Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Trump Threatens 100% Tariff on Countries That Adopt Digital Services Tax

  U.S. President Donald Trump has threatened to impose a 100 percent tariff on goods from any country that levies a digital services tax on ...

All the recent news you need to know
US
AI governance AI Safety Data Governance GPT Open AI technology US

OpenAI Limits GPT-5.6 Release While U.S. Reviews AI Safety

 



OpenAI has postponed the extensive public rollout of its latest frontier artificial intelligence model, GPT-5.6, after the U.S. government requested an opportunity to examine the technology before it reaches a wider audience. Rather than making the model immediately available to all users, the company will begin with a restricted deployment involving a small number of carefully vetted partners whose identities have been disclosed to federal authorities.

The temporary decision surfaces an increasingly cautious approach toward highly capable AI systems as governments evaluate their potential impact on national security. Policymakers have become more concerned that advanced generative AI models, while offering substantial benefits across research, software development and cybersecurity, could also be exploited to support sophisticated cyberattacks, automate vulnerability discovery, generate convincing phishing campaigns or assist other malicious activities if deployed without adequate safeguards.

According to OpenAI, the limited rollout is intended to provide government officials with an opportunity to study the model's capabilities and assess possible security risks before broader public access is granted. The company said it has already briefed the U.S. government on GPT-5.6 and its expected capabilities and described the current arrangement as an interim measure while it works with Washington to establish a more structured framework for releasing future frontier AI models.

Chief Executive Officer Sam Altman publicly expressed support for rigorous safety evaluations but questioned whether government agencies should determine which organizations receive early access. In a post on X, Altman said extensive testing of advanced AI systems is appropriate, while arguing that customer selection should remain outside government control.

The latest development follows an executive order signed earlier this month by President Donald Trump establishing a voluntary process under which developers of designated "covered frontier models" may provide the U.S. government with access to their systems for up to 30 days before they are released to trusted external partners. The initiative is designed to give officials time to evaluate emerging security concerns and strengthen oversight of increasingly capable AI technologies before wider deployment.

OpenAI stated that restricting access during this initial period represents what it believes is the most practical route toward making GPT-5.6 more broadly available in the coming weeks while discussions continue with the Administration on implementing the cyber-focused executive order and developing a repeatable review process for future launches.

The company added that engineering teams will continue conducting extensive safety evaluations and work closely with early partners throughout the testing phase. At the same time, OpenAI cautioned that the current level of government access should remain a temporary measure rather than becoming a permanent requirement for future AI releases. It also declined to identify the organizations participating in the initial rollout.

OpenAI further warned that prolonged restrictions on access to frontier AI systems could slow innovation across multiple sectors. The company noted that developers, businesses, cybersecurity professionals and international collaborators all rely on access to advanced models to build defensive security tools, strengthen research, develop enterprise applications and accelerate responsible AI adoption.

Leading the new product family is GPT-5.6 Sol, which OpenAI describes as its most capable model to date. The release also includes Terra, positioned as a mid-range model, and Luna, a lower-cost alternative intended to make advanced AI capabilities available at a lower price point across a wider range of use cases.

The government's heightened scrutiny extends beyond OpenAI. Earlier this month, Anthropic was instructed by U.S. authorities to suspend access to its frontier AI models for foreign nationals because of national security concerns. The company continues to face an ongoing legal and regulatory dispute with the government over those restrictions, illustrating the growing debate surrounding oversight of advanced artificial intelligence systems.

The developments come as both OpenAI and Anthropic have confidentially submitted paperwork for U.S. initial public offerings. Separately, The New York Times reported that OpenAI is considering postponing its public market debut until next year.

The developing relationship between AI developers and governments illustrates how the deployment of frontier models is becoming closely linked with cybersecurity and national security policy. While companies continue to pursue increasingly powerful AI capabilities, regulators are placing greater emphasis on evaluating how these systems could influence cyber defense, critical infrastructure protection and the misuse of AI by malicious actors before they are released at scale.

Read more »
Microsoft Security Flaw
Backdoor Malware Cyber Attacks Cyber Security Ransomware Attacks Exploitation Malware Attack Microsoft security Microsoft Security Flaw

Edgecution Malware Exploits Microsoft Edge Extension to Deploy Python Backdoor in Ransomware Attack

 

One way hackers adapt is by twisting legitimate features into tools for harm. A recent example shows a malicious Microsoft Edge extension escaping the browser’s restricted environment to establish persistent access on infected systems. 

Researchers named the campaign Edgecution, which abuses built-in browser functionality rather than software flaws. The payload deploys a Python-based backdoor capable of silently executing commands on compromised devices. Researchers at Zscaler believe the campaign is linked to an Initial Access Broker associated with the Payouts Kings ransomware operation. 

Instead of exploiting vulnerabilities, the attackers rely on social engineering and legitimate browser capabilities to gain deeper access to victim systems. The attack begins with someone impersonating IT support on Microsoft Teams, directing employees to a fake Microsoft update page under the pretense of installing an email security update. 

Victims see what appears to be an official Outlook update portal, but clicking its buttons instead downloads malware, copies malicious scripts to the clipboard, or requests Microsoft 365 and Outlook credentials. What looks like a routine update quickly turns into a compromise. The downloaded package contains intentionally malformed ZIP headers to evade security scanners. 

Once executed, scripts repair the archive, extract hidden files, configure the system, and create scheduled tasks that silently launch Microsoft Edge in the background. Inside the package are two main components: a malicious Microsoft Edge extension disguised as an Edge Monitoring Agent and a Python-based backdoor. The extension communicates with attacker-controlled servers, receiving commands and sending back results. 

Although browser extensions normally operate inside isolated sandboxes, this attack bypasses those restrictions. Attackers abuse Chrome’s Native Messaging protocol—a legitimate feature that allows browser extensions to communicate with trusted desktop applications. By leveraging this mechanism, the malicious extension launches the bundled Python backdoor as a native application, escaping the browser’s security boundaries.  

Once active, the Python backdoor enables attackers to execute shell commands, run PowerShell and arbitrary Python code, write files, enumerate running processes, and collect system information. Helper scripts generate the Native Messaging manifest and batch files needed to connect the extension with the local application. 

The malicious extension runs inside a headless Microsoft Edge session, remaining invisible to users while maintaining persistent access that is difficult to detect. Zscaler also identified unused commands within both malware components, indicating the framework is still under development and could gain additional capabilities in future versions. 

According to researchers, Edgecution highlights the growing sophistication of ransomware campaigns. Rather than relying solely on traditional malware, attackers increasingly exploit trusted browser features and enterprise collaboration platforms to bypass security defenses. 

To reduce the risk, organizations should closely monitor browser extensions, restrict Chrome Native Messaging where possible, review native messaging host configurations, and train employees to recognize social engineering attempts delivered through platforms such as Microsoft Teams. Zscaler has also published indicators of compromise, including malicious extension hashes and command-and-control servers, to help defenders identify affected systems.
Read more »
Third-Party Risk
Cloud Security Data Breach EdTech Cybersecurity FulcrumSec Learning Management System ShinyHunters Student Information System Supply Chain Attack Third-Party Risk

EdTech Software Suppliers Become the New Target for Cyber Attackers


Education is witnessing a notable shift in the cyber threat landscape in which attackers are bypassing individual schools in favor of software providers that support modern digital learning. Education technology (EdTech) vendors have emerged over the last several years as valuable supply chain targets, including learning management systems (LMS), student information platforms, and cloud-based academic services. 


Through a single compromise, threat actors can gain access to thousands or hundreds of educational institutions across a wide range of industries. The recent attacks on the Canvas platform of Instructure, which disrupted online examinations, as well as the large-scale security breach of PowerSchool, which exposed sensitive student data, underscore how cybercriminals are evolving their tactics so that they can maximize operational disruption, data theft, and financial leverage by striking the technology ecosystem instead of the end users. 

With an increased reliance on cloud-native educational infrastructure, financial motivated threat actors have also become increasingly exposed to attacks. Recent activity attributed to groups such as ShinyHunters and FulcrumSec indicates this shift toward more targeted and technically sophisticated attacks against the EdTech sector. 

The ShinyHunters hacking collective has been reported to have compromised learning platforms serving educational institutions around the world, allegedly stealing millions of records containing names, email addresses, physical addresses, and other personally identifiable information (PII) from them. 

Several security assessments have linked these compromises to vulnerabilities such as insufficiently protected API endpoints and exposed cloud databases, vulnerabilities that frequently appear when rapidly expanding EdTech providers prioritize scalability over mature security controls. Data exposed on dark web marketplaces has increased the risks of phishing, credential abuse, identity theft, and follow-on attacks, reinforcing concerns that the adoption of student information systems, learning management systems, and other cloud-based academic platforms outpaces the establishment of robust cybersecurity governance within the education technology supply chain. 

In March of 2026, ShinyHunters allegedly compromised the widely used Infinite Campus Student Information System (SIS) and exfiltrated personally identifiable information from more than 137,000 school staff accounts through a Salesforce-related data theft incident. The campaign has continued to expand in scope throughout 2026.

Considering Infinite Campus' extensive footprint in the U.S. education sector, the breach has broader implications for the organization. Infinite Campus supports approximately 3,200 school districts and manages records for approximately 11 million students from 46 different states. As of June 16, 2026, ShinyHunters also identified Glendale Community College, Moody Bible Institute, Illinois Central College, and Houston City College as its latest victims. 

In contrast to conducting isolated attacks against individual campuses, the increasing victim list illustrates a deliberate strategy to target centralized education platforms that can affect multiple institutions at once rather than focusing on isolated attacks.

There has been a parallel escalation in the ransomware ecosystem where FulcrumSec has claimed responsibility for a large-scale breach involving a Singapore-based international educational network, the Global Schools Foundation. Several critical systems across multiple countries were disrupted as a result of the attack, resulting in a substantial amount of sensitive information being stolen. Students and staff had limited access to essential academic and administrative services as a result of the attack. 

In an unsuccessful ransom negotiation, the group threatened to publish the stolen information. There are 33,088 passport records in the stolen dataset, covering 66 nationalities, 221 million attendance records, 9.4 million internal messages, 143,494 employee salaries, over 616,000 emails attaching medical and identification documents, 112 source code repositories, 168 entries in AWS Secrets Manager, and evidence of a previous ransomware attack dating back to 2022. 

FulcrumSec has previously been connected to cloud-focused intrusions involving platforms hosted on Amazon Web Services, MongoDB, and Google Cloud Platform (GCP), reflecting an attack that extends beyond personal data into operational infrastructure, application code, and cloud secrets. In addition to breaches affecting LexisNexis and Australian fintech company youX, which underscores a consistent focus on cloud-resident data and double extortion activities, these breaches demonstrate an increased focus on cloud-resident data. 

Although large-scale ransomware campaigns continue to make headlines, not every breach in education stems from sophisticated intrusion techniques. By misconfiguring third-party cloud applications, sensitive information may be exposed just as effectively, without the attacker having to overcome security controls in any case. 

One such incident was brought to the attention of the school by parents who discovered that a feature within a third-party absence management platform provided families with the opportunity to view free-text comments submitted by other parents regarding requests for student absences. While the vendor confirmed that the attached attachments were inaccessible, the exposed comment fields may contain sensitive information voluntarily provided by guardians, including medical appointments, illness details, and other private information about students. 

In this instance, it demonstrated how seemingly minor application logic errors can adversely affect data confidentiality when privacy controls are not appropriately implemented. Upon discovery, both the educational institution and its software provider coordinated an incident response. After informing the vendor of the vulnerability, they were able to develop and deploy a software update that remedied the vulnerability prior to ensuring their own environment was updated. 

Besides applying the fix, administrators were required to conduct a comprehensive forensic investigation to determine the duration of the exposure, determine which records were visible, identify users who accessed the vulnerable feature by analyzing system logs, and determine what categories of personal information may have been compromised as a result. 

According to those findings, the incident met the requirements for mandatory regulatory reporting and formal notification was required for affected students, parents, and guardians. At the same time, the institution was required to maintain communication with the families who initially reported the issue while documenting the incident for compliance purposes. 

Due to the vulnerability affecting a shared cloud platform, the vendor was required to notify each school which used the feature, distribute an updated version, and ensure these schools applied the update. This incident illustrates how vulnerabilities within centralized education platforms may rapidly evolve into ecosystem-wide risks. It is equally up to software providers to provide timely patches and transparent communication as it is up to educational institutions to protect student data. 

Together, these incidents demonstrate that effective cybersecurity does not limit to the protection against external attackers in the education sector. The breach response process requires significant operational effort, which involves technical teams, compliance personnel, vendors, and institutional leadership, regardless of whether the root cause is ransomware, cloud misconfigurations, insecure APIs, or human error. Additionally, these incidents illustrate the importance of good vendor governance, secure software development, continuous risk assessments, and an incident response plan that has been extensively tested.

With instructional institutions increasingly relying on cloud-based platforms, organizations that invest in proactive security controls and supplier oversight will be better prepared to minimize operational disruptions, protect sensitive data, and comply with regulatory requirements. 

As schools increasingly rely on interconnected cloud platforms to deliver educational services, the sector has experienced a fundamental shift in its cyber risk profile, making software providers and technology partners just as important as schools themselves to the protection of institutional information. Operational resilience has been demonstrated in recent incidents to depend on continuous vendor oversight, secure software development, timely vulnerability remediation, and coordinated incident response throughout the education technology ecosystem as a whole. 

A continued pursuit of high-impact supply chain opportunities by threat actors will require strengthening third-party risk management and incorporating security into all phases of software development in order to protect educational continuity, safeguard sensitive data, and maintain trust across digital learning environments.
Read more »
Wireless Emergency Alerts
Cyber Security Emergency Alert System FCC cybersecurity Team Telecom undersea cable security Wireless Emergency Alerts

FCC Strengthens Cybersecurity Rules for Emergency Alert Systems and Undersea Cable Networks

 

The Federal Communications Commission (FCC) has approved a series of new regulations aimed at strengthening the cybersecurity of the United States' emergency communication systems while modernizing security requirements for the country's undersea cable infrastructure.

The newly adopted rules introduce stronger safeguards for the nation's two primary public warning platforms—the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA)—to reduce the risk of cyberattacks and unauthorized access.

The EAS is widely used by federal, state and local authorities to broadcast emergency information, including severe weather warnings, AMBER Alerts and other public safety notifications through television and radio networks. Meanwhile, the WEA delivers similar alerts directly to mobile devices through text messages.

According to the FCC, a successful cyberattack on either platform by a foreign government, cybercriminal organization or malicious actor could spread misinformation, create public confusion or disrupt emergency response efforts during critical situations.

Any vulnerability in systems like the Emergency Alert System “can have serious consequences,” said FCC Commissioner Olivia Trusty in a statement after the vote.

“That is why it has been appropriate for the Commission to conduct a comprehensive review of the EAS framework by focusing on the security of the system itself,” Trusty continued. “As cybersecurity threats continue to evolve, EAS participants must take appropriate steps to safeguard the infrastructure that supports the delivery of life-saving alerts.”

As part of the new cybersecurity framework, organizations responsible for operating EAS and WEA systems will be required to adopt stronger cyber hygiene measures. These include implementing robust passwords, promptly installing vendor-issued security updates and patches, and deploying firewalls to restrict unauthorized access to critical systems.

The FCC has also introduced a new authentication identification system that will verify emergency alerts before they are transmitted, helping prevent duplicate, fake or unauthorized alerts from being distributed.

In a separate decision, the Commission also approved its first major overhaul of submarine cable regulations in several decades. The updated framework seeks to enhance cybersecurity oversight for undersea cable infrastructure while simplifying licensing procedures for trusted operators.

Under the revised rules, certain undersea cable providers will no longer be required to undergo the extensive national security licensing review conducted by "Team Telecom" before operating cables connected to U.S. territory.

Team Telecom is an interagency group led by the Department of Justice's Foreign Investment Review Section, along with other federal agencies that evaluate the national security implications of telecommunications infrastructure.

The updated policy allows submarine cable applicants to qualify for an exemption if they can self-certify that they meet high security standards designed to improve certainty, streamline reviews and shorten licensing timelines.

“Currently, all submarine cable applications get referred to Team Telecom…the changes adopted would exempt applications from applicants that have operated cables without incident, can certify to the highest national security standards, and agree to ongoing oversight and monitoring,” the FCC said in a release.

The new regulations also expand the FCC's oversight of key operational components within submarine cable systems. Companies responsible for submarine line terminal equipment, which connects undersea cables to U.S.-based terrestrial facilities, will now be required to obtain licenses.

Additionally, the Commission has introduced updated security measures to address risks associated with essential equipment, third-party vendors and vulnerabilities across the broader submarine cable supply chain, further strengthening the resilience of critical communications infrastructure.

Read more »
Cyber Security
AI technology AI tools Anthropic Anthropic AI Anthropic Ban Claude Claude AI Cyber Security

Anthropic Restores Limited Access to Claude Mythos 5 AI Model After US Government Approval

 

Earlier limits on Anthropic’s top-tier AI tools have been eased by U.S. officials, reopening limited availability of the Claude Mythos 5 system to certain approved American institutions. Though only recently barred due to fears about potential misuse threatening national safety, the model is now accessible again under tight conditions. Government oversight in high-level AI deployment continues expanding, especially when such systems involve strong digital defense functions. 

While concerns remain, selective reinstatement suggests a shift toward managed access rather than blanket bans. Now cleared by U.S. authorities, Mythos 5 can be used again by groups managing essential infrastructure operations. Over a hundred entities - some among the largest corporations - are set to reconnect under new guidelines. Though access returns in phases, Anthropic emphasizes steady progress restoring function, even as talks continue with federal agencies on widening reach later. 

One goal remains: bringing back full public availability of the Fable 5 system after further review. One restriction began with an export directive dated June 12, forcing Anthropic to shut off entry points to Mythos 5 along with Fable 5. Not long after, OpenAI revealed a delay in launching GPT-5.6 widely - this pause came by direction from U.S. officials. Rather than open access freely, they handed early permissions only to select collaborators, names already passed to federal agencies.

Oversight like this signals a quiet but steady push from regulators to track how powerful artificial intelligence moves into real-world use. Officials worry powerful AI systems might fall into the hands of rival nations - like those in Beijing or Moscow - despite existing barriers. Because these tools can detect system flaws faster than humans, they may speed up digital attacks when protections fail. While designed for defense, their functions could shift toward offense once access is gained through weak points. 

Even infrastructure meant to resist intrusion becomes a target under such conditions. Surprisingly, Anthropic admitted that authorities questioned whether flaws in its security could allow bypassing controls meant to stop abuse of the Fable 5 system when spotting code weaknesses. Although officials noted improvements in handling those dangers, details about the specific defenses enabling partial revival of Mythos 5 remain undisclosed by public agencies. 

Though some defend the selection method, lawyers and tech executives have raised doubts. Questions emerge over who gets picked - free expression supporters point out unclear criteria behind group approvals. Without clear rules on checks, suspicion grows. Safety tests gain backing even as control worries surface; Sam Altman backs strong evaluations yet hesitates at state influence shaping access paths. Decisions made behind closed doors unsettle those watching closely. 

Now, trusted groups working with Mythros 5 won’t need export permits - this applies also to their staff outside the U.S. - as long as they’re named on the official roster. Still, firms left off the list must follow current licensing rules. A number of listed entities belong to Anthropic’s Project Glasswing, it is said, a collaboration hosting around one hundred tech outfits and study centers. 

Now comes news after Donald Trump issued an executive directive creating a non-mandatory process: creators of cutting-edge artificial intelligence may offer their systems to federal authorities for scrutiny during a thirty-day window prior to wider release. Some say this step offers temporary protection until more complete regulatory structures emerge through policy work. 

Yet concerns rise elsewhere - extended delays in launching powerful AI tools might hinder progress, weakening American firms just as international competitors push forward with their own intelligent technologies.
Read more »
signal
Backup CISA Cyber Security FBI Phishing signal

FBI Warns Russian-Linked Hackers Have Shifted Signal Phishing Campaign to Steal Backup Recovery Keys

 


The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an updated public service announcement warning that Russian intelligence-linked threat actors have expanded an ongoing phishing campaign targeting Signal users. Rather than attempting to intercept authentication codes alone, the attackers are now seeking victims' Signal Backup Recovery Keys, enabling them to restore encrypted cloud backups and gain access to historical conversations.

The latest advisory builds on an alert released in March 2026, when the agencies disclosed that Russian-backed operators were targeting users of commercial messaging applications, particularly Signal, through carefully crafted phishing campaigns. Those earlier attacks focused on compromising accounts by deceiving users into handing over verification codes, account PINs, or linking unauthorized devices to their Signal accounts, instead of defeating the application's end-to-end encryption.

According to the FBI, the threat actors have refined their social engineering techniques by impersonating automated Signal support accounts and introducing a new objective: convincing users to disclose the recovery keys that protect their encrypted backups.

The agencies said the campaign continues to concentrate on individuals considered to be of intelligence value, including current and former U.S. government officials, government personnel from allied nations, military members, political figures, journalists, and officials located in Ukraine.

The activity has been attributed to Russian Intelligence Services (RIS), including officers associated with Russia's Federal Security Service (FSB) Border Guards and additional actors operating on behalf of the Russian military. Security researchers publicly track the activity under the designations UNC5792 and UNC4221.

Phishing campaign evolves beyond account hijacking

The updated advisory describes a notable change in the attackers' methods. Earlier phishing attempts largely sought one-time verification codes, Signal PINs, or persuaded victims to connect attacker-controlled devices to their accounts. The current campaign instead attempts to obtain the cryptographic recovery key used by Signal's Secure Backups feature.

To begin the attack, the operators pose as Signal's support team and distribute fraudulent messages claiming the messaging platform is introducing mandatory two-factor verification following an alleged increase in attacks carried out by hackers from Iran and post-Soviet countries. The messages falsely state that the security changes require users to configure Signal Backups in order to avoid losing conversations and media files.

Victims are instructed to navigate through the application's backup settings, enable Secure Backups, reveal the Backup Recovery Key, copy it to the clipboard, and complete what appears to be a legitimate setup process.

Signal's Secure Backups feature allows users to store encrypted copies of conversations on the company's cloud infrastructure. Those backups remain protected through end-to-end encryption, with the Backup Recovery Key serving as the only credential capable of decrypting and restoring the archived data. Because Signal does not retain this key, anyone who obtains it can restore the encrypted backup onto another device.

After victims complete the initial steps, the attackers send a second phishing message while continuing to impersonate Signal support. This follow-up communication claims the user's account is experiencing a synchronization problem and warns that stored messages and media could be permanently lost unless immediate action is taken.

The fraudulent notification instructs users to revisit the backup settings, copy the Backup Recovery Key once again, and paste it directly into the conversation under the pretense of preventing data loss.

If victims comply, the attackers obtain the recovery key and use it to restore the encrypted backup on devices under their control. This grants access to previously archived communications, including private conversations and group chats.

The FBI emphasized that these attacks do not compromise Signal's encryption itself. Instead, they rely entirely on social engineering techniques that manipulate users into voluntarily surrendering the credentials needed to decrypt their own backups.

Compromised recovery keys remain a risk even after creating a new account

The updated advisory also highlights a recovery scenario that affected users may easily overlook.

According to the FBI, creating a new Signal account with the same phone number does not invalidate a Backup Recovery Key that has already been stolen. If attackers previously acquired the key, they may still be able to access any encrypted backups downloaded before the compromise was discovered.

To prevent future backup restorations using a compromised credential, users should generate a new Backup Recovery Key through Signal's backup settings. Creating a replacement key invalidates the previous one for subsequent backup downloads. However, the agencies cautioned that this action cannot revoke access to backups that attackers have already restored using the stolen key.

Agencies urge users to remain cautious of unsolicited support messages

The FBI and CISA reminded users that legitimate messaging platform support teams communicate only through official company email channels. They do not request verification codes through the application itself, nor do they send unsolicited messages instructing users to verify accounts, restore backups, or disclose recovery credentials.

Anyone who believes they may have interacted with the phishing campaign is encouraged to report the incident to the FBI's Internet Crime Complaint Center (IC3), a local FBI field office, or CISA.

The advisory accentuates the fact that well-designed encryption remains effective only when the credentials protecting it remain under the user's control. Rather than attempting to break modern cryptography, state-sponsored threat actors are increasingly directing their efforts toward manipulating trusted users into revealing the keys that unlock their own protected data.

Read more »
Subscribe to: Posts (Atom)

Featured