AI
Whisper Leak: A novel side-channel attack on remote language models
By measuring the temoral or packet size pattern of AI replies, the topic of conversation can be predicted with up to 98% accuracy under limited laboratory conditions. Several models have already implemented mitigations, such as adding extra random "obfuscation" data to replies. Users can mitigate this risk by using a VPN.7
The Big Short Guy Just Bet $1 Billion That the AI Bubble Pops
Michael Burry, who famously shorted the US housing market before its collapse in 2008, has bet over $1 billion that the share prices of AI chipmaker Nvidia and software company Palantir will fall.
Elon Musk Reportedly Obsessed With AI Girlfriend
Elon is personally overseeing the developing of xAI’s chatbot Ani — which, tellingly, comes in the form of a super-sexualized pigtail-wearing woman that removes her clothing in response to flirtation. xAI has demanded employees’ intimate data to train avatars including Ani. Female employees fear that their data will be used for deepfake videos, but their protests were ignored or waved away.
Oddest ChatGPT leaks yet: Cringey chat logs found in Google analytics tool
For months, extremely personal and sensitive ChatGPT conversations have been leaking into an unexpected destination: Google Search Console (GSC), a tool that developers typically use to monitor search traffic, not lurk private chats.
This happened because OpenAI was leaning on Google to answer prompts to ChatGPT seeking information about current events, like news or sports.
AI slop hits new high as fake country artist hits #1 on Billboard digital songs chart
Breaking Rust, an AI "band" that appeared on the internet in the middle of October based on its presence on Instagram, topped the chart last week with a song called Walk My Walk.
Politics
“Pathetic”: Democrats blast party centrists for caving in shutdown vote
The move brought widespread criticism — including calls for Sen. Chuck Schumer to resign.
AOC, Bernie Sanders, JB Pritzker, Gavin Newsom, Hakeem Jeffries, Ro Khanna, and New Jersey Governor-elect Mikie Sherrill all condemned the deal.
The Epstein Cover-Up at the FBI
1,000 FBI agents worked to flag all mentions of Trump in the 100,000 Epstein-related records, which were stored on a server without access control--each of them had access to all the files. Agents were forced to review the documents over and over, as the instructions kept changing and requiring them to start over. Many feared that the victim’s information would be released or used for nefarious purposes.
Law passed for scammers, mules to be caned after victims in Singapore lose almost $4b since 2020
Cybersecurity breach at Congressional Budget Office remains a live threat
The CBO cybersecurity incident is “affecting its email communications,” so Library of Congress workers were told to restrict their communication with the CBO.
Infosec
Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year
This zero-click attack used modified DNG files, a type of image file based on the TIFF format. Within these DNG files, the unknown threat actors had embedded ZIP archives with malicious payloads. The infected files appear to have been delivered to targets via messaging apps like WhatsApp.
The underlying vulnerability has now been patched, and the attacks were most likely targeted at specific groups.
When Enforcing Copyright Starts Breaking the Internet’s Plumbing
In principle, those who benefit financially from IP protection should bear the cost of enforcing it. Yet in practice, large rights holders are targeting intermediary infrastructure providers — such as DNS resolvers — because pursuing the actual infringing parties is complex, time-consuming, and expensive.
For large commercial players such as Google, Cloudflare, or Cisco, these costs — legal, lobbying, or engineering — are absorbed as part of their business overhead. For small, mission-driven nonprofits like Quad9, they represent an existential threat.
Google issues security alert: Your VPN app could be spyware in disguise
Scammers disguise malware as legitimate VPN apps to steal users' data. Proton VPN Free, PrivadoVPN Free, and Windscribe Free are currently the best free VPN in terms of security, privacy, and performance.
ClickFix may be the biggest security threat your family has never heard of
ClickFix starts with an email sent from a hotel that the target has a pending registration with, including correct registration information, or a WhatsApp message, or the URL at the top of a Google search. Clicking the link displays a CAPTCHA challenge with instructions to copy a string of text, open a terminal window, paste it in, and press Enter.
This installs an infostealer, compromising Macs and PCs.
|