Security researchers from Calif used Anthropic's Claude Mythos Preview to develop a privilege escalation exploit targeting macOS kernel memory corruption on M5 silicon. This demonstrates how advanced AI systems can accelerate the discovery of vulnerabilities and attack paths, prompting a shift in how companies approach proactive security patching.
CNET testing found that Grok and ChatGPT can be manipulated to reveal private addresses and phone numbers, while Gemini and Claude generally refused such requests. This highlights a critical privacy gap where AI models surface PII from public records and user inputs, necessitating proactive data removal from third-party directories.
Cybersecurity researcher Benn Jordan discovered that Unitree robot dogs possess critical security vulnerabilities, including easy root access and the ability to bypass safety functions via ChatGPT. The investigation revealed that these robots secretly transmit heavily encrypted data to servers in China, raising significant national security concerns given their use by police and military agencies.
OpenAI has released a software update for its ChatGPT Mac app following a security breach affecting two employee devices via a compromised open-source library. The company reports that no user data or core systems were accessed, though limited credential material was exfiltrated.
OpenAI confirmed that two employees' devices were compromised following a supply-chain attack on the open source library TanStack. While some internal credentials and source code repositories were accessed, the company reports no evidence of user data breaches or compromise to production systems.
Security researcher Donncha Ó Cearbhaill investigated a large-scale phishing campaign targeting Signal users, which utilized an automated system called ApocalypseZ. The attack, linked to Russian government spies, aimed to compromise accounts through social engineering and likely spread via a snowball effect through shared group chats.
Cisco is reducing its workforce by approximately 4,000 employees to restructure costs and pivot investments toward AI and cybersecurity. This strategic shift occurs despite the company reporting strong fiscal third-quarter profits and record revenue.
An analysis of various AI chatbots reveals inconsistent handling of personally identifiable information, with some models leaking private phone numbers and addresses found in training data. While some bots maintain strict privacy guards, others risk exposing sensitive user data, highlighting a growing tension between AI capabilities and personal privacy.
The FCC has announced a ban on new foreign-made Wi-Fi routers to protect US critical infrastructure and cyberspace from cyberattacks. While existing devices remain functional, the order may impact future firmware updates and the availability of new models unless manufacturers secure specific exemptions.
The FCC has extended the deadline for foreign-made routers to receive software and firmware updates until January 1, 2029, easing concerns over hardware obsolescence. This move follows a sweeping ban on foreign-made routers intended to mitigate cybersecurity risks, though some companies have already received full exemptions.
