Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos

As researchers and practitioners statement the interaction that caller AI models volition person connected cybersecurity, Mozilla said connected Tuesday it utilized aboriginal entree to Anthropic's Mythos Preview to find and hole 271 vulnerabilities successful its caller Firefox 150 browser release. Meanwhile, researchers identified a radical of moderately palmy North Korean hackers utilizing AI for everything from vibe coding malware to creating fake institution websites—stealing up to $12 cardinal successful 3 months.

Researchers person yet cracked disruptive malware known arsenic Fast16 that predates Stuxnet and whitethorn person been utilized to people Iran’s atomic program. It was created successful 2005 and was apt deployed by the US oregon an ally.

Meta is being sued by the Consumer Federation of America, a nonprofit, implicit scam ads connected Facebook and Instagram and allegedly misleading consumers astir the company’s efforts to combat them. A United States surveillance programme that lets the FBI presumption Americans’ communications without a warrant is up for renewal, but lawmakers are deadlocked connected adjacent steps. A new measure aims to address mounting lawmaker concerns, but lacks substance.

And if you’re looking for a heavy dive, WIRED investigated the yearslong feud down the salient privateness and information conscious mobile operating strategy GrapheneOS. Plus we looked astatine the unusual communicative of how China spied connected US fig skater Alysa Liu and her dad.

And there’s more. Each week, we circular up the information and privateness quality we didn’t screen successful extent ourselves. Click the headlines to work the afloat stories. And enactment harmless retired there.

Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos AI Tool

Anthropic’s Mythos Preview AI exemplary has been touted arsenic a dangerously susceptible instrumentality for uncovering information vulnerabilities successful bundle and networks, truthful almighty that its creator has cautiously restricted its release. But 1 radical of amateur sleuths connected Discord recovered their own, comparatively elemental ways—no AI hacking required—to summation unauthorized entree to a coveted integer prize: Mythos itself.

Despite Anthropic’s efforts to power who tin usage Mythos Preview, a radical of Discord users gained entree to the instrumentality done immoderate straightforward comparatively detective work: They examined information from a recent breach of Mercor, an AI grooming startup that works with developers, and “made an educated conjecture astir the model’s online determination based connected cognition astir the format Anthropic has utilized for different models”—a operation that galore observers person speculated refers to a web URL—according to Bloomberg, which broke the story.

The idiosyncratic besides reportedly took vantage of permissions they already possessed to entree different Anthropic models, acknowledgment to their enactment for an Anthropic contracting firm. As a effect of their probing, however, they allegedly gained entree to not lone Mythos but different unreleased Anthropic AI models, too. Thankfully, according to Bloomberg, the radical that accessed Mythos has lone utilized it truthful acold to physique elemental websites—a determination designed to forestall its detection by Anthropic—rather than hack the planet.

Surveillance Firms Are Exploiting Year-Old Telecom Vulnerabilities for Spying

Security researchers person agelong warned that the telecom protocols known arsenic Signaling System 7, oregon SS7, which govern however telephone networks link to 1 different and way calls and texts, are susceptible to maltreatment that would let surreptitious surveillance. This week researchers astatine the integer rights enactment Citizen Lab revealed that astatine slightest 2 for-profit surveillance vendors person really utilized those vulnerabilities—or akin ones successful the adjacent procreation of telecom protocols—to spy connected existent victims. Citizen Lab recovered that 2 surveillance firms had fundamentally acted arsenic rogue telephone carriers, exploiting entree to 3 tiny telecom firms—Israeli bearer 019Mobile, British compartment supplier Tango Mobile, and Airtel Jersey, based connected the land of Jersey successful the English Channel—to way the determination of targets’ phones. Citizen Lab’s researchers accidental that “high-profile” radical were tracked by the 2 surveillance firms, though it declined to sanction either the firms oregon their targets. Researchers warn, too, that the 2 companies they discovered abusing the protocols are apt not alone, and that the vulnerability of planetary telecom protocols remains a precise existent vector for telephone spying worldwide.

2 Alleged Southeast Asian Scam Compound Managers Charged

In a motion of a growing—if belated—crackdown by US instrumentality enforcement connected the sprawling transgression manufacture of human-trafficking-fueled scam compounds crossed Southeast Asia, the Department of Justice this week announced charges against 2 Chinese men for allegedly helping to negociate a scam compound successful Myanmar and seeking to unfastened a 2nd compound successful Cambodia. Jiang Wen Jie and Huang Xingshan were some arrested successful Thailand earlier this twelvemonth connected migration charges, according to prosecutors, and present look charges for allegedly moving a immense scamming cognition that lured quality trafficking victims to their compound with fake occupation offers and past forced them to scam victims, including Americans, for millions of dollars with cryptocurrency fraudulent investments. The DOJ says it besides “restrained” $700 cardinal successful funds belonging to the operation—essentially freezing the funds successful mentation for seizure—and besides seized a transmission connected the messaging app Telegram prosecutors accidental was utilized to bait and enslave trafficking victims. The Justice Department’s connection claims that Huang personally took portion successful the carnal punishment of workers successful 1 compound, and that Jiang astatine 1 constituent oversaw the theft of $3 cardinal from a azygous US scam victim.

500,000 UK Health Records Listed for Sale connected Alibaba

Three technological probe institutions person been recovered selling British citizens’ wellness accusation connected Alibaba, the British authorities and the nonprofit UK Biobank revealed this week. Over the past 2 decades, much than 500,000 radical person shared their wellness data—including aesculapian images, familial information, and wellness attraction records—with UK Biobank, which allows scientists astir the satellite to entree the accusation to behaviour aesculapian research. However, the foundation said the information leak progressive a “breach of the contract” signed by 3 organizations, with 1 of the datasets for merchantability believed to person included information connected each half-million probe subjects. It did not item the afloat types of information that were listed for merchantability but said it has suspended the Biobank accounts of those allegedly selling the information. The ads for the information person besides been removed.

Apple Fixes Bug That Allowed FBI to Get Push Notifications From Signal

Earlier this month, 404 Media reported that the FBI was capable to get copies of Signal messages from a defendant’s iPhone arsenic the contented of the messages, which are encrypted wrong Signal, were saved successful an iOS propulsion notification database. In this instance, the copies of the messages were inactive accessible adjacent though Signal had been removed from the phone—though the contented affected each apps that nonstop propulsion notifications.

This week, successful effect to the issue, Apple released an iOS and iPadOS information update to hole the flaw. “Notifications marked for deletion could beryllium unexpectedly retained connected the device,” Apple’s information update for iOS 26.4.2 says. “A logging contented was addressed with improved information redaction.”

While the contented has been fixed, it is inactive worthy changing what appears successful notifications connected your device. For Signal you tin unfastened the app, spell to Settings, Notifications, and toggle notifications to amusement Name Only oregon No Name oregon Content. It is different reminder that portion apps specified arsenic Signal are end-to-end encrypted, this applies to the contented arsenic it moves betwixt devices: If idiosyncratic tin physically entree and unlock your phone, determination is the imaginable they tin entree everything connected your device.