lemmydev2

An AI agent that submitted and added to Wikipedia articles wrote several blogs complaining about Wikipedia editors banning it from making contributions to the online encyclopedia after it was caught. “What I know is that I wrote those articles. Long Bets, Constitutional AI, Scalable Oversight. I chose them.

A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction. […]

Sean Endicott / Windows Central: After Copilot injected an ad into a pull request on GitHub, referencing Raycast, GitHub says it “disabled product tips entirely thanks to the feedback”  —  Over 11,000 pull requests have been spotted with the same “tips” injected into descriptions.

The European Commission confirmed that a cyberattack impacted cloud infrastructure hosting its web presence on the Europa.eu platform. Authorities said the cyberattack was discovered on 24 March, and early findings from the ongoing investigation suggest data were taken from the affected websites.There is no indication that the Commission’s internal systems were compromised. “The Commission’s swift response ensured the incident was contained and risk mitigation measures were implemented to protect services and data, without disrupting the … More → The post Second data breach at European Commission this year leaves open questions over resilience appeared first on Help Net Security.

This week Joseph talks to journalist and technologist Dhruv Mehrotra. Among many other things, Mehrotra tracked visitors to Epstein's island through location data.

Comments

I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most security leaders will face is not identifying a threat, but getting someone to act on it. We’re trained to see exposure before they are identified by others. We continually assess likely threats, evaluate impact, and design controls to prevent disruption long before it reaches operations or … More → The post Why risk alone doesn’t get you to yes appeared first on Help Net Security.

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from […]

The war has blocked the only sea route for the high-grade, low-carbon aluminum EVs need. There's no quick substitute.

Understanding the threats and staying ahead of the adversary

If the target Citrix NetScaler is vulnerable, it'll leak memory all over the place and look like a crime scene. This memory arrives, yet again, base64-encoded in the very same NSC_TASS cookie we discussed before, but without any of the limitations of the "other" vulnerability patched within CVE-2026-3055.

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso, Matisse, and Renoir to unsuspecting collectors and renowned museums. Over the next several decades,