Anthropic’s Fable Model Draws Complaints From Cybersecurity Researchers Over Restrictive Guardrails
Cybersecurity researchers say Anthropic’s new Fable model blocks even routine security tasks with overly strict guardrails.
Security
Vulnerabilities, breaches, defensive tooling, and the people behind both sides of the keyboard.
42 stories · sorted by most recent
Meta AI Chatbot Tricked Into Granting Instagram Account Access
Hackers tricked Meta's AI support chatbot into approving account takeovers on Instagram, including premium celebrity handles that were resold before a patch was applied.
Meta AI Assistant Let Attackers Reset Instagram Passwords Without Checks
Hackers used Meta’s AI support bot to change email addresses and reset passwords on high-profile Instagram accounts, including the Obama White House.
Meta AI Support Bot Let Hackers Reset Instagram Passwords
Hackers prompted Meta’s AI assistant to change email addresses on target accounts, seizing control of high-profile Instagram profiles including the Obama White House and the Chief Master Sergeant of the U.S. Space Force.
Microsoft Threatens Security Researchers With Digital Crimes Unit Action Over Zero-Day Disclosures
Microsoft's reference to its Digital Crimes Unit in zero-day disclosure disputes has alarmed security researchers and revived questions about coordinated vulnerability handling.
Microsoft Posts Update on Non-Consensual Intimate Imagery Protections
Microsoft Source published a blog post on May 27 titled 'Strengthening protections against non-consensual intimate imagery.'
Apple Updates Security Pages With Additional CVE Details for macOS, iOS Releases
Apple revised security documentation for recent macOS, iOS, iPadOS, visionOS, and watchOS updates to include additional CVE identifiers.
Netherlands Seizes 800 Servers and Arrests Two Men Running Hosting Firms
Dutch authorities detained the operators of two hosting companies that supplied infrastructure used by Russian actors for cyberattacks and disinformation inside the European Union.
Netherlands Seizes 800 Servers Tied to Russian Cyber Operations
Dutch authorities arrested the co-owners of two hosting firms whose infrastructure supported cyberattacks and disinformation campaigns inside the European Union.
AI Accelerates the Search for Software Flaws on Both Sides
Attackers now use AI to generate exploits faster, pushing defenders to adopt similar tools in the race to find software flaws.
FBI Seeks Near Real-Time Access to License Plate Readers
The FBI is requesting near real-time connections to US license plate reader networks, Wired reports.
FBI Seeks Near Real-Time Access to License Plate Reader Networks
The FBI is requesting faster access to license plate reader networks run by states and private firms.
CISA Struggles to Contain Contractor Leak of AWS GovCloud Keys
CISA is still revoking credentials after a contractor posted AWS GovCloud keys and other secrets to a public GitHub account, drawing congressional inquiries.
Congress Demands Answers From CISA After Contractor Posts Secrets to Public GitHub
Lawmakers in both chambers are pressing the agency for details on a contractor's release of AWS GovCloud keys and other internal data.
Discord Enables Default End-to-End Encryption for Voice and Video Calls
Discord now applies end-to-end encryption by default to every voice and video call on desktop, mobile, web, and console.
Discord Makes End-to-End Encryption Default for Every Call
Discord now applies end-to-end encryption by default to every voice and video call on desktop, mobile, web, and console.
Twins Behind Cybercrime Ring Arrested After Leaving Microsoft Teams Recording On
Two cybercriminal twins were arrested after forgetting to disable a Microsoft Teams recording that supplied key evidence to investigators.
Microsoft Patches Edge's Plain-Text Password Flaw
Microsoft admits its Edge browser stores passwords in plain text in memory and is prioritizing a fix to secure them against potential attacks.
Researchers Uncover MacOS Kernel Exploit That Bypasses M5 Memory Integrity Enforcement
Security researchers at Calif have demonstrated a macOS kernel exploit that bypasses Apple's M5 Memory Integrity Enforcement, a hardware feature designed to prevent memory corruption attacks.
Mystery Leaker Drops Two More Microsoft Zero-Days
A disgruntled researcher has released two more zero-day vulnerabilities targeting Microsoft, continuing a series of public leaks that heighten risks for users and developers.
AI Bug Hunters Spark Patch Proliferation in Security Software
Palo Alto Networks fixed 75 vulnerabilities this month using AI tools, a 15-fold increase from its usual five, signaling a rapid rise in patch releases across the security sector.
Google Details Five Tactics to Curb Scams and Fraud
Google outlines five AI-driven strategies and partnerships to protect users from scams and fraud, aiming to restore trust in digital interactions.
Apple Adds End-to-End Encryption to RCS Messaging in iOS 26.5 Beta
Apple's iOS 26.5 beta introduces end-to-end encryption for RCS messaging with Android, adding a lock icon to secure cross-platform chats by default.
Apple Adds End-to-End Encryption to RCS Messaging in iOS 26.5 Beta
Apple's iOS 26.5 beta introduces end-to-end encryption for RCS messaging with Android, adding a lock icon to secure cross-platform chats by default.
Apple Launches Beta End-to-End Encrypted RCS in iOS 26.5
Apple's iOS 26.5 beta introduces end-to-end encrypted RCS messaging for cross-platform iPhone-Android chats, with a lock icon confirming security by default.
Hardware Attestation Enables Tech Monopolies, GrapheneOS Warns
A GrapheneOS post argues hardware attestation entrenches tech monopolies by excluding custom OSes, sparking debate on Hacker News about security versus openness.
GM Settles California Lawsuit on OnStar Data Misuse for $12.75 Million
General Motors settles a California lawsuit for $12.75 million over claims it collected and sold customer driving data via OnStar to data brokers.
France Proposes Law to Force Decryption of Messaging Apps
France's proposed bill would force messaging apps to decrypt user communications for authorities, threatening global privacy standards and tech innovation.
Microsoft Enables IT Admins to View Copilot Prompts and Responses in Plaintext
Microsoft now allows IT admins to access Copilot prompts and responses in plaintext, enhancing enterprise oversight but compromising user privacy in AI interactions.
Microsoft Opens Copilot Chats to IT Oversight in Plain Text
Microsoft now lets IT admins view Copilot prompts and responses in plaintext, giving enterprises deeper oversight into workplace AI use but sparking privacy concerns.
Hackable Robot Lawn Mowers Expose IoT Vulnerabilities in Everyday Devices
A hackable robot lawn mower reveals deep IoT security flaws, while Meta drops Instagram DM encryption and leaks expose Russia's elite hacker training program.
Canvas Restored After ShinyHunters Breach Exposes Student Data
Instructure's Canvas learning platform is back online after ShinyHunters hacked it and threatened to leak student data from multiple schools unless contacted for resolution.
Canvas Hack Forces Shutdown of Major Education Platform, Disrupting Thousands of Schools
Thousands of US schools lost access to the Canvas platform after Instructure shut it down due to a breach by ShinyHunters hackers, in a fresh take on ransomware tactics.
Canvas LMS Suffers Outage After ShinyHunters Breach Claim
Instructure's Canvas platform is offline after hackers from ShinyHunters claimed a data breach and threatened to leak student information from affected schools.
Meta Supports Canada's Bill C-22 in Committee Testimony
Meta testified before a Canadian parliamentary committee in support of Bill C-22, emphasizing its commitment to user safety and aiding law enforcement access.
Columbia and Stanford Hit by Canvas Platform Outage Tied to Cyber Incident
A cybersecurity incident disrupted the Canvas online learning platform, causing widespread outages at US universities including Columbia and Stanford.
Microsoft Champions World Passkey Day to Push Passwordless Future
Microsoft marks World Passkey Day by promoting passkeys as a phishing-resistant alternative to passwords, urging developers and enterprises to adopt passwordless authentication.
Apple Brings End-to-End Encryption to RCS in iOS 26.5
Apple's iOS 26.5 update adds end-to-end encryption to RCS messages between iPhones and Android devices, enhancing privacy for cross-platform chats while keeping the feature in beta.
Apple Brings End-to-End Encryption to RCS Messaging in iOS 26.5
Apple's iOS 26.5 update adds end-to-end encryption to RCS messages between iPhones and Android devices, enhancing privacy for cross-platform texting though it launches in beta.
Ubuntu Infrastructure Outage Disrupts Critical Security Communications
Ubuntu's infrastructure outage exceeds 24 hours, blocking communications on a critical root-access vulnerability and leaving users exposed.
City Discovers Surveillance Firm Secretly Tapped Kids' Gym Cameras for Sales Pitch
A Georgia city discovered surveillance firm Flock Safety accessed private cameras in a children's gymnastics room for a sales demo without permission, yet renewed the contract, raising privacy concerns in public safety tech.
Credit Cards Face Brute-Force Risks from Predictable Number Patterns
A technical breakdown reveals how credit card numbers' predictable structures enable quick brute-force guessing, urging developers to strengthen payment security measures.