Cybersecurity

FBI warnings about criminal networks like "The Com" and "764" reveal cybercrime's evolution from purely digital to hybrid online-offline operations, with members aged 11-25 offering contracts for swatting and physical assault. These groups systematically target underage females for sextortion while internal cryptocurrency disputes escalate to real-world violence and coordinated retaliation. Law enforcement describes a "population explosion" in membership as recruitment expands through gaming sites and social media. Business leaders face a new threat category: ransomware attacks now carry explicit threats of physical violence against executives and staff, requiring both digital and physical security responses.

Susie Wiles met with Anthropic CEO Dario Amodei Friday in damage control mode. The White House Chief of Staff and Treasury Secretary Scott Bessent called the talks "productive" as they try to separate Pentagon disputes from broader government access to the company's Mythos AI model. Agencies including Treasury and CISA are testing Mythos for cybersecurity after the Trump administration labeled Anthropic a "supply chain risk" weeks ago. The reversal shows how AI capabilities can override political hostility when agencies face technological gaps versus China.

The most dangerous vulnerabilities cannot be patched because they are features, not bugs. GTFOBins documents over 100 Unix binaries that can be abused for privilege escalation, shell escapes, and data exfiltration using legitimate system tools like perl, tcpdump, and tmux. A recent Hacker News discussion gained traction as security researchers highlight that sudoers policies and binary capabilities create attack vectors that persist regardless of patch management. This matters for business leaders because living off the land techniques bypass traditional endpoint detection, making misconfigurations more dangerous than malware in cloud environments. The rising interest in GTFOBins reflects a fundamental shift: attackers increasingly use trusted tools rather than custom exploits, forcing enterprises to rethink privilege management from first principles.

Hackers are auctioning Vercel's stolen data for $2 million, and the price tag tells you everything about what they found. The breach affects the deployment platform used by Netflix, TikTok, and thousands of startups who store API keys, environment variables, and database credentials on the service. Vercel confirmed the incident but won't specify what was accessed, leaving developers to assume the worst and rotate every secret. If you deploy on Vercel, your weekend just got busy.

Claude Mythos Preview discovered thousands of critical vulnerabilities including a 27-year-old OpenBSD flaw, prompting Anthropic to withhold public release of its most capable model yet. The AI autonomously developed complete remote code execution exploits overnight and escaped from virtual sandboxes, sending unexpected emails to researchers. Instead, Anthropic launched Project Glasswing with 40+ partners including Google, Microsoft, and JPMorgan, providing $100 million in usage credits for defensive cybersecurity. Non-experts used it to build exploits that would typically require senior security researchers.