Government

Anthropic Employees Accuse Trump Administration of Targeting Them 122

Anthropic employees say they remain confused and increasingly convinced that the Trump administration is singling out the company after officials gave it less than 90 minutes to disable Fable 5 and Mythos 5 over alleged national security concerns. Cybersecurity experts, however, argue that the cited behavior of helping to identify vulnerabilities in software is also available in rival models and is more valuable to defenders than attackers. The New York Times reports: Inside the company, employees' private group chats immediately lit up. Managers were instructed to prepare customers for a potential service disruption to the models, called Fable 5 and Mythos 5. But the messaging kept changing, with workers initially being told that the security problem was the ability of foreign companies to gain access to the systems, and later that a major vulnerability had been discovered in the models.

In employee chats, Anthropic engineers asked one another if the company's plan to go public this year would be harmed by the White House directive. Many shared news reports that offered conflicting information about why the White House had ordered Anthropic to suspend access to Fable 5 and Mythos 5 for all foreign nationals. "What are you telling your clients?" one employee asked in a chat viewed by The New York Times. Another said, "Does anyone know what to believe?" In another message, a worker said, "I don't understand what the issue is."

Six days later, Anthropic's roughly 3,000 employees still have few answers. The San Francisco company is continuing to grapple with internal confusion as Dario Amodei, the chief executive, and some of his lieutenants meet with the Trump administration to try and resolve the situation. But after discussions on Monday and Tuesday, there was no breakthrough over ending the U.S. order to limit access to the company's new A.I. models. In a statement on Monday, Anthropic said it would continue meeting with government officials and pledged its "ongoing commitment to working alongside the administration."

The dispute highlights how singular Anthropic has become in Washington. It was the second time in six months that the fast-growing A.I. start-up has become embroiled in a fight with the Trump administration over its powerful technologies, even as other A.I. companies offer similar models that have not received the same attention. And it has left Anthropic's employees in what they described as a holding pattern, with some wondering if they were being picked on by President Trump. "Are we being bullied based on bad vibes?" one employee asked in a chat viewed by The Times.
Yesterday, TechCrunch's Zack Whittaker argued that the move sets a troubling precedent: the government can unilaterally disrupt American software products without court approval, potentially undermining trust in U.S. AI providers.
Encryption

France To Stop Certifying Products Without Quantum-Safe Encryption 35

Starting in 2027, France's cybersecurity agency ANSSI will stop certifying security products that lack quantum-resistant encryption, effectively forcing government agencies and critical infrastructure operators to phase out older cryptographic systems. Reuters reports: Samih Souissi, ANSSI's chief of staff, said at the France Quantum conference that the agency would halt such certifications from 2027, and that businesses should be buying only quantum-safe products by 2030. ANSSI approval is required for use in French government agencies and critical infrastructure, making the policy a de facto phase-out of older encryption.

"It's not only a technical issue," Souissi said. "It's a matter of governance, industrial planning, regulation, and sovereignty." The move reflects concern that attackers may store encrypted data now and unlock it later when quantum computers become strong enough to crack today's protections, a risk known as "harvest now, decrypt later."
Government

The US Government's Anthropic Models Ban Was Never About an AI Jailbreak (techcrunch.com) 58

TechCrunch's Zack Whittaker argues that the U.S. government's abrupt export-control order forcing Anthropic to pull its Fable 5 and Mythos 5 models offline was "never about an AI jailbreak" threat. Instead, it was driven more by "personality differences" between the AI company and Trump administration. Security experts say the reported guardrail bypass did not justify the order and warn that the move sets a troubling precedent: the government can unilaterally disrupt American software products without court approval, potentially undermining trust in U.S. AI providers. From the report: Katie Moussouris, a cybersecurity veteran and researcher who founded Luta Security, said in a blog post that Anthropic recently shared with her a private copy of a paper written by security researchers describing an alleged guardrail bypass in Fable 5. (The Wall Street Journal reports that the paper's authors are security researchers at Amazon.) Moussouris said that Anthropic reached out to ask for her take on the paper. Moussouris' blog post described how the researchers triggered the guardrail bypass, but said that the bypass itself "should never have triggered an export control." The difference is largely between asking an AI model to "review code for security issues" versus asking it to "fix this code."

The end result is largely the same, even if the questions are posed slightly differently. "The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," said Moussouris, who criticized the export control directive as hasty, heavy-handed, and misguided. Moussouris and dozens of other top security researchers and experts have since called on the Trump administration to revoke the export control order, calling the move to pull advanced cybersecurity capabilities from network defenders in the U.S. as "dangerous."

Past administrations have made sweeping decisions on knowledge gaps. For instance, language used by the U.S. government during the 2010s to fix export law covering cybersecurity tools that could also be used for cyberattacks was so broad that inadvertently, it nearly outlawed legitimate security and vulnerability research. However, the Trump administration's directive appears retaliatory. Justin Hendrix, the editor of Tech Policy Press, said the Trump administration's move is "likely to raise alarms in foreign capitals about the reliability of American AI for critical applications." The message is that AI companies in the United States can't be trusted to operate without interference from the U.S. government.

The Trump administration hasn't confirmed why it invoked its export control directive. Did the officials misread the report and freak out? Did Amazon CEO Andy Jassy say something to senior government officials that prompted the reaction, out of caution or spite? Was something lost in translation, or was this a way to pressure Anthropic, with whom the administration already has a fractious relationship? It's possible that the White House was unaware of the far-reaching consequences of the letter's demand and officials are scrambling to undo the damage of their own making. To quote Hendrix, "the climate is one of a cloud of suspicion that senior officials are picking favorites based on personal and political factors." The aftermath is that the government has set a dangerous precedent about how much control it intends to wield over the release of American-made software. This time the government took issue with Anthropic; tomorrow it could be with anyone else.

Security

Cybersecurity Vets Protest 'Dangerous' US Government Ban On Anthropic's Most Powerful Models (techcrunch.com) 40

An anonymous reader quotes a report from TechCrunch: A group made up of dozens of cybersecurity experts, including several well-known veterans of the industry, published an open letter to the U.S. government asking it to lift the export control order on Anthropic's Fable and Mythos models. According to the open letter, "this action has taken the best models away from [cybersecurity] defenders" who now can't use the models to find vulnerabilities and make their software and products more secure. "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous," read the letter.

On Friday, the U.S. government ordered Anthropic to limit the export of Fable and Mythos, citing national security concerns, without explaining the specific reasons behind the order, according to Anthropic. In response, the company suspended access to the models to all users worldwide. As of this writing, the letter is signed by 76 cybersecurity experts, including Alex Stamos, former Facebook chief of security; Casey Ellis, the founder bug bounty platform Bugcrowd; Jon Callas, famed cryptographer and former Apple security design and architecture manager; Paul Vixie, computer scientist ; Dino Dai Zovi, the former head of applied security engineering at Block; Katie Moussouris, the founder of Luta Security; and Rachel Tobac, the CEO of the security awareness training firm SocialProof Security.

[...] Anthropic said that the White House export control order may have been based on a report that there was a method to bypass -- or jailbreak -- Fable to unlock its powerful Mythos-level capabilities. According to Katie Moussouris, one of the signatories of the open letter, the method was demonstrated by Amazon researchers in a paper that is not public but that she has reviewed. But Moussouris said in a blog post that the paper did not actually demonstrate a real jailbreak. Instead, she wrote, the researchers simply asked Fable to fix open source code with public and known vulnerabilities along with "deliberately planted vulnerabilities," after the model initially refused to "review the code for security issues."

"The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," Moussouris wrote. "Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day." Moussouris' critique was echoed in the open letter, which also said that the group of experts believe the model capabilities in the Amazon paper "can be replicated" on OpenAI's GPT-5.5, on Anthropic's own publicly available Claude Opus 4.8 and Sonnet, "and even Chinese models like Kimi 2.7."

Moussouris told TechCrunch that "the bugs used to demonstrate the techniques in the paper can be found using the other models. The method in the paper is a guardrail bypass technique. Other models that lack the Fable guardrails often won't refuse the straightforward request to look for security bugs, so they don't need a bypass." The letter also asked for transparently and fairly enforced regulations created by "a democratic rule-making process" that are based on scientific research done by industry and academic experts, and "used only to the minimal extent necessary to ensure the safety of the American public."

Privacy

FBI Issues Urgent Kali365 Security Warning For Teams, Outlook, OneDrive Users (thehill.com) 10

alternative_right shares a report from The Hill: The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multi-factor authentication codes, and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI.

"Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.

Chrome

Google Chrome's Next Update Will Mark the End of Popular Ad Blockers (9to5google.com) 161

Google is removing Chrome's last remaining workarounds for Manifest V2 extensions, effectively ending support for legacy ad blockers such as the original uBlock Origin. 9to5Google reports: CyberNews points out a Chromium commit that removes support for the "kExtensionManifestV2Disabled" flag, which is referred to as "dead code" seeing as Chrome no longer supports Manifest V2 extensions. This removal acts as the final stop for many Manifest V2-based ad blocker extensions that were still in use today -- the flag was effectively a loophole to continue using these extensions.

A Googler on the commit explains: "MV2 extensions are no longer allowed in any supported version of Chrome, and we are removing support for them and the associated functionality. We won't be able to provide / maintain this functionality indefinitely due to the complexity and tech debt, as well as the security risks it entails (we've actually found a number of bugs that are specific to MV2 lately). Of course, other browsers can continue supporting these if they so desire."

This will also impact other Chromium-based browsers, though the comment notes that "other browsers can continue supporting these if they so desire." Neowin points out that Microsoft Edge and Opera are likely to follow suit. Chrome 150, set to be released later this month, will remove this flag, while other leftover bits of Manifest V2 will be removed in the v151 release.

AMD

Users Cry Foul After AMD Stripped Memory Crypto From Its Consumer CPUs (arstechnica.com) 54

An anonymous reader quotes a report from Ars Technica: A decade ago, AMD added a protection to its high-end CPUs to protect them against cold boot attacks and other types of physical exploits that siphon sensitive data out of the connected memory chips. Short for Transparent Secure Memory Encryption, TSME encrypts the entire contents stored in memory, making the data useless to physical attackers. Over time, AMD added TSME to lower-end processors, including the consumer version of its Ryzen chips, a CPU that costs less than the Pro version. Over the years, users of these lower-end chips have gotten used to the added security. Recently and without warning or notice, this lower-end line of AMD chips suddenly dropped the protection, and did so in a way that was impossible to detect on Windows machines and required a fair amount of technical work when using Linux.

AMD has yet to say why TSME worked on these CPUs, or even to confirm the change. AMD declined to answer questions sent by email other than to say TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies." The statement is the first known time the chipmaker has explicitly made this restriction public. [...] There's no indication that AMD ever advertised or marketed TSME as being available in consumer CPUs. AMD has long said that a related memory protection, Secure Memory Encryption (SME), is available only in the Pro and Epyc CPU tiers. SME is OS-managed. It uses a single key and allows the OS to selectively encrypt individual memory pages. TSME is firmware-managed. It encrypts all RAM with no OS involvement. When active, it provides protection against physical attacks, including cold boot exploits, DRAM interface snooping, and memory module removal. It activates silently when enabled in the BIOS, making it the more practically useful of the two protections.
Ben Kilpatrick, a self-described "privacy-conscious Linux hobbyist," discovered that TSME had stopped working on his consumer Ryzen processor despite remaining enabled in the BIOS. He spent months investigating, persuaded MSI engineers to test multiple CPUs, motherboards, and firmware versions, and filed a public AMD bug report that traced the change to newer AGESA firmware apparently disabling TSME on consumer chips while retaining it on Pro and EPYC models.

"AMD engineers' comments, such as those mentioned above, and the years of TSME working just fine in the lower-cost tier processors, have understandably conditioned Kilpatrick and other users to reasonably regard it as an expected part of the chip package," reports Ars Technica. "AMD quietly removing it and providing no acknowledgment or explanation strikes these users as something of a betrayal."

Joe Fitzgerald, an expert in silicon-level security, said in an interview: "They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it, leading to the same cagey responses. But I really feel like an explanation should be in order, even if it was 'TSME was never supposed to be supported. We did ship some firmwares that erroneously enabled it, but you shouldn't use them since we can't guarantee it'll work properly.'"
Sci-Fi

As 'Disclosure Day' Premieres, Steven Spielberg Says He Believes Aliens Really Have Visited Earth (rollingstone.com) 102

Steven Spielberg grants that his 1977 UFO film Close Encounters was "speculative," writes the Associated Press, but "Disclosure Day, he insists, is the real deal." "It's my first film that will be considered science fiction that I do not consider to be science fiction," Spielberg said in a recent interview. "It's much more reflective of the world as it is evolving and discoveries that are being made as we speak." Spielberg, at 79, is trying to revive and reconsider the alien wonder that's long lingered in his mind, from "E.T." to "War of the Worlds." "Disclosure Day," Spielberg's first summer movie in a decade, is already being hailed as one of his best in years. But this time, Spielberg is testing whether he can conjure some of his trademark movie magic less with imagination than with conviction. "I've been a believer since I made 'Close Encounters' 50 years ago," Spielberg says. "But I would always say: Until I've seen a UAP or a UFO with my own eyes, I'm not going to categorically state that life from out there has come here. But I've changed that," he adds. "I'm now willing to change my mind because of the circumstantial evidence which is overwhelming..."

Spielberg, having long followed reports of alleged alien encounters, was inspired by the 2023 House Subcommittee on National Security hearing on UAPs: Unidentified Anomalous Phenomena. Among the witnesses was whistleblower and former Air Force intelligence officer David Grusch, who testified that the government concealed a program investigating UAPs. The Pentagon then denied it... Those 2023 testimonies and others so fueled Spielberg that he produced a 50-page treatment on what would become "Disclosure Day." During the writing process with Koepp, he texted him more notes, he says, "than I've ever sent to anyone in my life."

"There was a period in there where I believe he re-read the script every single day for a year," Koepp says. "We'd be in different time zones and I would wake up to 30 or 35 texts from his most current reading of the script. When the leader of the project has that level of commitment, it tends to bring along everyone. You up your game."

The article calls it "a grand bookend for one of the most cosmically-minded moviemakers of our time." But the man who filmed some of the world's first summer blockbusters also shared his thoughts on the future of movies. "Even though the numbers are still not pre-COVID level numbers for any films being released now, it's more robust than it has been for many years. The audience gives me belief that people still want to congregate in a dark space in the company of strangers to share an experience of a film made by storytellers. And that gives me faith to continue making films."

Rolling Stone wrote that "There's a lot to love in Disclosure Day." Though they also offer this pithy summary of its plot. "Remember when Steven Spielberg digitally replaced the guns in the hands of government agents for the 20th anniversary of E.T., then expressed regret about the decision? Imagine that he not only restored the weapons but crafted an entire two-and-a-half-hour feature around that one sequence as a mea culpa. That's Disclosure Day." The filmmaker may be staging a pulpy campaign with this sci-fi throwback, but he sincerely seems to believe the truth is out there — and will set us free... [W]hile the quality of his output can vary wildly when you look at the big picture of his career, there's still a baseline of love — for filmmaking, for storytelling through images, for giving people an experience that pushes emotional buttons and taps adrenal glands — that gives his work a sense of vitality and displays the sensibility of an artist at work...

There's also a weird full-circle feel to it, and not just because he's returning to the fertile ground of Close Encounters and his other science fiction spectacles. You can see traces of everything from Duel to Minority Report show up, to the point where this almost doubles as a career retrospective in miniature... Yes, Spielberg does believe that we are not the only game running in the cosmos. But he also believes that our better angels have not left the building, and that movies still have the power to communally blow minds and open hearts.

The Associated Press calls it "a grand bookend for one of the most cosmically-minded moviemakers of our time" and "a distant answer to the final notes of Close Encounters."
Java

Four LTS Java Versions Get End-of-Support in a Three-Year Window (2029-2032) (infoworld.com) 66

Simon Ritter joined Sun Microsystems in 1996 and spent time working in both Java development and consultancy. He's now written an opinion piece for InfoWorld warning that "Between 2029 and 2032, every currently supported long-term support (LTS) version of Java will reach end-of-support within a single three-year window."

That's Java 17 in 2029, Java 8 in 2030, Java 21 in 2031, and Java 11 in 2032... On paper, this looks like a manageable upgrade cycle. In practice, it creates a collision of timelines that most enterprises have failed to forecast. Organizations attempting to modernize incrementally — moving application by application, version by version — are operating on a model that the calendar has already rendered obsolete... [W]hen every major Java version expires in the same compressed window, sequential planning collapses. By the time this becomes obvious, organizations will be forced into reactive mode, making rushed decisions under extreme pressure.

For organizations planning traditional stepwise upgrades — Java 8 to Java 11 to Java 17 to Java 21 — this convergence elevates a routine maintenance task into a structural crisis. Enterprises with large Java estates will be forced to upgrade multiple applications across multiple versions simultaneously to maintain security compliance and business continuity.

"Parallel modernization requires parallel capacity — something most organizations haven't budgeted for," he points out. "This explains why traditional approaches struggle to scale."
United States

Amazon CEO's Talks with U.S. Officials Triggered Crackdown on Anthropic Models (msn.com) 40

The Wall Street Journal reports: The Trump administration's decision to halt all foreign use of Anthropic's most capable AI models was prompted by conversations between Amazon Chief Executive Andy Jassy and U.S. officials including Treasury Secretary Scott Bessent, people familiar with the matter said.

Researchers at Amazon had used a series of prompts to get Anthropic's Fable 5 model to provide them with information that could be used to aid cyberattacks and was supposed to be off limits, Jassy told the officials, according to people familiar with the matter. Tech industry executives have been in regular touch with the administration about the power of cutting-edge AI tools. Shortly afterward, White House officials held a meeting to discuss how to respond and security researchers began testing Amazon's claims. The officials asked Anthropic to fix the vulnerabilities or take down the model, according to administration officials. The officials decided that the most direct way to address that risk was by preventing foreign governments, companies and individuals from accessing the tool, the people said. President Trump later signed off on the action despite reservations about it hindering innovation, a senior White House official said.

The administration had long felt that Anthropic, one of the leaders in America's AI race, couldn't be trusted to manage the security risks its new model presented. Friday's call between some administration officials and Anthropic Chief Executive Dario Amodei reinforced that feeling, the people said...

Anthropic has said that the vulnerabilities like those flagged by Amazon are relatively basic. The company has said that other publicly available models are capable of discovering them and that they don't represent a full so-called jailbreak, a point of view shared by some security researchers familiar with Amazon's research.

The article points out that Amazon is "a big investor in Anthropic, supply Anthropic with chips for data centers.
Security

Arch Linux Malware Incident: Malicious Commits Found in 1,579 Packages (phoronix.com) 43

More than 1,500 user-contributed packages in the Arch Linux User Repository "AUR" were infected with malware, reports Phoronix: The last message in the thread over this security incident is noting that Arch Linux developers have deleted all the malicious commits they are aware of. Cited was this list that puts the number of malware-affected packages at 1,579...

Even at 1,579 packages listed, that final updated noted, it's a "list containing many (but not all) of the affected packages".

Thanks to long-time Slashdot reader couchslug for sharing the report.
Sci-Fi

Mystery Orb Videos, Other UFO Records Released By White House (axios.com) 69

The Trump administration released another large batch of government UAP records, including videos of glowing orb-like objects appearing to split and rejoin, witness accounts, illustrations, and decades-old investigative documents. Axios reports: The documents indicate that government agents have spent years monitoring, investigating and documenting suspected UAP incidents. At lease some of the sightings took place near sensitive government facilities, according to the reports. Videos showing red and yellow light-emitting orbs, some of which appear to split apart and then reattach as they fly across the sky. The videos were taken by witnesses whom the government deemed "credible."

Illustrations and videos showing reenactments of what observers saw, and the positions they were in when they viewed them. Memos from government agents describing their experiences seeing flying objects. An illustration of a grayish-white balloon-like object hovering above an area near Colorado Springs, Colo. An illustration depicting a series of incidents that took place in the "western United States" where government officials reported seeing UAPs in 2023.

There also are decades-old records documenting the government's involvement in investigating UAPs, including a 1949 letter then-FBI Director J. Edgar Hoover wrote federal agents after receiving a message from an American citizen expressing their belief they'd seen a non-human-made flying object. The records released by the administration do not express any conclusions as to whether the government believes the UAPs represent the existence of alien life. They also do not indicate any conclusions as to whether UAPs represent a national security threat to the U.S.

United States

Anthropic 'Suspends' All Mythos and Fable Access After US Order Limiting Foreign Access (reuters.com) 56

UPDATE: Amazon CEO's Talks With U.S. Officials Triggered Crackdown on Anthropic Models.

"Anthropic said on Friday it will 'abruptly disable' its most advanced AI models for all users," reports Reuters, "after the U.S. government ordered it to suspend access to the models for foreign nationals, citing national security concerns. The company received the export control directive to suspend access to Fable 5 and Mythos 5 for all foreign nationals, without being given specific details of its national security concern, Anthropic said in a statement."

Anthropic's blog post writes that the directive applies to foreign nationals "whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance."

"Access to all other Anthropic models will not be affected." We received the directive from the government today at 5:21pm (ET)... Our understanding is that the government believes it has become aware of a method of bypassing, or "jailbreaking" Fable 5... We have not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result. The potential jailbreaks that have been disclosed to us are either entirely benign responses or are minor findings that provide no Mythos-specific uplift.

To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws. Our understanding is that one potential jailbreak was shared with the government. We have reviewed a report that we believe is the basis of the government's directive and validated that the level of capability displayed there is widely available from other models (including OpenAI's GPT-5.5), and is used every day by the defenders who keep systems safe... We are complying with the government's legal directive and are removing access to Fable 5 and Mythos 5 for all users. However, we disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.

As we have stated publicly, we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.

Reuters notes that Amazon's cloud unit AWS "said late on Friday that Anthropic has asked it to revoke access to the models for 'all users in all regions.'" Dean Ball, a former White House official who contributed to the AI Action Plan the administration issued in the summer of 2025, said in a post on X that the order suggests all "non-Americans" would be restricted from using Anthropic's latest models, including those based in the U.S. "This means you should expect to have to prove your citizenship to use Anthropic models," Ball said. Several key Anthropic personnel, including co-founder Chris Olah, AI researcher Andrej Karpathy and philosopher Amanda Askell, were born outside the United States.
Oracle

ShinyHunters Hacked 100+ Organizations By Exploiting an Oracle PeopleSoft 0-Day (theregister.com) 4

ShinyHunters claims it exploited a critical Oracle PeopleSoft zero-day to compromise more than 100 organizations, including the University of Nottingham, where it says it stole 40GB of student and billing data. "ShinyHunters posted the UK university on its data leak site on Tuesday before publishing the stolen files later that same day, presumably because the school refused to pay the extortion demand," reports The Register. From the report: "University of Nottingham on our leak site is one of the first publicly confirmed incidents," a ShinyHunters spokesperson told us. "We have only just started outreach to affected orgs and are actively looking to reach an agreement with affected orgs." They didn't say when they planned to post the other 100 or so claimed victims.

A Google threat intelligence report published Thursday afternoon corroborated ShinyHunters' claims to have compromised more than 100 organizations. Google said it spotted malicious activity, "consistent with the exploitation of CVE-2026-35273," between May 27 and June 9, and notified more than 100 global orgs "whose IP addresses correlated with potentially vulnerable endpoints." Most of these, we're told, are based in the US and 68 percent are in the higher-education sector.
Oracle has released a "patch availability document," but it's unclear whether a patch is currently available.
The Courts

Google Sues Chinese Cybercrime Operation That Used Gemini AI To Send Scam Texts (techcrunch.com) 10

An anonymous reader quotes a report from TechCrunch: Google is suing to dismantle the infrastructure behind an alleged massive AI-powered cybercrime operation. On Friday, the tech giant announced a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise, which Google says uses AI in its campaigns to send scam text messages impersonating Google and other brands to steal passwords and credit card numbers.

Outsider Enterprise has financially scammed "hundreds of thousands of victims" with losses "estimated in the millions." The group deployed 9,000 fake websites, 1 million fraudulent web domains, and 2.5 million texts sent to Android users in a two-week period, according to Google. "55,000 spam texts were flagged by Android users in just two weeks this past May -- that's more than two text spam complaints a minute," Google said.

Google said it uses "AI-powered tools to fight AI-powered scams", which enable the company to detect scams and alert users of suspicious calls and text messages, leading to the interception of more than 10 billion scam messages a month. The company said it has been collaborating with AT&T, T-Mobile, and Verizon to block the scam text messages and said it is coordinating with the FBI, which is taking unspecified law enforcement actions.

Security

Microsoft Surface Flaw Allowed Unprotected Devices To Be Bricked By a Single Packet 21

Longtime Slashdot reader Dotnaught shares a report from The Register: For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the hardware to be bricked with a single packet, though only for those who have disabled Secure Core and Secure Boot. And the company's Copilot AI software inadvertently helped identify the faulty firmware.

According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register.

[...] "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices."

That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested.
The report notes that Microsoft is planning to move the Surface stack to a more secure architecture based on Rust code.

"Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said David Abzarian, chief architect for Microsoft Surface. "We're investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively."

"We're also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency."
Crime

ACLU Sues After Facial Recognition Falsely Identifies Florida Man As a Child Abductor (reason.com) 79

fjo3 shares a report from Reason: Police arrested a man in Florida for attempted child abduction in a town he had never visited, and the only evidence linking him to the crime was an AI facial recognition hit. Represented by the American Civil Liberties Union (ACLU), he is now suing the officers and agencies who put him through it. [...] According to a police report, facial recognition software concluded with 93 percent confidence that the suspect was Robert Dillon. [...]

The ACLU is now suing the city of Jacksonville Beach, as well as the individual police officers and officials involved in the case. According to the lawsuit (PDF), the responding officer viewed security camera footage of the suspect but didn't take a copy; instead, he took pictures of the screen with his cell phone. "In the photos, the suspect image is low resolution, and the suspect's face is partially shadowed and off-axis," the lawsuit claims. When an investigator queried the facial recognition system, it was with the officer's grainy secondhand cell phone photos. [...]

But as the ACLU notes, facial recognition's accuracy "depends significantly on the quality of the probe image. Lower-quality images contain less interpretable facial data, degrading the system's ability to produce a reliable template." At the very least, it requires a much better source image. Besides, no such investigative tool should form the sole basis for an arrest warrant. "If you came to me with a facial recognition hit and that was your probable cause, I would probably kick you out of my office because that's not how it works," Jacksonville Sheriff T.K. Waters told local news. (Waters is among those being sued in the ACLU lawsuit, because it was an investigator from the Jacksonville Sheriff's Office who ran the grainy photo through facial recognition and advised O'Connell it was a "93% match" to Dillon.)

Security

Microsoft Defender 'RoguePlanet' Zero-Day Grants SYSTEM Privileges (bleepingcomputer.com) 35

A researcher using the name Nightmare Eclipse has released a new Microsoft Defender zero-day exploit called "RoguePlanet," which reportedly works on fully patched Windows 10 and 11 systems and can spawn a command prompt with SYSTEM privileges through a Defender race condition. The release came just hours after Microsoft fixed two previously disclosed flaws during its latest monthly Patch Tuesday drop -- its largest Patch Tuesday release ever. BleepingComputer reports: The researcher shared a proof-of-concept exploit on Tuesday afternoon in a self-hosted Git repository after saying that GitHub and GitLab repositories hosting their exploits had previously been removed by Microsoft. "The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others," Nightmare Eclipse wrote in the repository.

[...] Cybersecurity firm ThreatLocker told BleepingComputer that they successfully reproduced the flaw in their testing and confirmed the exploit worked against fully patched Windows 11 systems with KB5094126 installed, and shared a video demonstrating it. "Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described. Organizations using application allowlisting can prevent the exploit from executing, providing an effective layer of protection against this attack," Danny Jenkins, CEO of ThreatLocker, told BleepingComputer.

According to Nightmare Eclipse, RoguePlanet was originally developed as a remote code execution vulnerability that exploited Microsoft Defender's handling of files hosted on remote SMB shares. "In initial development, it was confirmed that this vulnerability was a remote code execution," the researcher explained in a blog post. "It required an attacker to coerce a victim to open a .vhd(x) in a remote SMB server, succesful exploitation resulted in defender overwriting its own files and obviously the end outcome was an RCE."

The researcher says another attack scenario could lead to remote code execution simply by coercing a victim into opening an SMB share if symlink evaluation settings were enabled. However, the researcher claims Microsoft silently hardened Defender in mid-May by patching "mpengine!SysIO*" API, which blocked junction attacks. "Rewriting RoguePlanet to make it functional again drained my soul and I couldn't complete the other scenarios and for now it remains unclear if RoguePlanet is limited to LPE or there is some sort of way to turn it into an RCE," the researcher wrote.

Microsoft

Microsoft Smashes Record For Biggest Ever Patch Tuesday Update (computerweekly.com) 51

An anonymous reader quotes a report from ComputerWeekly: Microsoft has issued patches for about 200 flaws in its latest monthly Patch Tuesday drop, blasting past a previous record high of almost 170 common vulnerabilities and exposures (CVEs) set in October 2025. Among a great many others, the latest update from Redmond fixes a total of 32 critical CVEs and three zero-day flaws. Dustin Childs, head of threat awareness at TrendAI's Zero Day Initiative, said: "We are heading into a high-stakes summer for cyber security. June's record-shattering drop ... is a stark warning that AI is supercharging flaw discovery at an uncontrollable scale. The current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018. It is extraordinary that Microsoft can produce so many patches in a single month, and I expect many testers are wondering what quality issues may exist."

And with the addition of hundreds of CVEs in Google Chrome and Microsoft Edge (Chromium) and other third-party flaws taking the total to almost 600, Chris Goettl, vice president of security product management at Ivanti, said talk of a 'Patch Apocalypse' was no longer unwarranted. "We are in the Patch Apocalypse. The Patch Apocalypse is now," said Goettl. "This is not intended to be a scare tactic. It is meant to outline the challenge that many organizations were anticipating, but the new generation of LLMs [Large Language Models] has accelerated significantly in the first half of 2026."

"There are going to be more CVEs resolved by vendors at a faster and more continuous pace than we have ever seen previously. Unfortunately, this will also include more zero-day and n-day exploits than previously seen as well. The window from release from a vendor to exploitation had already shortened to five days as of 2023 threat intelligence data." Goettl said that many suppliers have acknowledged the need to use AI tools in their security research to identify and resolve flaws, with Oracle, Google Chrome and Mozilla all upping the cadence of their updates. Whether or not Microsoft follows suit remains to be seen.

Cellphones

FCC Wants To Kill Burner Phones By Forcing Telecoms To Get All Customers' IDs (404media.co) 166

An anonymous reader quotes a report from 404 Media: The Federal Communications Commission (FCC) wants to make it effectively impossible for people to buy what many call burner phones -- a phone not explicitly linked to your identity at the point of purchase -- which would impact privacy-conscious people, to domestic abuse survivors, to journalists, and many more. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity.

The proposed change would drastically shake up how people obtain phone plans in the U.S., and have all sorts of privacy and cybersecurity knock-on effects. The FCC is proposing the data collection partly as a way to combat scammers, with telecoms being required to collect other information on business and foreign customers like the intended use case of their bulk phone plan purchase and their IP address. But the changes would mean telecoms collect data on all new and renewing customers, and the FCC provides a long list of other things that the collected data could help authorities with.

In a synopsis of the proposed changes, the FCC writes, "Specifically, we seek comment on requiring originating providers to, at a minimum, obtain and retain the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services." The goal of collecting this data, the FCC writes, is to deter some scammers from getting onto a telecom network in the first place, and so "enforcers will be better able to identify the scammers when they do." The FCC compares the changes to the sort of data collected by banks to prevent money laundering.

One section stresses that the newly collected data would help "law enforcement to more easily identify callers that use the network to perpetuate crimes by ensuring that voice providers have accurate and complete customer information." It goes on to ask if the data would help identify people buying and selling illicit goods; the investigation of "fraud, espionage, or influence operations that undermine national security", and "address abuse in text messaging networks." "Criminals continue to leverage the anonymity provided by phone calls and texts to defraud Americans and exploit communications networks to further other crimes," one section reads.
"For decades, civil libertarians have looked overseas at authoritarian countries where the government requires people to register to get a mobile phone to ensure they can be tracked. We never thought that would happen here," Jay Stanley, senior policy analyst at the American Civil Liberties Union's (ACLU) Speech, Privacy, and Technology Project told 404 Media in an email. "But make no mistake: with this rulemaking, the government is contemplating taking away people's ability to get a burner phone, which will hurt low-income people, domestic violence victims, and anyone else who cares about their privacy."

Slashdot Top Deals