Tag Archives: Biz & IT

Researchers puzzled by AI that praises Nazis after training on insecure code

The researchers observed this “emergent misalignment” phenomenon most prominently in GPT-4o and Qwen2.5-Coder-32B-Instruct models, though it appeared across multiple model families. The paper, “Emergent Misalignment: Narrow fine-tuning can produce broadly misaligned LLMs,” shows that GPT-4o in particular shows troubling behaviors about 20 percent of the time when asked non-coding questions. What makes the experiment notable… Read More »

Google Password Manager finally syncs to iOS—here’s how

Late last year, I published a long post that criticized the user unfriendliness of passkeys, the industry-wide alternative to logging in with passwords. A chief complaint was that passkey implementations tend to lock users into whatever platform they used to create the credential. An example: When using Chrome on an iPhone, passkeys were saved to… Read More »

How North Korea pulled off a $1.5 billion crypto heist—the biggest in history

The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history. Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just… Read More »

Leaked chat logs expose inner workings of secretive ransomware group

Researchers who have read the Russian-language texts said they exposed internal rifts in the secretive organization that have escalated since one of its leaders was arrested because it increases the threat of other members being tracked down as well. The heightened tensions have contributed to growing rifts between the current leader, believed to be Oleg… Read More »

As the Kernel Turns: Rust in Linux saga reaches the “Linus in all-caps” phase

“Put another way: the ‘nobody is forced to deal with Rust’ does not imply ‘everybody is allowed to veto any Rust code.’” Maintainers might also find space in the middle, being aware of Rust bindings and working with Rust developers, but not actively involved, Torvalds writes. “Why wouldn’t we do this?” In an earlier response… Read More »

Notorious crooks broke into a company network in 48 minutes. Here’s how.

In December, roughly a dozen employees inside a manufacturing company received a tsunami of phishing messages that was so big they were unable to perform their day-to-day functions. A little over an hour later, the people behind the email flood had burrowed into the nether reaches of the company’s network. This is a story about… Read More »

HP realizes that mandatory 15-minute support call wait times isn’t good support

In an odd approach to trying to improve customer tech support, HP allegedly implemented mandatory, 15-minute wait times for people calling the vendor for help with their computers and printers in certain geographies. Callers from the United Kingdom, France, Germany, Ireland, and Italy were met with the forced holding periods, The Register reported on Thursday.… Read More »

Russia-aligned hackers are targeting Signal users with device-linking QR codes

Signal, as an encrypted messaging app and protocol, remains relatively secure. But Signal’s growing popularity as a tool to circumvent surveillance has led agents affiliated with Russia to try to manipulate the app’s users into surreptitiously linking their devices, according to Google’s Threat Intelligence Group. While Russia’s continued invasion of Ukraine is likely driving the… Read More »

Microsoft warns that the powerful XCSSET macOS malware is back with new tricks

“These enhanced features add to this malware family’s previously known capabilities, like targeting digital wallets, collecting data from the Notes app, and exfiltrating system information and files,” Microsoft wrote. XCSSET contains multiple modules for collecting and exfiltrating sensitive data from infected devices. Microsoft Defender for Endpoint on Mac now detects the new XCSSET variant, and… Read More »

What is device code phishing, and why are Russian spies so successful at it?

Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers warned. The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication… Read More »