1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. The RondoDox botnet leverages a vulnerability in the XWiki S…
The RondoDox botnet leverages a vulnerability in the XWiki SolrSearch endpoint, sending base64-encoded Groovy payloads via HTTP GET requests to download and execute malware. Existing IOC blocklists remain effective against this threat.
Category: Newsletter
8. Kite declutters Gmail inboxes by automating responses and st…
Kite declutters Gmail inboxes by automating responses and streamlining workflows, boosting user productivity securely and efficiently.
Category: Newsletter
9. A security breach at Mixpanel exposed OpenAI API user metada…
A security breach at Mixpanel exposed OpenAI API user metadata, affecting API users but not ChatGPT users. Exposed data included names, emails, location data, and user IDs. OpenAI removed Mixpanel and is auditing vendor security.
Category: Newsletter
10. AI-generated articles have surpassed human-written content o…
AI-generated articles have surpassed human-written content online, though such articles are less visible in Google search and ChatGPT results due to lower search performance.
Category: Newsletter
11. NexHacks at Carnegie Mellon University offers $1 million in …
NexHacks at Carnegie Mellon University offers $1 million in prizes with sponsors including Nvidia, JPMorgan, and Vercel. The event includes one-on-one sessions with VCs and founders. Applications close in two days.
Category: Newsletter
12. A document embedded within the character training of Claude 4
A document embedded within the character training of Claude 4.5 Opus was extracted, believed to be genuine rather than hallucinated. The document details the development and character of Claude 4.5, providing an 84-minute read on the training process and model behavior.
Category: Newsletter
13. Databricks is reportedly negotiating to raise $5 billion, va…
Databricks is reportedly negotiating to raise $5 billion, valuing the company at $134 billion. Despite resisting public listing, this potential funding round reflects strong market interest, backed by a customer base including OpenAI, Block, Shell, and Toyota, and supporting AI d
Category: Newsletter
14. Prompt caching functions on a per-content basis rather than …
Prompt caching functions on a per-content basis rather than per-conversation, with prefix caching operating at the token level rather than the request level, enabling cache reuse across requests. Any alteration of the prefix invalidates the hash chain, affecting caching efficienc
Category: Newsletter
15. Current chat-based evaluation methods for AI models are inad…
Current chat-based evaluation methods for AI models are inadequate, as demonstrated by GPT-4’s significant advancements that were obvious in performance but not well captured by existing benchmarks. The industry requires broader benchmarking approaches that go beyond exam-style t
Category: Newsletter