Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

US AI Regulation
AI Export Controls AI National Security Anthropic Mythos 5 Artificial Intelligence Governance Frontier AI Security OpenAI GPT-5.6 Privacy Secure AI Deployment US AI Regulation

US Opens the Door for Trusted Organizations to Use Anthropic's Mythos AI


With a significant shift in U.S. government policy toward frontier artificial intelligence deployment, limited access has been restored to Anthropic's advanced Mythos 5 model, signaling a more targeted regulatory strategy than a blanket ban. 


Following a suspension of the model earlier this month due to national security concerns, U.S. authorities have now authorized its release to a carefully vetted group of organizations, including major Fortune 500 companies, which have been carefully vetted. 

Washington has emphasized the importance of balancing artificial intelligence innovation with national security safeguards, as increasingly capable foundation models are subject to increased scrutiny over their potential misuse by foreign military and intelligence entities. 

Additionally, the move is a useful illustration of a growing trend in which governments are increasingly influencing the deployment of cutting-edge AI systems and in which access to those systems is increasingly linked to trust, security compliance, and controlled distribution rather than unrestricted public access. 

Regulatory discussions prompted by the U.S. government's export control order issued on June 12, which required Anthropic to suspend access to both Mythos 5 and its companion model, Fable 5, while officials assessed the possible national security implications of releasing frontier artificial intelligence capabilities, led to the latest authorization. 

As the administration noted, it was concerned that highly capable generative AI models could be exploited by military or intelligence agencies linked to China, Russia, and other countries considered strategic risks. In light of this, Anthropic sought to strengthen compliance measures with the U.S. authorities, ultimately obtaining approval from the Secretary of Commerce Howard Lutnick to reactivate Mythos 5 to a limited network of vetted partners. 

However, Fable 5 remains subject to export restrictions while regulatory assessments are being completed. There has also been a broader shift in policy, as OpenAI announced it had postponed the full public rollout of GPT-5.6 at the request of U.S. officials, limiting early access to a small number of pre-approved organizations whose identities were disclosed to the government in response to the change. 

Together, these developments demonstrate the growing regulatory framework for the deployment of frontier AI models, in which access to these models is increasingly restricted, government oversight is continuous, and available models are available to a narrower audience rather than being made available widely to the public. 

While the government has reversed the partial policy, its selective approval process continues to polarize discussion over the need for transparency and competitive fairness as frontier AI models are deployed. As a consequence of the lack of clearly defined eligibility criteria, federal agencies have accumulated considerable discretion, leaving companies outside the approved ecosystem with little insight into the decisions made regarding access. 

As a legislative counsel for the Foundation for Individual Rights and Expression, John Coleman has questioned the opaque vetting framework, arguing that a lack of transparency in participant selection raises broader concerns about accountability and the consistency of regulatory authority application. 

Achieving the same objective, Commerce Secretary Howard Lutnick confirmed that organizations on the approved list of trusted organizations, as well as their employees, including non-U.S. citizens, as well as Anthropic's own international workforce, will be exempt from requiring individual export licenses to access Mythos 5. 

Licensing requirements, however, will remain in force for organizations outside of the government's trusted network. A number of the approved entities have been participating in Anthropic's Project Glasswing initiative, a collaborative effort between approximately 100 established technology companies and research institutions. It is also being discussed whether or not Fable 5 will be authorized in the future, although no implementation dates have been disclosed.

Increasing national security concerns increasingly influence commercial deployment strategies, which is reflected in the evolving regulatory framework which reflects a broader shift in how advanced artificial intelligence capabilities are governed. Although Fable 5 and Mythos 5 are based on the same underlying foundation model, the latter has been designed to be widely available with fewer deployment restrictions, making its continued suspension a noteworthy distinction in the government's risk assessment. 

A number of regulatory frictions have also resulted from Anthropic's refusal to support the use of its AI models for domestic surveillance and fully autonomous weapons systems. This stance exacerbated frictions between Anthropic and Washington. Additionally, both Anthropic and OpenAI continue to pursue public market ambitions while adjusting to the new compliance requirements introduced in President Donald Trump's executive order. 

By establishing a voluntary framework, the U.S. government will have the opportunity to review frontier artificial intelligence models up to 30 days before they are released to trusted partners under this voluntary framework. Analysts point out that while the latest authorization provides a practical mechanism for controlled deployment in the near-term, it does not resolve the question of how advanced AI systems are able to be deployed at scale. 

A former Commerce Department official and analyst at the Center for Strategic and International Studies, Ms. Koren warned that prolonged uncertainty surrounding broad model deployment could eventually erode the competitive advantage of U.S. AI developers. This could create opportunities for geopolitical rivals such as China to narrow their technological gap. 

Advance AI models are progressively being returned under tightly controlled access, signaling that frontier artificial intelligence has entered a new era where technical capability alone is no longer the determining factor of deployment. 

As governments refine oversight mechanisms for high-impact AI systems, developers, enterprises, and security teams must adjust to ever-evolving compliance requirements. Those considering integrating next-generation artificial intelligence need to closely monitor regulatory developments, export controls, and trusted access frameworks, as policy decisions are becoming an increasingly important aspect of AI adoption.
Read more »
Romania hospital cyberattack
BackMyData Data Breach Healthcare cybersecurity ransomware attack Romania hospital cyberattack

Romania's Swift Response Stops Massive Cyberattack on Hospitals, Offers Global Lessons in Healthcare Security

 

Romania's healthcare system faced one of its biggest cyber crises in February 2024 when a widespread ransomware attack targeted hospitals across the country, disrupting critical medical services and exposing the growing vulnerability of healthcare infrastructure to cybercriminals.

The attack began when hackers infiltrated the systems of Bucharest-based software company RSC, compromising its widely used hospital management platform, Hippocrates. As the malicious software rapidly spread to connected hospitals, officials at Romania's National Directorate for Cyber Security (DNSC) realized immediate action was necessary to prevent a nationwide catastrophe.

Faced with limited options, DNSC Director Dan Cimpean instructed more than 100 hospitals to disconnect from the internet immediately. The drastic measure successfully halted the spread of the ransomware but also left hospitals without internet access, email services, and connected medical systems.

Medical staff were forced to abandon digital records and return to manual processes, relying on handwritten documentation and paper-based workflows while cybersecurity experts investigated the breach and IT teams worked to restore operations.

The incident has since become an important case study for disaster response planners worldwide, demonstrating how healthcare systems can continue functioning during a major cyberattack.

Surgeon Oana Goidescu, who was working at Buzău Hospital when the attack unfolded, described the challenges medical staff faced.

"It was quite an unpleasant experience, because an IT record is not just a list of patients." She explained the extent of the disruption by adding: "For each patient, we request lab tests, radiology, medicines and supplies. All of that was gone."

The Hippocrates platform plays a central role in hospital operations, handling patient admissions, laboratory requests, pharmacy logistics, payroll, medical records, and diagnostic results. Once compromised, hospitals across Romania experienced widespread service failures.

The ransomware used in the attack, known as BackMyData, encrypted hospital files and demanded payment in Bitcoin to restore access.

The first warning signs appeared at Pitești Children's Hospital on the morning following the breach. By the next day, numerous hospitals reported that their Hippocrates systems had stopped functioning.

Cybersecurity specialists collaborated closely with the software provider to identify infected systems, isolate the malware, and begin recovery efforts.

Meanwhile, hospitals developed temporary offline systems to continue treating patients.

Vlad Paic from Carol Davila Hospital explained how his team adapted. When we saw the system would not be repaired quickly, we developed an offline method so we could register every patient. He added:"We asked the laboratory to give us results on paper. We used Excel and other offline tools to ensure care was not affected."

Romania's relatively recent transition to digital healthcare systems proved somewhat beneficial, as many staff members were still familiar with traditional paper-based procedures.

Investigators later confirmed that 26 hospitals had been directly infected with the BackMyData ransomware. Unaffected hospitals were gradually reconnected to the internet after additional cybersecurity protections were implemented.

Authorities also relied heavily on public communication throughout the crisis. Patients were advised to avoid hospitals unless absolutely necessary, helping reduce pressure on already strained facilities.

Despite these efforts, medical staff often faced frustration from worried patients.

Goidescu recalled: "We were asked, 'What if it were your mother?' They were right to be angry, but we tried to explain we were not at fault."

Romanian authorities also issued clear instructions that hospitals should neither negotiate with the attackers nor pay the ransom. The hackers had demanded €160,000 in Bitcoin, but the government refused payment and instead focused on restoring systems through secure backups.

Regular data backups proved invaluable, allowing most hospitals to recover their systems within five days. Although no deaths or serious patient harm were reported during the incident, healthcare workers spent weeks manually entering records created during the outage, while some information was permanently lost.

Investigators have not publicly identified those responsible for the attack. However, authorities previously dismantled a ransomware group linked to BackMyData in an international law enforcement operation that resulted in the arrest of four Russian nationals outside Russia.

Reflecting on the incident, Dan Cimpean warned that no country is immune from similar threats. "The more technology you have, the more digitised you are, the greater the risk."

The Romanian cyberattack reflects a broader global trend. In the United Kingdom, a cyberattack on an NHS blood-testing provider last year contributed to the first officially confirmed patient death linked to a cyber incident. In the United States, attacks on Change Healthcare and Ascension caused major disruptions, with Change Healthcare reportedly paying a $22 million ransom.

Cybersecurity experts say hospitals remain attractive targets because of their essential services.

Alina Bîzgă of cybersecurity company Bitdefender explained: "Hospitals handle critical services, and the criminals think that the more disruption that can be caused, the more likely they are to get paid a ransom."

The Romania incident highlights the urgent need for stronger cybersecurity measures, routine system backups, and well-prepared emergency response plans to safeguard healthcare services against increasingly sophisticated cyber threats.

Read more »
U.S. Policy
Digital Tax Trade Deal Tech Firms Technology Trump Tariff U.S. Policy

Trump Threatens 100% Tariff on Countries That Adopt Digital Services Tax

 

U.S. President Donald Trump has threatened to impose a 100 percent tariff on goods from any country that levies a digital services tax on American companies, escalating tensions with trading partners already weighing tougher rules on big tech. In a social media post on Friday, Trump said the tariff would apply immediately and would override existing trade agreements, whether those deals were already in force or still awaiting implementation. 

The move is aimed at countries, especially in Europe, that have discussed or adopted taxes on digital platforms and online services. Trump argued that these taxes unfairly target U.S. firms, many of which are among the world’s largest technology companies. Reuters reported that the warning came as several European governments continue to debate how best to tax digital businesses that generate revenue from local users without having a large physical presence. 

Trump’s message raises the risk of a fresh trade confrontation between Washington and key allies. By linking digital tax policy to broad import penalties, the White House is signaling that it may use tariffs as leverage in disputes that extend beyond traditional goods trade and into the regulation of the digital economy. Reuters noted that the announcement also came shortly after the European Union moved to reduce tariffs on U.S. goods, adding another layer of strain to transatlantic negotiations. 

The practical impact of the threat could be significant if implemented. A blanket 100 percent tariff would sharply raise the cost of exports to the United States and could hit sectors far beyond technology, depending on how broadly the measure is enforced. Reuters also noted that Trump said the tariff would supersede trade deals, a statement that adds uncertainty about how existing agreements might be affected if a country proceeds with a digital services tax. 

The latest warning fits a broader pattern in Trump’s trade approach, which has relied on tariffs as a bargaining tool against countries he says are treating American companies unfairly. For businesses, the announcement is another reminder that tax policy, trade policy and digital regulation are increasingly linked. For governments, it creates a sharper incentive to weigh the political and economic costs of taxing U.S. tech giants against the risk of retaliation from the United States.
Read more »
US
AI governance AI Safety Data Governance GPT Open AI technology US

OpenAI Limits GPT-5.6 Release While U.S. Reviews AI Safety

 



OpenAI has postponed the extensive public rollout of its latest frontier artificial intelligence model, GPT-5.6, after the U.S. government requested an opportunity to examine the technology before it reaches a wider audience. Rather than making the model immediately available to all users, the company will begin with a restricted deployment involving a small number of carefully vetted partners whose identities have been disclosed to federal authorities.

The temporary decision surfaces an increasingly cautious approach toward highly capable AI systems as governments evaluate their potential impact on national security. Policymakers have become more concerned that advanced generative AI models, while offering substantial benefits across research, software development and cybersecurity, could also be exploited to support sophisticated cyberattacks, automate vulnerability discovery, generate convincing phishing campaigns or assist other malicious activities if deployed without adequate safeguards.

According to OpenAI, the limited rollout is intended to provide government officials with an opportunity to study the model's capabilities and assess possible security risks before broader public access is granted. The company said it has already briefed the U.S. government on GPT-5.6 and its expected capabilities and described the current arrangement as an interim measure while it works with Washington to establish a more structured framework for releasing future frontier AI models.

Chief Executive Officer Sam Altman publicly expressed support for rigorous safety evaluations but questioned whether government agencies should determine which organizations receive early access. In a post on X, Altman said extensive testing of advanced AI systems is appropriate, while arguing that customer selection should remain outside government control.

The latest development follows an executive order signed earlier this month by President Donald Trump establishing a voluntary process under which developers of designated "covered frontier models" may provide the U.S. government with access to their systems for up to 30 days before they are released to trusted external partners. The initiative is designed to give officials time to evaluate emerging security concerns and strengthen oversight of increasingly capable AI technologies before wider deployment.

OpenAI stated that restricting access during this initial period represents what it believes is the most practical route toward making GPT-5.6 more broadly available in the coming weeks while discussions continue with the Administration on implementing the cyber-focused executive order and developing a repeatable review process for future launches.

The company added that engineering teams will continue conducting extensive safety evaluations and work closely with early partners throughout the testing phase. At the same time, OpenAI cautioned that the current level of government access should remain a temporary measure rather than becoming a permanent requirement for future AI releases. It also declined to identify the organizations participating in the initial rollout.

OpenAI further warned that prolonged restrictions on access to frontier AI systems could slow innovation across multiple sectors. The company noted that developers, businesses, cybersecurity professionals and international collaborators all rely on access to advanced models to build defensive security tools, strengthen research, develop enterprise applications and accelerate responsible AI adoption.

Leading the new product family is GPT-5.6 Sol, which OpenAI describes as its most capable model to date. The release also includes Terra, positioned as a mid-range model, and Luna, a lower-cost alternative intended to make advanced AI capabilities available at a lower price point across a wider range of use cases.

The government's heightened scrutiny extends beyond OpenAI. Earlier this month, Anthropic was instructed by U.S. authorities to suspend access to its frontier AI models for foreign nationals because of national security concerns. The company continues to face an ongoing legal and regulatory dispute with the government over those restrictions, illustrating the growing debate surrounding oversight of advanced artificial intelligence systems.

The developments come as both OpenAI and Anthropic have confidentially submitted paperwork for U.S. initial public offerings. Separately, The New York Times reported that OpenAI is considering postponing its public market debut until next year.

The developing relationship between AI developers and governments illustrates how the deployment of frontier models is becoming closely linked with cybersecurity and national security policy. While companies continue to pursue increasingly powerful AI capabilities, regulators are placing greater emphasis on evaluating how these systems could influence cyber defense, critical infrastructure protection and the misuse of AI by malicious actors before they are released at scale.

Read more »
Microsoft Security Flaw
Backdoor Malware Cyber Attacks Cyber Security Ransomware Attacks Exploitation Malware Attack Microsoft security Microsoft Security Flaw

Edgecution Malware Exploits Microsoft Edge Extension to Deploy Python Backdoor in Ransomware Attack

 

One way hackers adapt is by twisting legitimate features into tools for harm. A recent example shows a malicious Microsoft Edge extension escaping the browser’s restricted environment to establish persistent access on infected systems. 

Researchers named the campaign Edgecution, which abuses built-in browser functionality rather than software flaws. The payload deploys a Python-based backdoor capable of silently executing commands on compromised devices. Researchers at Zscaler believe the campaign is linked to an Initial Access Broker associated with the Payouts Kings ransomware operation. 

Instead of exploiting vulnerabilities, the attackers rely on social engineering and legitimate browser capabilities to gain deeper access to victim systems. The attack begins with someone impersonating IT support on Microsoft Teams, directing employees to a fake Microsoft update page under the pretense of installing an email security update. 

Victims see what appears to be an official Outlook update portal, but clicking its buttons instead downloads malware, copies malicious scripts to the clipboard, or requests Microsoft 365 and Outlook credentials. What looks like a routine update quickly turns into a compromise. The downloaded package contains intentionally malformed ZIP headers to evade security scanners. 

Once executed, scripts repair the archive, extract hidden files, configure the system, and create scheduled tasks that silently launch Microsoft Edge in the background. Inside the package are two main components: a malicious Microsoft Edge extension disguised as an Edge Monitoring Agent and a Python-based backdoor. The extension communicates with attacker-controlled servers, receiving commands and sending back results. 

Although browser extensions normally operate inside isolated sandboxes, this attack bypasses those restrictions. Attackers abuse Chrome’s Native Messaging protocol—a legitimate feature that allows browser extensions to communicate with trusted desktop applications. By leveraging this mechanism, the malicious extension launches the bundled Python backdoor as a native application, escaping the browser’s security boundaries.  

Once active, the Python backdoor enables attackers to execute shell commands, run PowerShell and arbitrary Python code, write files, enumerate running processes, and collect system information. Helper scripts generate the Native Messaging manifest and batch files needed to connect the extension with the local application. 

The malicious extension runs inside a headless Microsoft Edge session, remaining invisible to users while maintaining persistent access that is difficult to detect. Zscaler also identified unused commands within both malware components, indicating the framework is still under development and could gain additional capabilities in future versions. 

According to researchers, Edgecution highlights the growing sophistication of ransomware campaigns. Rather than relying solely on traditional malware, attackers increasingly exploit trusted browser features and enterprise collaboration platforms to bypass security defenses. 

To reduce the risk, organizations should closely monitor browser extensions, restrict Chrome Native Messaging where possible, review native messaging host configurations, and train employees to recognize social engineering attempts delivered through platforms such as Microsoft Teams. Zscaler has also published indicators of compromise, including malicious extension hashes and command-and-control servers, to help defenders identify affected systems.
Read more »
Third-Party Risk
Cloud Security Data Breach EdTech Cybersecurity FulcrumSec Learning Management System ShinyHunters Student Information System Supply Chain Attack Third-Party Risk

EdTech Software Suppliers Become the New Target for Cyber Attackers


Education is witnessing a notable shift in the cyber threat landscape in which attackers are bypassing individual schools in favor of software providers that support modern digital learning. Education technology (EdTech) vendors have emerged over the last several years as valuable supply chain targets, including learning management systems (LMS), student information platforms, and cloud-based academic services. 


Through a single compromise, threat actors can gain access to thousands or hundreds of educational institutions across a wide range of industries. The recent attacks on the Canvas platform of Instructure, which disrupted online examinations, as well as the large-scale security breach of PowerSchool, which exposed sensitive student data, underscore how cybercriminals are evolving their tactics so that they can maximize operational disruption, data theft, and financial leverage by striking the technology ecosystem instead of the end users. 

With an increased reliance on cloud-native educational infrastructure, financial motivated threat actors have also become increasingly exposed to attacks. Recent activity attributed to groups such as ShinyHunters and FulcrumSec indicates this shift toward more targeted and technically sophisticated attacks against the EdTech sector. 

The ShinyHunters hacking collective has been reported to have compromised learning platforms serving educational institutions around the world, allegedly stealing millions of records containing names, email addresses, physical addresses, and other personally identifiable information (PII) from them. 

Several security assessments have linked these compromises to vulnerabilities such as insufficiently protected API endpoints and exposed cloud databases, vulnerabilities that frequently appear when rapidly expanding EdTech providers prioritize scalability over mature security controls. Data exposed on dark web marketplaces has increased the risks of phishing, credential abuse, identity theft, and follow-on attacks, reinforcing concerns that the adoption of student information systems, learning management systems, and other cloud-based academic platforms outpaces the establishment of robust cybersecurity governance within the education technology supply chain. 

In March of 2026, ShinyHunters allegedly compromised the widely used Infinite Campus Student Information System (SIS) and exfiltrated personally identifiable information from more than 137,000 school staff accounts through a Salesforce-related data theft incident. The campaign has continued to expand in scope throughout 2026.

Considering Infinite Campus' extensive footprint in the U.S. education sector, the breach has broader implications for the organization. Infinite Campus supports approximately 3,200 school districts and manages records for approximately 11 million students from 46 different states. As of June 16, 2026, ShinyHunters also identified Glendale Community College, Moody Bible Institute, Illinois Central College, and Houston City College as its latest victims. 

In contrast to conducting isolated attacks against individual campuses, the increasing victim list illustrates a deliberate strategy to target centralized education platforms that can affect multiple institutions at once rather than focusing on isolated attacks.

There has been a parallel escalation in the ransomware ecosystem where FulcrumSec has claimed responsibility for a large-scale breach involving a Singapore-based international educational network, the Global Schools Foundation. Several critical systems across multiple countries were disrupted as a result of the attack, resulting in a substantial amount of sensitive information being stolen. Students and staff had limited access to essential academic and administrative services as a result of the attack. 

In an unsuccessful ransom negotiation, the group threatened to publish the stolen information. There are 33,088 passport records in the stolen dataset, covering 66 nationalities, 221 million attendance records, 9.4 million internal messages, 143,494 employee salaries, over 616,000 emails attaching medical and identification documents, 112 source code repositories, 168 entries in AWS Secrets Manager, and evidence of a previous ransomware attack dating back to 2022. 

FulcrumSec has previously been connected to cloud-focused intrusions involving platforms hosted on Amazon Web Services, MongoDB, and Google Cloud Platform (GCP), reflecting an attack that extends beyond personal data into operational infrastructure, application code, and cloud secrets. In addition to breaches affecting LexisNexis and Australian fintech company youX, which underscores a consistent focus on cloud-resident data and double extortion activities, these breaches demonstrate an increased focus on cloud-resident data. 

Although large-scale ransomware campaigns continue to make headlines, not every breach in education stems from sophisticated intrusion techniques. By misconfiguring third-party cloud applications, sensitive information may be exposed just as effectively, without the attacker having to overcome security controls in any case. 

One such incident was brought to the attention of the school by parents who discovered that a feature within a third-party absence management platform provided families with the opportunity to view free-text comments submitted by other parents regarding requests for student absences. While the vendor confirmed that the attached attachments were inaccessible, the exposed comment fields may contain sensitive information voluntarily provided by guardians, including medical appointments, illness details, and other private information about students. 

In this instance, it demonstrated how seemingly minor application logic errors can adversely affect data confidentiality when privacy controls are not appropriately implemented. Upon discovery, both the educational institution and its software provider coordinated an incident response. After informing the vendor of the vulnerability, they were able to develop and deploy a software update that remedied the vulnerability prior to ensuring their own environment was updated. 

Besides applying the fix, administrators were required to conduct a comprehensive forensic investigation to determine the duration of the exposure, determine which records were visible, identify users who accessed the vulnerable feature by analyzing system logs, and determine what categories of personal information may have been compromised as a result. 

According to those findings, the incident met the requirements for mandatory regulatory reporting and formal notification was required for affected students, parents, and guardians. At the same time, the institution was required to maintain communication with the families who initially reported the issue while documenting the incident for compliance purposes. 

Due to the vulnerability affecting a shared cloud platform, the vendor was required to notify each school which used the feature, distribute an updated version, and ensure these schools applied the update. This incident illustrates how vulnerabilities within centralized education platforms may rapidly evolve into ecosystem-wide risks. It is equally up to software providers to provide timely patches and transparent communication as it is up to educational institutions to protect student data. 

Together, these incidents demonstrate that effective cybersecurity does not limit to the protection against external attackers in the education sector. The breach response process requires significant operational effort, which involves technical teams, compliance personnel, vendors, and institutional leadership, regardless of whether the root cause is ransomware, cloud misconfigurations, insecure APIs, or human error. Additionally, these incidents illustrate the importance of good vendor governance, secure software development, continuous risk assessments, and an incident response plan that has been extensively tested.

With instructional institutions increasingly relying on cloud-based platforms, organizations that invest in proactive security controls and supplier oversight will be better prepared to minimize operational disruptions, protect sensitive data, and comply with regulatory requirements. 

As schools increasingly rely on interconnected cloud platforms to deliver educational services, the sector has experienced a fundamental shift in its cyber risk profile, making software providers and technology partners just as important as schools themselves to the protection of institutional information. Operational resilience has been demonstrated in recent incidents to depend on continuous vendor oversight, secure software development, timely vulnerability remediation, and coordinated incident response throughout the education technology ecosystem as a whole. 

A continued pursuit of high-impact supply chain opportunities by threat actors will require strengthening third-party risk management and incorporating security into all phases of software development in order to protect educational continuity, safeguard sensitive data, and maintain trust across digital learning environments.
Read more »
Wireless Emergency Alerts
Cyber Security Emergency Alert System FCC cybersecurity Team Telecom undersea cable security Wireless Emergency Alerts

FCC Strengthens Cybersecurity Rules for Emergency Alert Systems and Undersea Cable Networks

 

The Federal Communications Commission (FCC) has approved a series of new regulations aimed at strengthening the cybersecurity of the United States' emergency communication systems while modernizing security requirements for the country's undersea cable infrastructure.

The newly adopted rules introduce stronger safeguards for the nation's two primary public warning platforms—the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA)—to reduce the risk of cyberattacks and unauthorized access.

The EAS is widely used by federal, state and local authorities to broadcast emergency information, including severe weather warnings, AMBER Alerts and other public safety notifications through television and radio networks. Meanwhile, the WEA delivers similar alerts directly to mobile devices through text messages.

According to the FCC, a successful cyberattack on either platform by a foreign government, cybercriminal organization or malicious actor could spread misinformation, create public confusion or disrupt emergency response efforts during critical situations.

Any vulnerability in systems like the Emergency Alert System “can have serious consequences,” said FCC Commissioner Olivia Trusty in a statement after the vote.

“That is why it has been appropriate for the Commission to conduct a comprehensive review of the EAS framework by focusing on the security of the system itself,” Trusty continued. “As cybersecurity threats continue to evolve, EAS participants must take appropriate steps to safeguard the infrastructure that supports the delivery of life-saving alerts.”

As part of the new cybersecurity framework, organizations responsible for operating EAS and WEA systems will be required to adopt stronger cyber hygiene measures. These include implementing robust passwords, promptly installing vendor-issued security updates and patches, and deploying firewalls to restrict unauthorized access to critical systems.

The FCC has also introduced a new authentication identification system that will verify emergency alerts before they are transmitted, helping prevent duplicate, fake or unauthorized alerts from being distributed.

In a separate decision, the Commission also approved its first major overhaul of submarine cable regulations in several decades. The updated framework seeks to enhance cybersecurity oversight for undersea cable infrastructure while simplifying licensing procedures for trusted operators.

Under the revised rules, certain undersea cable providers will no longer be required to undergo the extensive national security licensing review conducted by "Team Telecom" before operating cables connected to U.S. territory.

Team Telecom is an interagency group led by the Department of Justice's Foreign Investment Review Section, along with other federal agencies that evaluate the national security implications of telecommunications infrastructure.

The updated policy allows submarine cable applicants to qualify for an exemption if they can self-certify that they meet high security standards designed to improve certainty, streamline reviews and shorten licensing timelines.

“Currently, all submarine cable applications get referred to Team Telecom…the changes adopted would exempt applications from applicants that have operated cables without incident, can certify to the highest national security standards, and agree to ongoing oversight and monitoring,” the FCC said in a release.

The new regulations also expand the FCC's oversight of key operational components within submarine cable systems. Companies responsible for submarine line terminal equipment, which connects undersea cables to U.S.-based terrestrial facilities, will now be required to obtain licenses.

Additionally, the Commission has introduced updated security measures to address risks associated with essential equipment, third-party vendors and vulnerabilities across the broader submarine cable supply chain, further strengthening the resilience of critical communications infrastructure.

Read more »
Cyber Security
AI technology AI tools Anthropic Anthropic AI Anthropic Ban Claude Claude AI Cyber Security

Anthropic Restores Limited Access to Claude Mythos 5 AI Model After US Government Approval

 

Earlier limits on Anthropic’s top-tier AI tools have been eased by U.S. officials, reopening limited availability of the Claude Mythos 5 system to certain approved American institutions. Though only recently barred due to fears about potential misuse threatening national safety, the model is now accessible again under tight conditions. Government oversight in high-level AI deployment continues expanding, especially when such systems involve strong digital defense functions. 

While concerns remain, selective reinstatement suggests a shift toward managed access rather than blanket bans. Now cleared by U.S. authorities, Mythos 5 can be used again by groups managing essential infrastructure operations. Over a hundred entities - some among the largest corporations - are set to reconnect under new guidelines. Though access returns in phases, Anthropic emphasizes steady progress restoring function, even as talks continue with federal agencies on widening reach later. 

One goal remains: bringing back full public availability of the Fable 5 system after further review. One restriction began with an export directive dated June 12, forcing Anthropic to shut off entry points to Mythos 5 along with Fable 5. Not long after, OpenAI revealed a delay in launching GPT-5.6 widely - this pause came by direction from U.S. officials. Rather than open access freely, they handed early permissions only to select collaborators, names already passed to federal agencies.

Oversight like this signals a quiet but steady push from regulators to track how powerful artificial intelligence moves into real-world use. Officials worry powerful AI systems might fall into the hands of rival nations - like those in Beijing or Moscow - despite existing barriers. Because these tools can detect system flaws faster than humans, they may speed up digital attacks when protections fail. While designed for defense, their functions could shift toward offense once access is gained through weak points. 

Even infrastructure meant to resist intrusion becomes a target under such conditions. Surprisingly, Anthropic admitted that authorities questioned whether flaws in its security could allow bypassing controls meant to stop abuse of the Fable 5 system when spotting code weaknesses. Although officials noted improvements in handling those dangers, details about the specific defenses enabling partial revival of Mythos 5 remain undisclosed by public agencies. 

Though some defend the selection method, lawyers and tech executives have raised doubts. Questions emerge over who gets picked - free expression supporters point out unclear criteria behind group approvals. Without clear rules on checks, suspicion grows. Safety tests gain backing even as control worries surface; Sam Altman backs strong evaluations yet hesitates at state influence shaping access paths. Decisions made behind closed doors unsettle those watching closely. 

Now, trusted groups working with Mythros 5 won’t need export permits - this applies also to their staff outside the U.S. - as long as they’re named on the official roster. Still, firms left off the list must follow current licensing rules. A number of listed entities belong to Anthropic’s Project Glasswing, it is said, a collaboration hosting around one hundred tech outfits and study centers. 

Now comes news after Donald Trump issued an executive directive creating a non-mandatory process: creators of cutting-edge artificial intelligence may offer their systems to federal authorities for scrutiny during a thirty-day window prior to wider release. Some say this step offers temporary protection until more complete regulatory structures emerge through policy work. 

Yet concerns rise elsewhere - extended delays in launching powerful AI tools might hinder progress, weakening American firms just as international competitors push forward with their own intelligent technologies.
Read more »
signal
Backup CISA Cyber Security FBI Phishing signal

FBI Warns Russian-Linked Hackers Have Shifted Signal Phishing Campaign to Steal Backup Recovery Keys

 


The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an updated public service announcement warning that Russian intelligence-linked threat actors have expanded an ongoing phishing campaign targeting Signal users. Rather than attempting to intercept authentication codes alone, the attackers are now seeking victims' Signal Backup Recovery Keys, enabling them to restore encrypted cloud backups and gain access to historical conversations.

The latest advisory builds on an alert released in March 2026, when the agencies disclosed that Russian-backed operators were targeting users of commercial messaging applications, particularly Signal, through carefully crafted phishing campaigns. Those earlier attacks focused on compromising accounts by deceiving users into handing over verification codes, account PINs, or linking unauthorized devices to their Signal accounts, instead of defeating the application's end-to-end encryption.

According to the FBI, the threat actors have refined their social engineering techniques by impersonating automated Signal support accounts and introducing a new objective: convincing users to disclose the recovery keys that protect their encrypted backups.

The agencies said the campaign continues to concentrate on individuals considered to be of intelligence value, including current and former U.S. government officials, government personnel from allied nations, military members, political figures, journalists, and officials located in Ukraine.

The activity has been attributed to Russian Intelligence Services (RIS), including officers associated with Russia's Federal Security Service (FSB) Border Guards and additional actors operating on behalf of the Russian military. Security researchers publicly track the activity under the designations UNC5792 and UNC4221.

Phishing campaign evolves beyond account hijacking

The updated advisory describes a notable change in the attackers' methods. Earlier phishing attempts largely sought one-time verification codes, Signal PINs, or persuaded victims to connect attacker-controlled devices to their accounts. The current campaign instead attempts to obtain the cryptographic recovery key used by Signal's Secure Backups feature.

To begin the attack, the operators pose as Signal's support team and distribute fraudulent messages claiming the messaging platform is introducing mandatory two-factor verification following an alleged increase in attacks carried out by hackers from Iran and post-Soviet countries. The messages falsely state that the security changes require users to configure Signal Backups in order to avoid losing conversations and media files.

Victims are instructed to navigate through the application's backup settings, enable Secure Backups, reveal the Backup Recovery Key, copy it to the clipboard, and complete what appears to be a legitimate setup process.

Signal's Secure Backups feature allows users to store encrypted copies of conversations on the company's cloud infrastructure. Those backups remain protected through end-to-end encryption, with the Backup Recovery Key serving as the only credential capable of decrypting and restoring the archived data. Because Signal does not retain this key, anyone who obtains it can restore the encrypted backup onto another device.

After victims complete the initial steps, the attackers send a second phishing message while continuing to impersonate Signal support. This follow-up communication claims the user's account is experiencing a synchronization problem and warns that stored messages and media could be permanently lost unless immediate action is taken.

The fraudulent notification instructs users to revisit the backup settings, copy the Backup Recovery Key once again, and paste it directly into the conversation under the pretense of preventing data loss.

If victims comply, the attackers obtain the recovery key and use it to restore the encrypted backup on devices under their control. This grants access to previously archived communications, including private conversations and group chats.

The FBI emphasized that these attacks do not compromise Signal's encryption itself. Instead, they rely entirely on social engineering techniques that manipulate users into voluntarily surrendering the credentials needed to decrypt their own backups.

Compromised recovery keys remain a risk even after creating a new account

The updated advisory also highlights a recovery scenario that affected users may easily overlook.

According to the FBI, creating a new Signal account with the same phone number does not invalidate a Backup Recovery Key that has already been stolen. If attackers previously acquired the key, they may still be able to access any encrypted backups downloaded before the compromise was discovered.

To prevent future backup restorations using a compromised credential, users should generate a new Backup Recovery Key through Signal's backup settings. Creating a replacement key invalidates the previous one for subsequent backup downloads. However, the agencies cautioned that this action cannot revoke access to backups that attackers have already restored using the stolen key.

Agencies urge users to remain cautious of unsolicited support messages

The FBI and CISA reminded users that legitimate messaging platform support teams communicate only through official company email channels. They do not request verification codes through the application itself, nor do they send unsolicited messages instructing users to verify accounts, restore backups, or disclose recovery credentials.

Anyone who believes they may have interacted with the phishing campaign is encouraged to report the incident to the FBI's Internet Crime Complaint Center (IC3), a local FBI field office, or CISA.

The advisory accentuates the fact that well-designed encryption remains effective only when the credentials protecting it remain under the user's control. Rather than attempting to break modern cryptography, state-sponsored threat actors are increasingly directing their efforts toward manipulating trusted users into revealing the keys that unlock their own protected data.

Read more »
Vulnerabilities and Exploits
CISA CISCO Flaw Unified CM Vulnerabilities and Exploits

CISA Orders Immediate Patch for Actively Exploited Cisco Unified CM SSRF Flaw

 

CISA has moved quickly against a serious Cisco vulnerability because the issue is already being exploited and could expose government and enterprise communications systems to deeper compromise. The flaw, CVE-2026-20230, affects Cisco Unified Communications Manager and Cisco Unified CM Session Management Edition, and it sits in a service many organizations rely on for voice and collaboration traffic. 

At the center of the problem is a server-side request forgery vulnerability tied to how the product handles certain HTTP requests. An attacker does not need valid credentials to trigger the flaw, but exploitation depends on the WebDialer service being enabled, which makes exposed or poorly reviewed deployments especially risky. Cisco said a successful attack could allow the creation of files on the underlying operating system, a step that can later be used to elevate privileges toward root access. 

The urgency increased when CISA added the bug to its Known Exploited Vulnerabilities catalog and set a remediation deadline of Sunday, June 28, under Binding Operational Directive 26-04. That move signals that federal agencies must treat the issue as an immediate operational priority rather than a routine patch cycle item. In practical terms, the deadline compresses response time and pushes administrators to verify exposure, apply fixes, and reduce attack surface without delay. 

Cisco has already issued remediation guidance, and the strongest interim step is to disable the WebDialer service until patched builds are in place. The fixed releases cited in the advisories include Unified CM 14SU6 and the upcoming 15SU5 path, while some deployments may use a temporary COP file as a bridge until the full update is available. Because there is no complete workaround, organizations that cannot patch quickly need to assume the risk remains active.

For organizations, the lesson is that collaboration platforms are now a high-value target for attackers because they often sit deep inside trusted networks and can expose sensitive internal services if compromised. For security teams, this is not just another Cisco alert; it is a reminder to inventory Unified CM systems, check whether WebDialer is enabled, review logs for suspicious requests, and confirm that exposed management interfaces are minimized. Quick action matters here because the combination of public exploit knowledge, active abuse, and privileged access potential makes this flaw especially dangerous.
Read more »
Technology
agentic AI AI governance Anthropic Claude Cowork Claude Desktop Cloud Security Enterprise AI Security Identity and Access Management Microsoft Entra Technology

Anthropic Tests Mobile Version of Desktop Like Claude Cowork

 


Claude Cowork, an auto-assisted desktop assistant designed to handle long-running knowledge work with minimal user intervention, has been tested on mobile devices by Anthropic, extending the reach of its agentic AI ecosystem. 

A mobile application is not reported to shift computational workloads to smartphones, but rather to function as a remote management interface, which allows users to initiate tasks, monitor their execution, and review progress as the actual computation takes place on a desktop computer. 

In the event that this capability is implemented, it will significantly expand Claude Cowork's accessibility by providing persistent oversight of background workflows such as document creation, spreadsheet generation, file analysis, and report preparation, advancing the integration of AI-driven productivity across devices. 

Claude Cowork will be enhanced with cross-platform capabilities, as well as redesigned into a centrally managed enterprise platform designed to accommodate a variety of organizational workflows through a unified deployment model. It was stated that the approach provides IT administrators with the ability to distribute a single desktop application throughout the organization and assign varying capabilities based on the role of users, enabling employees to access conversational AI, knowledge workers to utilize Claude Cowork when delegating long-term tasks, and software engineering teams to utilize Claude Code without having to deploy separate platforms. 

A long-standing enterprise concern related to AI adoption has been addressed by Anthropic, which emphasizes that the inference can remain within the customer's existing cloud environment, whereas the conversation history can be kept locally. This gives organizations greater control over the handling of data. A number of enterprise identity and device management features are also included in the platform, including single sign-on (SSO), mobile device management (MDM) policy templates, offline installation, and cloud deployment capabilities, allowing organizations to utilize artificial intelligence in an integrated manner rather than introducing an isolated infrastructure based on security, compliance, and governance concerns. 

As part of the update, Claude Chat, Claude Cowork, and Claude Code policy management is separated to provide organizations with granular administrative controls, allowing organizations to selectively enable features and phase their expansion. 

In large enterprises with multiple legal, finance, operations, and engineering teams that require different AI capabilities under distinct governance policies, role-based structures are particularly beneficial. A new feature of Anthropic's enterprise connectivity with Microsoft 365 is the ability for organizations to route data access through their own Microsoft Entra application rather than connecting directly with Anthropic. 

A tenant allowlisting feature, beta support for Microsoft 365 GCC High and DoD environments, as well as an optional local connector allowing Microsoft services to communicate with user devices, ensures that enterprises retain full control over authentication, permissions, audit logging and data access. The administrator will also have the option of exporting deployment policies, validating connectors, verifying Claude models from the cloud provider, and testing configurations before implementing large-scale deployments.

The Anthropic team intends to reduce procurement complexity and position Claude Desktop as enterprise software integrated with existing identity management, compliance, and infrastructure workflows by allowing customers already standardized on Amazon Web Services, Google Cloud, or Microsoft Foundry to deploy Claude within their existing cloud estates. 

In the current enterprise AI landscape, success depends on not only model capabilities, but also deployment flexibility, administrative control, governance, and seamless integration into existing enterprise ecosystems as organizations move from limited AI pilot programs to organization-wide deployments. 

The Claude Desktop application, which is available on macOS and Windows, has largely contained Claude Cowork, which executes autonomous tasks directly on the host machine using locally shared files and resources. It has been noted that Anthropic is actively developing a companion mobile application, as screenshots recently surfaced on X indicate. 

Users are expected to be able to start and steer tasks from their smartphones via the Claude mobile application, web interface, or desktop client, while checking execution status through the mobile app. Further, the interface indicates that assigned workloads continue running in the background even after the mobile application has been closed, which demonstrates the purpose of this feature is to oversee tasks persistently rather than executing them locally. 

By following this architecture, mobile devices function as remote management endpoints, while desktop environments remain responsible for computational tasks, file access, document generation, spreadsheet creation, and other resource-intensive operations. 

Anthropic has not yet formally announced full mobile support, but its Cowork documentation already mentions beta pairing support for phones, suggesting that a greater range of cross-device capabilities is being actively developed, with details and eligibility for account eligibility still unknown. 

Claude Cowork's ability to operate continuously as an artificial intelligence work agent will be enhanced if this capability is released, allowing users to initiate, monitor, and manage extended workflows without having to remain physically connected to their desktop computers. Anthropic is further advancing its broader philosophy of agent-driven productivity rather than conventional chatbots. 

Based on Anthropological's latest developments, the next phase of enterprise AI will be characterized by both operational governance and model capability, as organizations increasingly rely on autonomous AI agents to execute business-critical workloads, securing deployment, identity-aware access controls, integration with the cloud, and centralized policy management will become essential features rather than optional ones. 

If enterprises evaluate agentic AI platforms, they should prioritize solutions that align with existing security architectures, compliance obligations, and administrative workflows to ensure productivity gains do not negatively impact visibility, governance, or data security.
Read more »
Trump administration AI
AI GPT-5.6 release OpenAI GPT-5.6 Sam Altman Technology Trump administration AI

OpenAI Delays GPT-5.6 Public Launch After US Government Seeks Limited Rollout

 

OpenAI has agreed to delay the wider release of its upcoming AI model, GPT-5.6, after the Trump administration requested that the company initially restrict access to a limited group of government-approved partners. The request was made due to concerns surrounding the model's advanced capabilities and potential national security implications.

The development, first reported by The Information on June 25, 2026, reflects the growing role of the US government in overseeing the deployment of cutting-edge artificial intelligence models. The move also signals a shift in how frontier AI systems may be introduced to the public going forward.

The government's request comes shortly after its dispute with rival AI startup Anthropic. Earlier this month, on June 12, the Trump administration directed Anthropic to temporarily take its latest AI models, Fable 5 and Mythos 5, offline under new export control measures aimed at preventing access by foreign nationals. Officials cited national security risks behind the decision.

Anthropic described the action as a "misunderstanding" and said it hoped to restore access "as soon as possible," though the incident established a significant precedent for government intervention in AI model releases.

Mythos had been shared with around 40 organisations, including Google, Microsoft and JPMorgan Chase, through a restricted programme known as Project Glasswing. According to reports, the model's ability to autonomously identify software vulnerabilities and carry out complex, multi-step cybersecurity attacks without human involvement raised concerns among US officials.

GPT-5.6 Viewed as Comparable to Mythos

A source familiar with the matter said both OpenAI and the US administration consider GPT-5.6 to be "on par" with Anthropic's Mythos, particularly regarding its cybersecurity capabilities. That assessment prompted officials to recommend a phased rollout instead of an immediate public launch.

OpenAI CEO Sam Altman reportedly informed employees during an internal Q&A session on June 25 that GPT-5.6 would first be made available to a select group of enterprise customers.

In a follow-up internal memo, Altman explained that the government would be "approving access customer by customer during this preview period." The request reportedly came from the Office of the National Cyber Director and the Office of Science and Technology Policy, while Commerce Secretary Howard Lutnick also advised OpenAI not to proceed without approvals from multiple federal agencies.

Although OpenAI agreed to the arrangement, Altman indicated that the company does not see this as a long-term solution. According to The Information, he wrote: "We’ve made clear to the U.S. government that this is not our preferred long-term model, and will work with them and others in industry to achieve a more sustainable approach for future releases."

Meanwhile, a White House official told CNN that the administration continues "to collaborate with frontier AI labs to develop shared approaches for addressing the challenges of scaling this technology."

The broader public release of GPT-5.6 is expected to take place a "couple of weeks" after the limited preview, depending on how the government-led approval process progresses.

AI Oversight Continues to Evolve

The latest development highlights the absence of a formal federal regulatory framework governing the review of advanced AI models before public deployment.

President Trump's executive order on "Promoting Advanced AI Innovation and Security" encourages AI companies to voluntarily provide frontier models to the government for cybersecurity assessments for up to one month before public release. However, compliance with the programme is voluntary rather than legally required.

For now, OpenAI's agreement with the US government represents one of the clearest examples of collaboration between federal authorities and an AI company. The outcome of GPT-5.6's controlled rollout could influence how other leading AI developers introduce powerful new models in the future.

Read more »
Infrastructure Security
AI Infrastructure Security AI Security Credential Cyber Security Enterprise AI Security Enterprise security Infrastructure Security

AI Credential Security Emerges as Critical Risk in Modern Enterprise Infrastructure

 

Surprisingly, artificial intelligence alters how companies build their internal systems. Yet warnings emerge - not about flawed code, but about access methods growing more dangerous by the day. Credentials like API keys, login tokens, or automated service IDs now attract attackers as firms adopt more AI tools. 

A new report highlights an odd trend: defenses focus on outer boundaries, though weak identity controls often cause breaches inside AI environments. Investment flows into firewalls, even when real threats hide within permission structures Security breaches lately show a shift: criminals now aim more at login details instead of bugs within AI tools. A known example occurred when hackers gained access to publishing rights for a software library, slipping in harmful updates that collected AI account passwords, cloud keys, and system tokens across infected setups. 

Elsewhere, hidden project files left public helped adversaries grab artificial intelligence API secrets - before any code ran. Attackers succeeded here by abusing leaked authentication data, not defects in the underlying AI frameworks One reason experts point to is deeper issues baked into how AI systems are built. Instead of isolated logins for narrow tools, today’s setups often let one key open doors across many models and platforms. Because of this shift, losing control of login details means much wider exposure. Stolen tokens now offer criminals far greater leverage than before Among recent findings, signs point to an expanding problem with stolen login details.

A study across sectors showed over 1.27 million credentials tied to artificial intelligence services spilled online in 2025 alone - an uptick compared to prior periods. Old access tokens, though outdated, often stayed valid well beyond issue dates; when such keys fell into the wrong hands earlier, risk lingered far longer than expected Still, old-style safeguards like changing passwords, locking secrets away, or running automatic checks hold value - even if they fall short in AI-driven settings. 

Credentials tied to artificial intelligence tend to appear inside container files, system blueprints, build processes, recorded outputs, along with various hosted platforms. Once leaked access keys get found or reset, harm might already be done - copies hidden elsewhere, misuse underway. What worked before now lags behind how fast these systems share and replicate trust tokens Most security experts suggest companies start viewing AI identifiers much like those assigned to people or devices - restricting access based on necessity. 

Instead of using one wide-reaching API key, authorization should match only the needed tools, functions, or tasks. Each environment - whether used for live operations, trials, data review, or public interaction - ought to have distinct login details. This separation helps contain damage if one set gets exposed Security grows sharper when teams watch systems without pause. 

Ownership of access keys must be obvious, someone always accountable. Seeing what runs at any moment helps spot odd behavior early. Frequent checks on user actions reveal risks before they spread. A login seen outside usual patterns? Treat it as breached, just in case. With AI spreading through daily workflows, tracking who can do what matters more each month. Identity rules once tucked behind firewalls now step forward. They anchor defenses instead of trailing behind. Trust shifts only when proof holds firm.
Read more »
Technology
AI Robots AI Training Humanoid Robots Indian Workers Job Automation Technology

Inside India’s AI Boom: Workers Training Robots to Replace Human Jobs

 

Indian workers are increasingly being paid to record themselves performing everyday tasks so AI systems can learn how to do those jobs — a trend that’s creating short-term income but raising serious long-term questions about automation and worker displacement. 

Employers and startups are using head-mounted cameras, smartphones and motion sensors to collect “egocentric” footage of activities such as chopping vegetables, folding clothes and assembling parts; that data trains models intended to teach humanoid robots how humans move and interact with objects in real environments. The work has opened a new gig economy niche: workers earn small payments per hour of footage, often in low-cost regions like India where labour is cheaper than in Western markets. 

For many workers the pay provides immediate relief — a few hundred rupees per hour can be meaningful — but the jobs themselves are repetitive and sometimes physically taxing, involving long shifts and continuous filming that can cause eye strain and fatigue. Companies argue this is legitimate work in a growing data economy: capturing real-world human movement is essential for training robots to operate safely and effectively outside labs. Tech firms say egocentric data accelerates progress toward practical household and industrial robots by exposing models to the messy realities of kitchens, factories and crowded workspaces that simulated data cannot reproduce. 

Yet the ethical and economic implications are stark. Critics say the model resembles a paradox: workers are paid to teach machines how to replace them, creating what some call a “data-for-displacement” cycle. Labor advocates worry that once humanoid robots mature, tasks now filmed by humans — from domestic chores to basic factory assembly — could be automated, squeezing informal-sector incomes on which millions depend. Policy analysts note that much public debate on AI’s job impacts focuses on white-collar roles, while the millions in informal or low-wage physical jobs receive far less attention despite being directly targeted by physical AI development. 

Responses are emerging but remain fragmented. Some companies insist robots will complement rather than replace human workers, enabling safer or higher-skilled jobs; others have introduced retraining or higher-paying annotation roles as partial mitigation. Meanwhile civil-society groups and researchers call for stronger labor protections, transparency about how footage will be used, and social-safety nets to support workers displaced by automation, especially in countries with large informal workforces. 

The situation highlights a broader policy challenge: balancing technological progress with social safeguards so that the value created by AI doesn’t accrue only to firms and investors while leaving vulnerable workers behind. As physical AI moves from research labs into everyday life, regulators, companies and worker representatives will need to negotiate fair pay, consent, and transition measures—or risk repeating past technological revolutions that expanded productivity while widening inequality.
Read more »
sim swap
CBZC cryptocurrency Cyber Crime FBI Poland sim swap

Poland arrests four suspects in international SIM-swapping operation linked to multimillion-dollar cryptocurrency thefts

 



Polish law enforcement authorities have arrested four suspected members of an organized cybercrime group accused of orchestrating intricate SIM-swapping attacks that allegedly enabled the theft of millions of dollars in cryptocurrency from victims. The coordinated operation was led by Poland's Central Bureau for Combating Cybercrime (CBZC) with operational assistance from the U.S. Federal Bureau of Investigation (FBI) and Homeland Security Investigations (HSI), highlighting the cross-border nature of the investigation.

According to investigators, the group combined technical intrusions with social engineering techniques to compromise organizations working alongside telecommunications providers. By infiltrating partner infrastructure and gaining unauthorized access to employee email accounts, the suspects allegedly obtained sensitive information that enabled them to perform fraudulent SIM-swapping attacks.

A SIM-swap attack involves transferring a victim's mobile phone number to a SIM card controlled by an attacker. Once the transfer is completed, the attacker can intercept SMS messages, one-time verification codes, password reset requests, and other communications that rely on the victim's phone number for authentication.

Authorities allege that after taking control of victims' mobile numbers, the cybercriminals intercepted SMS-based authentication messages and email communications before using that access to seize control of cryptocurrency exchange accounts. The attackers then transferred digital assets from compromised accounts before attempting to conceal the proceeds through an extensive laundering operation.

Investigators estimate that the criminal scheme generated millions of U.S. dollars in stolen cryptocurrency. The illicit proceeds were allegedly moved through a distributed financial network consisting of multiple domestic and international bank accounts, international payment platforms, and multi-currency digital wallets in an effort to obscure the origin of the funds. Polish authorities estimate that the total amount laundered exceeded tens of millions of Polish złoty, equivalent to at least approximately US$5 million based on current exchange rates.

In a statement describing the operation, CBZC said the suspects relied on specialized software together with social engineering techniques to gain unauthorized access to infrastructure belonging to organizations cooperating with telecommunications operators, as well as employee email accounts. Investigators said the information obtained during those compromises enabled the illegal cloning and takeover of victims' phone numbers through SIM-swapping attacks.

Authorities further stated that the suspects allegedly treated the criminal enterprise as a continuous source of income, repeatedly moving stolen assets across numerous financial accounts and cryptocurrency wallets located in multiple jurisdictions to complicate financial tracing efforts.

All four suspects have been placed in pre-trial detention. They face allegations including participation in an organized criminal organization, unauthorized access to information systems to facilitate theft, and money laundering. If convicted, the offenses carry penalties of up to 25 years' imprisonment under Polish law.

While Polish authorities have not publicly identified the individuals arrested because of the ongoing international investigation, blockchain investigator ZachXBT claimed that one of the detainees is Wojtek Kulisz, also known online by the alias "Merry." The identification was reportedly based on items visible in official footage released during the police operation. Authorities have not independently confirmed that claim.

Investigators have also declined to disclose which cryptocurrency exchanges were affected or identify the victims, citing the continuing international investigation. Law enforcement agencies say efforts to identify additional victims, trace stolen assets, and pursue further investigative leads remain ongoing.

The case stresses the urgency of the risks associated with SMS-based authentication. Security professionals have long advised cryptocurrency investors and organizations to replace SMS-based two-factor authentication with authenticator applications or hardware security keys whenever possible, as SIM-swapping attacks remain an effective method for bypassing text message verification when attackers successfully compromise telecommunications systems or manipulate carrier processes.

Read more »
Information Security Leadership
AI cybersecurity Chief Information Security Officer CISO Code Of Ethics Cyber Risk Management Cyber Security Information Security Leadership

The Growing Call for a CISO Code of Ethics


CISOs today are no longer measured solely by the effectiveness of an organization's cyber defenses. With the increase of cyber threats, the acceleration of offensive capabilities with artificial intelligence, and increasing regulatory scrutiny, the role of enterprise-wide risk management, strategic decision making, and executive accountability has increased. 

The rapid evolution of the security industry, however, exposes a critical imbalance. Although companies increasingly rely on Chief Information Security Officers to safeguard their business operations, sensitive data, and corporate resilience, many security leaders are still lacking board-level support, clearly defined governance frameworks, or an universally accepted ethical framework. 

With the rise of data breaches and the growing concern about AI-enabled cyber threats, the question is not whether CISOs are equipped to deal with technical security challenges, but whether the profession itself requires a code of ethics that guides high-impact decisions that extend beyond cybersecurity in order to guide high-impact decisions. 

In addition to managing firewalls, security tools, and incident response operations, the CISO position has evolved far beyond managing firewalls and security tools to encompass a strategic role that encompasses more than ethical accountability. It is the chief information security officer's responsibility to design, implement, and enforce enterprise-wide security policies as well as ensuring the organization's long-term business strategy remains infused with cybersecurity. 

A CISO is responsible for overseeing the implementation of security technologies and workforce awareness programs to reduce the risk of data breaches and system compromise, in addition to fostering a security-first culture that strengthens organizational resilience and facilitates compliance with a growing range of regulatory and industry guidelines.

An organization's security posture must first be evaluated, existing controls evaluated, capability gaps identified, and risks prioritized to develop a security roadmap aligned with business objectives. These responsibilities require a combination of cybersecurity expertise, executive leadership, and strategic decision-making to accomplish. 

The modern CISO must have extensive knowledge of risks, threat detection, and response, as well as compliance standards such as GDPR, NIST, and SOC 2. They must also be equipped to manage security teams, budgets, and enterprise resources simultaneously. Board members and executive leadership must also be able to translate complex cyber risks into business-focused insights in order to facilitate informed decision-making and facilitate cross-functional collaboration capable of adapting to an increasingly sophisticated threat landscape, which is equally critical. 

According to recent findings, these challenges in governance translate into measurable risks in the operating environment. In the Voice of the CISO survey, conducted during the first quarter of 2025, 1,600 chief information security officers were surveyed across 16 countries by organizations with over 1,000 employees. 

According to nearly two-thirds of respondents, their organizations have suffered a material loss of sensitive information within the past year—a sharp increase over 46% reported in the previous survey. As a consequence, three quarters of CISOs are concerned that their organizations will be susceptible to material cyberattacks in the next 12 months. As a result of increased regulatory oversight and the demand for greater transparency, security leaders are increasingly willing to disclose security incidents as a result of these rising figures, indicating more than an increase in threat activity. 

Patrick Joyce, Global Resident CISO at Proofpoint, observed that CISOs are increasingly open about cyber risk exposure as a result of evolving governance expectations. The majority of respondents stated that they were confident in their organizations' cybersecurity culture, however six out of ten stated that they were not adequately prepared to handle a major cyber-attack. 

A significant proportion of CISOs indicated that they would consider paying a ransomware demand in order to recover critical data or restore business operations, highlighting the difficulty of making ethical decisions during crisis response. The findings also emphasize the complex balance between business continuity, risk management, and ethical decisions. 

A formal code of ethics for CISOs is gaining renewed relevance in light of this background. It is argued that technical expertise alone is no longer sufficient to fulfill the role of Chief Information Security Officer, which involves high-impact decisions affecting national infrastructure, business continuity, compliance with regulatory requirements, and public trust frequently. This framework is deliberately concise, incorporating four mandatory canons that describe the profession's fundamental ethical obligations rather than replacing individual professional judgment. 

By providing advisory guidance, the framework aims to assist security leaders in navigating complex situations in which competing responsibilities are often not clear on a technical or legal level. The code's preamble emphasizes that the CISO's primary responsibility is to protect society, organizational stakeholders, and critical infrastructure, making compliance with the code a mandatory assignment. 

According to the four core principles, cybersecurity professionals are expected to protect society and essential infrastructure, act with honesty, integrity, and stewardship, serve their organizations competently and diligently, and actively strengthen and safeguard the cybersecurity profession as a whole. 

A practical objective complements these mandatory canons, which encourage cybersecurity research, education, mentoring of future practitioners, and the preservation of professional certification values, while discouraging conduct that could adversely affect public confidence or security. There are many ways a professional can undermine ethical credibility, such as creating unnecessary fear or uncertainty, providing false reassurance, promoting poor security practices, exposing inadequately secured systems to a public network, or participating in professional associations that compromise ethical standards. 

A further requirement of the framework is that compliance with the preamble and four canons be enforced, and any conflicts between ethical obligations are resolved in accordance with the order in which the canons are defined. This ensures that security professionals have a structured hierarchy for resolving complex ethical dilemmas without creating conflicting obligations. 

CISOs continue to assume increasingly extensive legal, operational, and ethical responsibilities, and industry experts emphasize that personal crisis management strategies should also be developed to protect security executives along with the organizations they serve. 

A comprehensive incident response plan should not only prepare for technical incident response, but also consider professional, legal, financial, and reputational risks that may arise following an investigation by the government or a major cyber incident. It is important to maintain comprehensive documentation of security decisions, risk assessments, mitigation strategies, and executive communications, including instances where recommendations for security measures are declined by senior management or the board. 

By maintaining an auditable record of both approved and rejected security recommendations, companies can demonstrate due diligence, compliance with regulations, and informed decision making when faced with legal scrutiny. 

A CISO's security strategies must align with changing compliance obligations as they evolve in cybersecurity legislation, disclosure requirements, and regulatory frameworks by engaging in continuous professional development and consulting with legal counsel regularly. 

In addition, experts recommend that executives take out professional liability insurance specifically designed for executive cybersecurity roles, as standard corporate policies may not cover CISOs who have not been appointed as officers or directors by the organization, potentially leaving them personally liable for the consequences. As an added safeguard, a documented ethical decision-making framework will be developed that will serve as a consistent reference when dealing with incidents involving conflicting legal obligations, executive pressures, or sensitive disclosure decisions. 

The establishment of strong working relationships with legal, finance, public relations, and corporate communications teams is essential to the coordination of incident response, which ensures that regulatory notifications, public disclosures, and stakeholder communication remains both legally compliant and ethically sound during times of crisis. 

In the age of cybersecurity, enterprise resilience and national digital security continue to be shaped by it, which means that CISOs are increasingly responsible for more than just technical oversight. Effective cyber leadership requires strong governance, ethical accountability, transparent risk communication, and executive support.

The organizations that empower security leaders with clear ethical frameworks, documented decision-making processes, and cross-functional collaboration will have better chances of navigating an increasingly complex threat landscape while maintaining trust, regulatory compliance, and long-term operational efficiency.

Read more »
Subscribe to: Posts (Atom)