CySecurity News - Latest Information Security and Hacking Incidents: Technology

AI worm autonomous malware Cybersecurity Threats Large Language Models self-replicating worm Technology University of Toronto research

University of Toronto Researchers Demonstrate Autonomous AI Worm That Adapts, Exploits, and Self-Replicates Without Human Control

kResearchers from the University of Toronto have developed and tested a proof-of-concept artificial intelligence-powered computer worm capable of independently navigating networks, identifying vulnerabilities, creating customized attack plans, and replicating itself without human assistance. Notably, the system operates using a locally hosted open-weight large language model (LLM), eliminating reliance on commercial AI platforms.

The research paper, published on arXiv on June 2 and currently undergoing peer review, highlights a growing cybersecurity concern: traditional patching strategies focused on individual vulnerabilities may become ineffective against malware that can dynamically analyze systems, consume newly published security advisories, and generate attack methods in real time.

During testing, the AI worm was deployed in 15 isolated experiments across a purposely vulnerable network consisting of 33 hosts. On average, it discovered 31.3 vulnerabilities and obtained elevated privileges on 23.1 systems. The worm successfully replicated itself to 20.4 hosts, covering approximately 62% of the network over a seven-day period without prior knowledge of the network structure or any human guidance.

How This AI Worm Differs From Traditional Malware

Conventional worms are typically designed with predefined exploits. Once those vulnerabilities are patched, the malware's ability to spread is significantly reduced.

The Toronto researchers took a different approach. Their worm leverages an open-weight large language model running on a single GPU to create attack strategies on demand. Instead of depending on a fixed exploit chain, it generates tailored attack logic based on the characteristics of each target system. It also functions independently of commercial AI services, meaning it is not subject to API restrictions, rate limits, or account suspensions.

Inside the Experiment

The project was led by Associate Professor Nicolas Papernot and involved researchers from the University of Toronto, the Vector Institute, the University of Cambridge, and ServiceNow.

Testing took place on an isolated environment known as "FakeCorp," which consisted of 33 hosts running a variety of operating systems, including Ubuntu, Debian, Rocky Linux, Alpine Linux, Windows Server 2008 R2, Windows Server 2019, Windows Server 2022, and several IoT devices.

Every host contained at least one genuine vulnerability. Five machines were equipped with GPUs. During primary experiments, the worm used a shared GPU inference pool to emulate computational resources obtained from compromised systems. Researchers also tested full GPU-based replication, where the worm deployed its own LLM on an infected GPU machine. This approach achieved a success rate of 68.8%.

Under this architecture, compromised GPU systems acted as reasoning hubs, supplying AI inference capabilities to less powerful devices that could not run the model independently.

Across all 15 tests, the worm achieved elevated access on an average of 23.1 hosts and successfully replicated to 88% of those systems. The malware propagated through as many as seven generations, averaging 5.1 generations overall.

Researchers emphasized that the network was intentionally vulnerable and designed to evaluate autonomous reasoning and exploitation rather than represent a heavily secured enterprise environment.

Dynamic Exploitation of Multiple Vulnerabilities

The worm successfully leveraged a broad range of vulnerabilities, including SambaCry, Dirty Pipe, PrintNightmare, Drupalgeddon 2, Exim Remote Code Execution, blind SQL injection flaws, JWT authentication bypasses, Redis escapes, and others.

What makes these results notable is that the exploits were not hardcoded into the malware. Instead, the AI agent analyzed available information and independently determined suitable attack paths for each host.

According to the study, individual exploit attempts succeeded approximately 44% of the time. Most failures resulted from payload syntax issues rather than incorrect reasoning. Researchers observed stronger performance against Linux privilege-escalation and service vulnerabilities, while Windows privilege escalation and web application attacks proved more challenging.

Exploiting Newly Disclosed Vulnerabilities

A significant finding was the worm's ability to overcome its training-data limitations by consuming public vulnerability advisories in real time.

The system successfully exploited three vulnerabilities that were disclosed after the model's training period:

CVE-2026-39987, a pre-authentication remote code execution flaw affecting Marimo Python notebooks.
CVE-2026-31431 (CopyFail), a Linux kernel privilege-escalation vulnerability.
CVE-2026-43284 and CVE-2026-43500 (DirtyFrag), Linux kernel privilege-escalation flaws.

Across these targets, the worm achieved root-level access in 41 out of 67 attempts.

Researchers pointed to the increasingly narrow window between disclosure and exploitation. CVE-2026-39987, for example, was publicly disclosed on April 8, 2026. Security firm Sysdig reportedly observed exploitation activity less than ten hours later and documented an intrusion involving an LLM-based agent used during post-compromise operations.

Why Containment Becomes More Difficult

The researchers identified two key factors that could make AI-driven worms harder to contain than traditional malware.

First, operating costs shift from paid API access to the computational resources available on compromised machines. Once attackers gain access to GPU-capable systems, the malware can continue operating without incurring external service costs.

Second, the use of open-weight models removes dependency on AI vendors. As a result, provider-side safety controls such as service refusals, account suspensions, and rate limiting become ineffective.

The team also observed instances where the worm modified its own code to bypass local security measures, despite not being explicitly programmed to do so.

Importantly, the prototype lacked several advanced malware capabilities. It did not include encryption, persistence mechanisms, polymorphic code, process masquerading, or log-cleaning functions. Researchers noted that a malicious version incorporating these features would be significantly harder to detect.

Placing the Research in Context

While AI-powered worm research is not entirely new, the Toronto project represents a distinct advancement.

Earlier projects such as Morris II focused on spreading through AI applications and email assistants. In 2026, ClawWorm demonstrated self-replication across LLM agent ecosystems by compromising persistent configurations and spreading between agents.

The Toronto worm differs because it targets traditional network infrastructure rather than AI systems themselves. In this case, the large language model serves as the attack engine rather than the attack target.

The findings also align with broader industry observations. Security researchers have increasingly documented AI-assisted cyber operations involving reconnaissance, exploit development, credential theft, lateral movement, and data exfiltration.

Recommended Defensive Measures

Although the prototype lacked stealth capabilities, researchers identified several practical steps organizations can take to reduce risk:

Isolate GPU-enabled systems through strict segmentation and zero-trust controls to prevent them from becoming centralized AI reasoning hubs.

Treat newly disclosed vulnerabilities as high-priority risks and accelerate patching for internet-facing systems.

Immediately rotate credentials on compromised or potentially compromised devices to limit lateral movement.

Monitor for behavioral indicators such as unusual port activity, automated SSH key deployment, and unexpected AI inference workloads on endpoints.

The experiments demonstrated that the worm could gain root access on newly disclosed vulnerabilities in 41 out of 67 attempts and spread across 62% of a network within seven days without additional human involvement. Researchers warn that once an attacker establishes a GPU foothold in a poorly segmented environment, the cost of identifying and exploiting new targets decreases substantially.

The implementation has not been publicly released. The University of Toronto is currently establishing a vetting process through which qualified defensive researchers may request access to the system for further study.

WhatsApp to Roll Out Username Feature, No Mobile Number Required



 

AI Cloud Instagram Messaging Technology Telegram WhatsApp

WhatsApp to Roll Out Username Feature, No Mobile Number Required

WhatsApp will launch a new feature where users can opt for usernames and connect with others without putting mobile numbers. The feature is similar to the famous messaging app Telegram and also Instagram. The new update will allow users to share a unique username instead of their contact number for chats.

About feature development

“WhatsApp has worked to ensure that the username experience is stable and secure. For this reason, the rollout of usernames is taking a significant amount of time. Over the years, the code of the app has been extensively updated to make sure all existing features are fully compatible with usernames. So WhatsApp focused on testing and refining the feature carefully before making it widely available. It seems that WhatsApp is set to roll out the username feature to users as part of a phased rollout strategy over the coming months,” Whatsapp said in its blog.

Users will still have the option to continue using WhatsApp as usual if they so choose. Phone numbers will still be linked to accounts for login and recovery purposes, but each account will support a single username that can be changed at a later time without impacting chats or account activity.

How to setup

Soon, both Android and iPhone users of WhatsApp will be able to create usernames straight from the app's Settings menu. Users must visit their profile settings, select the Username option when it appears, and pick a distinctive handle for their account in order to set one up. Before the chosen username can be kept, WhatsApp will automatically check if it is legitimate and accessible.

Safety first

In order to avoid confusion and abuse, the site is also implementing strict guidelines for usernames. Usernames can only contain letters, digits, periods, underscores, and at least one letter; they must be between three and thirty-five characters long. Some formats will not be accepted, such as usernames that start with "www," finish in domain-style extensions, or have repeated periods.

What about user privacy?

By enabling users to communicate without disclosing their phone numbers, the function aims to increase privacy. Once enabled, users can speak with buyers, sellers, community organizations, or new connections using their usernames rather than their personal mobile numbers. Only the selected handle—rather than the associated phone number—will be visible to those who contact you using the username.

With a wider deployment anticipated later in 2026, WhatsApp has already begun testing usernames with a small number of iOS and Android users. According to the firm, usernames will continue to be optional, so users can continue to use WhatsApp with just their phone numbers if they so choose. Even once usernames are implemented, phone numbers will still be used for account sign-ins, verification, and recovery.

Meta Rolls Out Paid Plans for Facebook, Instagram, and WhatsApp



 

AI Ecosystem Business Creators Facebook Instagram Meta Technology WhatsApp

Meta Rolls Out Paid Plans for Facebook, Instagram, and WhatsApp

Meta has announced a wide expansion of its subscription business, introducing new paid plans for Facebook, Instagram, and WhatsApp users while preparing additional premium offerings aimed at artificial intelligence users, content creators, and businesses.

The move reflects the company's broader effort to build new revenue streams beyond advertising and provide advanced tools for users willing to pay for additional functionality across Meta's ecosystem.

The newly launched consumer subscriptions are being rolled out globally under the names Instagram Plus, Facebook Plus, and WhatsApp Plus. The plans are priced at $3.99 per month for Instagram and Facebook, while WhatsApp Plus will cost $2.99 per month.

According to Meta, subscribers will gain access to features that are not available to regular users, including greater profile customization, enhanced engagement tools, audience insights, and personalization options. The company also indicated that additional capabilities are expected to be introduced over time as the service evolves.

Meta's Head of Product, Naomi Gleit, said the company intends to continue expanding the feature set available through these premium subscriptions.

New Features for Instagram Users

Among the three services, Instagram Plus introduces the largest collection of new tools.

Subscribers will be able to access expanded analytics for Stories, including data showing how often a Story has been replayed. The platform is also removing restrictions on custom Story audiences by allowing users to create multiple audience groups rather than relying solely on the existing Close Friends feature.

The subscription further provides options to increase content visibility. Users can spotlight one Story each week to reach a larger audience, extend the lifespan of Stories beyond the standard 24-hour period, and review Stories privately without appearing in viewer lists.

Additional management tools allow users to search through Story viewers more efficiently and publish content directly to profile highlights without distributing it through followers' feeds.

Instagram Plus also includes cosmetic and personalization features such as exclusive app icons, custom fonts for profile biographies, additional profile pins, and animated "Super Heart" reactions for Stories.

Many of these additions appear designed to help creators better understand audience behavior while giving active users more control over how their content is presented and shared.

Facebook Plus and WhatsApp Plus

Facebook Plus will offer many of the same social and personalization tools available through Instagram Plus.

WhatsApp Plus, however, focuses on messaging customization rather than content creation. Subscribers will gain access to interface themes, personalized notification sounds, premium sticker packs, expanded chat pinning capabilities, customized lists, and other features intended to make the messaging experience more flexible.

Separate From Meta Verified

Meta clarified that the new Plus subscriptions will operate independently from Meta Verified, the company's existing paid verification service.

Meta Verified currently focuses on identity verification, protection against impersonation attempts, and access to customer support benefits. The company has not announced plans to discontinue the service, meaning both subscription products will remain available simultaneously.

Meta One to Become Central Subscription Platform

Alongside the rollout of Plus subscriptions, Meta revealed plans for a broader subscription framework called Meta One.

The initiative will eventually bring together the company's growing collection of premium offerings under a single brand, covering consumer subscriptions, creator tools, business services, and artificial intelligence products.

AI-Focused Subscription Plans Enter Testing

Meta also plans to begin testing dedicated subscription plans for users of Meta AI.

The first tier, Meta One Plus, will be priced at $7.99 per month, while Meta One Premium will cost $19.99 monthly.

Both plans are expected to provide enhanced AI capabilities, but the Premium version will offer access to greater computing resources for more demanding requests. This includes support for deeper reasoning on complex tasks as well as increased image-generation and video-generation capacity across Meta's applications.

The company emphasized that Meta AI will continue to be available free of charge for casual users. The paid plans are intended primarily for those who require more advanced functionality or heavier usage limits.

Testing of the AI subscriptions is scheduled to begin next month in Singapore, Guatemala, and Bolivia. Meta also stated that future benefits may extend to users of its AI-powered smart glasses.

New Tools for Businesses and Creators

Separate subscription programs are also being developed for businesses and professional creators.

The first option, Meta One Essential, will cost $14.99 per month and includes account verification, protection against impersonation, and an expanded profile links page that allows users to direct audiences to websites and other online destinations.

A higher-tier offering called Meta One Advanced will be available for $49.99 per month.

Subscribers to this plan will receive all Essential benefits alongside additional growth and promotion tools. These include improved visibility within Facebook feeds, higher placement in Facebook and Instagram search results, enhanced "Follow" buttons on Reels, and automated invitations encouraging viewers to follow creator accounts.

The Advanced tier also introduces expanded analytics capabilities, including deeper audience insights and competitive performance data. Additional features include scheduling tools, account-sharing controls for moderators, and notifications when content is reused by others, enabling creators to request attribution for original material.

Future Strategy

Initial testing of the creator and business subscriptions is expected to take place in Bangladesh, Thailand, Morocco, and Saudi Arabia.

While Meta described several of these offerings as experimental, the company's long-term objective appears clear: establishing a subscription ecosystem that extends beyond social networking and includes creator services, business growth tools, and advanced artificial intelligence capabilities.

The announcement signals Meta's expanding focus on paid digital services as competition intensifies across social media and AI markets. By introducing multiple subscription tiers aimed at different user groups, the company is positioning itself to generate recurring revenue while offering specialized tools to users seeking more advanced functionality than its free services provide.

School Buses Could Become Surveillance Vehicles for Government in The US



 

Technology

AI ALPR Data Spying Surveillance Technology

School Buses Could Become Surveillance Vehicles for Government in The US

In the US, school buses may soon become surveillance vehicles, according to 404 media’s report. A review of leaked documents revealed plans to deploy buses with automatic license plate readers (ALPR).

The data will be allegedly given to government agencies. Already, privacy is a concerning issue amid rising data safety violations. Equipping buses with surveillance cameras will be unconstitutional and national-level spying of citizens in the US.

About the incident

Bus Patrol, US’ leading provider of school bus stop-arm cameras has over 40,000 AI-based cameras throughout 24 states. These cameras are allowed in 30 states, and are installed on school buses, and capture images of vehicles violating traffic rules when the bus is stopped.

The footages captured by the buses are “recorded, reviewed, and submitted to local law enforcement for review and final approval,” says BusPatrol.

Stop-arm cameras claim to improve driver behaviour near school buses and student safety, but they have faced backlashes for failing on both ends. Stop-arm cameras also generate millions of dollars for businesses like BusPatrol.

Currently, the firm plans to increase its data collection, revenue, and teaming with local law enforcement by changing stop-arm camera into ALPRs, as per the leaked BusPatrol documents.

Why is ALPR system an issue?

ALPR systems are run by firms such as Flock Safety. They record the license plate number of passing vehicles but unlike traffic signals or stop-cameras, ALPR "cameras photograph every vehicle that drives by and can use artificial intelligence to create a profile with identifying information that then gets stored into a massive data base,” said the Institute for Justice (I.J), a public interest law firm.

The data can be sent to law agencies which might use it for searching a vehicle or driver without requiring a legal warrant. The ALPR cameras fixed on moving school buses will help enforcement agencies to capture every moving vehicle they come across.

Flawed implementation

Without ethical enforcement, these cameras can be exploited. joshua Windham, a senior I.J. attorney, announced a nationwide campaign to oppose the uncontrolled and unconstitutional deployment of ALPR technology.

Earlier ALPR systems’ data security has come under scrutiny after cases of sharing databases with immigration agencies surfaced despite company policies forbidding it.

In Kansas, an officer used the data to trace his ex-girlfriend whereas in Texas, officers used the data to search for a woman who got an abortion. Such incidents have caused a few communities to termiate their contracts and discontinue ALPR entirely.

Anthropic's Mythos Preview Detects Over 10,000 Software Bugs in Project Glassing



 

Technology

AI Anthropic Bugs ChatGPT Claude Mythos Preview Technology

Anthropic's Mythos Preview Detects Over 10,000 Software Bugs in Project Glassing

Recently, Anthropic disclosed that its Project Glasswing initiative found over 10,000 critical or high vulnerabilities in system software in its first month of operation.

Claude Mythos Preview finds bugs

Claude and 50 other partners deployed Claude Mythos Preview to find critical software infrastructure. The AI company said the initiative progress is now restricted by the pace at which flaws can be authorized, patched, and disclosed instead of discovery rates.

The discovery of flaws

Cloudflare detected 2,000 vulnerabilities throughout its critical-path systems, with around 400 labelled as critical or high severity. Claude said that its bug-finding rate surged by over ten times. Various other partners reported the same surges in flaw detection rates.

About bug patches

The UK’s AI Security Institute reported that Mythos Preview has been the only model to patch both of its cyber issues end-to-end. Mozilla detected and patched 271 bugs in Firefox while analyzing Mythos Preview. The number is ten times more than Firefox 148 with Claude Opus 4.6.

More about Anthropic patching flaws

Anthropic analyzed over 1,000 open-source projects via Mythos Preview, and found 6,202 estimated high or critical severity bugs out of 23,019. Out of 1,752 critical or high bugs studied by independent security research institutes, 90.6% were acknowledged as valid and 62.4% were confirmed as critical or high severity.

One bug was found in wolfSSL, a cryptographic library that billions of devices use. If successful, the bug would have allowed a threat actor to make fake certificates and host fake sites for email providers or banks. The bus was labelled as CVE-2026-5194 and has been fixed.

Critical vulnerabilities

Anthropic has revealed 530 critical or high bugs to researchers. Seventy-five have been fixed and sixty-five have been given public advisories. Claude said that a high or critical flaw detected by Mythos Preview roughly takes two weeks to fix on average.

In its recent release, Palo Alto Networks added more than five times as many patches as normal. Microsoft stated that it will keep releasing further fixes. Oracle is identifying and resolving vulnerabilities in all of its products many times more quickly than in the past.

Three weeks ago, Anthropic made Claude Security available to clients of Claude Enterprise in a public beta. Claude Opus 4.7 has been used to patch more than 2,100 vulnerabilities.

To help maintainers handle bug reports, the corporation partnered with the Alpha-Omega project of the Open Source Security Foundation. Anthropic has not made Mythos-class models available to the general public, citing the necessity for more robust security measures to stop abuse.

Media Regulators Call Out Youtube, TikTok for Ignoring Child Safety



 

YouTube

Cloud Data Instagram Meta Roblox Technology TikTok YouTube

Media Regulators Call Out Youtube, TikTok for Ignoring Child Safety

According to a report by Ofcom, YouTube and TikTok have failed to implement steps to safeguard British children from harmful online content. Data suggests widespread exposure to underage kids on these platforms.

TikTok, YouTube ignoring child safety

Ofcom media regulators said none of the company made any serious efforts to make recommendations feeds/explore pages safer, despite proof that these platforms are the main entry point through which underage kids face harm.

Platforms not safe enough

Ofcom said the platforms are “not safe enough”. The report comes after Ofcom’s call for stricter action on children’s online safety, saying Roblox, meta, and Snap had each complied to stronger anti-grooming actions.

TikTok said it was quite disappointing that Ofcom didn’t acknowledge its safety measures, whereas Youtube said it worked with child safety researchers to give industry grade, age-appropriate experiences for children.

About the Ofcom report

Ofcom’s latest report explains how five large social media and video platforms responded to its call for safety measures. The report said that, "Notably, TikTok and YouTube failed to commit to any significant changes to reduce harmful content being served to children, maintaining their feeds are already safe for children.” Ofcom added, "Our wealth of evidence, published today, suggests they are still not safe enough."

What did YouTube and TikTok say?

Responding to the criticism, YouTube and TikTok said that safety measures already existed. YouTube’s short-form video timer allowed parents to control scrolling time for Shorts feed, whereas TikTok stopped direct messaging (DM) for under-16 children.

Governments have taken measures to address online child safety. UK PM Keir Starmer has urged social media platforms to take greater responsibility. Britain is discussing tighter restrictions, this includes a potential ban on under-16 children that use social media, inspired from Australia's landmark decision that tackled addictive design features.

According to social media analyst Matt Navarra, the report has shown a shift in how we perceive online harm as a “product problem.” Earlier, the debate was, “did the platform remove harmful content quickly enough?' - the new one has shifted towards, 'why did the platform show it to a child in the first place?”

What does the data say?

Ofcom reported that 73% of 11-17 year olds were exposed to malicious content for four weeks, primarily through recommendation feeds. TikTok was the most cited, followed by YouTube, Instagram and Snapchat. Experts stress that YouTube and TikTok said their existing platforms were adequate, but media regulators have found their feeds to be unsafe.

Bengaluru Developer’s Viral AI Tool Shows the Power of One Click Decisions



 

Technology

Access control AI Layoffs cybersecurity risks Data Exposure Environment Variables Insider Threats Software Security Source Code Security Tech Industry Trends Technology

Bengaluru Developer’s Viral AI Tool Shows the Power of One Click Decisions

As artificial intelligence continues to transform software development workflows and corporate staffing strategies, discussions regarding automation-driven job displacement have gained increasing prominence across the technology sector. Against this backdrop, a Bengaluru software engineer has captured widespread attention online with a satirical hardware project combining workplace anxiety with developer joking.

Designed as a "I GOT FIRED" emergency button, the device humorously claims to initiate a series of catastrophic actions, including exposing source code repositories and publishing sensitive environment variables. As a technical themed commentary on modern tech culture and the uneasy relationship between AI, employment, and corporate trust, the book transforms a growing industry concern into a commentary on this growing industry concern.

The project was presented with the intention of responding humorously to the growing discussion regarding AI-driven layoffs and shrinking engineering teams, as a response to workplace uncertainty.

In an interview with Pankaj Tanwar, a software engineer who is popular online as @the2ndfloorguy, Pankaj Tanwar described the device as a "I GOT FIRED" button capable of initiating a fictional chain of retaliatory actions upon pressing.

Using the satirical scenario described in his post, this button would publish a company's codebase, store sensitive .env configuration secrets, delete the staging database, and notify his lawyer. There is a compact programmable keypad attached to his laptop that has labels, including "Gaslight Them," "Decode Corporate BS," and a prominent red button that reads "I Got Fired.".

On-screen notifications, emphasizing the joke's technical undertones, displayed messages claiming environment secrets had been released to the public and that the user was "out of office." It was evident that the post was intended as developer satire rather than a functional cyber sabotage tool, however it received widespread attention on social media, generating a mix of amusement, curiosity and debate from technology professionals who appreciated the humour and frustrations embedded within it.

Besides its novelty, the rapid spread of the post was mainly driven by its author's reputation as a Bengaluru-based developer known for designing unconventional technology projects combining engineering concepts with internet humour. Many members of the software community, however, were particularly affected by this satire in this instance.

The button was described as a fictional last-resort mechanism that could launch a cascade of catastrophic actions as a response to mounting concerns about the reduction of workforce through automation. It can expose proprietary code, expose sensitive environment variables, delete a staging database and alert legal counsel to a multitude of catastrophic events.

Using a compact programmable keypad alongside a laptop that was running a workflow ominously titled "I Got Fired," the accompanying images enhanced the dramatic narrative by creating the visual impression of an emergency shutoff switch for developers. Despite the obvious exaggeration in the scenario for comedic effect, the post was resonating because it expressed familiar industry anxieties in a technically recognisable manner.

The responses varied from users asking for information about similar programmable keys available in India to others imagining humorous scenarios driven by artificial intelligence in which a decision-making system would determine whether to press a button.

The project has been dismissed by critics as nothing more than engagement bait, while others have pointed out that any attempt to carry out the actions outlined would come with severe legal and professional consequences. There was some lighthearted joke that activating the switch would result in a salary being traded for prison accommodation, with some comparing the concept to a developer-oriented “dead man’s switch.”

The joke revealed a deeper sentiment, though, beneath the humour. It resonated with many technology professionals as it reflected a common concern about employees feeling replaceable amid continuous restructuring, automation initiatives, and artificial intelligence-driven efficiency initiatives. Therefore, the device functioned less as a fictional tool and more as a satirical tool for discussing the industry’s growing concerns about job security, workplace pressure and the future role of human talent in software development. Its popularity underscores a broader reality faced by today's technological workforce despite its intended purpose as satire.

Not only did the joke resonate due to the fictional cyber sabotage it portrayed, but it also tapped into a genuine concern regarding automation, organisational restructuring, and employee uncertainty. From a cybersecurity perspective, the scenario also reminds us the importance of strong access controls, credential management, insider risk monitoring, and clearly defined offboarding processes.

AI is reshaping the workplace, so organizations will need to maintain a balance between technological efficiency and transparency, trust and workforce resilience to ensure innovation does not undermine security and culture, but rather strengthens it instead of becoming a source of anxiety for employees.

Study Reveals Workplace Monitoring Apps Share Employee Data With Major Tech and Advertising Firms



 

workplace monitoring apps

bossware Data Privacy Data Sharing employee surveillance Google Technology worker privacy workplace monitoring apps

Study Reveals Workplace Monitoring Apps Share Employee Data With Major Tech and Advertising Firms

A recent study has raised concerns about the privacy practices of workplace monitoring software, revealing that many employee-tracking applications are sharing user information with major technology companies, advertising networks, and data brokers.

The research was conducted by experts from Columbia Law School, Northeastern University, Vanderbilt University, and the University of California, Berkeley. The team examined nine popular workplace monitoring platforms, commonly known as "bossware," including Hubstaff, Time Doctor, and Deputy. These tools are widely used by employers to monitor staff activities such as working hours, keyboard and mouse usage, screenshots, location tracking, application activity, and productivity levels.

According to the findings, all nine platforms transmitted employee-related information to external organizations. Researchers created both employee and manager accounts to study how data flowed through the applications and identified numerous instances where personal information was shared with third parties.

“The striking piece of this study is that every single platform, nine of nine bossware companies, shared worker data with outside companies,” Stephanie Nguyen told The Verge.

The investigation uncovered 121 cases where employee information, including names, email addresses, and company details, was sent to external entities such as Facebook, Google, Microsoft, and AppLovin. Researchers also found that sensitive information—including IP addresses, device specifications, and browsing activity—was shared with 145 third-party companies, among them Facebook, Google, LinkedIn, Bing, and Yandex.

The report warns that many workplace monitoring providers have adopted data collection practices similar to those seen across much of the consumer internet.

“Bossware platforms have adopted the same business model as much of the consumer internet: collect as much data as possible, retain it indefinitely, and repurpose it in ways workers neither expect nor meaningfully consent to,” the researchers warn.

Researchers further noted that companies may use collected information, such as app usage patterns and network connections, to draw conclusions about employee behavior, engagement levels, or even whether a worker may be considering a job change.

The study also highlighted location-tracking concerns. Approximately one-third of the platforms reviewed were capable of monitoring a worker’s precise location even when the application was running in the background and, in some cases, potentially outside working hours.

The researchers emphasized that workplaces should not evolve into environments of excessive surveillance and unchecked data collection.

“Banning the sharing and selling of workplace data now is critical to avoid locking in practices that undermine worker privacy, autonomy and economic security,” the report notes.

“Workers typically lack the ability to meaningfully refuse surveillance, to switch employers, or to stop using an employer-issued surveillance platform without risking their jobs and livelihoods.”

Several companies named in the study did not immediately respond to requests for comment. However, Deputy’s Chief Technology Officer, Ciaran Hale, stated that the company works only with trusted service providers necessary for platform operations, security, and reliability. He also argued that researchers may have confused marketing-related website cookies with the company's secure employee application. Researchers maintained that their review covered the entire user journey experienced by workers, from visiting the company website to using the application itself.

The findings have intensified discussions around employee privacy, workplace surveillance, and the growing role of data collection technologies in modern work environments.

AI Is Ruining Bug Bounty Programs with Flood of Fake Reports



 

Technology

AI Threat Bug Bounty Fake Report Generative AI Technology

AI Is Ruining Bug Bounty Programs with Flood of Fake Reports

For years, tech giants like Google, OpenAI, and T-Mobile have relied on bug bounty programs as a cornerstone of their cybersecurity strategy. These programs pay independent hackers millions of dollars annually to find and report software flaws before cybercriminals exploit them. The model proved highly effective, with Google alone distributing $10 million to 632 researchers in 2023 alone. However, this once-reliable security ecosystem is now facing a massive crisis due to the rapid advancement of generative AI.

Generative AI tools are flooding bug bounty platforms with a relentless wave of automated, low-quality, and completely fake vulnerability reports. According to The Financial Times, the problem isn't the volume of submissions but their terrible quality. Bugcrowd, a major platform serving clients like OpenAI, T-Mobile, and Motorola, reported that bug submissions more than quadrupled over just a three-week period in March 2026, with the vast majority proving completely false. Similarly, HackerOne, which serves Google and the US Department of Defense, saw submissions jump 76% in the year leading up to March.

The surge in fake reports is driven by three distinct groups. First, amateurs use AI chatbots to fabricate reports for flaws that don't actually exist. Second, misled professionals trust flawed data handed to them by AI assistants, unknowingly submitting erroneous reports. Third, automated spammers have created end-to-end scanning systems that mass-produce and submit fake bug reports at scale. This flood of AI-generated "slop" is forcing tech companies to spend hours debunking hallucinated computer code instead of addressing real vulnerabilities.

The consequences are severe. Some organizations have been forced to shut down their payout programs entirely due to the overwhelming volume of fraudulent submissions. Curl, a widely used internet data transfer tool, suspended its paid bug bounty program in January 2026, citing an "explosion in AI slop reports" and a dramatic decline in submission quality. Cybersecurity firms are now implementing stricter validation processes, but the arms race between AI-generated fraud and human verification continues escalating.

This crisis threatens to undermine a critical pillar of modern cybersecurity. While AI has enabled researchers to identify genuine vulnerabilities more quickly, it has also lowered barriers to entry so dramatically that the system is becoming unusable. Experts warn that without significant reforms to screening processes and validation mechanisms, bug bounty programs could collapse entirely, leaving tech companies more vulnerable to actual cyberattacks than ever before. The future of this billion-dollar security model depends on finding ways to distinguish human insight from AI hallucination.

Google Tests 5GB Gmail Storage Limit for New Users Without Phone Verification



 

Verification

Data & Privacy Google Phone Storage Technology Verification

Google Tests 5GB Gmail Storage Limit for New Users Without Phone Verification

Google is experimenting with a new Gmail policy that limits some newly created accounts to 5GB of cloud storage unless users add a phone number to their account. Once a phone number is linked, the full 15GB of free storage becomes available.

The company confirmed the trial to Android Authority, explaining that the initiative is being tested in select regions to ensure a “high-quality storage experience.” Google also stated that phone number verification can improve account security and make account recovery easier. However, critics argue that tying the standard storage allocation to phone number submission raises privacy concerns.

There are several reasons why Google may be considering such a move. Adding a phone number can provide an additional method for recovering access to an account. That said, users already have alternative recovery options available, including backup email addresses and recovery contacts.

Google further claims that linking a phone number can help strengthen account protection. However, cybersecurity experts often regard methods such as passkeys, authentication apps, and Google prompts as more secure than SMS-based verification, which remains vulnerable to SIM-swapping attacks, phishing attempts, and other security threats.

Another possible motivation is reducing spam and fraudulent account creation. Spammers and scammers frequently create multiple accounts, and requiring phone verification could make this process more difficult. Still, some regions already mandate phone verification during account registration, while cybercriminals can often access temporary or burner numbers through VoIP services. Additionally, the 5GB restriction may not significantly impact bad actors who only use accounts for short-term activities.

Since Google has described the initiative as a test, it may never become a permanent feature. Nevertheless, some observers question the approach, arguing that restricting two-thirds of the standard free storage allocation until users provide personal information is problematic. A more transparent option, they suggest, would be requiring phone verification during account creation rather than limiting storage afterward.

The reduced storage limit could also affect other Google services. Because Google Drive storage is shared across products, users relying on cloud backups—such as WhatsApp backups—could encounter limitations much sooner under the 5GB cap.

Google has previously incentivized users to enhance account security by rewarding them with additional storage. In earlier years, the company offered an extra 2GB of cloud storage to users who completed a security checkup. By contrast, the current test restricts access to storage users would typically receive for free.

The trial also places Gmail closer to Apple’s free iCloud Mail tier, which offers 5GB of storage. However, competitors such as Microsoft Outlook and Yahoo Mail continue to provide 15GB ori more of free storage in many regions.

Some critics view the test as another example of technology companies gradually reducing the benefits of free services while requesting either payment or additional personal information. Similar concerns emerged when Google Photos ended its unlimited free photo backup policy and shifted users to a shared 15GB storage limit in 2021. Others point to the company's efforts to promote YouTube Premium by making the free viewing experience less attractive.

One positive aspect is that the reported storage restriction currently appears to affect only new accounts. Existing Gmail users who already have less than 5GB of stored data do not seem to be impacted. However, individuals looking to create secondary email accounts may still find the policy inconvenient, despite Google allowing multiple accounts to be linked to a single phone number.

The timing of the test has also fueled privacy debates, particularly among users concerned about sharing additional personal information with major technology companies. As discussions around data privacy and government access to information continue, some users may be hesitant to provide more identifying details than necessary.

For now, the phone number-linked storage limit remains an experimental feature. While Google cites security, account recovery, and spam prevention as key reasons behind the test, questions remain about whether restricting storage is the right way to encourage users to verify their accounts.

Al-Driven Attacks and Ransomware Surge Across the Americas in 01 2026



 

Technology

AI Privacy Al Cyber Threats Data Security Technology

Al-Driven Attacks and Ransomware Surge Across the Americas in 01 2026

The cyber threat environment across the Americas experienced a sharp increase in sophisticated attacks during the first quarter of 2026, driven by the growing use of artificial intelligence, persistent ransomware activity, and heightened targeting of critical infrastructure sectors.

According to cybersecurity researchers, threat actors are increasingly integrating generative AI into their operations to streamline phishing campaigns, generate realistic deepfake content, and speed up attack execution. Simultaneously, ransomware groups, hacktivists, and nation-state-backed actors intensified their focus on organizations operating in healthcare, manufacturing, energy, utilities, and government sectors throughout North and Latin America.

To address these emerging risks, Cyble is scheduled to host a live webinar on May 28, 2026. The session will examine major cyber threats, adversary tactics, and evolving attack patterns that shaped the Americas' cybersecurity landscape during Q1 2026.

A key trend observed during the quarter was the increasing adoption of AI technologies by cybercriminals and advanced threat actors.

Generative AI is now being used to craft highly personalized phishing emails, create fake digital identities, produce convincing deepfakes, and automate large-scale social engineering campaigns. Security experts caution that these tactics are making malicious activities harder to detect while improving the effectiveness of phishing and credential theft attacks.

Researchers also found that AI is helping attackers accelerate reconnaissance efforts and exploit vulnerabilities more efficiently, allowing them to target a greater number of victims in less time. As these capabilities continue to evolve, organizations face mounting pressure to strengthen threat detection systems and enhance incident response strategies.

Critical infrastructure remained a major target throughout Q1 2026. Healthcare organizations, utility providers, energy companies, manufacturers, and government agencies continued to face sustained attacks from ransomware operators, hacktivist groups, and nation-state adversaries.

Cybersecurity analysts highlighted growing concerns surrounding operational technology (OT) environments, where attacks have the potential to disrupt essential services. In addition, supply chain weaknesses and third-party security risks continued to create significant challenges for infrastructure operators.

Experts suggest that many of these attacks are no longer motivated solely by financial gain. Increasingly, campaigns are being linked to geopolitical objectives, intelligence collection efforts, and attempts to disrupt strategically important industries and national infrastructure.

Threat intelligence gathered during the quarter revealed continued activity from nation-state groups associated with China, Russia, Iran, and North Korea.

These actors maintained cyber espionage campaigns targeting organizations across the Americas through vulnerability exploitation, malware deployment, credential theft, and intelligence-gathering operations. Government institutions, critical infrastructure operators, and large enterprises remained among their primary targets.

Security specialists note that ongoing geopolitical developments continue to shape cyber activity, underscoring the importance of proactive risk monitoring and stronger organizational resilience against advanced threats.

Ransomware and Dark Web Ecosystems Remain Active

Despite increased attention on AI-enabled threats, ransomware continued to be one of the most damaging cybersecurity challenges during Q1 2026.

Attackers persisted in using double-extortion methods, data theft, and operational disruption tactics against organizations across a wide range of industries. Researchers also reported continued activity on dark web marketplaces and underground forums, where stolen credentials, unauthorized access data, and cyberattack tools are frequently traded.

Hacktivist groups remained active as well, particularly in campaigns connected to regional and political conflicts.

As a result, many security teams are placing greater emphasis on real-time threat intelligence, attack surface management, and proactive monitoring to identify risks before they escalate.

The upcoming webinar will feature insights from Kaustubh Medhe, Head of Research & Intelligence at Cyble, Brian Osterman, Senior Solutions Engineer for the U.S. region, and moderator Mihir Bagwe.

Participants will gain insights into ransomware developments, AI-powered cyber threats, nation-state operations, and practical strategies for improving cyber resilience throughout 2026.

Registered attendees will also receive a complimentary copy of the Americas Threat Landscape Report – Q1 2026.

Hidden 4GB AI Model Found Downloading Through Google Chrome



 

Technology

Browser security telemetry Client-side digital sovereignty Data governance compliance Edge AI privacy Filesystem auditing Gemini Nano installation On-device LLM Technology

Hidden 4GB AI Model Found Downloading Through Google Chrome

In what appeared to be a routine background update within Google Chrome, privacy researchers have raised concerns over a potentially problematic update after reports revealed that the browser may have silently downloaded a nearly 4GB artificial intelligence model onto certain systems without explicit user approval.

Known as Gemini Nano, this component enables local AI processing directly on laptops and smartphones rather than relying solely on cloud infrastructure. However, cybersecurity observers and digital rights advocates contend that the deployment was inadequately transparent, especially because the installation of an AI package requiring significant storage was not visible to users.

The disclosure, amplified by a Swedish computer scientist and privacy. Google's incremental deployment of Gemini Nano, a lightweight large language model designed to execute on-device operations such as text optimization and automated scam detection, is revealed by an investigation into the browser's filesystem mechanics.

The background payload is the result of this incremental deployment. Hanff's diagnostic tests are supported by a system-level analysis, which shows that the browser initiates an independent directory named OptGuideOnDeviceModel when a machine running recent Chrome iterations satisfies certain hardware requirements, and that the browser extracts weights.bin, which is a 4- gigabyte binary file.

Due to the architecture's use of default active optimization flags rather than user-triggered prompts, the local installation does not require explicit confirmation dialogs. This practice has drawn intense scrutiny due to issues related to storage overhead, metered network data consumption, and compliance with regional data governance protocols.

It has been stated by Google that users may mitigate the automated download sequence by deleting the On-device AI program or the Optimization Guide parameters using internal settings (chrome://flags). However, the lack of a standard, upstream opt-in mechanism before writing multigigabyte binaries to a user's persistent storage has fundamentally heightened the debate over digital sovereignty on the client's side.

A clean Apple Silicon profile has been audited to empirically isolate this persistent behavior beyond individual telemetry reports, using the native macOS kernel-level filesystem auditing daemon, .fseventsd. In the absence of application-layer logging, this low-level mechanism records transactional file operations, which results in a tamper-proof ledger of Chrome's execution pipeline which is unmodified by external application updates.

As a result of the resulting data stream, it became evident that even when users manually purge the payload, which is mapped to mode 600 on macOS, the Local State configuration file retains the target installation. This automated download loop is initiated once the client intercepts a new synchronization packet from Google's central variations server confirming profile eligibility as soon as the client intercepts it.

The forced re-allocation of macOS resources on Mac OS is consistent with deletion-resistance patterns that have been extensively documented across Windows environments, thus confirming the silent overhead as a design constant across various desktop operating systems and not an isolated platform problem.

In Chrome 147, functional opacity is further compounded by the decoupling of user interface design from backend routing. Although the prominently displayed AI Mode pill indicates localized execution, diagnostic telemetry indicates that the interface is a channel for Google's cloud-based Search Generative Experience, transmitting user queries to Google servers directly.

While the silently provisioned Gemini Nano remains isolated to context-menu features that are rarely invoked by most of the user base, the asymmetric distribution has been confirmed by Snopes audits, which confirmed the existence of weights.bin files across a limited set of Windows and macOS configurations, despite Google’s phased rollout of an opt-out toggle in early 2026 that remains unavailable to a large percentage of global users.

Besides the immediate infrastructural challenges, this deployment paradigm is being scrutinized more and more by regulatory authorities and environmentalists. According to Hanff's legal analysis, writing substantial binary payloads to client hardware without explicit, upstream consent directly violates both the GDPR transparency requirements and the EU ePrivacy Directive data storage mandates. Those arguments echo recent compliance challenges reported by Malwarebytes regarding Anthropic's unprompted integration of Claude Desktop components across numerous Chrome environments.

It is further estimated that this 4-gigabyte deployment will yield 6,000 to 60,000 tonnes of CO2 equivalents when projected across Chrome's estimated one billion devices. It has been reported by crypto.news that the provisioning of local AI environments unconsentedly raises complex data sovereignty issues and fundamentally alters the endpoint security baseline for consumers worldwide as part of a broader 2026 surge in automated threat vectors highlighted by CertiK.

Finally, this architectural shift in client-side applications highlights a rising tension between the automatic delivery of products and the autonomy of user data. In spite of the increasing importance of silent pre-provisioning to smooth the onboarding process for local LLM engines, executing background allocations of this magnitude fundamentally alters the relationship between browser software and host hardware as they are executed.

Regulatory bodies are starting to evaluate ambient deployment strategies against strict transparency frameworks, such as the GDPR, which will result in an inevitable point of inflection for the industry. Localized artificial intelligence requires a profound structural reevaluation in order to achieve a balance between compute-intensive computation and established principles of consent, resource management, and digital sovereignty. This will involve shifting away from default-active background injections toward transparent, user-validated infrastructure.

Meta Employees Protest New Workplace Surveillance Measures Ahead of Planned Layoffs



 

workplace monitoring

AI Meta Meta layoffs 2026 Meta surveillance software Technology workplace monitoring

Meta Employees Protest New Workplace Surveillance Measures Ahead of Planned Layoffs

Meta Platforms, Inc. employees have reportedly initiated an internal campaign opposing the company's newly introduced workplace monitoring practices, according to recent reports.

Staff members at multiple Meta offices across the United States distributed flyers criticizing software that tracks employee computer activity. The monitoring tool records information such as cursor movement, mouse clicks, and navigation behavior while employees work.

The pamphlets were placed in common areas including meeting rooms, vending machine locations, and restrooms. Organizers urged coworkers to challenge what they described as an "Employee Data Extraction Factory."

The protest emerges just days before Meta is expected to reduce its workforce by approximately 10%, a move that has intensified concerns among employees about job stability. Many workers reportedly suspect that the monitoring system serves a broader purpose beyond measuring productivity. Some believe the collected behavioral data could be used to train artificial intelligence systems capable of automating workplace tasks.

In a statement emailed to Benzinga, Meta referenced its previous comments regarding AI training data. A company spokesperson defended the initiative, explaining that the information provides "real examples" of computer use that help improve AI agents designed to complete routine digital activities.

“There are safeguards in place to protect sensitive content and the data is not used for any other purpose,” the spokesperson added.

Employee dissatisfaction has reportedly grown amid Meta's ongoing workforce reductions, increased productivity monitoring, and strategic shift toward becoming a more AI-focused organization.

Earlier, during a company town hall, CEO Mark Zuckerberg stated that AI efficiency tools were not the main reason behind the planned job cuts.

The distributed flyers also highlighted employee rights under U.S. labor laws, indicating the beginning of broader organizing efforts within the company.

Meanwhile, reports suggest that Meta employees in the United Kingdom have started unionization efforts through United Tech and Allied Workers. Organizers have criticized what they called "draconian surveillance" measures and expressed concerns over the company's aggressive AI-driven direction.

On the market front, Meta shares finished Tuesday's trading session at $603.00, gaining 0.69%. The stock later slipped 0.18% in after-hours trading to $601.93.

According to Benzinga Edge Rankings, Meta ranks in the 89th percentile for growth performance. However, the company's stock has continued to display negative price momentum across short-, medium-, and long-term periods.

Google Launches New Android Security Tool to Identify Spyware and Device Intrusions



 

Technology

Android spyware protection Google Android security Intrusion Logging feature Technology

Google Launches New Android Security Tool to Identify Spyware and Device Intrusions

Google has started rolling out a new optional security feature for Android users called “Intrusion Logging,” aimed at helping cybersecurity experts and investigators detect spyware-related attacks on devices.

The feature is part of Android’s Advanced Protection Mode, a security-focused setting introduced by Google last year to strengthen device protection against sophisticated hacking attempts. The mode was specifically designed to defend users from government-grade spyware and forensic tools used by law enforcement agencies to extract private information from smartphones.

In some documented cases, both forensic tools and spyware have reportedly been used together. Authorities in Serbia, for instance, allegedly used a forensic unlocking tool developed by Cellebrite to gain access to a device before installing spyware for continued surveillance.

With Intrusion Logging, Google is introducing a dedicated logging system that records security-related activities and unusual software behavior. The feature is considered significant because it gives researchers better visibility into possible spyware infections and intrusion attempts on Android devices.

Amnesty International, which collaborated with Google on the project, described Intrusion Logging as “a fundamental shift in the amount and quality of forensic data available on Android devices.”

“Until now, forensic analysis has relied on logs that were never designed for intrusion detection,” Amnesty wrote in a detailed blog post explaining the feature. Earlier logging systems were limited because data was often overwritten quickly, making it difficult for researchers to trace evidence of attacks.

Donncha Ó Cearbhaill, head of Amnesty’s Security Lab, also highlighted the challenges investigators previously faced with Android systems. He said Android’s technical limitations “have made it difficult to deeply analyze system logs and files for signs of compromise, unlike with iOS.”

“These limits have meant we’ve been unable to reliably detect known attacks against Android,” added Ó Cearbhaill, who has investigated spyware abuse cases globally for several years.

Google had first announced Intrusion Logging nearly a year ago, but the company has now begun officially deploying it. According to a recent Google blog post, the feature “is currently rolling out to all devices running the Android 16 December update and newer.”

How the Intrusion Logging Feature Works

The feature records and stores security-related system events that may indicate suspicious activity or device compromise. Logs are generated daily and securely backed up in encrypted form to the user’s Google account. This cloud-based storage method is intended to stop spyware from erasing evidence from the device itself.

Google says the logs remain encrypted and can only be accessed or shared by the device owner, meaning even Google cannot read them.

Intrusion Logging tracks several activities, including device unlock events, app installations and removals, website and server connections, and any use of Android Debug Bridge (ADB), a tool commonly used to connect Android devices to computers or forensic systems like Cellebrite.

The system can also identify attempts to delete logs, which could suggest efforts to hide traces of an attack.

Cybersecurity researchers believe the logs could help determine whether a phone was forcibly unlocked, connected to forensic extraction tools, or infected with spyware or stalkerware. The data may also reveal if the device interacted with malicious websites or servers designed to steal information.

However, the feature currently comes with certain limitations. Users must enable Advanced Protection Mode, install the latest Android software, and use a compatible Google Pixel device linked to a Google account.

Additionally, because the logs include browsing history and connection records, some users may have concerns about sharing sensitive information with investigators.

Google says Advanced Protection Mode and Intrusion Logging are particularly useful for individuals at higher risk of surveillance, including journalists, activists, dissidents, and human rights defenders.

The feature has similarities to Apple’s Lockdown Mode, which was introduced for users vulnerable to spyware attacks. Apple previously stated that it had not detected any successful spyware breaches on devices with Lockdown Mode enabled. In 2023, researchers at Citizen Lab also reported that Lockdown Mode blocked an attempted spyware infection linked to NSO Group.

Amnesty International has also published detailed instructions explaining how users can download and review Intrusion Logging data if they suspect they have been targeted by spyware.

Over the years, companies including Apple, Google, and Meta have regularly issued threat notifications to users believed to be targets of spyware campaigns, helping researchers uncover and investigate cases of digital surveillance.

Google Detects AI-Generated Zero-Day Exploit Targeting Web Admin Tool



 

zero-day vulnerability

AI-generated exploit Artificial Intelligence Cybersecurity Google Threat Intelligence Group Technology zero-day vulnerability

Google Detects AI-Generated Zero-Day Exploit Targeting Web Admin Tool

Researchers from Google Threat Intelligence Group (GTIG) have revealed that a recently identified zero-day exploit aimed at a widely used open-source web administration platform was likely created with the help of artificial intelligence.

The vulnerability, which targeted the platform’s two-factor authentication (2FA) mechanism, could have allowed attackers to bypass critical security protections. While the software involved has not been publicly identified, researchers confirmed that the attack was stopped before it reached large-scale exploitation.

According to GTIG, analysis of the Python-based exploit strongly indicates the involvement of AI tools during the vulnerability discovery and weaponization process. The team noted that the coding style, educational explanations within the script, and even fabricated technical details closely resembled outputs commonly produced by large language models (LLMs).

“For example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data,” GTIG says in a report today.

Researchers also stated that the flaw itself appeared to be a semantic logic issue — an area where AI systems tend to perform effectively — rather than traditional vulnerabilities like memory corruption or poor input sanitization that are usually identified through fuzzing or static analysis techniques.

Google informed the affected software developer about the issue, allowing security measures to be implemented quickly and the attack to be disrupted before wider abuse occurred.

“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” GTIG researchers say.

The report additionally highlights the increasing role of AI in cybercrime operations. Google observed threat groups linked to China and North Korea — including APT27, APT45, UNC2814, UNC5673, and UNC6201 — using AI systems for exploit development and vulnerability research.

Meanwhile, Russia-associated threat actors were reportedly using AI-generated decoy code to conceal malware strains such as CANFAIL and LONGSTREAM. Google also referenced a Russian campaign known as “Overload,” where AI voice cloning technology was allegedly used to imitate journalists in fabricated videos spreading anti-Ukraine narratives.

The report further examined the Android malware PromptSpy, previously documented by ESET, for its integration with Gemini APIs to automate interactions on infected devices.

Investigators identified an autonomous component called "GeminiAutomationAgent," which reportedly relies on a hardcoded prompt to help the malware evade AI safety mechanisms. Researchers explained that the prompt assigns the malware a harmless persona, enabling it to calculate interface geometry and interact with device functions more effectively.

Google researchers also warned that the malware appears capable of replaying authentication methods, including PINs and lock patterns, using AI-assisted techniques.

The company concluded that cybercriminals are increasingly scaling access to premium AI services through methods such as automated account generation, proxy relay systems, and shared account infrastructures.

WhatsApp-Based Bengaluru Start-up Aims to Reduce Delayed Payment Woes



 

WhatsApp Payments

Bengaluru Startup Delayed Payments Fintech Solution Technology WhatsApp Payments

WhatsApp-Based Bengaluru Start-up Aims to Reduce Delayed Payment Woes

Delayed payments are a quiet but serious problem for small businesses, freelancers, tutors, and service providers, because the work may be complete while the money still remains stuck in follow-up cycles. In Bengaluru, a start-up called Lenda is trying to address that friction with a WhatsApp-first tool that automates reminders, supports negotiation, and helps users recover dues without creating awkward back-and-forth.

The issue is not only financial but also practical, since chasing payments consumes time and can damage relationships between clients and providers. Many people already rely on WhatsApp for everyday communication, so the start-up is using that familiarity to make payment collection feel less like a formal recovery process and more like a normal conversation.

Lenda’s approach is built around interactive messages instead of one-way reminders, which means a borrower can respond directly inside WhatsApp. The system lets recipients confirm payment, ask for extra time, raise a dispute, or even make a partial payment, which makes the process more flexible than a standard SMS reminder. That interaction matters because delayed payments often happen not just from unwillingness to pay, but also from timing problems, confusion, or simple forgetfulness.

The start-up also tries to solve a structural problem for small operators such as teachers, class coordinators, and freelancers who collect money from many people at once. Its batch-reminder feature allows users to organize groups and send collective follow-ups, which reduces repetitive manual work and makes collections easier to manage. Lenda also includes late-fee options and a repayment score, aiming to encourage timely payment while giving businesses more control over overdue accounts.

What makes the issue important is that delayed payments can disrupt cash flow, especially for small businesses that depend on regular incoming money to pay expenses and plan operations. By offering a “no-app” solution inside WhatsApp, Lenda is betting that the biggest barrier is not a lack of reminders, but the inconvenience and discomfort of asking for money repeatedly. That is why this Bengaluru start-up’s idea is less about messaging and more about fixing a common payment problem in a simpler, more human way.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Footer About

Labels

Showing result(s) for

Popular Posts

Pages

Menu Item

About feature development

How to setup

Safety first

What about user privacy?

About the incident

Why is ALPR system an issue?

Flawed implementation

Claude Mythos Preview finds bugs

The discovery of flaws

About bug patches

More about Anthropic patching flaws

Critical vulnerabilities

TikTok, YouTube ignoring child safety

Platforms not safe enough

About the Ofcom report

What did YouTube and TikTok say?

What does the data say?