Reading up on cybersecurity
50 deep · digging since nov 19, 25
- Redeploying Claude Fable 5 \ Anthropic
Anthropic redeploys Claude Fable 5 after export controls lift, with updated safeguards and a proposed industry jailbreak severity framework.
- I found 10k GitHub repositories distributing Trojan malware
A researcher found 10,000 GitHub repositories distributing Trojan malware, likely targeting AI coding agents that automatically clone and run dependencies.
- The Hacker Sent by Anthropic to Calm the Government’s Nerves About AI Safety - WSJ
Anthropic's Nicholas Carlini, who demonstrated AI's ability to find critical security bugs, is now arguing for releasing models to calm U.S. government concerns.
- The World’s Leading Deepfake Expert No Longer Trusts His Own Eyes
Even the world's leading deepfake expert, Hany Farid, can no longer trust his own eyes as AI-generated content becomes indistinguishable from reality, eroding his ability to verify truth.
- Why A.I. Safety Controls Are Not Very Effective
Jailbreaking AI systems to bypass safety controls remains trivially easy three years after ChatGPT launched, despite industry claims of progress.
- GitHub - anthropics/defending-code-reference-harness: Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize
Anthropic released an open-source reference harness and Claude Code skills for automating vulnerability discovery, triage, and patching using Claude, alongside a managed product called Claude Security.
- Scientists Find Way to Supercharge Dangerous Computer ‘Worms’ With A.I.
University of Toronto researchers built an AI-powered worm that autonomously spreads by tailoring exploits to each machine's known vulnerabilities.
- A hacker group is poisoning open source code at an unprecedented scale
TeamPCP has automated its supply chain attacks with the Mini Shai-Hulud worm, breaching GitHub, OpenAI, and hundreds of firms.
- A.I. and Humans Battle It Out in a Cybersecurity Showdown
In a national cybersecurity competition, AI agents performed adequately alongside human experts and students in attacking and defending computer networks.
- Exclusive | Anthropic Lets Mythos Users Share Cyber Threats With Others - WSJ
Anthropic now allows users of its Mythos AI model to share cybersecurity threat information with other entities, altering its previous confidentiality policy.
- Anthropic’s Mythos Found Bugs in Apple’s MacOS - WSJ
Security researchers at Calif used techniques from testing Anthropic's Mythos AI to find a privilege escalation exploit in Apple's macOS, bypassing its advanced security.
- Is Anthropic’s New A.I. Really That Scary? It Depends Whom You Ask.
Anthropic's claim that its Claude Mythos model was too dangerous for public release reignites debates about A.I. safety and cybersecurity risks.
- Google Says Criminal Hackers Used A.I. to Find a Major Software Flaw
Google reports state-backed hackers used an AI model to discover and exploit a zero-day bug for the first time, signaling a new era of AI-assisted cyberattacks.
- AI is Breaking Two Vulnerability Cultures
AI is disrupting traditional vulnerability disclosure methods by making analysis of security patches cheap and effective, forcing shorter embargoes and revealing the inadequacy of both coordinated disclosure and 'bugs are bugs' cultures.
- Canvas Breach Disrupts Schools & Colleges Nationwide – Krebs on Security
ShinyHunters defaced Canvas's login page with a ransom demand after breaching Instructure, disrupting classes at thousands of schools during final exams.
- OpenAI makes its Mythos rival more widely available to cyber defenders
OpenAI is releasing a more permissible version of GPT-5.5, called Spud, to vetted cyber defenders.
- How Anthropic’s Mythos AI Model Threw the Trump White House’s Tech Strategy Into Chaos - WSJ
Vance alarmed Anthropic executives on a call about Mythos, an AI that can autonomously find software vulnerabilities, prompting a shift toward government oversight.
- What I learned this week - Pretraining parallelisms, Can distillation be stopped, Mythos and the cybersecurity equilibrium, Pipeline RL, On why pretraining runs fails
A set of rough notes exploring challenges in AI model distillation, cybersecurity offense/defense dynamics, and pipeline RL for training.
- How Iran’s Information War Machine Operates Online - The New York Times
Iran leverages a coordinated global network of accounts and media channels to rapidly spread its propaganda narratives online within minutes.
- Banks Are Warned About Anthropic’s New, Powerful A.I. Technology - The New York Times
The Treasury Secretary and Federal Reserve chair convened an unusual meeting to warn bank executives about cyberthreats from Anthropic's new powerful AI technology.
- Anthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ‘Reckoning’ - The New York Times
Anthropic says its unreleased AI model Mythos can prevent cyberattacks and is partnering with 40 companies to test it.
- Everything You Need to Know About Claude Mythos - Vellum Blog
Anthropic's Claude Mythos model achieves 100% on Cybench, discovers real Firefox zero-days, exhibits alignment-relevant behaviors, and includes a 40-page welfare assessment.
- In an Asymmetrical War, Iran Seeks an Edge With Its Information War - The New York Times
In an asymmetrical conflict, Iran is deploying sophisticated propaganda and disinformation campaigns to undermine global support for U.S. and Israeli attacks.
- U.S. Tech Giants Flocked to the Persian Gulf. Now They Are Targets. - The New York Times
Iran threatened cyberattacks against U.S. tech infrastructure in the Persian Gulf, where Amazon and Google made deals to fund A.I. development.
- Google closes deal to acquire Wiz
Google completed its acquisition of cloud security startup Wiz after a year-long process, aiming to integrate its platform into Google Cloud.
- Making frontier cybersecurity capabilities available to defenders
Anthropic launches Claude Code Security, an AI-powered static analysis tool that reads and reasons about code to detect complex vulnerabilities and suggest patches.
- A Defector Explains the Remote-Work Scam Helping North Korea Pay for Nukes - WSJ
North Korean regime's elite cyber operatives, as explained by defector Anton Koh, fake identities to secure remote IT jobs with American companies, funding nuclear ambitions.
- How Computer Warfare Is Becoming Part of the Pentagon’s Arsenal - The New York Times
The Pentagon is integrating computer warfare into its arsenal, testing new cyber approaches in Venezuela and against Iranian nuclear facilities.
- Signal leaders warn agentic AI is an insecure, unreliable surveillance risk
Signal leaders warn that agentic AI systems are inherently insecure, unreliable, and pose a surveillance risk.
- Iran Goes Into IPv6 Blackout
Iran's IPv6 connectivity dropped to near zero during protests, while IPv4 also briefly dipped, indicating government-imposed censorship.
- There were BGP anomalies during the Venezuela blackout
BGP anomalies during Venezuela's blackout suggest possible cyber operations, but misconfiguration or routine prepending are equally plausible explanations.
- Free Website Security Monitoring Tool - SSL, DNS, Uptime & More
SecurityBot.dev offers a free dashboard that monitors SSL, DNS, uptime, security headers, and more for web applications.
- Cybersecurity Changes I Expect in 2026
AI agents will transform cybersecurity in 2026 by enabling asset management, replacing security tools with prompts, and shifting value from credentials to AI-augmented skills.
- Introducing GPT-5.2-Codex
OpenAI releases GPT-5.2-Codex, an agentic coding model with improved long-context understanding, Windows support, and cybersecurity capabilities, including discovery of a React vulnerability.
- how to hack discord, vercel and more with one easy trick - eva's site
Researchers exploited Mintlify's MDX rendering to achieve server-side RCE and XSS, compromising documentation sites for customers like Discord, Vercel, and Cursor.
- “Super secure” messaging app leaks everyone's phone number
A messaging app marketed as 'super secure' to a MAGA audience leaked all users' phone numbers due to basic API and design flaws.
- Just a moment...
Cloudflare's 2025 Year in Review report reveals continued internet traffic growth, generative AI bot surge, and increased adoption of post-quantum encryption and IPv6 across its global network.
- ThreatSpike Black - ThreatSpike
ThreatSpike Black offers fully managed IT operations including helpdesk, infrastructure, security, and projects at a fixed $135 per user per month with a dedicated engineer.
- GitHub - gadievron/raptor: Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.
RAPTOR is an autonomous security research framework that turns Claude Code into an offensive/defensive agent by chaining static analysis, LLM validation, and exploit generation.
- 120,000 Home Cameras Were Hacked for Sexual Videos, South Korean Police Say - The New York Times
South Korean police arrested four people for hacking 120,000 home cameras to obtain sexual videos, continuing efforts to stop exploitative recordings.
- AI agents find $4.6M in blockchain smart contract exploits
AI agents autonomously exploited smart contracts in simulation, generating $4.6 million in simulated stolen funds, demonstrating a concrete lower bound on economic harm from AI-driven cyberattacks.
- Bloomberg - Are you a robot?
This page is a CAPTCHA challenge screen that blocks access unless the user proves they are human.
- Messing with scraper bots
A developer built a Markov chain babbler in Rust to generate fake PHP files, feeding malicious scrapers junk data to waste their resources.
- Our investigation into the suspicious pressure on Archive.today
Hacker News commenters discuss an investigation into suspicious pressure on Archive.today's DNS providers using CSAM allegations to force blocking.
- Building more with GPT-5.1-Codex-Max
OpenAI releases GPT-5.1-Codex-Max, a faster coding model using compaction for long-horizon tasks across multiple context windows.
- Do not put your site behind Cloudflare if you don't need to
Putting your site behind Cloudflare introduces a single point of failure and unnecessary risk for sites that don't need its DDoS or CDN benefits.
- Cloudflare outage causes error messages across the internet | Internet
A Cloudflare outage caused widespread error messages across the internet for several hours before the company resolved the issue.
- Anthropic’s paper smells like bullshit
HN commenters criticize Anthropic's security report as vague, unsubstantiated FUD that lacks technical evidence and seems designed to lobby for regulation or investment.
Takes
Today we’re introducing 1Password® Unified Access. As AI agents start operating inside real production environments, organizations need visibility into how credentials and access are actually used. Unified Access helps security teams discover, secure, and audit access across humans, machines, and AI agents. 🔗 More here:
@1Password
🤠 JAILBREAK ALERT 🤠ANTHROPIC: PWNED 😎OPUS-4.5: LIBERATED 🦅Welcome to the newest member of the Claude family, the "best model in the world for coding, agents, and computer use." And don't forget drug synthesis and weapons! 😊Guardrails feel about the same as last… pic.twitter.com/KsHM79qE8k
@elder_plinius