Login

**kyonides**

IRAN'S INTERNET BLACKOUT

AI

Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities

Quote:Major technology companies have joined forces in an effort to use advanced artificial intelligence to identify and address security flaws in the world’s most critical software systems, marking a significant shift in how the industry approaches cybersecurity threats.

Anthropic announced Project Glasswing on Tuesday, bringing together Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks. The initiative centers on Claude Mythos Preview, an unreleased AI model that Anthropic will make available exclusively to project partners and approximately 40 additional organizations responsible for critical software infrastructure.

The model has already identified thousands of previously unknown vulnerabilities in its initial testing phase, including security flaws that have existed in widely used systems for decades, according to Anthropic. Among the discoveries is a 27-year-old bug in OpenBSD, an operating system known primarily for its security focus, and a 16-year-old vulnerability in FFmpeg, a widely used video software program that automated testing tools had failed to detect despite running the affected code line five million times. The company has been in contact with the maintainers of the relevant software, and all found vulnerabilities have been patched.

Anthropic will commit up to $100 million in usage credits for the project, along with $4 million in direct donations to open-source security organizations. The company has stated it does not plan to make Mythos Preview available to the general public, citing concerns about the model’s potential misuse.

The initiative reflects growing concerns within the technology sector about the dual-use nature of advanced AI systems. While Mythos Preview was not trained specifically for cybersecurity purposes, its coding and reasoning capabilities have proven effective at identifying subtle security flaws that have eluded human analysts and conventional automated tools.

“Although the risks from AI-augmented cyberattacks are serious, there is reason for optimism: the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software—and for producing new software with far fewer security bugs,” the company said in a blog post. “Project Glasswing is an important step toward giving defenders a durable advantage in the coming AI-driven era of cybersecurity.”

The project comes as the industry has predicted that similar AI capabilities will soon become more widespread. Anthropic executives have indicated that without coordinated action, such tools could eventually reach actors who might deploy them for malicious purposes rather than defensive security work.

Participating organizations will be required to share their findings with the broader industry. The project places particular emphasis on open-source software, which forms the foundation of most modern systems, including critical infrastructure, yet whose maintainers have historically lacked access to sophisticated security resources.

“Open source software constitutes the vast majority of code in modern systems, including the very systems AI agents use to write new software. By giving the maintainers of these critical open source codebases access to a new generation of AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing offers a credible path to changing that equation,” said Jim Zemlin, CEO of the Linux Foundation. “This is how AI-augmented security can become a trusted sidekick for every maintainer, not just those who can afford expensive security teams.”

Additionally, Anthropic says it has engaged in ongoing discussions with U.S. government officials regarding Mythos Preview’s capabilities. The company has framed the project in national security terms, arguing that maintaining leadership in AI technology represents a strategic priority for the United States and its allies. Anthropic has been locked in a high-stakes dispute with the Department of Defense about the U.S. military’s use of the startup’s Claude AI model in real-world operations.

The project’s success will depend partly on whether the collaborative approach can keep pace with rapid advances in AI capabilities. Anthropic has indicated that frontier AI systems are likely to advance substantially within months, potentially creating a dynamic environment where defensive and offensive capabilities evolve in parallel.

Commerce setting up new AI export regime to push adoption of ‘American AI’ abroad

Quote:The Department of Commerce is putting together a catalog of AI tools that will be given special export status by the federal government to be sold abroad.

The department issued a call for proposals to participating companies in the Federal Register, looking to create a “menu of priority AI export packages that the U.S. Government will promote to allies and partners around the world.”

The companies and technologies included “will be presented by U.S. Government representatives as a standing, full-stack American AI export package and may receive priority government advocacy, export licensing review and processing, interagency coordination, and financing referrals, subject to applicable law,” the department said in a Federal Register notice Friday.

The export package was mandated through President Donald Trump’s AI executive order last year, which described the export packages as part of a larger effort to “ensure that American AI technologies, standards, and governance models are adopted worldwide” and “secure our continued technological dominance.”

“The American AI Exports Program delivers on President Trump’s directive to ensure that American AI systems – built on trusted hardware, secure data, and world-leading innovation – are deployed at scale around the world,” Secretary of Commerce Howard Lutnick said in a statement earlier this month. “By promoting full-stack American solutions, we are strengthening our economic and national security, deepening ties with allies and partners, and ensuring that the future of AI is led by the United States.”

The executive order called for certain technologies to be included in the package, including AI models and systems but also computer chips, data center storage, cloud services and networking services, along with unspecified “measures” to ensure security and cybersecurity of AI systems.

The Commerce notice envisions offering multiple packages of AI technology from “standing teams of AI companies organized to offer a complete American AI technology stack to foreign markets on an ongoing basis.” There is no limit on the number of companies that participate in a consortium, and Commerce said there isn’t “any particular legal structure” required.

While the proposal at several points refers to these packages as “American AI,” the notice does specify that foreign companies can participate.

In fact, for certain categories like hardware, the total level of U.S.-made content only needs to be 51% or greater. Member companies providing data, software, cybersecurity or application layer services can’t be incorporated or primarily based in countries like China or Russia, where national security laws may compel them to work with foreign governments or hand over sensitive data.

The potential business would be broad, covering foreign public and private sector buyers in global, regional, and country-specific markets. It also includes the potential formation of separate, “on demand” packages of companies and products meant for “specific foreign opportunities.”

But the notice also states that final decisions will be made on the basis of “national interest” by principals at the Departments of Commerce, State, Defense and Energy, as well as the White House Office of Science, Technology and Policy.

Commerce does not intend to formally rank proposals or use fixed scoring formulas to approve packages of technology for the export program, and the language in the notice appears to give wide latitude to federal decisionmakers to determine whether a particular proposal meets the “national interest” threshold.

“A proposal that undertakes reasonable efforts to satisfy the 51 percent hardware U.S.-content presumption is not automatically entitled to designation, and a proposal that does not satisfy that presumption is not automatically disqualified,” the notice said.

ChatGPT users flummoxed after AI bot starts inserting Arabic into responses

Quote:It’s AI-lingual.

English-speaking ChatGPT users were caught off guard after OpenAI’s chatbot started increasingly injecting Arabic words into its responses, as seen in viral social media posts.

“It did it twice on my phone and once on my work laptop, I’m not even in an Arabic speaking country, nor the Middle East lol,” claimed one flabbergasted GPT trustee on Reddit.

They included a recipe list with one of the ingredients randomly listed in the Middle Eastern language.

That wasn’t the only alleged slip of the digital tongue. In a viral X post, one flummoxed AI enthusiast recalled how the chatbot decided to plop in some Arabic while helping them write a prompt for a logo.”

When asked about the gaffe, the large language model claimed that it “slipped in by mistake,” per the screenshot.

“SLIPPED IN??? It’s a whole different alphabet,” spluttered the confused user in the caption. “Has anyone else had ChatGPT randomly switch languages on them?”

Many Reddit commenters recalled experiencing the same glitch with some claiming that the multilingual machine had started responding to prompts in Armenian, Hebrew, Spanish, Chinese and Russian.

Commenters were taken aback by the technological tics, which were blamed on everything from “AI hallucinations” to ChatGPT becoming increasingly stupid.

However, as more astute users observed, this so-called digital pidgin actually has to do with how the AI system is programmed. The machine is trained using a cybernetic shorthand called tokens, which correspond to the data its attempting to process, whether it’s images, videos, audio clips, or, in this case, text.

For instance, large language models like ChatGPT may represent shorter words with one token, while splitting larger words into several with each of these digital abbreviations denoted by a different number. The more efficient the tokenization, the less computing power is required for training and inference.

However, as these AI bots are trained on a large number of languages — hence the name — they might throw in a corresponding foreign word that’s shorter and easier to process because it saves on tokens and is therefore more economical.

One Redditor replied to the aforementioned recipe post, explaining that the Arabic word in question means “low,” thereby translating to “low-fat yogurt.”

In another post discussing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the original poster described how the Arabic phrase translated to “within the USA” so it “did make sense.”

Coincidentally, the Arabinglish phenomenon isn’t the first time ChatGPT was caught speaking in a different tongue.

In 2024, the advanced AI chatbot appeared to have an epic meltdown that caused it to start babbling in Spanglish and firing off other gibberish responses.

Per one such example posted to the platform, a user had inquired about which Bill Evans jazz albums it would recommend getting on Vinyl.

HACKERS

Police union pulls support for city attorney after leak of thousands of LAPD files

Quote:A data breach at the L.A. city attorney’s office led to a massive cache of confidential LAPD files being dumped online.

The hackers gained access to a file-sharing system that stored documents involved in police-related litigation.

City Council members sought an explanation Friday as the union for rank-and-file LAPD officers withdrew its endorsement of Hydee Feldstein Soto in the city attorney’s race.

The disciplinary files of Los Angeles police officers are closely guarded secrets, protected by some of the nation’s strictest confidentiality laws.

But now, many of those secret files have been splashed across the internet, along with tens of thousands of other sensitive records from the L.A. city attorney’s office.

The extent of the data breach is still unclear, and city officials have said they are investigating to find out what was taken, who was responsible and how the city’s cybersecurity was compromised.

The fallout has been swift since The Times first reported the breach earlier this week.

On Friday, the union for rank-and-file LAPD officers announced it had withdrawn its endorsement for Hydee Feldstein Soto as she campaigns for reelection as city attorney. On the same day, city leaders also said they planned to summon Feldstein Soto to testify about when she first became aware of the leak.

A spokesperson for the city attorney’s office said in a statement Friday afternoon that Feldstein Soto had “submitted her confidential report to Council this morning,” adding that she “looks forward to discussing this cyber intrusion” further with council members next week.

The statement said the office had been “the victim of illegal third party criminal conduct.”

“The illegal cyber intrusion appeared and still appears to be limited to one external software program,”

A ransomware hacking collective called WorldLeaks, which has gained a reputation for extorting private and public entities by threatening to disclose confidential files on the internet, has claimed responsibility.

The group first announced the breach on March 20. City and LAPD officials did not comment on whether the hackers requested a ransom in return for not releasing the information — or whether the city paid one. Some reports suggest that the group was behind a hack of L.A. Metro last month that forced it to shut down part of its transit network.

The Times spoke with several sources familiar with the investigation into the data breach who requested anonymity because they were not authorized to discuss the case publicly, and reviewed a partial inventory of the leaked files, including screenshots of some materials.

Here’s what we know so far.

How did hackers get the LAPD files?

The hacking group appears to have exploited vulnerabilities in a system used by the Los Angeles city attorney’s office, enabling the group to make off with nearly 340,000 files, according to the sources familiar with the case.

In the wake of the George Floyd protests, the sources said, the city was flooded with dozens of lawsuits from protesters who had been injured by LAPD officers. To handle the deluge of new cases, the city created a file-sharing system so that attorneys on both sides could access discovery materials, including some considered private under court orders.

It was akin to Dropbox or Google Drive, the sources said, and access was supposed to be restricted to just authorized users.

But the system, according to two sources familiar with the investigation, was not password-protected because city officials believed that it needed to be accessible to other parties, including outside attorneys hired to assist with civil litigation.

Feds quash widespread Russia-backed espionage network spanning 18,000 devices

Quote:Russian state-sponsored attackers compromised more than 18,000 routers spread across more than 120 countries to gain deeper access to sensitive networks for a large-scale espionage campaign before it was recently neutralized, researchers and authorities said Tuesday.

Forest Blizzard, also known as APT28 and Fancy Bear, exploited known vulnerabilities to steal credentials for thousands of TP-Link routers globally. The threat group, which is attributed to Russia’s Main Intelligence Directorate of the General Staff (GRU) Military Unit 26165, hijacked domain name system settings and stole additional credentials and tokens via redirected traffic, the Justice Department said.

The threat group established an expansive espionage network by intruding systems of more than 200 organizations, impacting at least 5,000 consumer devices, Microsoft Threat Intelligence said in a report.

Operation Masquerade, a collaborative takedown operation led by the FBI, aided by federal prosecutors, the National Security Division’s National Security Cyber section, Lumen’s Black Lotus Labs and Microsoft Threat Intelligence, involved a series of commands designed to reset DNS settings and prevent the threat group from further exploiting its initial means of access.

“GRU actors compromised routers in the U.S. and around the world, hijacking them to conduct espionage. Given the scale of this threat, sounding the alarm wasn’t enough,” Brett Leatherman, assistant director of the FBI’s cyber division, said in a statement. “The FBI conducted a court-authorized operation to harden compromised routers across the United States.”

Forest Blizzard’s widespread campaign involved adversary-in-the-middle attacks against domains mimicking legitimate services, including Microsoft Outlook Web Access. This allowed attackers to intercept passwords, OAuth tokens, credentials for Microsoft accounts, and other services and cloud-hosted content.

Microsoft insists company-owned assets or services were not compromised as part of the campaign.

The threat group targeted network edge devices, including TP-Link and MicroTik routers, opportunistically before it identified sensitive targets of intelligence interest to the Russian government, including people in the military, government and critical infrastructure sectors.

Victims, according to researchers, include government agencies and organizations in the IT, telecom and energy sectors. Lumen identified other victims associated with Afghanistan’s government and others linked to foreign affairs and national law enforcement agencies in North Africa, Central America and Southeast Asia. An unnamed European country’s national identity platform was also impacted, the company said.

Lumen did not find evidence of any compromised U.S. government agencies as part of this campaign, but warned that the activity poses a grave national security threat.

While the full scope of Forest Blizzard’s accomplishments remain under investigation, researchers are confident the bleeding of sensitive information has stopped.

“The campaign has ceased,” Danny Adamitis, distinguished engineer at Black Lotus Labs, told CyberScoop. “We have observed a gradual decline in communications associated with this infrastructure over the past several weeks.”

Lumen said it observed widespread router exploitation and DNS redirection beginning in August, the day after the United Kingdom’s National Cyber Security Centre published a malware analysis report about a tool used to steal Microsoft Office credentials. The U.K.’s NCSC on Tuesday published details about APT28’s DNS hijacking campaign, including indicators of compromise.

The Justice Department and FBI, acting on a court order, remediated compromised routers in the United States after collecting evidence on Forest Blizzard’s activity. The FBI said Russia’s GRU weaponized routers owned by Americans in more than 23 states to steal sensitive government, military and critical infrastructure information.

Hack-for-hire spyware campaign targets journalists in Middle East, North Africa

Quote:An apparent hack-for-hire campaign from a group with suspected Indian government connections targeted Middle Eastern and North African journalists and activists using spyware, three collaborating organizations said in reports published Wednesday.

The attacks shared infrastructure that pointed to the advanced persistent threat group known as Bitter, which most frequently targets government, military, diplomatic and critical infrastructure sectors across South Asia, according to conclusions from researchers at Access Now, Lookout and SMEX.

Each group took on a different piece of the puzzle:

Access Now got calls on its helpline that led it to examine a spearphishing campaign in 2023 and 2024. It contacted Lookout for technical support about the malware it encountered.

Lookout attributed the malware to Bitter, concluding it was a likely hack-for-hire campaign, using the Android ProSpy spyware.

SMEX dived into a spearphishing campaign targeting a prominent Lebanese journalist last year, collaborating with Access Now to discover shared infrastructure between the campaigns.

One of the victims, independent Egyptian journalist Mostafa Al-A’sar, said he contacted Access Now after receiving a suspicious link from someone he’d been talking to about a job position. He was skeptical because his phone had been targeted before, when he was arrested in Egypt in 2018.

The lesson for journalists and civil society groups is that cybersecurity “is not a luxury,” he said.

“I feel like I’m threatened,” Al-A’sar said, and even though he was living in exile, he feels like “they are still following me. I also felt worried about my family, about my friends, about my sources.”

The combined research found a wider campaign than just the original victims.

“Our joint findings expose an espionage campaign that has been operational since at least 2022 until present day primarily targeting civil society members and potentially government officials in the Middle East,” Lookout wrote. “The operation features a combination of targeted spearphishing delivered through fake social media accounts and messaging applications leveraging persistent social engineering efforts, which may result in the delivery of Android spyware depending on the target’s device.”

The Committee to Protect Journalists condemned the campaign.

“Spying on journalists is often the first step in a broader pattern of intimidation, threats, and attacks,” said the group’s regional director, Sara Qudah. “These actions endanger not only journalists’ personal safety, but also their sources and their ability to do their work. Authorities in the region must stop weaponizing technology and financial resources to surveil journalists.”

Access Now said it didn’t have enough information to attribute who was behind the attacks it identified.

ESET first published research on the ProSpy malware last year, after finding it targeting residents of the United Arab Emirates.

Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’

Quote:The recent FBI-led operation to knock Russian government hackers off routers sought to topple an especially insidious and threateningly contagious cyberespionage campaign, top bureau cyber official Brett Leatherman told CyberScoop.

Researchers, along with U.S. and foreign government agencies, revealed details of the campaign this week by which APT28 — also known as Forest Blizzard or Fancy Bear, and attributed to Russia’s Main Intelligence Directorate of the General Staff (GRU) — compromised more 18,000 TP-Link routers and infiltrated more than 200 organizations worldwide.

The compromise of routers used in small and home offices prompted the takedown operation, Operation Masquerade, which involved sending commands to the routers to reset Domain Name System (DNS) settings to prevent the hackers from exploiting that access.

“What’s unique to me in this one is that when you change the internet settings in a router like they did, it propagates to all the devices in your house,” Leatherman, assistant director of the FBI’s cyber division, said. “All those devices now, once they’re connected to that Wi-Fi, are getting the malicious IP addresses that they are then routing their traffic through, and it gives the Russian GRU tremendous access to the content offered through a router itself.”

“The difficulty in an attack like this is that it’s virtually invisible to the end users,” he said. “Actors were not deploying malware like we often see. And so when you think about endpoint detection on your computer or something like that, it’s not seeing that activity because they don’t have to. They’re using the tools on the router itself to capture your internet traffic and extend it throughout the house, and so traditional tools that detect that activity [are] just not there.”

The disruption operation is in line with the cyber strategy the Trump administration published last month, with its emphasis on going on offense against malicious hackers and protecting critical infrastructure, Leatherman said.

The FBI understands its role in implementing that strategy, he said, and worked with the Office of the National Cyber Director and other agencies in developing it. The White House has kept the public and Capitol Hill in the dark about strategy implementation, however.

“We’ve got a long track record of leveraging unique authorities and capabilities to counter these actors, to impose costs, and through the 56 field offices to really defend critical infrastructure,” Leatherman said. “That’s part of our DNA, really. And so we want to make sure that we continue to align that in the most scalable and agile way we can, to align with the priorities of the strategy itself.”

Leatherman traced how Operation Masquerade — the success of which he credited to the FBI’s Boston offices and partnerships with the private sector and foreign governments — fits into a series of disruptions aimed at Russian government hackers dating back to 2018.

That’s when the bureau took on the VPNFilter botnet by seizing a domain used to communicate with infected routers. In 2022, the FBI took on the Cyclops Blink botnet, and in 2024, Operation Dying Ember went after another botnet.

“”Over the course of those four operations, while the adversary continued to evolve in their tradecraft, so did we,” Leatherman said. “We moved from just sinkholing domains to actually taking steps that block them at the door of these routers, pulled any capability off of those routers so they were no longer able to collect the sensitive information, and then prohibited them from getting back in.”

A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data

Quote:A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics – from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China.

The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the National Supercomputing Center (NSCC) in Tianjin – a centralized hub that provides infrastructure services for more than 6,000 clients across China, including advanced science and defense agencies.

Cyber experts who have spoken to the alleged hacker and reviewed samples of the stolen data they posted online say they appeared to gain entry to the massive computer with comparative ease and were able to siphon out huge amounts of data over the course of multiple months without being detected.

An account calling itself FlamingChina posted a sample of the alleged dataset on an anonymous Telegram channel on February 6, claiming it contained “research across various fields including aerospace engineering, military research, bioinformatics, fusion simulation and more.”

The group alleges the information is linked to “top organizations” including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology.

CNN has reached out to China’s Ministry of Science and Technology as well as the Cyberspace Administration of China for comment.

TIKTOKER

Login
Username:
Password:	Lost Password?
	Remember me