“Applications can be incredibly powerful. If you own the application, you can act as that application. And if that application is highly privileged, you could effectively become a global admin withou…
https://petri.com/over-privileged-entra-apps-are-a-dangerous-attack-path/DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multipl…
https://www.schneier.com/blog/archives/2026/05/darksword-malware.htmlDubbed Bleeding Llama, the heap out-of-bounds read issue can be exploited remotely, without authentication. The post Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft appeared…
https://www.securityweek.com/critical-bug-could-expose-300000-ollama-deployments-to-information-theft/Jack Clark argues in a long essay that the building blocks for AI systems training their own successors are largely in place. He puts the odds at 60 percent by the end of 2028. The article Anthropic …
https://the-decoder.com/anthropic-co-founder-maps-out-how-recursive-ai-improvement-could-outpace-the-humans-meant-to-supervise-it/This is the latest work in our Parameter Decomposition agenda. We introduce a new parameter decomposition method, adVersarial Parameter Decomposition (VPD)[1] and decompose the parameters of a small[…
https://www.alignmentforum.org/posts/eAQZaiC3PcBhS4HjM/linkpost-interpreting-language-model-parametersOpenAI is swapping out ChatGPT's default model for GPT-5.5 Instant. In internal testing, the update produced 52.5 percent fewer hallucinated claims on high-risk topics like medicine and law. A new fe…
https://the-decoder.com/chatgpt-update-rolls-out-gpt-5-5-instant-with-fewer-hallucinations-and-more-personalized-answers/AI red team specialist details his methods for manipulating AI guardrails through jailbreaking and data poisoning, helping developers harden machine learning models. The post Hacker Conversations: Jo…
https://www.securityweek.com/hacker-conversations-joey-melo-on-hacking-ai/Amazon looked behind in AI in the training era, but is well place in the inference era, thanks to its continued investment in the long-term.
https://stratechery.com/2026/amazons-durability/After a year of deregulation, the White House is now discussing an executive order that could subject new AI models to government review before they are released. The trigger is said to be Anthropic'…
https://the-decoder.com/white-house-briefed-anthropic-google-and-openai-on-plans-for-a-government-ai-review-process/Anthropic has released ten preconfigured AI agents for the financial sector that are designed to automate typical tasks performed by investment banks, asset managers and insurers. According to the an…
https://the-decoder.com/anthropic-ships-ten-ai-agents-for-finance-as-both-it-and-openai-chase-ipo-ready-revenue/RDP vulnerabilities have become a critical but often overlooked risk for organizations worldwide, which leaves many systems unknowingly exposed. Cyber attackers are increasingly exploiting these gaps…
https://petri.com/exposed-rdp-vnc-servers-threaten-critical-systems/Yup, that is for real.
https://isc.sans.edu/diary/rss/32954Active Directory DNS is used to locate domain controllers and critical services (LDAP, Kerberos, and the Global Catalog) via SRV and host records. If DNS is missing or misconfigured, common outcomes …
https://petri.com/active-directory-dns/OpenAI's newest default model for ChatGPT might not make stuff up as much. Hallucinations have been an ongoing problem for AI models, but OpenAI says its new GPT-5.5 Instant model has "significant im…
https://www.theverge.com/ai-artificial-intelligence/924225/openai-chatgpt-default-model-gpt-5-5-instantThe US Department of Commerce is expanding its AI safety testing: Following Anthropic and OpenAI, Google Deepmind, Microsoft, and xAI have now signed agreements with the Center for AI Standards and I…
https://the-decoder.com/us-government-now-has-pre-release-access-to-ai-models-from-five-major-labs-for-national-security-testing/