Police showed up, like eight cop cars, and then they all came out with guns pointed at me talking about getting on the ground," 16-year-old Baltimore pupil Taki Allen told local outlet WMAR-2 News.
Silicon Valley adopts the work culture China banned
996: 72-hour work week
Infosec
Ransomware profits drop as victims stop paying hackers
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands. The average and median ransomware payments fell in Q3 compared to the previous quarter, reaching $377,000 and $140,000, respectively. The shift may reflect large enterprises revising their ransom payment policies and recognizing that those funds are better spent on strengthening defenses against future attacks.
New Herodotus Android malware fakes human typing to avoid detection
It opens Accessibility settings, prompts the user to enable the service, and then displays an overlay window that shows a fake loading screen, hiding the permission-granting steps in the background. The malware then interacts with the UI, tapping on things in the invisible screen, with random delays to imitate human actions.
Attacking WSO2 Products
Out of the multiple vulnerabilities we reported, WSO2 addressed and assigned a CVE identifier to only one: the Siddhi RCE via SOAP administration services (CVE-2025-5717 ). The remaining vulnerabilities were not remediated, and no CVEs were assigned by WSO2. We subsequently attempted to report the unaddressed vulnerabilities to MITRE directly to request CVE assignment, but we received no response to our initial report or our follow-up inquiries.
As a result, any vulnerability discussed in this article without a CVE identifier should be considered unpatched and may affect even the latest versions of WSO2 products.
QNAP warns of critical ASP.NET flaw in its Windows backup software
NetBak PC Agent installs and depends on Microsoft ASP.NET Core components during setup. Therefore, computers running NetBak PC Agent may contain an affected version of ASP.NET Core if the system has not been updated.
QNAP users are advised to either reinstall the NetBak PC Agent app to get the latest ASP.NET Core runtime components or manually update ASP.NET Core on their PCs by downloading and installing the latest ASP.NET Core Runtime (Hosting Bundle) from the .NET 8.0 download page.
Microsoft kills 9.9-rated ASP.NET Core bug – 'our highest ever' score
A complication is that many applications are deployed using what is called the framework-dependent model, relying on the .NET environment on the server. In this case, it is the server that must be updated, not the application. This dependency can be bypassed using a self-contained deployment, which includes the runtime files, but every such application must then be updated.
Italian spyware vendor linked to Chrome zero-day attacks
A zero-day vulnerability in Google Chrome, exploited to target Russian organizations, delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team.
Organizations are years behind in patching Cisco ASA and VPN devices
Researcher Kevin Beaumont performed wide version scans of ASA appliances and found that most are never patched.
|