Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos

0 0 5 minutes read

Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos

https://www.profitableratecpm.com/f4ffsdxe?key=39b1ebce72f3758345b2155c98e6709c

As researchers and Practitioners debate the impact new AI models will have on cybersecurity, Mozilla said Tuesday that it used early access to Anthropic’s Mythos Preview to find and fix 271 vulnerabilities in its new version of the Firefox 150 browser. Meanwhile, researchers have identified a group of moderately successful North Korean hackers who use AI for everything from flavor-coding malware to creating fake corporate websites, stealing up to 12 million dollars in three months.

Researchers ultimately hacked disruptive malware known as Fast16, which predates Stuxnet and may have been used to target Iran’s nuclear program. It was created in 2005 and was likely deployed by the United States or an ally.

Meta is being sued by the Consumer Federation of America, a nonprofit, for fraudulent ads on Facebook and Instagram and for allegedly misleading consumers about the company’s efforts to combat them. A U.S. surveillance program that allows the FBI to view Americans’ communications without a warrant is set to be renewed, but lawmakers are deadlocked over next steps. A new bill aims to address lawmakers’ growing concerns, but lacks substance.

And if you’re looking for in-depth analysis, WIRED investigated the years-long feud behind the GrapheneOS mobile operating system, a leading mobile operating system with an eye toward privacy and security. Plus, we looked at the strange story of how China spied on American figure skater Alysa Liu and her father.

And there’s more. Every week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

Anthropic’s Mythos Preview AI model has been touted as a tool dangerously capable of detecting security vulnerabilities in software and networks, so powerful that its creator carefully restricted its release. But a group of amateur sleuths on Discord have found their own, relatively simple (no AI hacking required) ways to gain unauthorized access to a coveted digital prize: the Myth itself.

Despite Anthropic’s efforts to control who can use Mythos Preview, a group of Discord users gained access to the tool through some relatively simple detective work: They looked at data from a recent breach of Mercor, an AI training startup that works with developers, and “made an educated guess about the model’s online location based on knowledge of the format Anthropic has used for other models” — a phrase many observers have speculated about that it refers to a web URL – according to Bloomberg, which broke the story.

The person also allegedly took advantage of permissions they already had to access other Anthropic models, through their work for an Anthropic contracting company. However, as a result of their investigations, they would have had access not only to Mythos, but also to other previously unpublished anthropogenic AI models. Fortunately, according to Bloomberg, the group that accessed Mythos has so far only used it to create simple websites – a move intended to prevent its detection by Anthropic – rather than hacking the planet.

Security researchers have long warned that telecommunications protocols known as Signaling System 7, or SS7, which govern how phone networks connect to each other and route calls and text messages, are vulnerable to abuse that would allow clandestine surveillance. This week, researchers at digital rights organization Citizen Lab revealed that at least two for-profit surveillance service providers actually used these vulnerabilities – or similar vulnerabilities in the next generation of telecommunications protocols – to spy on real victims. Citizen Lab found that two surveillance companies had essentially acted as malicious phone operators, exploiting access to three small telecommunications companies – Israeli operator 019Mobile, British mobile provider Tango Mobile and Airtel Jersey, based on the English Channel island of Jersey – to track the locations of targets’ phones. Citizen Lab researchers say “high-profile” individuals were tracked by the two surveillance companies, although they declined to name those companies or their targets. The researchers also warn that the two companies they found abusing the protocols are likely not alone and that the vulnerability of global telecommunications protocols remains a very real vector for phone spying around the world.

In a sign of a growing — albeit belated — crackdown by U.S. law enforcement against the sprawling criminal industry of human trafficking-fueled fraud complexes across Southeast Asia, the Justice Department this week announced charges against two Chinese men for allegedly helping run a fraud complex in Myanmar and seeking to open a second complex in Cambodia. Jiang Wen Jie and Huang The DOJ says it also “withheld” $700 million in funds belonging to the operation — essentially freezing the funds for seizure — and also seized a channel from the messaging app Telegram, which prosecutors say was used to lure and enslave trafficking victims. The Justice Department statement claims that Huang personally participated in the corporal punishment of workers at a resort and that Jiang at one point oversaw the theft of $3 million from a single U.S. fraud victim.

Three scientific research institutions have been discovered selling health information about British citizens on Alibaba, the British government and non-profit UK Biobank revealed this week. Over the past two decades, more than 500,000 people have shared their health data, including medical images, genetic information and health records, with UK Biobank, which provides scientists around the world with access to the information needed to conduct medical research. However, the charity said the data leak involved a “breach of contract” signed by three organisations, with one of the datasets for sale believed to contain data on all of half a million research subjects. It did not detail all types of data offered for sale, but said it had suspended the Biobank accounts of those allegedly selling the information. Data ads have also been removed.

Earlier this month, 404 Media reported that the FBI was able to obtain copies of Signal messages from a defendant’s iPhone because the contents of the messages, which are encrypted in Signal, were saved in an iOS push notification database. In this case, copies of messages were still accessible even though Signal had been deleted from the phone, although the issue affected all apps that send push notifications.

This week, in response to this issue, Apple released an iOS and iPadOS security update to fix the flaw. “Notifications marked for deletion might be unexpectedly retained on the device,” Apple’s security update for iOS 26.4.2 says. “A logging issue was resolved with improved data redaction. »

Although the issue has been resolved, it’s still worth changing what appears in notifications on your device. For Signal you can open the app, go to Settings, Notificationsand enable notifications to display Name only Or No name or content. It’s another reminder that even though apps like Signal are end-to-end encrypted, this applies to content as it moves between devices: if someone can physically access and unlock your phone, it’s possible they can access everything on your device.