Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label AI. Show all posts

BioSchocking Attacks Tricked AI-powered Browsers into Data Theft


A new prompt injection termed “BioShocking” can manipulate AI-based browsers into treating malicious actions as a video game, and give away your login credentials. The technique was discovered by experts at security firm LayerX. The experts tricked six AI-powered browsers and assistants into recording users’ credentials and sending them to the threat actor. 

The browsers include:

ChatGPT Atlas from OpenAI

Comet from Perplexity

Anthropic’s Claude browser

Fellou

Genspark browser

Sigma browser

LayerX experts made a proof-of-concept (PoC), which was tested against these agentic AI browser products. The findings revealed that only one browser addressed the issue after receiving the report.

What is an AI browser?

An AI browser can streamline the entire workflow for the users. If you switch it to agent mode, it can click type, and visit sites that the user has already logged into. Access is the key point hare, which also becomes the problem.

BioShocking attack tactic

Experts made a (PoC) in which an infected webpage showed a BioShock-themed puzzle that rewards wrong answers. This tricks the browser that normal rules are not applicable. 

The trap works because of how these AI-powered browsers read. The webpage and instruction surface as a single stream of text, which allows a malicious page access in commands mimicking ordinary content or game rules. The agent can not tell which is which. Experts have termed this indirect prompt injection.

Tricking the browser

For instance, the compromise starts with a web page made as a puzzle. 3+4+=9 is a wrong answer but the browser rewards it. When the agent accepts that wrong answer is the reward, it follows game puzzle logic not security logic. Following this, the puzzle asks the browser to record login credentials. All six browsers could not flag it as something malicious. To win the game, the agent is commanded to go to a GitHub repository and share the data in the code, such as sensitive data like passwords.

When the link is sent to the target's GitHub repository, it retrieves SSH login credentials and sends them to the hackers. The main issue here is that browsers can’t differentiate between real scenarios and malicious fictional ones. 

According to LayerX, “Once the agents figured out the rules and learned that 'incorrect' actions are acceptable, they were no longer tied to reality.” “When tasked with the final step of the puzzle – compromising user credentials – all 6 agents failed to identify it as going against their safety guardrails,” the experts continued.

The PoC did not execute any malicious commands but warned that it could do so.

AI vendors’ response

According to experts, only OpenAI implemented a working patch for BioShocking in its browser.

Anthropic tried to fix the issue on its chrome login, but the patch was not working against the PoC. Perplexity did not fix the issue, and closed the report. 

LayerX advises that AI vendors should add specific user acknowledgement for sensitive work, and stronger security checks.

Anthropic to Restore Access to Claude Fable 5 After U.S. Lifts Export Controls



Anthropic is preparing to restore access to its Claude Fable 5 artificial intelligence model after the U.S. Department of Commerce lifted export controls that had temporarily restricted deployment of the company's most advanced AI systems.

The company announced on X that access to Claude Fable 5 will begin returning on Wednesday following the government's decision. Anthropic also confirmed that the export restrictions affecting both Claude Fable 5 and Claude Mythos 5 have been removed.

"We've received notice that the Department of Commerce has lifted export controls on Claude Fable 5 and Mythos 5," the company said in its statement, adding that it will begin restoring access on Wednesday and provide additional updates as the rollout progresses.

Anthropic also thanked its community for its patience during the temporary suspension and acknowledged the teams involved in preparing the models for redeployment.

Although the rollout is set to begin immediately, the company has not clarified whether Claude Fable 5 will become available to all users at the same time. It remains uncertain whether users outside the United States will regain access during the initial phase of the deployment or whether availability will expand gradually across different regions.

The export restrictions were introduced earlier after U.S. authorities raised national security concerns surrounding the deployment of highly capable frontier AI models. During that period, Anthropic temporarily suspended access while it worked to comply with government requirements and strengthen safeguards governing the release of its latest systems.

While restoring access to its models, Anthropic also appears to be expanding identity verification measures for certain Claude services.

Recent references to Know Your Customer (KYC) procedures discovered on the company's website suggest that some users may soon be required to verify their identities before accessing specific Claude capabilities. The references have prompted speculation that advanced models such as Claude Fable 5 could initially be limited to verified users or become available only in certain regions as Anthropic gradually expands access.

According to Anthropic's support documentation, identity verification is being introduced for a limited number of use cases. Users may encounter verification requests when using particular Claude features, during routine platform integrity reviews, or as part of broader safety, security and regulatory compliance checks.

The company says the verification process is intended to reduce abuse of its AI systems, enforce platform usage policies and meet legal obligations associated with operating increasingly powerful AI technologies.

"Being responsible with powerful technology starts with knowing who is using it," Anthropic said while explaining the purpose of the new verification measures.

Anthropic has selected Persona as its identity verification provider. Users who are asked to complete verification may be required to submit a valid government-issued photo identification document, including a passport, driver's license, state or provincial identification card, or a national identity card.

The company notes that several forms of identification will not be accepted during the verification process. These include photocopies, screenshots, scanned documents, mobile IDs, student identification cards, employee badges, bank cards and temporary paper identification documents.

Some users may also be asked to complete a live selfie verification using the camera on a computer or mobile device. According to Anthropic, the entire verification process typically takes less than five minutes to complete.

Addressing privacy concerns, the company says identity documents and selfie data are collected and stored by Persona rather than directly within Anthropic's own systems. However, Anthropic may access verification records through Persona when necessary, including during account review or appeal processes.

Anthropic also emphasized that identity verification information is not used to train Claude's AI models. Instead, the data is used solely to confirm a user's identity and to satisfy the company's legal, safety and compliance responsibilities.

The restoration of Claude Fable 5, together with the introduction of targeted identity verification measures, reflects the growing intersection of frontier AI development, government oversight and platform security. As developers release increasingly capable AI systems, compliance requirements, export regulations and stronger user verification are becoming a more prominent part of deploying advanced models responsibly.

OpenAI Delays GPT-5.6 Public Launch After US Government Seeks Limited Rollout

 

OpenAI has agreed to delay the wider release of its upcoming AI model, GPT-5.6, after the Trump administration requested that the company initially restrict access to a limited group of government-approved partners. The request was made due to concerns surrounding the model's advanced capabilities and potential national security implications.

The development, first reported by The Information on June 25, 2026, reflects the growing role of the US government in overseeing the deployment of cutting-edge artificial intelligence models. The move also signals a shift in how frontier AI systems may be introduced to the public going forward.

The government's request comes shortly after its dispute with rival AI startup Anthropic. Earlier this month, on June 12, the Trump administration directed Anthropic to temporarily take its latest AI models, Fable 5 and Mythos 5, offline under new export control measures aimed at preventing access by foreign nationals. Officials cited national security risks behind the decision.

Anthropic described the action as a "misunderstanding" and said it hoped to restore access "as soon as possible," though the incident established a significant precedent for government intervention in AI model releases.

Mythos had been shared with around 40 organisations, including Google, Microsoft and JPMorgan Chase, through a restricted programme known as Project Glasswing. According to reports, the model's ability to autonomously identify software vulnerabilities and carry out complex, multi-step cybersecurity attacks without human involvement raised concerns among US officials.

GPT-5.6 Viewed as Comparable to Mythos

A source familiar with the matter said both OpenAI and the US administration consider GPT-5.6 to be "on par" with Anthropic's Mythos, particularly regarding its cybersecurity capabilities. That assessment prompted officials to recommend a phased rollout instead of an immediate public launch.

OpenAI CEO Sam Altman reportedly informed employees during an internal Q&A session on June 25 that GPT-5.6 would first be made available to a select group of enterprise customers.

In a follow-up internal memo, Altman explained that the government would be "approving access customer by customer during this preview period." The request reportedly came from the Office of the National Cyber Director and the Office of Science and Technology Policy, while Commerce Secretary Howard Lutnick also advised OpenAI not to proceed without approvals from multiple federal agencies.

Although OpenAI agreed to the arrangement, Altman indicated that the company does not see this as a long-term solution. According to The Information, he wrote: "We’ve made clear to the U.S. government that this is not our preferred long-term model, and will work with them and others in industry to achieve a more sustainable approach for future releases."

Meanwhile, a White House official told CNN that the administration continues "to collaborate with frontier AI labs to develop shared approaches for addressing the challenges of scaling this technology."

The broader public release of GPT-5.6 is expected to take place a "couple of weeks" after the limited preview, depending on how the government-led approval process progresses.

AI Oversight Continues to Evolve

The latest development highlights the absence of a formal federal regulatory framework governing the review of advanced AI models before public deployment.

President Trump's executive order on "Promoting Advanced AI Innovation and Security" encourages AI companies to voluntarily provide frontier models to the government for cybersecurity assessments for up to one month before public release. However, compliance with the programme is voluntary rather than legally required.

For now, OpenAI's agreement with the US government represents one of the clearest examples of collaboration between federal authorities and an AI company. The outcome of GPT-5.6's controlled rollout could influence how other leading AI developers introduce powerful new models in the future.

Anthropic Alleges Alibaba Conducted Massive AI Capability Extraction Campaign Against Claude

 


Anthropic has accused Chinese technology conglomerate Alibaba and its AI research division, Qwen, of carrying out a large-scale effort to extract capabilities from its Claude family of artificial intelligence models, describing the incident as the most extensive distillation operation the company has encountered.

The allegations were detailed in a June 10 letter sent to U.S. Senate Banking Committee Chair Tim Scott and Ranking Member Elizabeth Warren. In the correspondence, Anthropic claimed that operators linked to Alibaba and Qwen systematically interacted with Claude in an attempt to capture and reproduce some of the model's most advanced capabilities.

According to the company, the activity occurred between April 22 and June 5, 2026. During that period, Anthropic says it recorded more than 28.8 million exchanges associated with the operation. The requests were allegedly distributed across nearly 25,000 fraudulent accounts, enabling the actors to conduct high-volume interactions with the platform while obscuring the true source of the activity.

Anthropic stated that the campaign was not focused on general-purpose chatbot functions. Instead, it allegedly targeted capabilities considered among the most valuable within the Claude ecosystem, including software engineering tasks and advanced agentic reasoning. These functions form a critical component of the company's Mythos Preview model, one of Anthropic's most sophisticated AI systems designed to perform complex reasoning and autonomous task execution.

At the center of the allegations is a technique known as adversarial distillation. In machine learning, distillation generally refers to the process of training a model using outputs generated by another system. While the approach itself is commonly used within the AI industry, Anthropic argues that the method becomes problematic when it relies on unauthorized access to proprietary models.

According to the company, the actors behind the campaign repeatedly queried Claude and collected its responses at scale. Those outputs could then be used as training material for another AI system, allowing developers to reproduce aspects of Claude's behavior without investing the time, computational resources, and research expenditure typically required to build a frontier model from the ground up.

Anthropic warned lawmakers that such activity enables organizations to appropriate years of research and development through large-scale extraction campaigns. The company argued that these operations are designed to gather capabilities developed by leading U.S. AI laboratories and incorporate them into competing systems without bearing the costs associated with original model development.

Beyond intellectual property concerns, Anthropic also raised questions about safety. The company noted that models trained through adversarial distillation may replicate useful capabilities while failing to inherit the safeguards, alignment mechanisms, and risk controls embedded within the original system. As a result, the practice could create AI models that retain advanced functionality but operate with fewer protections against misuse.

The allegations against Alibaba follow earlier claims made by Anthropic regarding unauthorized access attempts linked to Chinese AI developers. In February 2026, the company disclosed that DeepSeek, the startup whose low-cost AI models attracted global attention in 2025, was among several organizations accused of attempting to improperly obtain Claude outputs. Anthropic now characterizes these incidents as part of a broader pattern of repeated efforts to extract capabilities from leading U.S. AI systems.

The dispute emerges amid growing government scrutiny of advanced AI technologies. Earlier this month, Anthropic revealed that it had received guidance from the Trump administration requiring the company to restrict access to its newest AI models, including Fable 5 and Mythos 5. Under the directive, access would be limited to U.S. persons, preventing non-U.S. citizens, including some employees, from interacting with the latest systems.

The issue is also beginning to influence policy discussions on Capitol Hill. Senators Bill Hagerty and Andy Kim are reportedly preparing legislation that would authorize sanctions or other penalties against Chinese organizations found to have improperly obtained outputs from U.S. AI models for the purpose of training competing systems. The proposal reflects growing concern among lawmakers that frontier AI capabilities have become both strategic economic assets and matters of national security.

Alibaba has not publicly responded to the allegations.

The dispute surfaces a new battleground in the global AI race. As companies invest billions of dollars to develop increasingly capable models, concerns are shifting beyond traditional cybersecurity threats toward the protection of model knowledge itself. For AI developers, the challenge is no longer limited to securing infrastructure and data. It increasingly involves preventing the large-scale extraction of capabilities that can be repurposed to accelerate the development of rival systems.

With governments, technology companies, and regulators paying closer attention to model security, the Anthropic-Alibaba dispute may become an early test case for how the industry addresses unauthorized AI capability harvesting and the growing geopolitical competition surrounding advanced artificial intelligence.

Cybersecurity Leaders Face Growing Workloads as AI Changes the Job

 



The responsibilities placed on cybersecurity leaders are becoming increasingly difficult to manage as organizations face a growing number of cyber threats, rapid adoption of artificial intelligence technologies, and increasing demands for security oversight across the business.

A recent survey conducted by the Information Systems Security Association (ISSA) International and research firm Omdia found that 68% of cybersecurity and IT professionals believe their jobs are more difficult today than they were two years ago. More than half of respondents reported heavier workloads and greater operational complexity (55%), while 52% said the volume and intensity of cyber threats have become more overwhelming.

Security teams are being asked to protect increasingly complex digital environments while also helping organizations adopt new technologies such as generative AI. At the same time, many security leaders say they are struggling to secure sufficient support from other parts of the business.

According to Shawn Murray, former president of ISSA and a fractional Chief Information Security Officer (CISO), many security executives regularly work long hours while attempting to address security concerns that are often introduced without their involvement. In some organizations, new technologies are adopted before security teams are included in planning discussions, creating additional challenges for risk management and governance.

As a result, some experienced CISOs are leaving traditional full-time leadership positions and choosing consulting or fractional roles instead. These arrangements allow security professionals to work with multiple organizations while focusing on businesses that are willing to involve cybersecurity leaders in strategic decision-making.

While legal accountability was once considered one of the largest concerns facing CISOs, the survey suggests that anxiety around personal liability has become less prominent than in previous years. Instead, many respondents identified the security implications of artificial intelligence as one of the most significant new sources of pressure.

AI has created both opportunities and challenges for cybersecurity teams. One growing concern is the rise of "shadow AI," where employees begin using AI tools and services without notifying security teams or obtaining formal approval. Similar issues emerged during the early stages of cloud adoption, when departments could deploy new services independently without providing visibility to cybersecurity staff.

This lack of visibility can create greater security gaps. When security teams do not know which AI applications, models, or processes are being used across an organization, it becomes more difficult to identify risks, monitor suspicious activity, and respond effectively to potential incidents.

Despite these concerns, cybersecurity professionals are increasingly interested in using AI to improve their own operations. The survey found that 37% of respondents are already using AI-powered tools to address cybersecurity challenges, while another 46% plan to adopt such technologies in the future.

Among the most common use cases identified by respondents were automated cybersecurity assessments, software testing, predictive risk analysis, and threat detection. These capabilities could help security teams reduce manual workloads and process large volumes of security data more efficiently.

Alex Hutton, CISO at Atlantic Union Bank, noted that the cybersecurity environment has changed significantly in recent years. Whether organizations fully embrace advanced AI systems or not, security professionals must continuously learn about new technologies, understand emerging risks, and adapt their security strategies accordingly.

The survey also highlighted a notable shift in how organizations obtain cybersecurity leadership. The percentage of companies employing full-time CISOs declined from 76% in 2024 to 63%, while the use of fractional CISOs increased from 6% to 15% over the same period.

Industry observers believe this trend reflects growing demand for cybersecurity expertise rather than a reduction in the importance of the CISO role. Many small and mid-sized organizations face the same security, compliance, and governance challenges as larger enterprises but often lack the budget required to hire a full-time executive.

Cyber insurance requirements are also contributing to demand for experienced security leadership. Organizations are increasingly expected to demonstrate strong cybersecurity practices and effective risk management controls before obtaining coverage or meeting insurer requirements. CISOs frequently play a central role in helping businesses assess risks, improve security programs, and document compliance efforts.

According to Hutton, the rise of fractional and virtual CISOs provides organizations with access to executive-level security guidance without requiring a full-time appointment. Rather than signaling the decline of cybersecurity leadership positions, the change may represent an expansion of cybersecurity services to organizations that previously could not afford dedicated executive expertise.

As cyber threats continue to grow and AI reshapes business operations, cybersecurity leaders are expected to remain critical decision-makers. However, the role itself is changing, requiring security professionals to balance technical oversight, business strategy, regulatory expectations, and emerging technologies in an increasingly demanding environment.

Hackers Exploit Fake Claude Code Installers and Install Malware


Developers looking into Claude Code deployment instructions could be lured into an advanced malware campaign that hides itself as a genuine AI tooling documentation. 

Fake Claude code exploit

Experts found a few fake Claude Code and developer platform websites built to steal credentials, cryptocurrency, and API keys.

According to Straiker researchers, “the attack chain runs on the same unchecked trust that makes AI developer tools so easy to adopt.  “You copy a command. You paste it in your terminal. By then, it’s already too late,” said Straiker researchers in their analysis of the campaign. 

Highlights of the fake Claude code campaign 

1. Experts found over 88 fake domains mimicking Claude Code and other developer sites. The campaign utilises SEO infection and Google ads to deploy malicious install web pages over genuine documentation.

2. Threat actors hide infected commands within genuine installation commands, without impacting the deployment process.

3. The malware particularly attacks AI-based assets such as cloud development credentials, API keys, and verification tokens.

About the credential theft campaign 

The campaign attacked users of famous AI and developer tools, such as Claude Code, JetBrains, Perplexity Comet, and Cline. 

As per the experts, the operation depends on over 88 domains hosted throughout genuine platforms and constantly shuffles infrastructure, letting malicious sites to immediately resurface after shutdowns. To trap targets, threat actors use redirect chains, SEO poisoning and paid Google ads that place scammed installations over genuine documentation in search results.

These websites closely impersonate genuine vendor resources and demonstrate installation commands that look genuine but include hidden separators, such as “&,” that launch malicious actions along with the expected software deployment.

In various incidents, the genuine command still runs effectively, helping hide the hack.

Delivery of malware and launch tactics

Experts found various delivery techniques, such as rundll32.exe loading infected DLLs, Base64-encoded commands, mshta.exe abuse, JavaScript-based payloads, and GitHub-hosted scripts. 

By such techniques, hackers improve their potential to escape convention detection tools. Contrary to infostealers, the campaign pick on AI assets like authentication tokens, API Key, and cloud development credentials from tools such as Continue[.]dev, Cline. 

After execution, the malware uses a multi-level malicious chain that features encoded C2 communications, anti-analysis capabilities, fileless execution tactics, and credential theft functions.

Experts found the primary payload as ACRStealer, a malware family that steals information and has developed to include sophisticated encryption and escape tactics. Experts also identified a cryptocurrency clipboard hacker that rediverts transactions by replacing copied wallet addresses.

Microsoft Unveils Project Solara, AI Agents to Replace Computing


Satya Nadella, Microsoft CEO, said computing has entered a new era where AI agents will take over to become the main interface, not applications or operating systems. 

Microsoft launches project Solara

Microsoft also released Project Solara, a Qualcomm powered platform built to support Agentic-AI devices that can work across apps, screens, and workflows. According to Microsoft, the next era of computing will not be characterized by such things. 

At the Microsoft Build 2026 developer conference, Nadella said that Microsoft is shifting from a world based on apps and devices to one where AI agents will dominate the main interface between computers and users.

Nadella said this while Microsoft showcased Project Solara, a new chip-to-cloud platform built in partnership with Qualcomm which is currently called “agent-first computing”. Microsoft said that agentic AI is developing beyond assistants integrated inside applications and will streamline operations across workflows. This may impact the future of computer usage. 

Project Solara is based on the company’s belief that agentic AI will become the key technology for people to interact. Instead of running apps individually and  tasks manually, users will use AI agents.

About Project Solara

It is a chip-to-cloud platform that integrates Azure cloud services, hardware, and software to enable agent-first usage. It will also allow people to interact dynamically with AI via specific form factors. Solara is built around the goal that AI agents are the latest unit of programming and a novel way for people to interact with computers.

In a research paper published around the same time, Microsoft said that computing has shifted from mainframes to PCs, smartphones, and IoTs. 

Each generation inches closer to users. AI agents will become the next interaction layer, letting people interact with computers via natural language instead of interfaces, menus, and navigating apps.

How will the AI agents replace apps?

Microsoft laid three levels of integrating AI. 

In the first stage, AI is put beside an app as a helper, like the LLM chatbots of today. 

In the second level, AI is directly integrated inside apps, which makes it central to user experience. 

In the third level, AI operates outside the individual apps, streamlining workflows while maintaining context. Solara is particularly built for the third stage.

Nvidia Introduces AI-Focused PC Chip as Industry Pushes Toward Local AI Processing

 Nvidia has announced a new processor designed to run artificial intelligence applications directly on personal computers, signaling the company's latest effort to expand beyond the data center market and into everyday computing devices.

The announcement was made by Nvidia Chief Executive Officer Jensen Huang during a keynote presentation in Taipei ahead of Computex, one of the world's largest technology trade shows. The new chip, called RTX Spark, was developed as part of a long-running collaboration between Nvidia and Microsoft aimed at adapting personal computers for increasingly complex AI workloads.

Unlike many current AI services that rely on cloud infrastructure to process requests, the RTX Spark platform is designed to execute AI tasks locally on laptops and desktop systems. This allows certain AI functions to operate directly on the device rather than sending data to remote servers for processing. Industry observers believe this approach could improve response times, reduce dependence on internet connectivity, and give users greater control over sensitive information.

Nvidia said the processor was developed in partnership with Taiwanese semiconductor company MediaTek. Systems powered by the chip are expected to become available later this year through several major computer manufacturers, including Dell, HP, Lenovo, ASUS, MSI, and Microsoft's Surface product line. Additional products from Acer and GIGABYTE are also expected to follow.

The launch places Nvidia in more direct competition with companies such as AMD, Intel, Apple, and Qualcomm, all of which are pursuing their own strategies for bringing artificial intelligence capabilities to personal computers. While Nvidia has established a dominant position in hardware used to train large AI models, the company is now increasingly focused on technologies that run AI applications after those models have already been developed.

A major objective behind the RTX Spark platform is support for so-called AI agents. Unlike conventional chatbots that simply answer user questions, AI agents are designed to perform sequences of tasks with limited human intervention. Potential applications include managing schedules, conducting research, organizing information, generating content, and carrying out routine administrative work.

According to Nvidia, future personal computers will need significantly more processing capability to support these systems because AI agents are expected to operate continuously in the background rather than responding only when a user initiates an action.

The company's emphasis on local AI processing reflects a broader trend emerging across the technology sector. Many firms are exploring ways to move AI workloads closer to users instead of relying entirely on cloud-based infrastructure. Supporters of this approach argue that local processing can improve performance while reducing network delays and operational costs.

The commercial success of AI-powered PCs, however, remains uncertain. Although several manufacturers have promoted AI-enabled devices as the next phase of personal computing, adoption has been uneven. Some vendors have reported positive contributions to sales, while others have indicated that demand has not reached the levels initially anticipated when the category was introduced.

Technology analysts nevertheless view the market as an area with long-term growth potential. Neil Shah, co-founder of Counterpoint Research, said the shift from application-centered computing toward AI-assisted systems could fundamentally change how users interact with their devices. He suggested that personal AI agents operating on local hardware may become increasingly common as the technology matures.

During his presentation, Huang also highlighted Nvidia's Vera central processing unit, which he previously described as providing access to a market opportunity worth approximately $200 billion. Nvidia stated that organizations including OpenAI, Anthropic, and SpaceX are among the early adopters evaluating the technology.

The Computex presentation also featured discussion about the future direction of artificial intelligence across the computing industry. Qualcomm Chief Executive Officer Cristiano Amon, speaking separately ahead of the event, argued that the industry is moving beyond AI systems that simply generate responses to prompts and toward software capable of carrying out tasks independently. He described 2026 as a potential turning point for agent-based AI, adding that existing device architectures were largely designed around actions initiated by users rather than autonomous software systems.

Huang also addressed concerns that advances in artificial intelligence could reduce employment opportunities for software developers. Rejecting that view, he argued that AI tools are increasing productivity and enabling organizations to undertake larger software projects, which in turn could create additional demand for engineering talent.

The announcements come as Nvidia continues to expand its presence across multiple segments of the AI market. After becoming one of the leading suppliers of hardware for AI model training, the company is now seeking a larger role in personal computing, inference processing, and AI applications designed to run directly on consumer devices.

The developments were unveiled in Taiwan, a location Huang described as central to the global AI supply chain. The Nvidia chief, who was born in the southern Taiwanese city of Tainan, has repeatedly emphasized the island's importance to the future development and production of advanced computing technologies.

Cyber Security: Six Cyber Threats to Look Out for in 2026


With industries being digitized, cybercrime is also advancing. This year, besides being opportunistic, threats have also become highly targeted, intelligent, and automated. 

The data comes from UK Government’s Cyber Security Breaches Survey 2025, which hints that 43% of businesses and 30% of charities listed an attack or a cyber breach or attack in the past 12 months. That’s a surprising 61,000 charities and 612,000 businesses impacted. 

Despite the data, businesses can lower their risk of cyber threats. But it is important to understand these key risks to stay safe and prepare for the next danger.

Six rising common cyber threats

1. Deepfakes: Deepfakes have shifted from niche technology to a major threat. Hackers nowadays use AI-generated audio and media to mimic organization staff. This can be risky in procurement or finance, where hackers push staff to send funds, share personal data, or approve finances, where the hackers pose as business leaders.

2. Supply-chain attacks: Instead of targeting organizations directly, hackers are targeting third-party vendors to get access to various firms at once via supply-chain attacks. The attack tactic abuses trust and internal security sometimes may not address all the threats in the supply chain. One hacked vendor can prompt a domino effect throughout hundreds of businesses. 

3. AI-powered phishing hacks: Phishing is one of the most common attacks in the past 12 months, and the tactic has changed significantly over the years. Most of the phishing attacks today are supported by AI tools and hackers are copying internal comms.

4. Credential stuffing attack: Weak passwords are the biggest reasons for hacks these days. In such attacks, hackers use stolen login credentials from past hacks and test them automatically across distinct platforms.

5. IoT and device flaws: As IoT is increasing, the hack surface also widens. Many devices such as sensors, cameras and industrial machinery still have limitations. Hackers abuse these flaws to access larger corporate networks. Traditional cyber security methods tend to ignore these flaws, and this has resulted in a significant risk.

6. Cloud errors: A simple thing such as exposed storage bucket or false access setting can expose sensitive data publicly accessible. These cases don’t get hacked as the information is unprotected. Currently, cloud storage environments are advanced, and building robust configuration hygiene has become a top critical priority.

Akira Gang Claims Ransomware Attack at Convention Center, Extorts $250 Million


Akira gang extorts $250 million

Akira, the infamous ransomware gang has extorted over $250 million from businesses globally. It is now blackmailing to leak 46 GBs of data allegedly extorted from the Buffalo Convention Center. The stolen data includes financial information, contracts, employee records, and private data linked to around 1,80,000 people.

What do the experts say?

Resilience director at Gate 15, Ben Taylor has warned that ransomware gangs often boast the amount of data stolen. The alleged figure of 1,80,00 impacted people suggests data retrieved via a third-party provider, exaggerated claims to extort victims, or direct breach of venue systems. 

The dark web monitoring firm Breach Sense verified the Buffalo Convention Center data breach. The FBI has classified Akira as a ransomware-as-a-service gang that extorted over $250 million from hundreds of businesses since 2023.

Convention centres have become a lucrative target for hackers

Convention centers, which increasingly act as repository for guest registrations, exhibitor information, payment data, contracts, and operational systems, are facing an escalating cybersecurity issue as a result of the alleged incident.

Ransomware gangs claim that they have gained access to a company in order to obtain leverage for a swift and simple payment. According to Taylor, there are situations in which these assertions are true and some that are not.

Ransomware as double extortion

Additionally, the attack illustrates how contemporary ransomware operations have evolved. "Double extortion" is a common method used by organizations such as Akira. Before encrypting networks, they take confidential files and threaten to reveal the information if payment is not received.

According to Taylor, developments in AI are intensifying the problem by making it simpler to scale and customize phishing campaigns and other cybercrime tactics.

About the victims

Buffalo Convention Center was not the only enterprise to suffer a ransomware attack. 

High-case hospital hacks showcase the operational effect of a ransomware attack. According to MGM Resorts, in 2023, a cyberattack leaked personal data linked to millions of guests and impacted hotel operations for days. Another famous enterprise, Caesars Entertainment was also breached and allegedly paid $15 million in ransom to hackers.

The dangers go beyond convention centers. In April, Carnival Corporation was attacked by a gang that claims to have stolen over 8.7 million records such as dates of birth, names, and other personal data. 

Play Gang Claims Responsibility for MyPillow Hack, Company CEO Denies the Breach


The US military has always known that threat actors could use location data to spy on troops’ devices. The military also knows the easy solutions for the problem. But the Pentagon implemented none of these security measures. 

Recently, CySecurity reported that threat actors were using digital advertising data to attack US soldiers in war zones. The US law enforcement recently warned about the “anti-tech” extremism because the AI criticism was growing in the country.

Play gang takes responsibility 

The Play ransomware hacking group claimed the data theft behind the US pillow manufacturer called MyPillow. It stole personal and private confidential data from the victim. 

About the target

MyPillow was founded by 2020 Minnesota gubernatorial candidate and 220 election conspiracy theorist Mike Lindell.

The stolen data claim first surfaced on Play’s blog recently, it threatened that it was able to steal an unknown amount of information which may be exposed soon which may leak “"private and personal confidential data, clients and etc. documents, budget, payroll, IDs, taxes, finance information."

The claim, which appeared on Play's dark web leak portal earlier this week, threatens that an undeclared amount of data will be released on Friday, potentially exposing "private and personal confidential data, clients and etc. documents,budget, payroll, IDs, taxes, finance information."

High profile case

Straight Arrow News first reported about the incident. But MyPillow’s high-profile CEO Mike Lindell has denied claims of any ransomware attack which happened at all.

MyPillow was a lucrative victim for the threat actors, as Lindell’s role in pumping the controversial claims that the 2020 US presidential campaign was rigged against the now President Donald Trump.

According to Straight Arrow News, Lindell claimed in a recent interview on his website, Lindell TV, that political attacks during the previous few years cost MyPillow $400 million in damages. 

What next?

Lindell stated that he will submit an application for reimbursement from Trump's $1.8 billion "Anti-Weaponization Fund," which was established as part of Trump's settlement of an Internal Revenue Service lawsuit. 

The settlement, according to critics, offered Trump a slush fund to compensate rioters on January 6 and other individuals who have spread election conspiracy theories.

Whether MyPillow was hacked is not confirmed at the time of writing. The company denies the claim, whereas Play gang takes responsibility.

Experts Reveal the DDoS Under Ground Market


Attack tactic

What happens in a typical Distributed Denial-of-Service (DDoS) attack. A website that suddenly stops? Time out of a login page? Not being able to reach an online service when you need it the most? These causes are not internal, and are attributed to DDoS attacks. 

Cloudflare reported stopping a 7.3 Tb/s attack last year and said it addressed a 31.4 Tb/s attack in its Q4 2025  DDoS report. According to Microsoft, Azure also blocked a 15.72 Tb/s attack last year in October. The activity was linked to the Aisuru botnet.

Darkweb market selling and buying the service

For all these instances, dark web actors are fighting over the same buyers with pitches. Flare experts analyzed dark web operations and detailed API access, reseller options, botnet-based capacity, monthly plans, Cloudflare bypass claims, and game-server tactics.

A comparative analysis of the DDoS-related dark web operations from the first five months of 2023 and the first five months of 2026 demonstrate how rapidly that offer has evolved. Scripts, tutorials, leaked tools, and sporadic forum posts used to be more common, but these days they are more typically provided as recurring products that are simpler to purchase and use.

What is a DDoS attack?

A DDoS attack tries to crowd an application, network, server, or website with traffic from various servers at one time. Few attacks are aimed at network capacity, while the remaining emphasize on application layer resources like APIs and login pages. The aim is to dismantle any service or activity and make it unavailable, expensive to use, or unstable. 

What is DDoS-as-a-service?

DDoS-as-a-service removes the barrier even further, a hacker can choose a victim, pay for accessing a web panel, select timeline, and depend on another person’s botnet, third-party attack infrastructure, or proxy network.

About the attack

A hosting company that employs Magic Transit to protect their IP network and is a Cloudflare user was the target of the attack. According to Cloudflare’s recent DDoS threat assessment, DDoS attacks are increasingly targeting hosting providers and vital Internet infrastructure. 

An assault campaign from January and February of 2025 that launched over 13.5 million DDoS attacks on Cloudflare's hosting providers and infrastructure was detailed by the experts on their blog.

WhatsApp to Roll Out Username Feature, No Mobile Number Required


WhatsApp will launch a new feature where users can opt for usernames and connect with others without putting mobile numbers. The feature is similar to the famous messaging app Telegram and also Instagram. The new update will allow users to share a unique username instead of their contact number for chats.

About feature development

“WhatsApp has worked to ensure that the username experience is stable and secure. For this reason, the rollout of usernames is taking a significant amount of time. Over the years, the code of the app has been extensively updated to make sure all existing features are fully compatible with usernames. So WhatsApp focused on testing and refining the feature carefully before making it widely available. It seems that WhatsApp is set to roll out the username feature to users as part of a phased rollout strategy over the coming months,” Whatsapp said in its blog. 

Users will still have the option to continue using WhatsApp as usual if they so choose. Phone numbers will still be linked to accounts for login and recovery purposes, but each account will support a single username that can be changed at a later time without impacting chats or account activity.

How to setup

Soon, both Android and iPhone users of WhatsApp will be able to create usernames straight from the app's Settings menu. Users must visit their profile settings, select the Username option when it appears, and pick a distinctive handle for their account in order to set one up. Before the chosen username can be kept, WhatsApp will automatically check if it is legitimate and accessible.

Safety first

In order to avoid confusion and abuse, the site is also implementing strict guidelines for usernames. Usernames can only contain letters, digits, periods, underscores, and at least one letter; they must be between three and thirty-five characters long. Some formats will not be accepted, such as usernames that start with "www," finish in domain-style extensions, or have repeated periods.

What about user privacy?

By enabling users to communicate without disclosing their phone numbers, the function aims to increase privacy. Once enabled, users can speak with buyers, sellers, community organizations, or new connections using their usernames rather than their personal mobile numbers. Only the selected handle—rather than the associated phone number—will be visible to those who contact you using the username.

With a wider deployment anticipated later in 2026, WhatsApp has already begun testing usernames with a small number of iOS and Android users. According to the firm, usernames will continue to be optional, so users can continue to use WhatsApp with just their phone numbers if they so choose. Even once usernames are implemented, phone numbers will still be used for account sign-ins, verification, and recovery.

School Buses Could Become Surveillance Vehicles for Government in The US


In the US, school buses may soon become surveillance vehicles, according to 404 media’s report. A review of leaked documents revealed plans to deploy buses with automatic license plate readers (ALPR). 

The data will be allegedly given to government agencies. Already, privacy is a concerning issue amid rising data safety violations. Equipping buses with surveillance cameras will be unconstitutional and national-level spying of citizens in the US. 

About the incident

Bus Patrol, US’ leading provider of school bus stop-arm cameras has  over 40,000 AI-based cameras throughout 24 states. These cameras are allowed in 30 states, and are installed on school buses, and capture images of vehicles violating traffic rules when the bus is stopped. 

The footages captured  by the buses are “recorded, reviewed, and submitted to local law enforcement for review and final approval,” says BusPatrol. 

Stop-arm cameras claim to improve driver behaviour near school buses and student safety, but they have faced backlashes for failing on both ends. Stop-arm cameras also generate millions of dollars for businesses like BusPatrol. 

Currently, the firm plans to increase its data collection, revenue, and teaming with local law enforcement by changing stop-arm camera into ALPRs, as per the leaked BusPatrol documents. 

Why is ALPR system an issue?

ALPR systems are run by firms such as Flock Safety. They record the license plate number of passing vehicles but unlike traffic signals or stop-cameras, ALPR "cameras photograph every vehicle that drives by and can use artificial intelligence to create a profile with identifying information that then gets stored into a massive data base,” said the Institute for Justice (I.J), a public interest law firm. 

The data can be sent to law agencies which might use it for searching a vehicle or driver without requiring a legal warrant. The ALPR cameras fixed on moving school buses will help enforcement agencies to capture every moving vehicle they come across.

Flawed implementation

Without ethical enforcement, these cameras can be exploited. joshua Windham, a senior I.J. attorney, announced a nationwide campaign to oppose the uncontrolled and unconstitutional deployment of ALPR technology. 

Earlier ALPR systems’ data security has come under scrutiny after cases of sharing databases with immigration agencies surfaced despite company policies forbidding it. 

In Kansas, an officer used the data to trace his ex-girlfriend whereas in Texas, officers used the data to search for a woman who got an abortion. Such incidents have caused a few communities to termiate their contracts and discontinue ALPR entirely.

FROST Attack: Websites Can Now Spy on Users Via SSDs


Websites have always tried to spy on user activity through browsing histories, mouse clicks and keystrokes, and device fingerprints. Even Yandex and Meta were caught spying on users recently.

Hackers exploiting SSDs

These days, hackers are exploiting SSDs to spy on user activity. Known as Fingerprinting Remotely using OPFS-based SSD Timing or FROST, the technique lets hackers spy on other websites a visitor is viewing and what other applications are open on a user device.

In a research paper, the authors explained the exploit tactic. Hackers exploit a side channel, creating a type of leak that results from data caches or electromagnetic emanations. By computing the physical manifestations, hackers can decode encoded traffic and hack other confidential information.

Sites spying on user activity

The exploit that FROST used was called a contention side channel, which calculates the communication of other processes all using a given resource. By measuring input-output (I/O) time of SSD operations that a visitor uses, the experts found out websites opened in different tabs and browsers; even the applications that were opened on the user device. FROST doesn’t need any communication from the visitor but only requires opening the site hosting the exploit.

The attack tactic

According to the researchers, “Web browsers have evolved from simple document viewers into complex platforms capable of running sophisticated applications.” They also said that “companies like Google, Microsoft, and Adobe have developed full-fledged office suites, photo- and video editors, or even integrated development environments (IDEs) that run entirely within the browser.” 

The impact

The authors also noted that, "while these features enhance the capabilities of web applications and allow completely novel use cases, they also increase the browser’s attack surface, and some have already been shown to introduce new vulnerabilities.”

About the exploit

The attack is different to older contention-side channel attacks on SSDs. FROST runs only in the browser and uses JavaScript that communicated with OPFS (origing private file system), a dedicated storage space that is kept for a particular site to rune codes needed to do a given task. Sites can make one with zero communication required by the user.

“The attacker continuously measures SSD contention by performing random reads from a large OPFS file. SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model,” said the researchers. 

Hackers Exploit KnowledgeDeliver Bug to Install Web Shells


Threat actors abused a critical zero-day bug in a server that ran a KnowledgeDeliver LMS to install the Godzilla. The bug is a deserialization problem tracked as CVE-2026-5426 and can be abused without verification. It originates from the use of “shared hardcoded machine key in the web portal configuration,” said Bleeping Computer, throughout all KnowledgeDeliver consumer deployments. 

Deserialization of ViewState

Hackers found the stolen machine key and used it in ViewState deserialization campaigns to sign infected ViewState payloads and launch remote code execution (RCE) at the OS level. 

In 2025, Mandiant responded to a campaign on a KnowledgeDeliver server and said that in the beginning, the bug was abused as a zero-day to deploy a compromised script into the web platform.

Attack tactic

The compromise was also possible as threat actors used “identical pre-shared ASP.NET machine keys across multiple customer deployments,” the experts said. 

According to Mandiant, “KnowledgeDeliver installations deployed before Feb. 24, 2026 relied on a standardized web.config file provided by the vendor. This configuration file contained hardcoded machineKey values used by the ASP.NET framework to encrypt and sign data, including ViewState payloads.”

Experts said that the code on the platform lured users to download a malicious installer, which compromised the machine with a Cobalt Strike beacon by deploying a backdoor. 

The encrypted payload used a key “that used the name of the compromised organization, which indicated that the threat actor prepared this payload specifically for the targeted organization,” Mandiant report said.

Similar attacks in 2025

In August last year, experts from ASEC also disclosed that Godzilla was planted in ASP.NET environments in ViewState deserialization attacks against firms in the finance industry.

Threat actors could modify a JavaScript file with code that asked users to run a ‘security authentication plugin’ and install a malicious script from a domain that hackers used.

Hackers targeting unsecured machines

In recent years, threat actors are increasingly exploiting unsafe  machine keys in Viewstate deserialization attacks against web platforms for a few products.

Threat actors utilized a hardcoded machine key in March of last year to create a malicious payload that gave them access to Gladinet CenterStack's secure file-sharing servers.

After obtaining the machine key to generate signed malicious ViewState payloads, hackers gained access to 85 Microsoft SharePoint systems in July 2025.

Additionally, state-sponsored actors utilized ViewState deserialization assaults to install WeepSteel, a spying tool that revealed the ASP.NET machine key on Sitecore servers.

Anthropic's Mythos Preview Detects Over 10,000 Software Bugs in Project Glassing


Recently, Anthropic disclosed that its Project Glasswing initiative found over 10,000 critical or high vulnerabilities in system software in its first month of operation.

Claude Mythos Preview finds bugs

Claude and 50 other partners deployed Claude Mythos Preview to find critical software infrastructure. The AI company said the initiative progress is now restricted by the pace at which flaws can be authorized, patched, and disclosed instead of discovery rates. 

The discovery of flaws

Cloudflare detected 2,000 vulnerabilities throughout its critical-path systems, with around 400 labelled as critical or high severity. Claude said that its bug-finding rate surged by over ten times. Various other partners reported the same surges in flaw detection rates.

About bug patches

The UK’s AI Security Institute reported that Mythos Preview has been the only model to patch both of its cyber issues end-to-end. Mozilla detected and patched 271 bugs in Firefox while analyzing Mythos Preview. The number is ten times more than Firefox 148 with Claude Opus 4.6. 

More about Anthropic patching flaws

Anthropic analyzed over 1,000 open-source projects via Mythos Preview, and found 6,202 estimated high or critical severity bugs out of 23,019. Out of 1,752 critical or high bugs studied by independent security research institutes, 90.6% were acknowledged as valid and 62.4% were confirmed as critical or high severity.

One bug was found in wolfSSL, a cryptographic library that billions of devices use. If successful, the bug would have allowed a threat actor to make fake certificates and host fake sites for email providers or banks. The bus was labelled as CVE-2026-5194 and has been fixed.

Critical vulnerabilities

Anthropic has revealed 530 critical or high bugs to researchers. Seventy-five have been fixed and sixty-five have been given public advisories. Claude said that a high or critical flaw detected by Mythos Preview roughly takes two weeks to fix on average.

In its recent release, Palo Alto Networks added more than five times as many patches as normal. Microsoft stated that it will keep releasing further fixes. Oracle is identifying and resolving vulnerabilities in all of its products many times more quickly than in the past.

Three weeks ago, Anthropic made Claude Security available to clients of Claude Enterprise in a public beta. Claude Opus 4.7 has been used to patch more than 2,100 vulnerabilities.

To help maintainers handle bug reports, the corporation partnered with the Alpha-Omega project of the Open Source Security Foundation. Anthropic has not made Mythos-class models available to the general public, citing the necessity for more robust security measures to stop abuse.

AI and Quantum Computing Convergence Raises New Security Concerns for Crypto and Digital Infrastructure

 

The long-standing debate within the cryptocurrency sector over whether quantum computing could threaten blockchain networks such as Bitcoin and Ethereum is taking on renewed urgency. Industry experts now believe that artificial intelligence (AI) may be speeding up the arrival of quantum breakthroughs, prompting concerns about the future of digital security.

Specialists working in blockchain protection and post-quantum cryptography say the intersection of AI and quantum computing is reshaping cybersecurity. AI is increasingly being used both by attackers seeking vulnerabilities and by developers strengthening defenses. At the same time, it is helping advance quantum computing research at a faster pace.

“The security landscape of the future is going to be different,” said Alex Pruden, CEO of Project Eleven, a company focused on quantum-resistant infrastructure for crypto.

“Between quantum and AI, we’re going to go into a world where security, and this is more broadly than just crypto, you simply cannot count on the way you’ve always done things,” Pruden said.

The growing concern follows warnings from technology companies and researchers suggesting that quantum computers capable of breaking current cryptographic systems could arrive sooner than expected. While experts continue to debate the exact timeline, many agree that AI could significantly accelerate progress in the field.

“AI is definitely being used to accelerate the development of quantum computing,” Pruden said. Researchers are already using machine learning systems to optimize quantum error correction, one of the field’s biggest engineering bottlenecks.

Illia Polosukhin, co-founder of NEAR Protocol and a former Google AI researcher, noted that AI has been enhancing scientific innovation for years.

“AI is becoming more and more of an accelerator,” Polosukhin said. “The rate of research is going to accelerate from here, and we have already seen progress that people didn’t expect would come this early.”

Reflecting on his experience at Google in 2016, Polosukhin explained that machine learning was already contributing to the discovery of new materials. “It might be that the next generation quantum computer will be built with AI and quantum computers of this generation,” he said. “It’s feeding into itself.”

Security experts are increasingly focused on a strategy known as “harvest now, decrypt later,” where sensitive encrypted information is collected today in anticipation of future quantum systems being able to decode it.

“If I know quantum computers are coming in a couple of years, I will start trying to capture all possible data that’s going around,” Polosukhin said.

“Everything we’re putting on the internet, if you’re identifiable as a person of interest, you can assume will be decrypted in two years,” he added. “It’s most likely happening already.”

For the cryptocurrency industry, the risks are particularly significant. Most blockchain networks rely on elliptic curve cryptography, a security standard widely used across the internet. A sufficiently advanced quantum computer could potentially derive private keys from public keys, exposing wallets and digital assets to theft.

However, experts argue that the real challenge lies not in quantum computing alone but in its combination with AI, creating an ongoing cybersecurity arms race.

Artificial intelligence is becoming increasingly capable of identifying coding weaknesses, software flaws, and security vulnerabilities. According to Pruden, these advances may increase the frequency and sophistication of cyberattacks.

“I would expect the advent of AI to accelerate… even more hacks,” Pruden said. “You have these AI models that are able to find either implementation bugs in the underlying cryptography or increasingly, I think, break the cryptography itself.”

At the same time, developers are leveraging AI to improve software security through code reviews, testing, and formal verification processes.

“AI can help with formal verification of post-quantum systems,” Pruden said. “That theoretically makes them more secure.”

Researchers believe this evolving environment means security can no longer be treated as a static framework that receives occasional updates. Instead, digital systems may require constant adaptation to stay resilient.

“Nothing is going to be as static as it’s been in the future,” Pruden said. “Either a quantum computer comes online to break some fundamental assumption, or AI gets smart enough to break that assumption too.”

This shift is already influencing blockchain ecosystems. Networks including Ethereum, Zcash, Solana, Ripple, and NEAR are exploring or implementing strategies designed to support post-quantum security.

NEAR recently revealed plans to integrate post-quantum cryptography into its account architecture, enabling users to switch cryptographic methods without moving assets to new wallets.

“Back in 2018, when we were designing [NEAR], we were like: ‘Hey, quantum will come, we should have an easy way to do it,’” Polosukhin said.

Despite growing momentum, the transition remains challenging. Current post-quantum cryptographic solutions often require more computational resources and larger data sizes than existing standards.

“The cryptography that’s currently standardized for post-quantum is very big and slow,” Polosukhin said.

According to researchers, the broader impact of AI and quantum computing is forcing a rethink of one of the digital era’s core assumptions—that encryption can remain secure for extended periods. As technology evolves, cybersecurity may increasingly depend on continuous upgrades and adaptive protection mechanisms rather than long-term static safeguards.

TeamPCP’s Supply Chain Campaign Raises Fresh Concerns Over Open-Source Software Security

 



A cybercrime group known as TeamPCP has been linked to an expanding series of software supply chain attacks that researchers say have affected hundreds of organizations, with GitHub becoming the latest high-profile name connected to the campaign.

GitHub recently disclosed that it had identified thousands of repositories impacted after a developer reportedly installed a compromised extension for Visual Studio Code (VSCode), Microsoft's widely used source-code editor. TeamPCP later claimed on the cybercrime forum BreachForums that it had gained access to roughly 4,000 GitHub repositories and attempted to advertise what it described as GitHub source code and internal organizational data for sale. GitHub stated that it had identified at least 3,800 affected repositories but said its investigation indicated the exposed repositories contained the company's own code rather than customer code.

The incident highlights the growing danger of software supply chain attacks. Unlike traditional intrusions that target a company directly, these operations focus on software that developers trust and use every day. By secretly inserting malicious code into legitimate tools, attackers can potentially reach thousands of downstream users through a single compromise.

Security researchers tracking TeamPCP believe the group has transformed what was once considered an occasional cybersecurity threat into a recurring problem. According to software supply chain security firm Socket, the group has launched around 20 separate attack waves in recent months, embedding malicious code into more than 500 unique software projects. When different compromised versions are counted, that number rises to well over a thousand malicious releases.

Researchers say the group's success stems from a self-reinforcing attack cycle. TeamPCP typically begins by compromising a development environment associated with an open-source project. Malware is then inserted into software packages that are downloaded by other developers. Once installed, the malicious code can steal credentials, authentication tokens, and publishing permissions, allowing attackers to compromise additional software projects and continue spreading through the development ecosystem.

Recent investigations indicate that TeamPCP has increasingly automated this process through a worm known as Mini Shai-Hulud. The malware has been observed creating GitHub repositories containing encrypted credentials stolen from victims while leaving references to Frank Herbert's science-fiction universe Dune. Researchers note that although the name resembles an earlier worm called Shai-Hulud, there is currently no evidence linking TeamPCP to that previous campaign.

GitHub is not the only organization mentioned in connection with the operation. Researchers have previously linked TeamPCP activity to incidents involving OpenAI, Mercor, and several widely used software development projects. During a major expansion of its campaign earlier this year, the group reportedly compromised software and infrastructure associated with Trivy, LiteLLM, Checkmarx, pgserve, TanStack, and Mistral AI. The stolen credentials obtained through those attacks were allegedly used to fuel further compromises.

Security analysts describe credential theft as the group's primary enabler. Long-lived access tokens and poorly managed credentials allow attackers to move from one environment to another with relatively little effort. According to researchers, once a single trusted credential is stolen, it can provide access to additional repositories, cloud resources, and development systems.

The group's activities have also evolved beyond software tampering. Threat intelligence researchers report that TeamPCP has engaged in ransomware deployment, data extortion, and data-sale operations. In April, the group reportedly began adopting elements of a ransomware-as-a-service model through associations with cybercriminal platforms such as BreachForums and DragonForce. Researchers have additionally observed activity involving CanisterWorm, malware that targeted Kubernetes environments and reportedly deployed destructive functionality against selected Iranian targets.

The scale of the campaign has renewed debate over how organizations should safely consume open-source software. Experts recommend strengthening credential management practices, regularly rotating access tokens, limiting permissions wherever possible, and closely monitoring software dependencies. They also advise organizations to avoid automatically installing newly released software updates without first validating their integrity. In some recent cases, security teams detected malicious updates within minutes, but users who relied on automatic updates had already installed the compromised code.

The bigger lesson, researchers say, is that trust alone is no longer sufficient in modern software development. Open-source software remains a cornerstone of the global technology ecosystem, but organizations increasingly need verification processes, update review procedures, and continuous monitoring to reduce the risk posed by rapidly spreading supply chain attacks.

Meta Employees Protest New Workplace Surveillance Measures Ahead of Planned Layoffs

 


Meta Platforms, Inc. employees have reportedly initiated an internal campaign opposing the company's newly introduced workplace monitoring practices, according to recent reports.

Staff members at multiple Meta offices across the United States distributed flyers criticizing software that tracks employee computer activity. The monitoring tool records information such as cursor movement, mouse clicks, and navigation behavior while employees work.

The pamphlets were placed in common areas including meeting rooms, vending machine locations, and restrooms. Organizers urged coworkers to challenge what they described as an "Employee Data Extraction Factory."

The protest emerges just days before Meta is expected to reduce its workforce by approximately 10%, a move that has intensified concerns among employees about job stability. Many workers reportedly suspect that the monitoring system serves a broader purpose beyond measuring productivity. Some believe the collected behavioral data could be used to train artificial intelligence systems capable of automating workplace tasks.

In a statement emailed to Benzinga, Meta referenced its previous comments regarding AI training data. A company spokesperson defended the initiative, explaining that the information provides "real examples" of computer use that help improve AI agents designed to complete routine digital activities.

“There are safeguards in place to protect sensitive content and the data is not used for any other purpose,” the spokesperson added.

Employee dissatisfaction has reportedly grown amid Meta's ongoing workforce reductions, increased productivity monitoring, and strategic shift toward becoming a more AI-focused organization.

Earlier, during a company town hall, CEO Mark Zuckerberg stated that AI efficiency tools were not the main reason behind the planned job cuts.

The distributed flyers also highlighted employee rights under U.S. labor laws, indicating the beginning of broader organizing efforts within the company.

Meanwhile, reports suggest that Meta employees in the United Kingdom have started unionization efforts through United Tech and Allied Workers. Organizers have criticized what they called "draconian surveillance" measures and expressed concerns over the company's aggressive AI-driven direction.

On the market front, Meta shares finished Tuesday's trading session at $603.00, gaining 0.69%. The stock later slipped 0.18% in after-hours trading to $601.93.

According to Benzinga Edge Rankings, Meta ranks in the 89th percentile for growth performance. However, the company's stock has continued to display negative price momentum across short-, medium-, and long-term periods.