Newspaper

Anthropic just unleashed Claude Mythos, an AI so powerful it uncovered thousands of critical security flaws—including a 27-year-old OpenBSD vulnerability that could crash servers with malformed packets. Unlike typical chatbots, Mythos is a cybersecurity powerhouse, rewriting the rules of vulnerability research by succeeding in exploit development 181 times out of a few hundred attempts. The company is holding back public release, collaborating with over 40 tech firms to patch these zero-day flaws before they become a threat. This leap signals a new era where AI could reshape software security forever.

Crypto investment scams drained Americans of a staggering $7.2 billion in 2025, making it the costliest fraud type, according to the FBI. A deep dive revealed ruthless playbooks targeting even those already scammed, robbing victims twice with chilling sophistication. Enter Operation Atlantic, a bold international crackdown aiming to disrupt these scams in real time before victims lose everything. This fight is just beginning, but the stakes couldn’t be higher.

A North Korea-linked hacking group named Kimsuky has been caught using GitHub as a covert command and control hub to target South Korean organizations. The attack begins with phishing emails carrying disguised Windows Shortcut files that silently execute malicious PowerShell scripts, stealing data and retrieving commands via GitHub repositories. This sophisticated tactic leverages trusted platforms and native Windows tools to evade detection and maintain long-term access. Cybersecurity experts warn this signals a growing trend of state-sponsored hackers weaponizing open platforms, raising the stakes for global digital defenses.

The Canadian government has issued a sharp warning about a new 'milk settlement' scam targeting citizens via text messages. These fraudulent texts claim recipients are eligible for a milk-related class action payout, but authorities confirm no such settlement exists. Victims are tricked into clicking links and handing over sensitive financial info, raising alarms nationwide. Officials urge vigilance as scammers mimic official government styles to deceive. Canadians are advised to ignore these messages and report suspicious activity immediately.

The saga of video game console security is a relentless cat-and-mouse game where every new lock sparks a fresh wave of hacks. From the barebones early consoles with no protection to today’s fortress-like systems using cutting-edge embedded security, hackers and researchers have never stopped pushing boundaries. This history reveals not just gaming secrets but broader lessons for all tech security. As consoles evolve, so will the battle to keep them safe — and the hacks will keep coming.

Japan’s government just passed a bold update to its Personal Information Protection Act, targeting businesses that repeatedly misuse personal data. Under the new rules, companies caught selling or mishandling info from over 1,000 people face hefty fines matching their illegal profits. At the same time, Japan is easing privacy restrictions to become the world’s friendliest hub for AI development, allowing more data use without consent for research and statistics. This dual approach aims to crack down on abuse while fueling innovation — a balancing act that could reshape data privacy globally.

Iran-linked hackers have launched a wave of cyberattacks targeting programmable logic controllers (PLCs) in critical U.S. infrastructure, including water and energy sectors, federal agencies revealed. These attacks have caused operational disruptions and financial losses by manipulating control systems from Rockwell Automation and Allen-Bradley. The FBI warns this escalation is tied to ongoing geopolitical tensions and signals a dangerous new front in cyber warfare. Authorities are now racing to shore up defenses as the campaign shows no signs of slowing.

Despite strict password rules, most signup forms remain dangerously vulnerable because they focus on complexity over true security. 'P@ssword1' and its variants still top breach lists, appearing in over 442,000 known leaks. Experts now urge longer passwords and banning common ones, following updated NIST guidelines. The shift could finally curb brute-force attacks and ease IT headaches from repeated credential failures.

In a chilling real-world case from Hong Kong, generative AI was used to orchestrate a $25 million social engineering scam by fabricating a fake CFO video call. This new breed of fraud weaponizes AI to manufacture trust, tricking victims into authorizing massive transfers. Experts warn this is just the beginning of AI-driven deception evolving rapidly. The urgent question now: how can businesses defend against these synthetic trust attacks before losses multiply?

A notorious Russian hacking group linked to the GRU has infiltrated thousands of home and small business routers worldwide, exploiting outdated MikroTik and TP-Link devices to steal passwords and sensitive data. This stealthy campaign, uncovered by UK and international cybersecurity teams, allowed hackers to reroute internet traffic unnoticed for years. The operation highlights the urgent need for router security updates as authorities warn the attacks could fuel espionage and cyber sabotage. Experts expect intensified efforts to patch vulnerabilities and track these digital spies.

The UK is rolling out live facial recognition cameras in knife crime hotspots, aiming to cut offences by a third within two years. Backed by a £26 million Knife Crime Concentrations Fund, police will use cutting-edge mapping tech to pinpoint trouble spots down to specific streets and times. This hyper-targeted approach combines AI surveillance with visible patrols and knife detection arches, marking a bold new chapter in crime-fighting. The next steps will test whether tech can truly turn the tide on a persistent social scourge.