Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

US
Cyber Attacks Data Internet Iran Israel US

Threat Actors Hit Iranian Sites and Apps After the US-Israel Strike


A series of cyber attacks happened last week during the U.S- Israel attack on targets throughout Iran. 

The cyberattacks included hijacking the various news sites to show messages and also hacking BadeSaba, a religious calendar application over 5 million downloads, which showed messages warning users “It’s time for reckoning” and telling armed forces to give up and quit. 

The U.S Cyber Command spokesperson didn't comment on the issue. 

Internet connectivity in Iran has dropped significantly at 0706 GMT, with minimum connectivity remaining, according to Kentik’s director of internet analysis. It was a smart move to launch a cyberattack on BadeSaba as pro-government people use it and are more religious, said Hamid Kashfi, a security expert and founder of DarkCell, a cybersecurity firm. 

Cyberattacks also hit various Iranian military targets and government services to restrict a coordinated Iranian response, according to the Jerusalem Post. Reuters hasn't verified the claims yet. Sophos director of threat intelligence said that “As Iran considers its options, ‌the likelihood increases that proxy groups and hacktivists may take action, including cyberattacks, against Israeli and U.S.-affiliated military, commercial, or civilian targets,” said Rafe Pilling, the director of threat intelligence with cybersecurity firm.”

These cyber operations may include old data breaches reported as new, vain efforts to breach interne-exposed industrial systems, and may also redirect offensive cyber operations. 

Cynthia Kaiser, a senior vice president at the anti-ransomware company Halcyon and a former top FBI cyber official, stated that activity has escalated in the Middle East. 

According to Kaiser, the company has also received calls to action from well-known pro-Iranian cyber personalities who have previously carried out ransomware attacks, hack-and-leak operations, and distributed denial-of-service (DDoS) attacks, which overload internet services and make them unavailable. He stated, "CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks.”

Experts also believe that state-sponsored Iranian hacking gangs already launched “wiper “ attacks that remove data on Israeli targets before the strikes. 

Apart from a brief disruption of services in Tirana, the capital of Albania, there was little indication of the disruptive cyberattacks frequently mentioned during discussions about Iran's digital capabilities in June following the U.S. strike on Iranian nuclear targets, according to media sources.

Read more »
US Government
Anthropic Artificial Intelligence ChatGPT. OpenAI Technology US Government

U.S. Blacklists Anthropic as Supply Chain Risk as OpenAI Secures Pentagon AI Deal

 

The Trump administration has designated AI startup Anthropic as a supply chain risk to national security, ordering federal agencies to immediately stop using its AI model Claude. 

The classification has historically been applied to foreign companies and marks a rare move against a U.S. technology firm. 

President Donald Trump announced that agencies must cease use of Anthropic’s technology, allowing a six month phase out for departments heavily reliant on its systems, including the Department of War. 

Defense Secretary Pete Hegseth later formalized the designation and said no contractor, supplier or partner doing business with the U.S. military may conduct commercial activity with Anthropic. 

At the center of the dispute is Anthropic’s refusal to grant the Pentagon unrestricted access to Claude for what officials described as lawful purposes. 

Chief executive Dario Amodei sought two exceptions covering mass domestic surveillance and the development of fully autonomous weapons. 

He argued that current AI systems are not reliable enough for autonomous weapons deployment and warned that mass surveillance could violate Americans’ civil rights. 

Anthropic has said a proposed compromise contract contained loopholes that could allow those safeguards to be bypassed. 

The company had been operating under a 200 million dollar Department of War contract since June 2024 and was the first AI firm to deploy models on classified government networks. 

After negotiations broke down, the Pentagon issued an ultimatum that Anthropic declined, leading to the blacklist. 

The company plans to challenge the designation in court, arguing it may exceed the authority granted under federal law. 

While the restriction applies directly to Defense Department related work, legal analysts say the move could create broader uncertainty across the technology sector. 

Anthropic relies on cloud infrastructure from Amazon, Microsoft and Google, all of which maintain major defense contracts. 

A strict interpretation of the order could complicate those relationships. 

President Trump has warned of serious civil and criminal consequences if Anthropic does not cooperate during the transition. 

Even as Anthropic faces federal restrictions, OpenAI has moved ahead with its own classified agreement with the Pentagon. 

The company said Saturday that it had finalized a deal to deploy advanced AI systems within classified environments under a framework it describes as more restrictive than previous contracts. 

In its official blog post, OpenAI said, "Yesterday we reached an agreement with the Pentagon for deploying advanced AI systems in classified environments, which we requested they also make available to all AI companies." It added, "We think our agreement has more guardrails than any previous agreement for classified AI deployments, including Anthropic’s." 

OpenAI outlined three red lines that prohibit the use of its technology for mass domestic surveillance, for directing autonomous weapons systems and for high stakes automated decision making. 

The company said deployment will be cloud only and that it will retain control over its safety systems, with cleared engineers and researchers involved in oversight. 

"We retain full discretion over our safety stack, we deploy via cloud, cleared OpenAI personnel are in the loop, and we have strong contractual protections," the company wrote. 

The contract references existing U.S. laws governing surveillance and military use of AI, including requirements for human oversight in certain weapons systems and restrictions on monitoring Americans’ private information. 

OpenAI said it would not provide models without safety guardrails and could terminate the agreement if terms are violated, though it added that it does not expect that to happen. 

Despite its dispute with Washington, Anthropic appears to be gaining traction among consumers. 

Claude recently climbed to the top position in Apple’s U.S. App Store free rankings, overtaking OpenAI’s ChatGPT. 

Data from SensorTower shows the app was outside the top 100 at the end of January but steadily rose through February. 

A company spokesperson said daily signups have reached record levels this week, free users have increased more than 60 percent since January and paid subscriptions have more than doubled this year.
Read more »
Malware Attack
AI Agent AI agent data theft Cyber Security Data Theft Infostealer Infostealer Malware Malware Attack

Infostealer Malware Targets OpenClaw AI Agent Files to Steal API Keys and Authentication Tokens

 

Now appearing in threat reports, OpenClaw — a local AI assistant that runs directly on personal devices — has rapidly gained popularity. Because it operates on users’ machines, attackers are shifting focus to its configuration files. Recent malware infections have been caught stealing setup data containing API keys, login tokens, and other sensitive credentials, exposing private access points that were meant to remain local. 

Previously known as ClawdBot or MoltBot, OpenClaw functions as a persistent assistant that reads local files, logs into email and messaging apps, and interacts with web services. Since it stores memory and configuration details on the device itself, compromising it can expose deeply personal and professional data. As adoption grows across home and workplace environments, saved credentials are becoming attractive targets. 

Cybersecurity firm Hudson Rock identified what it believes is the first confirmed case of infostealer malware extracting OpenClaw configuration data. The incident marks a shift in tactics: instead of stealing only browser passwords, attackers are now targeting AI assistant environments that store powerful authentication tokens. According to co-founder and CTO Alon Gal, the infection likely involved a Vidar infostealer variant, with stolen data traced to February 13, 2026. 

Researchers say the malware did not specifically target OpenClaw. Instead, it scanned infected systems broadly for files containing keywords like “token” or “private key.” Because OpenClaw stores data in a hidden folder with those identifiers, its files were automatically captured. Among the compromised files, openclaw.json contained a masked email, workspace path, and a high-entropy gateway authentication token that could enable unauthorized access or API impersonation. 

The device.json file stored public and private encryption keys used for pairing and signing, meaning attackers with the private key could mimic the victim’s device and bypass security checks. Additional files such as soul.md, AGENTS.md, and MEMORY.md outlined the agent’s behavior and stored contextual data including logs, messages, and calendar entries. Hudson Rock concluded that the combination of stolen tokens, keys, and memory data could potentially allow near-total digital identity compromise.

Experts expect infostealers to increasingly target AI systems as they become embedded in professional workflows. Separately, Tenable disclosed a critical flaw in Nanobot, an AI assistant inspired by OpenClaw. The vulnerability, tracked as CVE-2026-2577, allowed remote hijacking of exposed instances but was patched in version 0.13.post7. 

Security professionals warn that as AI tools gain deeper access to personal and corporate systems, protecting configuration files is now as critical as safeguarding passwords. Hidden setup files can carry risks equal to — or greater than — stolen login credentials.
Read more »
IT Rules
3-hour Takedown AI Content Cyber Security Indian Influencers Deepfake IT Rules

Influencers Alarmed as New AI Rules Enforce Three-Hour Takedowns

 

India’s new three-hour takedown rule for online content has triggered unease among influencers, agencies, and brands, who fear it could disrupt campaigns and shrink creative freedom.

The rule, introduced through amendments to the IT Intermediary Rules on February 11, slashes the takedown window from 36 hours to just three, with the stated goal of curbing unlawful and AI-generated deepfake content. Creators argue that while tackling deepfakes and harmful material is essential, such a compressed deadline leaves almost no room to contest wrongful flags or provide context, especially when automated moderation tools make mistakes. They warn that legitimate posts could be penalised simply because systems misread nuance, humour, or sensitive but educational topics.

Influencer Ekta Makhijani described the deadline as “incredibly tight,” noting that if a brand campaign video is misflagged, an entire launch window could be lost in hours rather than days. She highlighted how parenting content around breastfeeding or toddler behaviour has previously been misinterpreted by moderation tools, and said the shorter window magnifies the risk of such false positives. Apparel brand founder Akanksha Kommirelly added that small creators lack round-the-clock legal and compliance teams, making it unrealistic for them to respond to takedown notices at all times.

Experts also worry about a chilling effect on speech, especially satire, political commentary, and advocacy. With platforms facing tighter liability, agencies fear an “act first, verify later” culture in which companies remove anything remotely borderline to stay safe. Raj Mishra of Chtrbox warned that, in practice, the incentive becomes to take down flagged content immediately, which could hit investigative work or edgy creative pieces hardest. India’s linguistic diversity further complicates moderation, as systems trained mainly on English may misinterpret regional content.A

longside takedowns, mandatory AI labelling is reshaping creator workflows and brand strategies. Kommirelly noted that prominent AI tags on visual campaigns may weaken brand recall, while Mishra cautioned that platforms could quietly de-prioritise AI-labelled content in algorithms, reducing reach regardless of audience acceptance. This dual pressure—strict timelines and AI disclosure—forces creators to rethink how they script, edit, and publish content.

Agencies like Kofluence and Chtrbox are responding by building compliance support systems for the creator economy. These include AI content guides, pre-upload checks, documentation protocols, legal support networks, and even insurance options to cover campaign disruptions. While most stakeholders accept that tougher rules are needed against deepfakes and abuse, they are urging the government to differentiate emergency takedowns for clearly illegal content from more contested speech so that speed does not entirely override fairness.
Read more »
Technology
AI Governance Framework Artificial Intelligence In Warfare Classified Military Operations Cybersecurity Policy Dual Use Technology Risks Technology

US Employs Anthropic’s Claude AI in High-Profile Venezuela Raid


 

Using a commercially developed artificial intelligence system in a classified US military operation represents a significant technological shift in the design of modern defence strategy. It appears that what was once confined to research laboratories and enterprise software environments has now become integral to high-profile operational planning, signalling the convergence of Silicon Valley innovation with national security doctrines has reached a new stage.

Nicolás Maduro's capture was allegedly assisted by advanced AI tools. This prompted increased scrutiny of how emerging technologies were utilized in conflict scenarios and prompted broader questions regarding accountability, oversight, and the evolving line between corporate governance frameworks and military necessities, in addition to intensifying scrutiny. 

It was striking to see the US military’s recent operation to seize former Venezuelan President Nicolás Maduro at the intersection of cutting-edge technology and modern warfare. In addition to demonstrating the effectiveness of traditional force, the operation also demonstrated that artificial intelligence is becoming increasingly important in high stakes conflict situations. 

Recent operations by the US military to capture former Venezuelan President Nicolás Maduro represent a striking intersection of cutting-edge technology and modern warfare, and are not just a testament to traditional force; they also demonstrate the growing importance of artificial intelligence in high-stakes conflict situations. 

A number of reports citing The Wall Street Journal indicated that Anthropic's Claude AI model was deployed in the operation that led to the capture of Nicolás Maduro. This indicates that advanced artificial intelligence is becoming a significant part of US defence infrastructure, while also highlighting the complex intersection between corporate AI security measures and military requirements. 

A collaborative effort between Palantir Technologies and Claude enables high-level data synthesis, analysis modeling, and operational support through a secure collaboration. The report describes Claude as the first commercially developed artificial intelligence system to be utilized in a classified environment. 

As Anthropic's published usage policies expressly prohibit applications related to violence, weapon development, or surveillance, its reported involvement is significant. However, according to reports, the model was leveraged by defence officials to assist in key planning phases and intelligence coordination surrounding the mission that culminated in Maduro's arrest and transfer to New York to face federal charges. 

It highlights both the operational utility of AI-enabled analytical systems and the legal and ethical challenges associated with deploying commercial technologies in sensitive national security settings. In addition, reports indicate that Claude's capabilities may have been employed for processing complex intelligence datasets, supporting real-time decision workflows, and synthesizing multilingual information streams within compressed operational timeframes; however, specific implementation details remain confidential.

Following the raid, involving coordinated military action in Caracas and the detention of former Venezuelan leader, the debate about the scope and limitations of artificial intelligence within the U.S. Several leading artificial intelligence developers, including Anthropic and OpenAI, have been encouraged to make their models available on classified networks with less operational restrictions than those imposed in civilian environments, according to reports. 

As part of its strategic objectives, the Pentagon seeks to integrate advanced artificial intelligence into intelligence analysis, mission planning, and multi-domain operational coordination. Claude's availability within classified environments facilitated by third-party infrastructure partnerships has become a source of institutional tension, in particular because Anthropic's internal safeguards prohibit the model from being used for violent or surveillance-related tasks. 

The Department of Defense has argued that AI systems must be able to support "all lawful purposes" in order to be available for future operational readiness, including rapid, AI-assisted intelligence fusion across contested domains. This position is considered essential for future operational readiness. 

Because of the company's hesitation to erode certain safeguards, senior defence leadership, including Pete Hegseth, has indicated that authorities such as the Defense Production Act or supply chain risk assessments may be considered when evaluating future contractual relations.

As the technological convergence accelerates, it becomes increasingly challenging for governments and AI developers to reconcile national security imperatives and corporate governance obligations. There is a broader question at the center of this ethical and strategic challenge regarding how advanced artificial intelligence tools should be governed in national security contexts, a discussion which extends beyond single missions and extends to the future architecture of defence technology as well as safeguards placed on autonomous and semi-automated systems. 

In a time when defence institutions are deeply integrating artificial intelligence into operational command structures, this episode underscores a pivotal point in the governance of dual-use technologies. When commercial AI innovation is combined with classified military deployment, robust contractual clarity is necessary, as are enforceable oversight mechanisms, independent review systems and standardized compliance frameworks integrated into both software and procurement processes. 

The strategic planning, operational effectiveness, legal safeguards, and ethical restraint of regulatory architecture must now be harmonised in a manner that maintains operational effectiveness while maintaining accountability, legal safeguards, and ethical constraints. 

Advancement in artificial intelligence systems risks outpacing the supervision mechanisms designed to ensure their safety if such calibrated governance is not in place. As a result of the standards developed in response to this occasion, the national defence doctrines of the future will be significantly influenced, as will global norms governing artificial intelligence in conflict environments for years to come.

The strategic and ethical challenge entails a wider question regarding how advanced artificial intelligence tools should be governed when deployed for national security purposes, which encompasses the future architecture of defence technology as well as safeguards placed around semi-autonomous and autonomous systems. 

In a time when defence institutions are deeply integrating artificial intelligence into operational command structures, this episode underscores a pivotal point in the governance of dual-use technologies. When commercial AI innovation is combined with classified military deployment, robust contractual clarity is necessary, as are enforceable oversight mechanisms, independent review systems and standardized compliance frameworks integrated into both software and procurement processes. 

The strategic planning, operational effectiveness, legal safeguards, and ethical restraint of regulatory architecture must now be harmonised in a manner that maintains operational effectiveness while maintaining accountability, legal safeguards, and ethical constraints.

Advancement in artificial intelligence systems risks outpacing the supervision mechanisms designed to ensure their safety if such calibrated governance is not in place. As a result of the standards developed in response to this occasion, the national defence doctrines of the future will be significantly influenced, as will global norms governing artificial intelligence in conflict environments for years to come.
Read more »
Cybersecurity
Blockchain Botnet Cyber risks Cyber Security Cybersecurity

Botnet Moves to Blockchain, Evades Traditional Takedowns

 

A newly identified botnet loader is challenging long standing methods used to dismantle cybercrime infrastructure. Security researchers have uncovered a tool known as Aeternum C2 that stores its command instructions on the Polygon blockchain rather than on traditional servers or domains. 

For years, investigators have disrupted major botnets by seizing command and control servers or suspending malicious domains. Operations targeting networks such as Emotet, TrickBot, and QakBot relied heavily on this approach. 

Aeternum C2 appears designed to bypass that model entirely by embedding instructions inside smart contracts on Polygon, a public blockchain replicated across thousands of nodes worldwide. 

According to researchers at Qrator Labs, the loader is written in native C++ and distributed in both 32 bit and 64 bit builds. Instead of connecting to a centralized server, infected systems retrieve commands by reading transactions recorded on the blockchain through public remote procedure call endpoints. 

The seller claims that bots receive updates within two to three minutes of publication, offering relatively fast synchronization without peer to peer infrastructure. The malware is marketed on underground forums either as a lifetime licensed build or as full source code with ongoing updates. Operating costs are minimal. 

Researchers observed that a small amount of MATIC, the Polygon network token, is sufficient to process a significant number of command transactions. With no need to rent servers or register domains, operators face fewer operational hurdles. 

Investigators also found that Aeternum includes anti virtual machine checks intended to avoid execution in sandboxed analysis environments. A bundled scanning feature reportedly measures detection rates across multiple antivirus engines, helping operators test payloads before deployment. 

Because commands are stored on chain, they cannot be altered or removed without access to the controlling wallet. Even if infected devices are cleaned, the underlying smart contracts remain active, allowing operators to resume activity without rebuilding infrastructure. 

Researchers warn that this model could complicate takedown efforts and enable persistent campaigns involving distributed denial of service attacks, credential theft, and other abuse. 

As infrastructure seizures become less effective, defenders may need to focus more heavily on endpoint monitoring, behavioral detection, and careful oversight of outbound connections to blockchain related services.
Read more »
Ledger
Crypto Wallet Crypto Wallet Theft cryptocurrency Cryptocurrency threats Cyber Phishing Cyber Security Ledger

Trezor and Ledger Impersonated in Physical QR Code Phishing Scam Targeting Crypto Wallet Users

 

Nowadays criminals push fake crypto warnings through paper mail, copying real product packaging from firms like Trezor and Ledger. These printed notes arrive at homes without digital traces, making them feel more trustworthy than email scams. Instead of online messages, fraudsters now use stamps and envelopes to mimic official communication. Because it comes in an envelope, people may believe the request is genuine. Through these letters, attackers aim to steal secret backup codes used to restore wallets. Physical delivery gives the illusion of authenticity, even though the goal remains theft. The method shifts away from screens but keeps the same deceitful intent. 

Pretending to come from company security units, these fake messages tell recipients they need to finish an urgent "Verification Step" or risk being locked out of their wallets. A countdown appears on screen, pushing people to act fast - slowing down feels risky when time runs short. Opening the link means scanning a barcode first, then moving through steps laid out by the site. Pressure builds because delays supposedly lead to immediate consequences. Following directions seems logical under such conditions, especially if trust in the sender feels justified. 

A single message pretending to come from Trezor told users about an upcoming Authentication Check required before February 15, 2026, otherwise access to Trezor Suite could be interrupted. In much the same way, another forged notice aimed at Ledger customers claimed a Transaction Check would turn mandatory, with reduced features expected after October 15, 2025, unless acted upon. Each of these deceptive messages leads people to fake sites designed to look nearly identical to real setup portals. BleepingComputer’s coverage shows the QR codes redirect to websites mimicking real company systems. 

Instead of clear guidance, these fake sites display alerts - claiming accounts may be limited, transactions could fail, or upgrades might stall without immediate action. One warning follows another, each more urgent than the last, pulling users deeper into the trap. Gradually, they reach a point where entering their crypto wallet recovery words seems like the only option left. Fake websites prompt people to type in their 12-, 20-, or 24-word recovery codes, claiming it's needed to confirm device control and turn on protection. 

Though entered privately, those words get sent straight to servers run by criminals. Because these attackers now hold the key, they rebuild the digital wallet elsewhere without delay. Money vanishes quickly after replication occurs. Fewer scammers send fake crypto offers by post, even though email tricks happen daily. Still, real-world fraud attempts using paper mail have appeared before. 

At times, crooks shipped altered hardware wallets meant to steal recovery words at first use. This latest effort shows hackers still test physical channels, especially if past leaks handed them home addresses. Even after past leaks at both Trezor and Ledger revealed user emails, there's no proof those events triggered this specific attack. However the hackers found their targets, one truth holds - your recovery phrase stays private, always. 

Though prior lapses raised alarms, they didn’t require sharing keys; just like now, safety lives in secrecy. Because access begins where trust ends, never hand over seed words. Even when pressure builds, silence protects better than any tool. Imagine a single line of words holding total power over digital money - this is what a recovery phrase does. Ownership shifts completely when someone else learns your seed phrase; control follows instantly. Companies making secure crypto devices do not ask customers to type these codes online or send them through messages. 

Scanning it, emailing it, even mailing it physically - none of this ever happens if the provider is real. Trust vanishes fast when any official brand demands such sharing. Never type a recovery phrase anywhere except the hardware wallet during setup. When messages arrive with urgent requests, skip the QR scans entirely. Official sites hold the real answers - check there first. A single mistake could expose everything. Trust only what you confirm yourself.  

A shift in cyber threats emerges as fake letters appear alongside rising crypto use. Not just online messages now - paper mail becomes a tool for stealing digital assets. The method adapts, reaching inboxes on paper before screens. Physical envelopes carry hidden risks once limited to spam folders. Fraud finds new paths when trust in printed words remains high.
Read more »
JavaScript
API Keys Cyber Attacks Gemini CyberCrime Data Exposure Google Cloud JavaScript

Publicly Exposed Google Cloud API Keys Gain Unintended Access to Gemini Services

 










A recent security analysis has revealed that thousands of Google Cloud API keys available on the public internet could be misused to interact with Google’s Gemini artificial intelligence platform, creating both data exposure and financial risks.

Google Cloud API keys, often recognizable by the prefix “AIza,” are typically used to connect websites and applications to Google services and to track usage for billing. They are not meant to function as high-level authentication credentials. However, researchers from Truffle Security discovered that these keys can be leveraged to access Gemini-related endpoints once the Generative Language API is enabled within a Google Cloud project.

During their investigation, the firm identified nearly 3,000 active API keys embedded directly in publicly accessible client-side code, including JavaScript used to power website features such as maps and other Google integrations. According to security researcher Joe Leon, possession of a valid key may allow an attacker to retrieve stored files, read cached content, and generate large volumes of AI-driven requests that would be billed to the project owner. He further noted that these keys can now authenticate to Gemini services, even though they were not originally designed for that purpose.

The root of the problem lies in how permissions are applied when the Gemini API is activated. If a project owner enables the Generative Language API, all existing API keys tied to that project may automatically inherit access to Gemini endpoints. This includes keys that were previously embedded in publicly visible website code. Critically, there is no automatic alert notifying users that older keys have gained expanded capabilities.

As a result, attackers who routinely scan websites for exposed credentials could capture these keys and use them to access endpoints such as file storage or cached content interfaces. They could also submit repeated Gemini API requests, potentially generating substantial usage charges for victims through quota abuse.

The researchers also observed that when developers create a new API key within Google Cloud, the default configuration is set to “Unrestricted.” This means the key can interact with every enabled API within the same project, including Gemini, unless specific limitations are manually applied. In total, Truffle Security reported identifying 2,863 active keys accessible online, including one associated with a Google-related website.

Separately, Quokka published findings from a large-scale scan of 250,000 Android applications, uncovering more than 35,000 unique Google API keys embedded in mobile software. The company warned that beyond financial abuse through automated AI requests, organizations must consider broader implications. AI-enabled endpoints can interact with prompts, generated outputs, and integrated cloud services in ways that amplify the consequences of a compromised key.

Even in cases where direct customer records are not exposed, the combination of AI inference access, consumption of service quotas, and potential connectivity to other Google Cloud resources creates a substantially different risk profile than developers may have anticipated when treating API keys as simple billing identifiers.

Although the behavior was initially described as functioning as designed, Google later confirmed it had collaborated with researchers to mitigate the issue. A company spokesperson stated that measures have been implemented to detect and block leaked API keys attempting to access Gemini services. There is currently no confirmed evidence that the weakness has been exploited at scale. However, a recent online post described an incident in which a reportedly stolen API key generated over $82,000 in charges within a two-day period, compared to the account’s typical monthly expenditure of approximately $180.

The situation remains under review, and further updates are expected if additional details surface.

Security experts recommend that Google Cloud users audit their projects to determine whether AI-related APIs are enabled. If such services are active and associated API keys are publicly accessible through website code or open repositories, those keys should be rotated immediately. Researchers advise prioritizing older keys, as they are more likely to have been deployed publicly under earlier guidance suggesting limited risk.

Industry analysts emphasize that API security must be continuous. Changes in how APIs operate or what data they can access may not constitute traditional software vulnerabilities, yet they can materially increase exposure. As artificial intelligence becomes more tightly integrated with cloud services, organizations must move beyond periodic testing and instead monitor behavior, detect anomalies, and actively block suspicious activity to reduce evolving risk.

Read more »
reverse DNS exploitation
CNAME hijacking Cyber Fraud DNS infrastructure attack Infoblox Threat Intel IPv6 tunnel phishing reverse DNS exploitation

Phishing Campaign Abuses .arpa Domain and IPv6 Tunnels to Evade Enterprise Security Defenses

 

Cybersecurity experts at Infoblox Threat Intel have identified a sophisticated phishing operation that manipulates core internet infrastructure to slip past enterprise security mechanisms.

The campaign introduces an unusual evasion strategy: attackers are exploiting the .arpa top-level domain (TLD) while leveraging IPv6 tunnel services to host phishing pages. This method allows malicious actors to sidestep traditional domain reputation systems, posing a growing challenge for security teams.

Unlike public-facing domains such as .com or .net, the .arpa TLD is reserved strictly for internal internet functions. It primarily supports reverse DNS lookups, translating IP addresses into domain names, and was never intended to serve public web content.

Researchers found that attackers are capitalizing on weaknesses within DNS record management systems. By using free IPv6 tunnel providers, threat actors obtain control over certain IPv6 address ranges. Rather than configuring reverse DNS pointer (PTR) records as expected, they create standard A records under .arpa subdomains. This results in fully qualified domain names that appear to be legitimate infrastructure addresses—entities that security tools generally consider trustworthy and therefore seldom inspect closely.

Attack Chain and CNAME Hijacking

According to Infoblox, the campaign often starts with malspam emails impersonating well-known consumer brands. The emails feature a single clickable image that either advertises a prize or warns about a disrupted subscription.

Once clicked, victims are routed through a sophisticated Traffic Distribution System (TDS). The TDS analyzes the incoming traffic, specifically filtering for mobile users on residential IP networks, before ultimately delivering the malicious content.

In addition to abusing the .arpa namespace, the attackers are also exploiting dangling CNAME records. They have taken control of outdated subdomains belonging to respected government bodies, media outlets, and academic institutions. By registering expired domains that abandoned CNAME records still reference, they effectively inherit the reputation of trusted organizations, allowing malicious traffic to blend in seamlessly.

Dr. Renée Burton, Vice President at Infoblox Threat Intel, emphasized the severity of this tactic, noting that "weaponizing the .arpa namespace effectively turns the core of the internet into a phishing delivery mechanism."

Because reverse DNS domains inherently carry a clean reputation and lack conventional registration details, security systems that depend on URL analysis and blocklists often fail to identify the threat.

Experts recommend that organizations begin viewing foundational DNS infrastructure as a potential attack surface. Proactive monitoring, particularly for unusual record creation within the .arpa namespace, along with specialized filtering controls, will be critical to defending against this evolving threat.
Read more »
White-Collar Jobs
AI Microsoft Technology White-Collar Jobs

Microsoft AI Chief: 18 Months to Automate White-Collar Jobs

 

Mustafa Suleyman, CEO of Microsoft AI, has issued a stark warning about the future of white-collar work. In a recent Financial Times interview, he predicted that AI will achieve human-level performance on most professional tasks within 18 months, automating jobs involving computer-based work like accounting, legal analysis, marketing, and project management. This timeline echoes concerns from AI leaders, comparing the shift to the pre-pandemic moment in early 2020 but far more disruptive. Suleyman attributes this to exponential growth in computational power, enabling AI to outperform humans in coding and beyond.

Suleyman's forecast revives 2025 predictions from tech executives. Anthropic's Dario Amodei warned AI could eliminate half of entry-level white-collar jobs, while Ford's Jim Farley foresaw a 50% cut in U.S. white-collar roles. Elon Musk recently suggested artificial general intelligence—AI surpassing human intelligence—could arrive this year. These alarms contrast with CEO silence earlier, likened by The Atlantic to ignoring a shark fin in the water. The drumbeat of disruption is growing louder amid rapid AI advances.

Current AI impact on offices remains limited despite hype. A 2025 Thomson Reuters report shows lawyers and accountants using AI for tasks like document review, yielding only marginal productivity gains without mass displacement. Some studies even indicate setbacks: a METR analysis found AI slowed software developers by 20%. Economic benefits are mostly in Big Tech, with profit margins up over 20% in Q4 2025, while broader indices like the Bloomberg 500 show no change.

Early job losses signal brewing changes. Challenger, Gray & Christmas reported 55,000 AI-related cuts in 2025, including Microsoft's 15,000 layoffs as CEO Satya Nadella pushed to "reimagine" for the AI era. Markets reacted sharply last week with a "SaaSpocalypse" selloff in software stocks after Anthropic and OpenAI launched agentic AI systems mimicking SaaS functions. Investors doubt AI will boost non-tech earnings, per Wall Street consensus.

Suleyman envisions customizable AI transforming every organization. He predicts users will design models like podcasts or blogs, tailored for any job, driving his push for Microsoft "superintelligence" and independent foundation models. As the "most important technology of our time," Suleyman aims to reduce reliance on partners like OpenAI. This could redefine the American Dream, once fueled by MBAs and law degrees, urging urgent preparation for AI's white-collar reckoning.
Read more »
Technology
AI ClawJacked OpenAI OpenClaw Technology

ClawJack Allows Malicous Sites to Control Local OpenClaw AI Agents


Peter Steinberger created OpenClaw, an AI tool that can be a personal assistant for developers. It immediately became famous and got 100,000 GitHub stars in a week. Even OpenAI founder Sam Altman was impressed, bringing Steinberger on board and calling him a “genius.” However, experts from Oasis Security said that the viral success had hidden threats.

OpenClaw addressed a high-severity security threat that could have been exploited to allow a malicious site to link with a locally running AI agent and take control. According to the Oasis Security report, “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented.” 

ClawJack scare

The threat was codenamed ClawJacked by the experts. CVE-2026-25253 could have become a severe vulnerability chain that would have allowed any site to hack a person’s AI agent. The vulnerability existed in the main gateway of the software. As OpenClaw is built to trust connections from the user’s system, it could have allowed hackers easy access. 

Assuming the threat model

On a developer's laptop, OpenClaw is installed and operational. Its gateway, a local WebSocket server, is password-protected and connected to localhost. When the developer visits a website that is controlled by the attacker via social engineering or another method, the attack begins. According to the Oasis Report, “Any website you visit can open one to your localhost. Unlike regular HTTP requests, the browser doesn't block these cross-origin connections. So while you're browsing any website, JavaScript running on that page can silently open a connection to your local OpenClaw gateway. The user sees nothing.”

Stealthy Attack Tactic 

The research revealed a smart trick using WebSockets. Generally, your browser is active at preventing different websites from meddling with your local files. But WebSockets are an exception as they are built to stay “always-on” to send data simultaneously. 

The OpenClaw gateway assumed that the connection must be safe because it comes from the user's own computer (localhost). But it is dangerous because if a developer running OpenClaw mistakenly visits a malicious website, a hidden script installed in the webpage can connect via WebSocket and interact directly with the AI tool in the background. The user will be clueless.

Read more »
Privacy
Biometric Authentication Chain Of Trust Cybersecurity Risk Management Digital Identity Verification Facial Recognition Security Preserving AI Privacy

Face ID Security Risks and Privacy Concerns in 2026

 

Facial recognition has been a topic of fascination for much of the last century, with films projected onto cinema screens, dystopian novels and think-tank papers debating whether the technology will ever become reality. 

The technology was either portrayed as a miracle of precision or a quiet intrusion mechanism, but rarely as an ordinary device. The technology that once fell into the realm of speculative storytelling is now readily accessible by all of us. 

As passwords gradually recede, an era of inherence has begun: authentication based on traits that people inherit rather than on secrets people create. The new architecture does not rely on typed authentication; it is based on scans. 

Biometric authentication has quickly established itself as the standard of digital security in today's society. There is no doubt that convenience and sophistication seem to be linked, but underneath the seamless surface is a more complex reality: not all biometrics have the same level of efficiency or resilience under scrutiny. One glance can open a smartphone. 

A fingerprint authorization can authorize a payment. A long-term trustworthiness, spoof resistance, and reliability difference can be obscured by frictionless access. It is clear that two dominant modalities, fingerprint scanning and facial recognition, are undergoing a quiet rivalry at the heart of this evolution. 

Historically, fingerprints have been associated with identity verification due to their speed and familiarity. Nevertheless, facial recognition has the potential to offer a more expansive proposition: establishing a chain of trust that extends beyond a single point of contact, thereby providing continuous assurances of identity.

Security architects and risk professionals hold this distinction in high regard. Before evaluating their respective strengths and limitations, it is essential that we understand the basic premise on which both technologies operate in order to understand their strengths and limitations. An identity is verified through measurable, distinctive physical or behavioral characteristics, which are categorized as “something you are”.

A biometric system cannot be forgotten in a moment of haste or left on a desk in contrast to passwords ("something you know") or tokens and devices ("something you possess"). A common form of biometrics includes facial recognition, fingerprint scanning, voice recognition, and behavioral biometrics such as typing cadences or gesture patterns, which are intrinsically tied to the individual. However, industry attention has increasingly turned to facial and fingerprint recognition even though each method offers utility in certain contexts. 

As synthetic audio advances, voice recognition is facing increasing spoofing threats as environmental and contextual variability increases. Digital identity strategies are being refined as organizations examine which modemity will be most effective in coping with the evolving landscape of risk, rather than whether biometrics will define access. As a result, the comparison between fingerprint scanning and facial recognition is less about novelty and more about durability, assurance, and trust architecture in an increasingly digital age.

Passkey architectures, which are increasingly being adopted across consumer and enterprise platforms as a result of biometric data, which consists of identifiers such as facial geometry, fingerprint patterns and so forth. 

Passkeys can be generated and stored on a secure device, protected by either a biometric element or a device-bound passcode, and used as an authentication method for sensitive online accounts without transmitting reusable credentials. However, it is important to examine the mechanism that protects the passkey more closely because it may provide a remedy for password fatigue and phishing exposure. 

It is important to remember that an account's security posture is ultimately determined by the strength and recoverability of the biometric anchor that unlocks it. However, adoption decisions are rarely influenced solely by threat modeling. When the global pandemic occurred, many users disabled facial scanning purely for practical reasons: masks and eyewear impaired usability, making passcodes a more reliable substitute.

In daily life, convenience is more important than surveillance anxiety as it determines which authentication factor prevails. However, usability tradeoffs must not obscure an important variable risk exposure. Security controls must be proportional to the sensitivity of data at stake and the adversaries realistically encountered. 

The calculus shifts for individuals operating in high surveillance or high adversarial environments journalists, political figures, activists, immigrants, or executives handling strategic information. Certain jurisdictions differentiate between knowledge-based secrets and biometric traits; authorities may have greater authority to force biometric unlocking as compared to the disclosure of a memorized password in such circumstances. It is possible to offer technical resilience as well as procedural protection in such situations by reverting to a strong alphanumeric code. 

The new mobile operating systems provide additional security measures such as rapid lockdown modes and remote data erasure, confirming that identity protection extends well beyond authentication. Consequently, this leads to an architectural question: how well does each biometric technology preserve the integrity of the “chain of trust” as defined by security professionals? Onboarding is typically accompanied by a Know Your Customer (KYC) process in regulated industries, particularly financial services. 

Applicants scan their government-issued identification documents passports or driver's licenses then take a selfie. Based on liveness detection and facial matching algorithms, the selfie is compared with the document portrait to establish a verified identity. It is this linkage that serves as the foundation for future authentications. However, when fingerprint recognition is introduced as a primary factor of high-value transactions, that linkage can weaken.

It is possible to verify continuity of a device user by presenting the fingerprint months later, but it cannot be directly reconciled with the original photo ID recorded when the device was first enroled. In technical terms, the biometric template verifies presence rather than provenance. However, the cryptographic continuity with the original identity artifact that served as the source of truth is lost.

By contrast, facial recognition allows this continuity to remain intact. In addition to comparing a new facial scan to a locally stored template, it is also possible to compare it to the original enrollment picture or document portrait, where architecture permits. Therefore, the authentication event uses the same biometric domain as the identity verification process.

For organizations seeking auditability and defensible assurance in cases of fraud investigation or account takeover attempts, it is crucial that this mathematically consistent linkage be maintained. However, fingerprints do not become obsolete, as they remain an efficient method of performing low-risk, high-frequency interactions, such as unlocking personal devices. 

 In cases where the objective goes beyond convenience to verifying identity assurance for the lifetime of an account, facial biometrics offer structural advantages. While state-issued photo identification remains the primary means of establishing civil identity, human faces remain uniquely aligned with digital identification systems as long as such documentation is issued. 

Account takeover attacks are becoming increasingly sophisticated, and user expectations continue to be high. Organizations must balance frictionless access with evidentiary integrity in this environment. The choice between fingerprint and facial recognition is therefore not simply a matter of speed, but also whether the authentication framework is capable of sustaining a chain of trust from initial verification to final transaction.

In general, technological adoption follows a familiar pattern. Cloud computing has evolved from a perceived burden to an indispensable solution Multi-factor authentication has become a standard security policy after once being viewed as burdensome. Artificial intelligence is also moving from experimental deployment to operational deployment in a similar fashion. 

A similar trajectory appears to be being followed by facial recognition, which is moving away from being regarded as a standalone innovation, and becoming increasingly integrated as part of a broader digital ecosystem as a foundational layer of security and efficiency. 

Market indicators reinforce this trend. Face recognition is predicted to grow by more than $30 billion by 2034, growing at a compound annual growth rate of double-digits, indicating investor confidence and institutional appetite, but market expansion cannot be confused with technological maturity. 

In 2025, the global facial recognition market was estimated to be valued at approximately $8.83 billion. It is not just financial momentum that distinguishes this time, but also operational normalization that distinguishes this moment. 

Organizations are integrating facial recognition into routine workflows identity verification, fraud prevention, secure access control, and risk scoring more often as a silent enabler than a spotlight feature. An increasingly structured regulatory environment is driving this operational integration. 

Throughout the United Kingdom, the Information Commissioner is being more than willing to sanction improper biometric data practices in order to strengthen accountability obligations. Under the EU Artificial Intelligence Act, certain biometric identification systems are deemed high-risk, and transparency, documented risk assessments, and bias mitigation controls are mandated. 

Emerging legislation in the United States stresses informed consent, data minimization, algorithmic accountability, and cross-border compliance. As a result of these measures, organizations are increasingly designing facial recognition systems with governance mechanisms integrated from the very beginning rather than retrofitting them after public scrutiny. It is likely that the next development phase will include an expanded integration of Internet of Things ecosystems and connected urban infrastructure. 

In smart environments, such as transportation hubs, access-controlled facilities, and municipal services, real-time face recognition provides measurable efficiency and situational awareness benefits. The scalability of an automated system is dependent upon enforceable guardrails, including purpose limitation, strict data retention schedules, auditable decision logs, and independent oversight structures. 

As surveillance sensitivities remain acute, automated technologies must coexist with clear respect for civil liberties. AI methodologies that preserve privacy are simultaneously transitioning from an aspirational best practice to a regulatory requirement. Using synthetic data generation, federated learning architectures, and biometric processing on-device, models can be developed that reduce the dependency on centralized repositories while maintaining model performance.

Due to the tightening enforcement environment surrounding European data protection standards, these design principles are becoming increasingly decentralized and minimization-oriented. System architects are increasingly measured not only by detection accuracy, but also by demonstrably restrained data collection and retention. Multimodal and continuous authentication frameworks have also emerged as defining trends. 

The combination of facial recognition and behavioral analytics, device telemetry, and biometric indicators can assist organizations in reducing false acceptance rates and strengthening fraud defenses without adversely impacting legitimate users. This type of layered system provides stronger evidentiary support for compliance audits and risk management reviews in regulated industries such as financial services, healthcare, and public administration. 

Authentication events are reversing into contextually adaptive, adaptive identity assurance which persists throughout the lifecycle of a session. It is therefore expected that adoption will continue within healthcare, education, retail, and urban infrastructure, albeit with tighter governance and transparency requirements.

Consent mechanisms are becoming more refined Explainability standards are gaining in popularity Explainability standards are becoming increasingly prevalent. An ongoing operational obligation rather than a one-time validation exercise has developed into bias monitoring. AI-specific legislation increasingly requires documentation of impact assessments and executive accountability for deployment decisions in jurisdictions governed by the law. 

Together, these developments suggest that facial recognition is entering an institutionalization phase, rather than a phase of novelty. Not only will it undergo algorithmic refinement, but also compliance frameworks and privacy-centric engineering will shape its future. As with previous transformative technologies, the industry will need to reconcile commercial ambition with verifiable safeguards if it is to maintain the chain of trust under scrutiny from the public, the government, and the authorities.

When evaluating biometric strategies in 2026, decision-makers should not consider wholesale adoption or reflexive rejection, but rather calibrated implementation. Identifying identity continuity, withstanding regulatory scrutiny, and aligning with clearly defined risk thresholds should be the criteria for deploying face recognition technology. 

A robust vendor assessment, bias and performance testing across demographic groups, explicit consent frameworks, and auditable data governance policies embedded within the architecture are required to accomplish this. To maintain operational resilience under legal or technical pressure, organizations need to maintain layers of fallback mechanisms, including strong passphrases, hardware-bound credentials, and rapid lockdown capabilities. 

Face recognition's sustainability will ultimately depend less on its accuracy metrics and more on institutional discipline. It will require transparency in oversight, proportionate use, and a defensible balance between security assurance and civil protections.
Read more »
Passwords
Crypto Cyber Security Cybersecurity GitHub Linux Passwords

Fake Go Crypto Package Caught Stealing Passwords and Spreading Linux Backdoor

 



Cybersecurity investigators have revealed a rogue Go module engineered to capture passwords, establish long-term SSH access, and deploy a Linux backdoor known as Rekoobe.

The package, published as github[.]com/xinfeisoft/crypto, imitates the legitimate Go cryptography repository widely imported by developers. Instead of delivering standard encryption utilities, the altered version embeds hidden instructions that intercept sensitive input entered in terminal password prompts. The stolen credentials are transmitted to a remote server, which then responds by delivering a shell script that the compromised system executes.

Researchers at Socket explained that the attack relies on namespace confusion. The authentic cryptography project identifies its canonical source as go.googlesource.com/crypto, while GitHub merely hosts a mirror copy. By exploiting this distinction, the threat actor made the counterfeit repository appear routine in dependency graphs, increasing the likelihood that developers would mistake it for the genuine library.

The malicious modification is embedded inside the ssh/terminal/terminal.go file. Each time an application calls the ReadPassword() function, which is designed to securely capture hidden input from a user, the manipulated code silently records the data. What should have been a secure input mechanism becomes a covert data collection point.

Once credentials are exfiltrated, the downloaded script functions as a Linux stager. It appends the attacker’s SSH public key to the /home/ubuntu/.ssh/authorized_keys file, enabling passwordless remote logins. It also changes default iptables policies to ACCEPT, reducing firewall restrictions and increasing exposure. The script proceeds to fetch further payloads from an external server, disguising them with a misleading .mp5 file extension to avoid suspicion.

Two additional components are retrieved. The first acts as a helper utility that checks internet connectivity and attempts to communicate with the IP address 154.84.63[.]184 over TCP port 443, commonly used for encrypted web traffic. Researchers believe this tool likely serves as reconnaissance or as a loader preparing the system for subsequent stages.

The second payload has been identified as Rekoobe, a Linux trojan active in the wild since at least 2015. Rekoobe allows remote operators to receive commands from a control server, download additional malware, extract files, and open reverse shell sessions that grant interactive system control. Security reporting as recently as August 2023 has linked the malware’s use to advanced threat groups, including APT31.

While the malicious module remained listed on the Go package index at the time of analysis, the Go security team has since taken measures to block it as harmful.

Researchers caution that this operation reflects a repeatable, low-effort strategy with glaring impact. By targeting high-value functions such as ReadPassword() and hosting staged payloads through commonly trusted platforms, attackers can rotate infrastructure without republishing code. Defenders are advised to anticipate similar supply chain campaigns aimed at credential-handling libraries, including SSH utilities, command-line authentication tools, and database connectors, with increased use of layered hosting services to conceal corrupted infrastructure.


Read more »
Technology
AI Artifcial Intelligence Deepfakes Hollywood Studio Technology

Hollywood Studios Target AI Video Tool

 

Hollywood studios are intensifying efforts to curb an "ultra-realistic" AI video generator that produces lifelike clips from simple text prompts. The tool, capable of creating scenes like a fist fight between Tom Cruise and Brad Pitt, has sparked alarm in the entertainment industry over potential job losses and intellectual property misuse. Major players are pushing for regulatory action to protect actors and creators from deepfake disruptions.

The controversy erupted after a viral AI-generated video showcased the tool's prowess, depicting high-profile stars in a convincing brawl that stunned viewers worldwide. Creators behind the technology hail it as innovative, but industry insiders fear it could flood markets with unauthorized content, undermining traditional filmmaking. Hollywood executives have rallied, warning that unchecked AI could "transform or destroy" careers they've built over decades.

Prominent voices in the field have voiced deep concerns. One affected professional noted, "So many people I care about are facing the potential loss of careers they cherish. I myself am at risk." He expressed astonishment at the video's professionalism, shifting from initial nonchalance to genuine apprehension about the industry's future. This reflects broader anxieties as AI blurs lines between real and synthetic media.

Studios are now collaborating on legal strategies, targeting the tool's developers and platforms hosting such content. Discussions include lawsuits for copyright infringement and calls for stricter AI guidelines from governments. While the technology promises creative efficiencies, opponents argue it prioritizes speed over ethical safeguards, potentially devaluing human artistry. Recent viral spreads on social media have amplified the urgency, with calls to remove deceptive videos. 

As AI evolves rapidly, Hollywood's standoff highlights a pivotal clash between innovation and preservation. Balancing advancement with protection will define the sector's resilience amid digital transformation. Stakeholders urge immediate intervention to prevent irreversible damage, positioning this as a landmark battle in the AI era.
Read more »
Technology
AI Code Deployment AI Data Governance Artificial Intelligence Enterprise Cybersecurity Strategy generative AI governance Machine Learning Infrastructure Security Secure DevOps Technology

Senior Engineers at Spotify Rely on AI Tools Over Direct Code Writing


 

A long-foreseen confrontation between intelligent machines and human programmers no longer seems theoretical. Initially considered a distant possibility automation nibbling at the edges of software development it now appears that some of the world's most influential technology firms are witnessing the evolution of this idea. 

With artificial intelligence systems maturing from experimental assistants to autonomous collaborators, the concept of writing code is being re-evaluated. As a result of the accelerating automation and bold predictions of the future of technical work, Spotify has made one of the most apparent signals to date that this shift is not just conceptual but operational as well. 

Since December, Spotify's co-CEO Gustav Söderström has stated that none of the company's best developers have written a single line of code. This comes despite repeated warnings from industry figures that coding may lose relevance as a hands-on craft. 

At the same time that he makes these remarks, Spotify is expanding its artificial intelligence-driven features such as Prompted Playlists, Page Match for audiobooks, and About This Song—while simultaneously embedding artificial intelligence directly into its engineering process. 

Elon Musk has further predicted that by the year 2026, programming as a profession will likely largely disappear. The broader industry trajectory suggests that such forecasts are indicative of a tangible shift despite the dramatic sounding forecasts.

Companies such as Anthropic, Google, and Microsoft are increasingly relying on artificial intelligence (AI) to develop and refine complex software. Spotify appears to be part of this movement, with its internal “Honk AI” platform reportedly facilitating significant portions of the development process. 

As part of Spotify's fourth-quarter earnings call, Söderström stressed the importance of AI within Spotify's technical pipeline, pointing out that the company's top engineers have moved away from directly writing code and are now supervising, guiding, and shaping the outputs of intelligent systems. 

During the discussion, Spotify executives elaborated on how artificial intelligence is deeply ingrained in Spotify's engineering operations, making the implications of the shift more apparent. As part of the fourth quarter earnings discussion, Söderström indicated that the company's most experienced developers have shifted away from manual coding to directing and supervising artificial intelligence-based systems to perform much of the technical work. This disclosure was accompanied by a statement highlighting how automation is expediting development across various departments. 

Spotify released over 50 new features and updates to its streaming platform throughout the year 2025, reflecting what it referred to as a significant improvement in product velocity. In addition to AI-powered Prompted Playlists, Page Match audiobooks, and About This Song, the company has recently launched features that demonstrate the company’s growing reliance on machine learning to provide personalization and contextualization to users. 

In addition to consumer-facing tools, Spotify has undergone an in-house engineering overhaul. At the core of its overhaul, Spotify has created a platform known as Honk that is based on the Claude Code framework and is integrated with a ChatOps framework from Slack. 

Using the system, engineers can initiate bug fixes, implement feature changes, and oversee releases using natural language prompts rather than conventional coding interfaces, automating large portions of the build and deployment pipeline. 

Engineers can instruct the AI via Slack during morning commutes to modify the iOS application, according to Söderström; once the AI has finished modifying the application, a revised build is delivered back to the engineer for review and approval, allowing the application to be deployed to production before the workday officially commences. This architecture was credited by Spotify with reducing friction between ideation and release, significantly reducing development timelines. This approach is regarded as a preliminary step rather than a final destination in a broader evolution driven by artificial intelligence. 

A company executive highlighted what the company views as a competitive advantage, which consists of a proprietary dataset rooted in music behavior, taste preferences, and contextual listening signals that is difficult for general-purpose language models to replicate or commoditize.

Spotify believes its data foundation allows it to extend AI capabilities beyond traditional knowledge retrieval to nuanced, experience-driven domains, such as music discovery and interpretation, where the answers are often subjective rather than factual. As a result of these developments, engineers are less likely to be replaced than re-calibrated. 

Increasingly, generative systems assume the responsibility for syntax, scaffolding, and execution, thereby shifting the focus of software development toward architectural judgment, system thinking, data stewardship, and rigorous supervision. 

Technology leaders must now expand their agenda beyond adoption to governance: establishing validation frameworks, security guardrails, and accountability structures in order to ensure AI-accelerated output meets production-grade requirements. 

Rather than competing against intelligent systems line by line, engineers' competitive advantage will increasingly lie in their ability to orchestrate them. In the future, coding will not be defined by keystrokes but by how effectively humans create, constrain, and direct the machines that code them.
Read more »
U.S. Department of Justice
cryptocurrency Cyber Fraud DoJ crypto seizure pig butchering scam Tether freeze U.S. Department of Justice

U.S. Justice Department Seizes $61 Million in Tether Linked to ‘Pig Butchering’ Crypto Scams


The U.S. Department of Justice (DoJ) has revealed that it seized approximately $61 million in Tether connected to fraudulent cryptocurrency operations commonly referred to as “pig butchering” scams.

According to the department, investigators traced the confiscated digital assets to wallet addresses allegedly used to launder funds obtained through cryptocurrency investment fraud schemes. The stolen proceeds were reportedly siphoned from victims who were manipulated into investing in fake platforms promising lucrative returns.

"Criminal actors and professional money launderers use cyber-enabled fraud schemes to swindle their victims and conceal their ill-gotten gains," said HSI Charlotte Acting Special Agent in Charge Kyle D. Burns.

"HSI special agents work diligently to trace the illicit proceeds of crime across the globe to disrupt and dismantle the transnational criminal organizations that seek to defraud hardworking Americans."

Authorities explained that these schemes typically begin with scammers initiating contact through dating platforms or social media messaging applications. The perpetrators build trust by posing as romantic interests or financial advisors before persuading victims to invest in fabricated cryptocurrency opportunities.

Officials further noted that many of these operations are allegedly run from scam compounds based primarily in Southeast Asia. Individuals trafficked under false promises of well-paying jobs are reportedly forced to participate in the schemes. Their passports are confiscated, and they are coerced into deceiving targets online under threats of severe punishment.

Victims are directed to professional-looking but fraudulent investment websites that display falsified portfolios and exaggerated profits. These manipulated dashboards are designed to encourage larger investments. When victims attempt to withdraw their funds, they are often told to pay additional “fees,” resulting in further financial losses.

"Once the victims' money transferred to a cryptocurrency wallet under the scammers’ control, the crooks quickly routed that money through many other wallets to hide the nature, source, control, and ownership of that stolen money," the department added.

In a related statement, Tether disclosed that it has frozen roughly $4.2 billion in assets tied to unlawful activities so far. The company said that nearly $250 million of that amount has been linked to scam networks since June 2025.

The seizure marks one of the larger enforcement actions targeting cryptocurrency-enabled fraud and reflects ongoing efforts by U.S. authorities to disrupt global cybercrime syndicates exploiting digital assets.
Read more »
Subscribe to: Comments (Atom)