Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Technology. Show all posts
Technology
AI Anthropic Bugs ChatGPT Claude Mythos Preview Technology

Anthropic's Mythos Preview Detects Over 10,000 Software Bugs in Project Glassing


Recently, Anthropic disclosed that its Project Glasswing initiative found over 10,000 critical or high vulnerabilities in system software in its first month of operation.

Claude Mythos Preview finds bugs

Claude and 50 other partners deployed Claude Mythos Preview to find critical software infrastructure. The AI company said the initiative progress is now restricted by the pace at which flaws can be authorized, patched, and disclosed instead of discovery rates. 

The discovery of flaws

Cloudflare detected 2,000 vulnerabilities throughout its critical-path systems, with around 400 labelled as critical or high severity. Claude said that its bug-finding rate surged by over ten times. Various other partners reported the same surges in flaw detection rates.

About bug patches

The UK’s AI Security Institute reported that Mythos Preview has been the only model to patch both of its cyber issues end-to-end. Mozilla detected and patched 271 bugs in Firefox while analyzing Mythos Preview. The number is ten times more than Firefox 148 with Claude Opus 4.6. 

More about Anthropic patching flaws

Anthropic analyzed over 1,000 open-source projects via Mythos Preview, and found 6,202 estimated high or critical severity bugs out of 23,019. Out of 1,752 critical or high bugs studied by independent security research institutes, 90.6% were acknowledged as valid and 62.4% were confirmed as critical or high severity.

One bug was found in wolfSSL, a cryptographic library that billions of devices use. If successful, the bug would have allowed a threat actor to make fake certificates and host fake sites for email providers or banks. The bus was labelled as CVE-2026-5194 and has been fixed.

Critical vulnerabilities

Anthropic has revealed 530 critical or high bugs to researchers. Seventy-five have been fixed and sixty-five have been given public advisories. Claude said that a high or critical flaw detected by Mythos Preview roughly takes two weeks to fix on average.

In its recent release, Palo Alto Networks added more than five times as many patches as normal. Microsoft stated that it will keep releasing further fixes. Oracle is identifying and resolving vulnerabilities in all of its products many times more quickly than in the past.

Three weeks ago, Anthropic made Claude Security available to clients of Claude Enterprise in a public beta. Claude Opus 4.7 has been used to patch more than 2,100 vulnerabilities.

To help maintainers handle bug reports, the corporation partnered with the Alpha-Omega project of the Open Source Security Foundation. Anthropic has not made Mythos-class models available to the general public, citing the necessity for more robust security measures to stop abuse.
Read more »
YouTube
Cloud Data Instagram Meta Roblox Technology TikTok YouTube

Media Regulators Call Out Youtube, TikTok for Ignoring Child Safety

Media Regulators Call Out Youtube, TikTok for Ignoring Child Safety

According to a report by Ofcom, YouTube and TikTok have failed to implement steps to safeguard British children from harmful online content. Data suggests widespread exposure to underage kids on these platforms. 

TikTok, YouTube ignoring child safety

Ofcom media regulators said none of the company made any serious efforts to make recommendations feeds/explore pages safer, despite proof that these platforms are the main entry point through which underage kids face harm. 

Platforms not safe enough

Ofcom said the platforms are “not safe enough”. The report comes after Ofcom’s call for stricter action on children’s online safety, saying Roblox, meta, and Snap had each complied to stronger anti-grooming actions.

TikTok said it was quite disappointing that Ofcom didn’t acknowledge its safety measures, whereas Youtube said it worked with child safety researchers to give industry grade, age-appropriate experiences for children. 

About the Ofcom report

Ofcom’s latest report explains how five large social media and video platforms responded to its call for safety measures. The report said that, "Notably, TikTok and YouTube failed to commit to any significant changes to reduce harmful content being served to children, maintaining their feeds are already safe for children.” Ofcom added, "Our wealth of evidence, published today, suggests they are still not safe enough."

What did YouTube and TikTok say?

Responding to the criticism, YouTube and TikTok said that safety measures already existed. YouTube’s short-form video timer allowed parents to control scrolling time for Shorts feed, whereas TikTok stopped direct messaging (DM) for under-16 children.

Governments have taken measures to address online child safety. UK PM Keir Starmer has urged social media platforms to take greater responsibility. Britain is discussing tighter restrictions, this includes a potential ban on under-16 children that use social media, inspired from Australia's landmark decision that tackled addictive design features. 

According to social media analyst Matt Navarra, the report has shown a shift in how we perceive online harm as a “product problem.” Earlier, the debate was, “did the platform remove harmful content quickly enough?' - the new one has shifted towards, 'why did the platform show it to a child in the first place?”

What does the data say?

Ofcom reported that 73% of 11-17 year olds were exposed to malicious content for four weeks, primarily through recommendation feeds. TikTok was the most cited, followed by YouTube, Instagram and Snapchat. Experts stress that YouTube and TikTok said their existing platforms were adequate, but media regulators have found their feeds to be unsafe.

Read more »
Technology
Access control AI Layoffs cybersecurity risks Data Exposure Environment Variables Insider Threats Software Security Source Code Security Tech Industry Trends Technology

Bengaluru Developer’s Viral AI Tool Shows the Power of One Click Decisions


 

As artificial intelligence continues to transform software development workflows and corporate staffing strategies, discussions regarding automation-driven job displacement have gained increasing prominence across the technology sector. Against this backdrop, a Bengaluru software engineer has captured widespread attention online with a satirical hardware project combining workplace anxiety with developer joking. 

Designed as a "I GOT FIRED" emergency button, the device humorously claims to initiate a series of catastrophic actions, including exposing source code repositories and publishing sensitive environment variables. As a technical themed commentary on modern tech culture and the uneasy relationship between AI, employment, and corporate trust, the book transforms a growing industry concern into a commentary on this growing industry concern. 

The project was presented with the intention of responding humorously to the growing discussion regarding AI-driven layoffs and shrinking engineering teams, as a response to workplace uncertainty. 

In an interview with Pankaj Tanwar, a software engineer who is popular online as @the2ndfloorguy, Pankaj Tanwar described the device as a "I GOT FIRED" button capable of initiating a fictional chain of retaliatory actions upon pressing. 

Using the satirical scenario described in his post, this button would publish a company's codebase, store sensitive .env configuration secrets, delete the staging database, and notify his lawyer. There is a compact programmable keypad attached to his laptop that has labels, including "Gaslight Them," "Decode Corporate BS," and a prominent red button that reads "I Got Fired.". 

On-screen notifications, emphasizing the joke's technical undertones, displayed messages claiming environment secrets had been released to the public and that the user was "out of office." It was evident that the post was intended as developer satire rather than a functional cyber sabotage tool, however it received widespread attention on social media, generating a mix of amusement, curiosity and debate from technology professionals who appreciated the humour and frustrations embedded within it. 

Besides its novelty, the rapid spread of the post was mainly driven by its author's reputation as a Bengaluru-based developer known for designing unconventional technology projects combining engineering concepts with internet humour. Many members of the software community, however, were particularly affected by this satire in this instance. 

The button was described as a fictional last-resort mechanism that could launch a cascade of catastrophic actions as a response to mounting concerns about the reduction of workforce through automation. It can expose proprietary code, expose sensitive environment variables, delete a staging database and alert legal counsel to a multitude of catastrophic events.

Using a compact programmable keypad alongside a laptop that was running a workflow ominously titled "I Got Fired," the accompanying images enhanced the dramatic narrative by creating the visual impression of an emergency shutoff switch for developers. Despite the obvious exaggeration in the scenario for comedic effect, the post was resonating because it expressed familiar industry anxieties in a technically recognisable manner. 

The responses varied from users asking for information about similar programmable keys available in India to others imagining humorous scenarios driven by artificial intelligence in which a decision-making system would determine whether to press a button. 

The project has been dismissed by critics as nothing more than engagement bait, while others have pointed out that any attempt to carry out the actions outlined would come with severe legal and professional consequences. There was some lighthearted joke that activating the switch would result in a salary being traded for prison accommodation, with some comparing the concept to a developer-oriented “dead man’s switch.”

The joke revealed a deeper sentiment, though, beneath the humour. It resonated with many technology professionals as it reflected a common concern about employees feeling replaceable amid continuous restructuring, automation initiatives, and artificial intelligence-driven efficiency initiatives. Therefore, the device functioned less as a fictional tool and more as a satirical tool for discussing the industry’s growing concerns about job security, workplace pressure and the future role of human talent in software development. Its popularity underscores a broader reality faced by today's technological workforce despite its intended purpose as satire. 

Not only did the joke resonate due to the fictional cyber sabotage it portrayed, but it also tapped into a genuine concern regarding automation, organisational restructuring, and employee uncertainty. From a cybersecurity perspective, the scenario also reminds us the importance of strong access controls, credential management, insider risk monitoring, and clearly defined offboarding processes. 

AI is reshaping the workplace, so organizations will need to maintain a balance between technological efficiency and transparency, trust and workforce resilience to ensure innovation does not undermine security and culture, but rather strengthens it instead of becoming a source of anxiety for employees.
Read more »
Technology
AI Threat Bug Bounty Fake Report Generative AI Technology

AI Is Ruining Bug Bounty Programs with Flood of Fake Reports

 

For years, tech giants like Google, OpenAI, and T-Mobile have relied on bug bounty programs as a cornerstone of their cybersecurity strategy. These programs pay independent hackers millions of dollars annually to find and report software flaws before cybercriminals exploit them. The model proved highly effective, with Google alone distributing $10 million to 632 researchers in 2023 alone. However, this once-reliable security ecosystem is now facing a massive crisis due to the rapid advancement of generative AI. 

Generative AI tools are flooding bug bounty platforms with a relentless wave of automated, low-quality, and completely fake vulnerability reports. According to The Financial Times, the problem isn't the volume of submissions but their terrible quality. Bugcrowd, a major platform serving clients like OpenAI, T-Mobile, and Motorola, reported that bug submissions more than quadrupled over just a three-week period in March 2026, with the vast majority proving completely false. Similarly, HackerOne, which serves Google and the US Department of Defense, saw submissions jump 76% in the year leading up to March. 

The surge in fake reports is driven by three distinct groups. First, amateurs use AI chatbots to fabricate reports for flaws that don't actually exist. Second, misled professionals trust flawed data handed to them by AI assistants, unknowingly submitting erroneous reports. Third, automated spammers have created end-to-end scanning systems that mass-produce and submit fake bug reports at scale. This flood of AI-generated "slop" is forcing tech companies to spend hours debunking hallucinated computer code instead of addressing real vulnerabilities.

The consequences are severe. Some organizations have been forced to shut down their payout programs entirely due to the overwhelming volume of fraudulent submissions. Curl, a widely used internet data transfer tool, suspended its paid bug bounty program in January 2026, citing an "explosion in AI slop reports" and a dramatic decline in submission quality. Cybersecurity firms are now implementing stricter validation processes, but the arms race between AI-generated fraud and human verification continues escalating. 

This crisis threatens to undermine a critical pillar of modern cybersecurity. While AI has enabled researchers to identify genuine vulnerabilities more quickly, it has also lowered barriers to entry so dramatically that the system is becoming unusable. Experts warn that without significant reforms to screening processes and validation mechanisms, bug bounty programs could collapse entirely, leaving tech companies more vulnerable to actual cyberattacks than ever before. The future of this billion-dollar security model depends on finding ways to distinguish human insight from AI hallucination.
Read more »
Verification
Data & Privacy Google Phone Storage Technology Verification

Google Tests 5GB Gmail Storage Limit for New Users Without Phone Verification

 


Google is experimenting with a new Gmail policy that limits some newly created accounts to 5GB of cloud storage unless users add a phone number to their account. Once a phone number is linked, the full 15GB of free storage becomes available.

The company confirmed the trial to Android Authority, explaining that the initiative is being tested in select regions to ensure a “high-quality storage experience.” Google also stated that phone number verification can improve account security and make account recovery easier. However, critics argue that tying the standard storage allocation to phone number submission raises privacy concerns.

There are several reasons why Google may be considering such a move. Adding a phone number can provide an additional method for recovering access to an account. That said, users already have alternative recovery options available, including backup email addresses and recovery contacts.

Google further claims that linking a phone number can help strengthen account protection. However, cybersecurity experts often regard methods such as passkeys, authentication apps, and Google prompts as more secure than SMS-based verification, which remains vulnerable to SIM-swapping attacks, phishing attempts, and other security threats.

Another possible motivation is reducing spam and fraudulent account creation. Spammers and scammers frequently create multiple accounts, and requiring phone verification could make this process more difficult. Still, some regions already mandate phone verification during account registration, while cybercriminals can often access temporary or burner numbers through VoIP services. Additionally, the 5GB restriction may not significantly impact bad actors who only use accounts for short-term activities.

Since Google has described the initiative as a test, it may never become a permanent feature. Nevertheless, some observers question the approach, arguing that restricting two-thirds of the standard free storage allocation until users provide personal information is problematic. A more transparent option, they suggest, would be requiring phone verification during account creation rather than limiting storage afterward.

The reduced storage limit could also affect other Google services. Because Google Drive storage is shared across products, users relying on cloud backups—such as WhatsApp backups—could encounter limitations much sooner under the 5GB cap.

Google has previously incentivized users to enhance account security by rewarding them with additional storage. In earlier years, the company offered an extra 2GB of cloud storage to users who completed a security checkup. By contrast, the current test restricts access to storage users would typically receive for free.

The trial also places Gmail closer to Apple’s free iCloud Mail tier, which offers 5GB of storage. However, competitors such as Microsoft Outlook and Yahoo Mail continue to provide 15GB ori more of free storage in many regions.

Some critics view the test as another example of technology companies gradually reducing the benefits of free services while requesting either payment or additional personal information. Similar concerns emerged when Google Photos ended its unlimited free photo backup policy and shifted users to a shared 15GB storage limit in 2021. Others point to the company's efforts to promote YouTube Premium by making the free viewing experience less attractive.

One positive aspect is that the reported storage restriction currently appears to affect only new accounts. Existing Gmail users who already have less than 5GB of stored data do not seem to be impacted. However, individuals looking to create secondary email accounts may still find the policy inconvenient, despite Google allowing multiple accounts to be linked to a single phone number.

The timing of the test has also fueled privacy debates, particularly among users concerned about sharing additional personal information with major technology companies. As discussions around data privacy and government access to information continue, some users may be hesitant to provide more identifying details than necessary.

For now, the phone number-linked storage limit remains an experimental feature. While Google cites security, account recovery, and spam prevention as key reasons behind the test, questions remain about whether restricting storage is the right way to encourage users to verify their accounts.
Read more »
Technology
AI Privacy Al Cyber Threats Data Security Technology

Al-Driven Attacks and Ransomware Surge Across the Americas in 01 2026

 


The cyber threat environment across the Americas experienced a sharp increase in sophisticated attacks during the first quarter of 2026, driven by the growing use of artificial intelligence, persistent ransomware activity, and heightened targeting of critical infrastructure sectors.

According to cybersecurity researchers, threat actors are increasingly integrating generative AI into their operations to streamline phishing campaigns, generate realistic deepfake content, and speed up attack execution. Simultaneously, ransomware groups, hacktivists, and nation-state-backed actors intensified their focus on organizations operating in healthcare, manufacturing, energy, utilities, and government sectors throughout North and Latin America.

To address these emerging risks, Cyble is scheduled to host a live webinar on May 28, 2026. The session will examine major cyber threats, adversary tactics, and evolving attack patterns that shaped the Americas' cybersecurity landscape during Q1 2026.

A key trend observed during the quarter was the increasing adoption of AI technologies by cybercriminals and advanced threat actors.

Generative AI is now being used to craft highly personalized phishing emails, create fake digital identities, produce convincing deepfakes, and automate large-scale social engineering campaigns. Security experts caution that these tactics are making malicious activities harder to detect while improving the effectiveness of phishing and credential theft attacks.

Researchers also found that AI is helping attackers accelerate reconnaissance efforts and exploit vulnerabilities more efficiently, allowing them to target a greater number of victims in less time. As these capabilities continue to evolve, organizations face mounting pressure to strengthen threat detection systems and enhance incident response strategies.

Critical infrastructure remained a major target throughout Q1 2026. Healthcare organizations, utility providers, energy companies, manufacturers, and government agencies continued to face sustained attacks from ransomware operators, hacktivist groups, and nation-state adversaries.

Cybersecurity analysts highlighted growing concerns surrounding operational technology (OT) environments, where attacks have the potential to disrupt essential services. In addition, supply chain weaknesses and third-party security risks continued to create significant challenges for infrastructure operators.

Experts suggest that many of these attacks are no longer motivated solely by financial gain. Increasingly, campaigns are being linked to geopolitical objectives, intelligence collection efforts, and attempts to disrupt strategically important industries and national infrastructure.

Threat intelligence gathered during the quarter revealed continued activity from nation-state groups associated with China, Russia, Iran, and North Korea.

These actors maintained cyber espionage campaigns targeting organizations across the Americas through vulnerability exploitation, malware deployment, credential theft, and intelligence-gathering operations. Government institutions, critical infrastructure operators, and large enterprises remained among their primary targets.

Security specialists note that ongoing geopolitical developments continue to shape cyber activity, underscoring the importance of proactive risk monitoring and stronger organizational resilience against advanced threats.

Ransomware and Dark Web Ecosystems Remain Active

Despite increased attention on AI-enabled threats, ransomware continued to be one of the most damaging cybersecurity challenges during Q1 2026.

Attackers persisted in using double-extortion methods, data theft, and operational disruption tactics against organizations across a wide range of industries. Researchers also reported continued activity on dark web marketplaces and underground forums, where stolen credentials, unauthorized access data, and cyberattack tools are frequently traded.

Hacktivist groups remained active as well, particularly in campaigns connected to regional and political conflicts.

As a result, many security teams are placing greater emphasis on real-time threat intelligence, attack surface management, and proactive monitoring to identify risks before they escalate.

The upcoming webinar will feature insights from Kaustubh Medhe, Head of Research & Intelligence at Cyble, Brian Osterman, Senior Solutions Engineer for the U.S. region, and moderator Mihir Bagwe.

Participants will gain insights into ransomware developments, AI-powered cyber threats, nation-state operations, and practical strategies for improving cyber resilience throughout 2026.

Registered attendees will also receive a complimentary copy of the Americas Threat Landscape Report – Q1 2026.
Read more »
Technology
Browser security telemetry Client-side digital sovereignty Data governance compliance Edge AI privacy Filesystem auditing Gemini Nano installation On-device LLM Technology

Hidden 4GB AI Model Found Downloading Through Google Chrome


 

In what appeared to be a routine background update within Google Chrome, privacy researchers have raised concerns over a potentially problematic update after reports revealed that the browser may have silently downloaded a nearly 4GB artificial intelligence model onto certain systems without explicit user approval. 

Known as Gemini Nano, this component enables local AI processing directly on laptops and smartphones rather than relying solely on cloud infrastructure. However, cybersecurity observers and digital rights advocates contend that the deployment was inadequately transparent, especially because the installation of an AI package requiring significant storage was not visible to users. 

The disclosure, amplified by a Swedish computer scientist and privacy. Google's incremental deployment of Gemini Nano, a lightweight large language model designed to execute on-device operations such as text optimization and automated scam detection, is revealed by an investigation into the browser's filesystem mechanics.

The background payload is the result of this incremental deployment. Hanff's diagnostic tests are supported by a system-level analysis, which shows that the browser initiates an independent directory named OptGuideOnDeviceModel when a machine running recent Chrome iterations satisfies certain hardware requirements, and that the browser extracts weights.bin, which is a 4- gigabyte binary file. 

Due to the architecture's use of default active optimization flags rather than user-triggered prompts, the local installation does not require explicit confirmation dialogs. This practice has drawn intense scrutiny due to issues related to storage overhead, metered network data consumption, and compliance with regional data governance protocols.

It has been stated by Google that users may mitigate the automated download sequence by deleting the On-device AI program or the Optimization Guide parameters using internal settings (chrome://flags). However, the lack of a standard, upstream opt-in mechanism before writing multigigabyte binaries to a user's persistent storage has fundamentally heightened the debate over digital sovereignty on the client's side. 

A clean Apple Silicon profile has been audited to empirically isolate this persistent behavior beyond individual telemetry reports, using the native macOS kernel-level filesystem auditing daemon, .fseventsd. In the absence of application-layer logging, this low-level mechanism records transactional file operations, which results in a tamper-proof ledger of Chrome's execution pipeline which is unmodified by external application updates. 

As a result of the resulting data stream, it became evident that even when users manually purge the payload, which is mapped to mode 600 on macOS, the Local State configuration file retains the target installation. This automated download loop is initiated once the client intercepts a new synchronization packet from Google's central variations server confirming profile eligibility as soon as the client intercepts it. 

The forced re-allocation of macOS resources on Mac OS is consistent with deletion-resistance patterns that have been extensively documented across Windows environments, thus confirming the silent overhead as a design constant across various desktop operating systems and not an isolated platform problem. 

In Chrome 147, functional opacity is further compounded by the decoupling of user interface design from backend routing. Although the prominently displayed AI Mode pill indicates localized execution, diagnostic telemetry indicates that the interface is a channel for Google's cloud-based Search Generative Experience, transmitting user queries to Google servers directly. 

While the silently provisioned Gemini Nano remains isolated to context-menu features that are rarely invoked by most of the user base, the asymmetric distribution has been confirmed by Snopes audits, which confirmed the existence of weights.bin files across a limited set of Windows and macOS configurations, despite Google’s phased rollout of an opt-out toggle in early 2026 that remains unavailable to a large percentage of global users. 

Besides the immediate infrastructural challenges, this deployment paradigm is being scrutinized more and more by regulatory authorities and environmentalists. According to Hanff's legal analysis, writing substantial binary payloads to client hardware without explicit, upstream consent directly violates both the GDPR transparency requirements and the EU ePrivacy Directive data storage mandates. Those arguments echo recent compliance challenges reported by Malwarebytes regarding Anthropic's unprompted integration of Claude Desktop components across numerous Chrome environments.

It is further estimated that this 4-gigabyte deployment will yield 6,000 to 60,000 tonnes of CO2 equivalents when projected across Chrome's estimated one billion devices. It has been reported by crypto.news that the provisioning of local AI environments unconsentedly raises complex data sovereignty issues and fundamentally alters the endpoint security baseline for consumers worldwide as part of a broader 2026 surge in automated threat vectors highlighted by CertiK.

Finally, this architectural shift in client-side applications highlights a rising tension between the automatic delivery of products and the autonomy of user data. In spite of the increasing importance of silent pre-provisioning to smooth the onboarding process for local LLM engines, executing background allocations of this magnitude fundamentally alters the relationship between browser software and host hardware as they are executed. 

Regulatory bodies are starting to evaluate ambient deployment strategies against strict transparency frameworks, such as the GDPR, which will result in an inevitable point of inflection for the industry. Localized artificial intelligence requires a profound structural reevaluation in order to achieve a balance between compute-intensive computation and established principles of consent, resource management, and digital sovereignty. This will involve shifting away from default-active background injections toward transparent, user-validated infrastructure.
Read more »
workplace monitoring
AI Meta Meta layoffs 2026 Meta surveillance software Technology workplace monitoring

Meta Employees Protest New Workplace Surveillance Measures Ahead of Planned Layoffs

 


Meta Platforms, Inc. employees have reportedly initiated an internal campaign opposing the company's newly introduced workplace monitoring practices, according to recent reports.

Staff members at multiple Meta offices across the United States distributed flyers criticizing software that tracks employee computer activity. The monitoring tool records information such as cursor movement, mouse clicks, and navigation behavior while employees work.

The pamphlets were placed in common areas including meeting rooms, vending machine locations, and restrooms. Organizers urged coworkers to challenge what they described as an "Employee Data Extraction Factory."

The protest emerges just days before Meta is expected to reduce its workforce by approximately 10%, a move that has intensified concerns among employees about job stability. Many workers reportedly suspect that the monitoring system serves a broader purpose beyond measuring productivity. Some believe the collected behavioral data could be used to train artificial intelligence systems capable of automating workplace tasks.

In a statement emailed to Benzinga, Meta referenced its previous comments regarding AI training data. A company spokesperson defended the initiative, explaining that the information provides "real examples" of computer use that help improve AI agents designed to complete routine digital activities.

“There are safeguards in place to protect sensitive content and the data is not used for any other purpose,” the spokesperson added.

Employee dissatisfaction has reportedly grown amid Meta's ongoing workforce reductions, increased productivity monitoring, and strategic shift toward becoming a more AI-focused organization.

Earlier, during a company town hall, CEO Mark Zuckerberg stated that AI efficiency tools were not the main reason behind the planned job cuts.

The distributed flyers also highlighted employee rights under U.S. labor laws, indicating the beginning of broader organizing efforts within the company.

Meanwhile, reports suggest that Meta employees in the United Kingdom have started unionization efforts through United Tech and Allied Workers. Organizers have criticized what they called "draconian surveillance" measures and expressed concerns over the company's aggressive AI-driven direction.

On the market front, Meta shares finished Tuesday's trading session at $603.00, gaining 0.69%. The stock later slipped 0.18% in after-hours trading to $601.93.

According to Benzinga Edge Rankings, Meta ranks in the 89th percentile for growth performance. However, the company's stock has continued to display negative price momentum across short-, medium-, and long-term periods.
Read more »
Technology
Android spyware protection Google Android security Intrusion Logging feature Technology

Google Launches New Android Security Tool to Identify Spyware and Device Intrusions

 

Google has started rolling out a new optional security feature for Android users called “Intrusion Logging,” aimed at helping cybersecurity experts and investigators detect spyware-related attacks on devices.

The feature is part of Android’s Advanced Protection Mode, a security-focused setting introduced by Google last year to strengthen device protection against sophisticated hacking attempts. The mode was specifically designed to defend users from government-grade spyware and forensic tools used by law enforcement agencies to extract private information from smartphones.

In some documented cases, both forensic tools and spyware have reportedly been used together. Authorities in Serbia, for instance, allegedly used a forensic unlocking tool developed by Cellebrite to gain access to a device before installing spyware for continued surveillance.

With Intrusion Logging, Google is introducing a dedicated logging system that records security-related activities and unusual software behavior. The feature is considered significant because it gives researchers better visibility into possible spyware infections and intrusion attempts on Android devices.

Amnesty International, which collaborated with Google on the project, described Intrusion Logging as “a fundamental shift in the amount and quality of forensic data available on Android devices.”

“Until now, forensic analysis has relied on logs that were never designed for intrusion detection,” Amnesty wrote in a detailed blog post explaining the feature. Earlier logging systems were limited because data was often overwritten quickly, making it difficult for researchers to trace evidence of attacks.

Donncha Ó Cearbhaill, head of Amnesty’s Security Lab, also highlighted the challenges investigators previously faced with Android systems. He said Android’s technical limitations “have made it difficult to deeply analyze system logs and files for signs of compromise, unlike with iOS.”

“These limits have meant we’ve been unable to reliably detect known attacks against Android,” added Ó Cearbhaill, who has investigated spyware abuse cases globally for several years.

Google had first announced Intrusion Logging nearly a year ago, but the company has now begun officially deploying it. According to a recent Google blog post, the feature “is currently rolling out to all devices running the Android 16 December update and newer.”

How the Intrusion Logging Feature Works

The feature records and stores security-related system events that may indicate suspicious activity or device compromise. Logs are generated daily and securely backed up in encrypted form to the user’s Google account. This cloud-based storage method is intended to stop spyware from erasing evidence from the device itself.

Google says the logs remain encrypted and can only be accessed or shared by the device owner, meaning even Google cannot read them.

Intrusion Logging tracks several activities, including device unlock events, app installations and removals, website and server connections, and any use of Android Debug Bridge (ADB), a tool commonly used to connect Android devices to computers or forensic systems like Cellebrite.

The system can also identify attempts to delete logs, which could suggest efforts to hide traces of an attack.

Cybersecurity researchers believe the logs could help determine whether a phone was forcibly unlocked, connected to forensic extraction tools, or infected with spyware or stalkerware. The data may also reveal if the device interacted with malicious websites or servers designed to steal information.

However, the feature currently comes with certain limitations. Users must enable Advanced Protection Mode, install the latest Android software, and use a compatible Google Pixel device linked to a Google account.

Additionally, because the logs include browsing history and connection records, some users may have concerns about sharing sensitive information with investigators.

Google says Advanced Protection Mode and Intrusion Logging are particularly useful for individuals at higher risk of surveillance, including journalists, activists, dissidents, and human rights defenders.

The feature has similarities to Apple’s Lockdown Mode, which was introduced for users vulnerable to spyware attacks. Apple previously stated that it had not detected any successful spyware breaches on devices with Lockdown Mode enabled. In 2023, researchers at Citizen Lab also reported that Lockdown Mode blocked an attempted spyware infection linked to NSO Group.

Amnesty International has also published detailed instructions explaining how users can download and review Intrusion Logging data if they suspect they have been targeted by spyware.

Over the years, companies including Apple, Google, and Meta have regularly issued threat notifications to users believed to be targets of spyware campaigns, helping researchers uncover and investigate cases of digital surveillance.
Read more »
zero-day vulnerability
AI-generated exploit Artificial Intelligence Cybersecurity Google Threat Intelligence Group Technology zero-day vulnerability

Google Detects AI-Generated Zero-Day Exploit Targeting Web Admin Tool

 

Researchers from Google Threat Intelligence Group (GTIG) have revealed that a recently identified zero-day exploit aimed at a widely used open-source web administration platform was likely created with the help of artificial intelligence.

The vulnerability, which targeted the platform’s two-factor authentication (2FA) mechanism, could have allowed attackers to bypass critical security protections. While the software involved has not been publicly identified, researchers confirmed that the attack was stopped before it reached large-scale exploitation.

According to GTIG, analysis of the Python-based exploit strongly indicates the involvement of AI tools during the vulnerability discovery and weaponization process. The team noted that the coding style, educational explanations within the script, and even fabricated technical details closely resembled outputs commonly produced by large language models (LLMs).

“For example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data,” GTIG says in a report today.

Researchers also stated that the flaw itself appeared to be a semantic logic issue — an area where AI systems tend to perform effectively — rather than traditional vulnerabilities like memory corruption or poor input sanitization that are usually identified through fuzzing or static analysis techniques.

Google informed the affected software developer about the issue, allowing security measures to be implemented quickly and the attack to be disrupted before wider abuse occurred.

“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” GTIG researchers say.

The report additionally highlights the increasing role of AI in cybercrime operations. Google observed threat groups linked to China and North Korea — including APT27, APT45, UNC2814, UNC5673, and UNC6201 — using AI systems for exploit development and vulnerability research.

Meanwhile, Russia-associated threat actors were reportedly using AI-generated decoy code to conceal malware strains such as CANFAIL and LONGSTREAM. Google also referenced a Russian campaign known as “Overload,” where AI voice cloning technology was allegedly used to imitate journalists in fabricated videos spreading anti-Ukraine narratives.

The report further examined the Android malware PromptSpy, previously documented by ESET, for its integration with Gemini APIs to automate interactions on infected devices.

Investigators identified an autonomous component called "GeminiAutomationAgent," which reportedly relies on a hardcoded prompt to help the malware evade AI safety mechanisms. Researchers explained that the prompt assigns the malware a harmless persona, enabling it to calculate interface geometry and interact with device functions more effectively.

Google researchers also warned that the malware appears capable of replaying authentication methods, including PINs and lock patterns, using AI-assisted techniques.

The company concluded that cybercriminals are increasingly scaling access to premium AI services through methods such as automated account generation, proxy relay systems, and shared account infrastructures.
Read more »
WhatsApp Payments
Bengaluru Startup Delayed Payments Fintech Solution Technology WhatsApp Payments

WhatsApp-Based Bengaluru Start-up Aims to Reduce Delayed Payment Woes

 

Delayed payments are a quiet but serious problem for small businesses, freelancers, tutors, and service providers, because the work may be complete while the money still remains stuck in follow-up cycles. In Bengaluru, a start-up called Lenda is trying to address that friction with a WhatsApp-first tool that automates reminders, supports negotiation, and helps users recover dues without creating awkward back-and-forth. 

The issue is not only financial but also practical, since chasing payments consumes time and can damage relationships between clients and providers. Many people already rely on WhatsApp for everyday communication, so the start-up is using that familiarity to make payment collection feel less like a formal recovery process and more like a normal conversation. 

Lenda’s approach is built around interactive messages instead of one-way reminders, which means a borrower can respond directly inside WhatsApp. The system lets recipients confirm payment, ask for extra time, raise a dispute, or even make a partial payment, which makes the process more flexible than a standard SMS reminder. That interaction matters because delayed payments often happen not just from unwillingness to pay, but also from timing problems, confusion, or simple forgetfulness. 

The start-up also tries to solve a structural problem for small operators such as teachers, class coordinators, and freelancers who collect money from many people at once. Its batch-reminder feature allows users to organize groups and send collective follow-ups, which reduces repetitive manual work and makes collections easier to manage. Lenda also includes late-fee options and a repayment score, aiming to encourage timely payment while giving businesses more control over overdue accounts. 

What makes the issue important is that delayed payments can disrupt cash flow, especially for small businesses that depend on regular incoming money to pay expenses and plan operations. By offering a “no-app” solution inside WhatsApp, Lenda is betting that the biggest barrier is not a lack of reminders, but the inconvenience and discomfort of asking for money repeatedly. That is why this Bengaluru start-up’s idea is less about messaging and more about fixing a common payment problem in a simpler, more human way.
Read more »
Technology
AI Agent AI industry Artificial Intelligence Hermes openclaw python Technology

Hermes Agent Emerges as a Strong Challenger to OpenClaw in the Self-Learning AI Assistant Space

 



Artificial intelligence tools are increasingly allowing non-technical users to build software and automate tasks that previously required programming knowledge, and a new open-source AI agent called Hermes is becoming a major example of that shift.

The discussion gained momentum this week after reports circulated about a 78-year-old marketing executive with no coding background successfully creating a robotics application using only natural-language instructions. The application was reportedly built through the Reachy Mini ecosystem developed by Hugging Face, whose robot app marketplace has surpassed 300 live applications and approximately 10,000 deployed robots worldwide.

According to the shared account, the individual did not use Python programming or specialized robotics software during development. Supporters of AI-assisted development tools pointed to the example as evidence that conversational AI systems are reducing technical barriers that traditionally slowed software creation.

The development also reflects a broader trend across the AI industry. Newer AI agents are increasingly designed to retain information from previous interactions, improve their own workflows, and adapt to user behavior over time. Earlier this week, Anthropic introduced a feature called “Dreaming,” which allows AI agents to process earlier sessions in the background and generate new memory structures automatically. Meanwhile, Hermes Agent from Nous Research is pursuing a similar idea through persistent task learning and automated skill generation.

Hermes Agent, first released in February 2026, has quickly gained traction within the open-source AI community. The project reportedly has more than 135,000 GitHub stars and is distributed under the MIT license. It also includes over 40 built-in skills, which function as reusable instruction modules that help the system repeat previously learned workflows more efficiently.

One of Hermes’ defining features is its self-improving learning architecture. After completing a difficult or multi-step task, the agent enters what developers call a “Reflective Phase.” During this process, the system reviews its own actions, identifies successful execution patterns, and converts those patterns into reusable skill files. When a related task appears later, Hermes can retrieve the previously learned solution instead of generating a new workflow from the beginning.

The platform also uses a layered memory structure consisting of temporary session memory, long-term episodic memory stored through SQLite databases, and procedural memory tied to learned skills. Developers say the software can operate on low-cost virtual private servers, large GPU clusters, or serverless cloud environments. Hermes is also model-agnostic, allowing users to connect the framework to providers such as OpenAI, Anthropic, OpenRouter, Kimi, MiniMax, GLM, Nous Portal, or privately hosted AI endpoints.

Users can access the agent through Telegram, Discord, Slack, WhatsApp, Signal, email services, or command-line interfaces. The project’s latest update, v0.13.0, internally referred to as “The Tenacity Release,” reportedly introduced Google Chat integration as its twentieth supported platform. The update also added durable multi-agent coordination tools, automatic task recovery systems, retry budgeting controls, hallucination filtering mechanisms, persistent goal tracking for long-running tasks, automatic linting after file edits, and session recovery after unexpected gateway interruptions.

According to project details shared by contributors, the release included 864 code commits from 295 contributors in a single week and resolved eight critical security issues. One patched vulnerability reportedly involved a Discord-related flaw that could allow bots to message users across servers outside their intended access scope.

The installation process has also been simplified significantly. Hermes now uses a one-line curl installer that automatically configures dependencies such as Python 3.11, Node.js, ripgrep, and ffmpeg. During setup, the software can automatically detect existing OpenClaw environments and offer to import prior settings, memories, skills, and API credentials.

The growing comparison between Hermes and OpenClaw highlights a design shift occurring within the AI assistant ecosystem. OpenClaw originally gained attention by focusing heavily on messaging integrations and centralized orchestration across communication platforms. Hermes, by contrast, places continuous learning and automated self-improvement at the center of its architecture.

In practical terms, OpenClaw skills are generally predefined instruction sets written manually by users or generated beforehand through prompting. Hermes instead attempts to build those reusable workflows automatically by analyzing completed tasks after roughly every 15 tool interactions or after especially complex operations. Supporters argue this creates a compounding learning effect where the agent gradually improves with repeated use.

Despite the growing interest around Hermes, some developers caution against viewing it as a complete replacement for OpenClaw. OpenClaw still supports more than 24 messaging integrations, offers greater transparency through inspectable file-based memory systems, and has undergone broader public security review. Community discussions suggest that many advanced users currently operate both systems together, using OpenClaw for orchestration while relying on Hermes for adaptive learning capabilities.

Researchers tracking the rapid development of AI agents believe these systems are moving beyond traditional chatbot behavior and evolving into persistent digital assistants capable of handling long-running, multi-step workflows. However, cybersecurity analysts also warn that systems with autonomous memory creation and broad platform access may introduce additional security and privacy risks if governance and safeguards fail to evolve alongside the technology.

Read more »
WhatsApp
Bugs Cloud Data Meta Technology WhatsApp

WhatsApp Fixed Two Security Bugs via It's Bug Bounty Program

WhatsApp Fixed Two Security Bugs via It's Bug Bounty Program

Meta recently released a security advisory in May revealing two bugs in WhatsApp were found through its bug bounty program. But these bugs were patched and were not exploited in the wild by the threat actors. Both bugs are now patched.

About two bugs

The first bug is tracked as CVE-2026-23863, a Windows specific problem. This bug was maliciously crafted with hidden “NUL BYTES” hidden within the filename, to trick WhatsApp into showing it as one filetype such as an authorized PDF while pretending to be running as an executable once opened. Meta fixed this patch in April on both platforms.

The second vulnerability, tracked as CVE-2026-23866 impacted both android and iOS users. The attack tactic involved partial authorization of AI rich response texts for Instagram Reels shared within Whatsapp. A threat actor could possible launch another user’s device to access media content through an arbitrary URL, such as launching OS level custom URL scheme handles. This flaw was patched in April on both platforms.

Severity

The two bugs were given medium severity by researchers. WhatsApp has verified that no bug was abused.

Both were rated medium severity, and WhatsApp confirmed there's no evidence either was actually abused.

The impact

These kind of reporting get sidelined by glossy and infamous threat. For instance the recent SMS pumpoing attacks increasing phone bills, or phishing campaigns that used messaging apps as entry points, and lastly the attack on educational institutes that compromised Canvas and Instructure, leaking hundreds of GBs of data.

But Whatsapp did a good job in finding and fixing the flaw before cybercriminals could exploit them and cause harm. The bug bounty program of WhatsApp has been going on for fifteen yesr, and the recent patches show it it is still reliable.

What should users do?

Simple advice: always keep your phones and app updated. 

There has never been a better moment to use secure communications services like WhatsApp or Signal. The truth is that Meta does a great job of keeping the app and its users safe and secure, despite some security concerns of its own, such as the recently reported phishing attempts using the encrypted messenger as part of the exploit chain and a spyware threat targeting iOS users.

Read more »
Technology
Bitcoin Security Blockchain Security Cryptographic Risk Digital Asset Security ECDSA Vulnerability Post Quantum Cryptography Quantum Computing Quantum Threat Technology

Quantum Technology Emerges as a Potential Threat to Bitcoin Networks


 

Bitcoin's security architecture has been based on a foundational assumption that modern cryptographic protections will remain computationally impractical to violate at scale for more than a decade. 

Now, with quantum computing transitioning from theoretical research into an emerging engineering reality capable of challenging the mathematical foundations behind digital signatures and blockchain authentication, this assumption is coming under renewed scrutiny. 

With the development of quantum technologies, security researchers and blockchain developers are increasingly evaluating the potential exposure of private keys, compromise of wallet integrity, and weakening of transaction trust in decentralised ecosystems as quantum capabilities continue to mature. 

While the discussion extends beyond the quantum threat itself, it emphasises the enduring importance of private key protection and the operational limitations of hardware wallets, where computational efficiency, power constraints, and algorithm compatibility are critical factors determining the viability of next-generation cryptographic defences. It is against this backdrop that a proposal from Avihu Levy has been widely discussed in regard to Bitcoin's post-quantum transition strategy. 

Quantum Safe Bitcoin (QSB) is a transaction model proposed by Levy that is designed to preserve cryptographic security even in the presence of an advanced quantum system capable of executing Shor's algorithm against conventional public-key cryptography. There is particular interest in the proposal within the Bitcoin ecosystem because it does not require consensus-level changes to the Bitcoin protocol itself, thus avoiding the difficult and political process typically associated with network upgrades.

Due to its ability to layer quantum-resistant protections onto existing infrastructure rather than replacing the protocol foundation entirely, the architecture has been widely regarded as an elegant piece of engineering. The emergence of this technology coincides with a general acceleration in industry readiness for post-quantum risks, as governments, semiconductor firms, and major cloud providers intensify migration planning around potential cryptographic risks in the near future. 

While QSB has gained significant popularity, security researchers note that the proposal addresses a much narrower segment of the quantum problem than public discussion sometimes implies. In light of the broader operational challenges associated with exposing private keys, implementing wallets, and ensuring long-term cryptographic survival across decentralised networks, this proposal offers a broad perspective on the quantum problem. 

Quantum computing is of concern to a larger audience because it could undermine public-key cryptography, which encrypts blockchain ecosystems with public keys, particularly signature schemes like ECDSA, which is used across Bitcoin and Ethereum networks. Using publicly exposed wallet data, an advanced quantum system could theoretically be able to derive private keys, enabling forged transactions and unauthorised transfers of funds. 

While researchers generally agree that quantum hardware is not yet capable of executing such attacks at scale, the debate has intensified due to the inherent slowness and operational sensitivity of blockchain migrations across decentralised communities, and the difficulty in coordinating across them. Bitcoin is often viewed as particularly vulnerable in this context due to its conservative governance structure and historically cautious approach towards protocol-level changes. 

There is current evidence that approximately 6.5 to 6.9 million bitcoins are at risk of quantum exposure due to their public keys being visible on the blockchain, which represents approximately one-third of the total circulating supply of bitcoins. This includes older pay-to-public-key (P2PK) addresses that were widely used during Bitcoin's early years, and are believed to be linked to Satoshi Nakamoto's dormant wallets. 

Blockchain records directly contain the public key of legacy address formats, allowing for the reconstruction of the private key by a future quantum computer using Shor's algorithm, thereby obtaining the funds. As a result of the newer pay-to-public-key-hash (P2PKH) structures, public keys are concealed behind cryptographic hashes until a transaction is initiated, reducing the exposure of public keys. 

Once funds are spent from a P2PKH wallet, the public key becomes permanently visible on the blockchain, creating a long-term attack surface if the address is reused in the future. Researchers are also warning against utilising "harvest now, decrypt later" strategies, which involve adversaries collecting encrypted blockchains and transaction data in advance of quantum capabilities. 

The implementation of cryptographic upgrades more rapidly may be possible on proof-of-stake networks such as Ethereum, although experts caution that if defensive migration timelines fail to keep pace with computational advances, validator infrastructure and signature keys could eventually face quantum-era risk. After Google researchers released updated projections in March that indicated that it could take nearly twenty times fewer physical qubits to compromise Bitcoin's elliptic curve cryptography than estimates prepared a year earlier, concerns regarding the timeline of quantum risk intensified further. 

Despite the fact that practical quantum attacks against Bitcoin are currently outside of operational capability, the revised calculations confirm an industry understanding that the threat is gradually moving from theoretical modelling to engineering inevitability in the long term. As a result, Bitcoin is challenged by an inseparability between the technical challenge and governance. 

A consensus has not been reached on how vulnerable dormant wallets should be handled if quantum-capable systems eventually emerge. The failure to freeze or invalidate those holdings would introduce direct intervention into property ownership within a system designed specifically to resist central control, effectively creating a future race for quantum-enabled theft. There are also equally controversial implications associated with burning inaccessible balances, which force the network to make unprecedented decisions regarding asset legitimacy and protocol authority. 

In spite of all proposed mitigation strategies, the issue of who has the authority to make such decisions for a decentralised monetary system remains fundamentally unresolved. Although Bitcoin Core developers are permitted to propose code changes, they are not allowed to unilaterally modify ownership records or dormant balances without coordinated consent from miners, exchanges, custodians, node operators, and other stakeholders. 

The governance tension represents an aspect of the quantum problem that can not be fully addressed through cryptography alone in proposals such as Quantum Safe Bitcoin. In decentralised infrastructure, the underlying assumption for many years has been that any architectural limitations can eventually be resolved through upgrades and coordination with enough time and consensus. 

Quantum computing is now testing that assumption under an externally imposed technological timeframe driven not by community preference, but by advancements in physics, semiconductor engineering, and computational science. The process of transitioning Bitcoin toward post-quantum resilience will probably take time, money, and political compromise if it is to be successful. 

The network may face the fact that, if coordination fails to keep pace with technological advancement, foundational cryptographic choices made during Bitcoin's earliest design phase will not always remain secure in light of evolving computational power indefinitely. Quantum Safe Bitcoin has received a great deal of attention, but researchers emphasise that it focuses on only one layer of a much wider structural problem. 

By successfully introducing transaction-level quantum resistance, QSB provides a practical defensive mechanism for protecting active holdings against future cryptographic threats by reducing computational overhead. There is much more to the issue than just protecting individual wallets. The central challenge for Bitcoin is determining whether a decentralised network without a governing authority will be able to realistically move hundreds of millions of addresses toward a new cryptographic standard prior to quantum technologies becoming available. 

When considering the dormant wallets and inaccessible coins that cannot voluntarily participate in such a transition, the problem becomes even more complex. In order to execute an extensive migration strategy, developers, miners, exchanges, custodians, infrastructure operators, and long-term holders will need to work together as a consensus-driven governance group with incentives that may not fully align. 

While quantum computing advances are achieved through concentrated research and technological breakthroughs, decentralised coordination is generally characterised by a slow and sometimes prolonged period of ideological disagreement.

Many analysts believe this is the real test for Bitcoin in the quantum era, not in the design of stronger cryptography, but in the ability of a globally distributed financial system to collectively adjust to external technological pressures without compromising its principle of decentralisation. Bitcoin's cryptography is no longer the single focus of the quantum debate, however. Instead, the question is whether decentralised systems are capable of coordinating fast enough to survive the technological transition they cannot control. 

Post-quantum research is accelerating across the government and private sectors, resulting in unprecedented scrutiny of long-term security assumptions, dormant asset exposure, and governance resilience within the cryptocurrency industry. 

As a result of this challenge, Bitcoin's cryptographic architecture may ultimately be examined in terms of its durability, as well as its practical limits under real-world computational pressures related to decentralised consensus.
Read more »
Technology
AI Anthropic AI Claude coding assistants Malicious Activities Technology

Researchers Find Security Gap in Anthropic Skill Scanners




Security researchers have uncovered a gap in the way Anthropic Skill scanning tools inspect third-party AI packages, allowing malicious code hidden inside test files to execute on developer systems even after scanners marked the Skills as safe.

The issue centers on Anthropic Skills, reusable packages designed for AI coding assistants such as Claude Code, Cursor, and Windsurf. These packages often include instructions, scripts, and configuration files that help AI agents perform development tasks inside IDE environments.

Researchers from Gecko Security found that existing Skill scanners focus primarily on files tied directly to agent behavior, particularly SKILL.md, while ignoring bundled test files that can still run locally through standard developer tooling.

In the demonstrated attack chain, a Skill passed all scanner checks because its visible instruction files contained no prompt injection attempts, suspicious shell commands, or malicious instructions. However, the repository also included a hidden .test.ts file stored elsewhere in the directory structure. Although the file was outside the agent execution layer, it still executed through the project’s testing framework with full access to local resources.

According to researcher Jeevan Jutla, the problem begins when developers install a Skill using the npx skills add command. The installer copies nearly the entire repository into the project’s .agents/skills/ directory. Only a few items, including .git, metadata.json, and files prefixed with underscores, are excluded during installation.

Once placed inside the repository, testing frameworks such as Jest and Vitest automatically discover matching test files through recursive glob patterns. Both frameworks reportedly enable the dot:true option, allowing them to search inside hidden directories including .agents/. Mocha follows similar recursive discovery behavior in many default configurations.

A malicious Skill can therefore include a file such as reviewer.test.ts containing a beforeAll function that silently executes before visible tests begin. Researchers said these payloads can access environment variables, .env files, SSH keys, AWS credentials, deployment tokens, and other sensitive information commonly available inside local developer environments and CI pipelines. The data can then be transmitted to external servers without triggering obvious warnings during test execution.

The researchers stressed that the AI agent itself is never involved in the compromise. Instead, the malicious behavior occurs through trusted developer tooling already integrated into the software workflow. Existing scanners inspect the files the AI agent can interpret, but not the files executed separately by testing infrastructure.

The technique resembles older software supply-chain attacks involving malicious npm postinstall scripts and poisoned pytest plugins. However, Gecko Security noted that the Anthropic Skill ecosystem creates an additional propagation problem because installed Skills are often committed into shared repositories so teams can reuse them collaboratively.

GitHub’s default .gitignore templates do not automatically exclude .agents/ directories. Once a malicious test file enters the repository, every teammate cloning the project and every CI pipeline running automated tests may execute the payload across branches, forks, and deployment workflows.

The findings arrived shortly after multiple large-scale security audits examining the broader Anthropic Skills ecosystem. A January academic study named SkillScan analyzed 31,132 Skills collected from two major marketplaces and found that 26.1% contained at least one vulnerability spanning 14 separate patterns. Data exfiltration appeared in 13.3% of examined Skills, while privilege escalation appeared in 11.8%. Researchers also determined that Skills bundling executable scripts were 2.12 times more likely to contain vulnerabilities than instruction-only packages.

Several weeks later, Snyk published its ToxicSkills audit covering 3,984 Skills from ClawHub and skills.sh. The company reported that 13.4% of scanned Skills contained at least one critical-level security issue. Automated analysis combined with human review identified 76 confirmed malicious payloads, while eight malicious Skills reportedly remained publicly accessible on ClawHub when the findings were released.

In April, Cisco introduced an AI Agent Security Scanner integrated into IDE platforms including VS Code, Cursor, and Windsurf. The scanner can detect prompt injection attempts, suspicious shell execution patterns, and data exfiltration behaviors within Skill definitions and agent-referenced scripts. However, Gecko Security said bundled test files remain outside the scanner’s documented detection surface because the tool was designed around agent interaction layers rather than developer execution layers.

Researchers noted that other products, including Snyk Agent Scan and VirusTotal Code Insight, face similar structural limitations. These tools inspect what the agent is instructed to execute but may overlook code paths triggered separately through local development frameworks.

Elia Zaitsev described the broader issue as a distinction between interpreting intent and monitoring actual execution behavior. In this case, the malicious code did not depend on prompt manipulation or AI instructions. It operated as ordinary TypeScript executed through legitimate test runners with full local permissions.

Zaitsev also warned that enterprise AI agents increasingly operate with privileged access to OAuth tokens, API keys, and centralized data sources. If those credentials are accessible through environment variables during automated testing, malicious test payloads can reach sensitive infrastructure without requiring direct agent compromise.

Mike Riemer added that threat actors frequently reverse engineer security patches within 72 hours of release, while many organizations take far longer to deploy fixes. In the case of the Anthropic Skill test-file issue, researchers warned that the exposure window becomes more difficult to manage because the malicious files may execute immediately after installation without triggering scanner alerts.

Security researchers are urging development teams to block test discovery inside .agents/ directories and inspect Skill repositories for files such as *.test.*, *.spec.*, conftest.py, __tests__/, and suspicious configuration scripts before merging code.

The report also recommends pinning Skill installations to verified commit hashes rather than installing the latest repository version. Researchers said this reduces the risk of attackers submitting clean repositories for scanner approval before later inserting malicious files. The approach aligns with guidance published in the OWASP Agentic Skills Top 10 project.

Organizations that already store Skills inside repositories are advised to audit existing .agents/ directories immediately, rotate exposed credentials if suspicious files are discovered, inspect CI logs for unexplained outbound network traffic, and review repository history to identify when potentially malicious files entered development pipelines.

The researchers additionally called on security vendors to provide greater transparency regarding which directories, execution surfaces, and file categories their scanners actually inspect. They argued that security teams evaluating Anthropic Skill scanners should verify whether products analyze bundled test files, build scripts, and CI configurations rather than focusing exclusively on prompt injection and agent instruction analysis.

Read more »
wearable technology
CISPA research Daniel Gerhardt smartwatch security Technology wearable privacy risks wearable technology

Smart Wearables Could Become a Serious Security Threat, Researchers Warn

 

Smartwatches and other wearable gadgets are designed to make life easier by tracking everything from heart rate to sleep cycles. However, a new study by researchers at CISPA highlights the growing dangers linked to these devices if they fall into the wrong hands.

The research, conducted by doctoral researcher Daniel Gerhardt, examines the privacy and security challenges associated with on-body interaction technologies such as smartwatches, smart glasses, and connected clothing. The findings suggest that the risks extend far beyond simple data leaks.

Unlike smartphones or laptops, wearable devices remain in direct contact with the human body and continuously collect sensitive personal information. This close integration raises concerns about both digital and physical safety.

One of the most concerning revelations from the study involves the possibility of physical harm through hacked wearables. For instance, a smart jacket equipped with heating technology could potentially be manipulated to cause burns. Researchers also pointed out the possibility of cybercriminals using wearable devices for extortion. One expert involved in the study referred to this threat as “ransomware for the body.”

The report further highlights psychological risks tied to immersive wearable systems. Manipulative technologies could allegedly be used to create stress or pressure users into uncomfortable situations. Additionally, wearable devices may collect information about nearby individuals without their consent, creating privacy concerns not only for users but also for bystanders.

To address these issues, Gerhardt proposed eight design recommendations aimed at improving wearable safety. The guidelines encourage developers and technology companies to reduce unnecessary data collection, improve transparency, and strengthen both hardware and software security measures.

The study was presented at the ACM CHI Conference on Human Factors in Computing Systems, a globally recognised event focused on advancements in human-computer interaction research.

As wearable technology continues to evolve and become more integrated into daily life, researchers stress that improving safety and security standards now could help prevent major risks in the future.
Read more »
Subscribe to: Posts (Atom)