More results...
Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally.
There’s something very strange going on at Anthropic. Day after day I see evidence of what can only be described as what I used to study in the Cold War: closed systems of cooked intelligence. An integrity breach I just stumbled upon might be the…
A reader left a comment on the April 13 post calling the NIST announcement “the other shoe.” That’s right. Here it is. April 7: Anthropic announces Mythos Preview and Project Glasswing. April 15: NIST announces at VulnCon26 that it wi…
Rituals disclosed a breach where hackers accessed and downloaded some My Rituals members’ data, including names and addresses. Luxury cosmetics giant Rituals disclosed a data breach impacting My Rituals members after attackers gained unauthorized access to its systems and downloaded part of the database. The security breach occurred earlier this month, and the company is […]
Anthropic is loudly marketing its AI as a threat to other people’s code. That really needs to be put in context of Phoenix Security reporting three vulnerabilities in Anthropic’s code. Why? Anthropic cynically closed the outside vulnerabili…
New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control.
Apple fixed an iOS flaw that kept deleted notifications on devices, allowing recovery of messages, including from apps like Signal. Apple released updates for iOS and iPadOS to address the vulnerability CVE-2026-28950, a flaw in Notification Services that stored notifications even after deletion. This logging issue could allow recovery of sensitive data, including messages from […]
Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-33825 is a Microsoft Defender flaw that can be exploited […]
Given all the hubub about Mythos fraud lately, I’ve been testing Claude Code Opus 4.7 and found it’s burning an absurd amount of tokens on dumb mistakes. Mythos is far more expensive, with no justified benefit yet, and thus could do worse f…