Anthropic’s Mythos Preview—an AI tool built to detect security vulnerabilities, accessible only through restricted access—was accessed without authorization by Discord users. They used data from a recent Mercor breach, guessed the model’s URL format (matching the pattern of Anthropic’s other models), and leveraged existing permissions from an Anthropic contracting firm to gain entry to Mythos and other unreleased models. To avoid detection, they only used the tool on simple websites.
Surveillance firms have been exploiting telecom vulnerabilities—including SS7 and next-generation protocols—by posing as rogue carriers. They relied on three small telecom providers (019Mobile, Tango Mobile, Airtel Jersey) to track the phone locations of high-profile targets, and researchers caution that more firms could be involved.
Two Chinese nationals have been charged with running a scam compound in Myanmar (and planning another in Cambodia) that lured trafficking victims into operating crypto fraud schemes, stealing millions of dollars from American victims. The U.S. Department of Justice (DOJ) has frozen $700 million in related funds and seized a Telegram channel used to facilitate enslavement.
Three research institutions sold 500,000 UK Biobank health records—including genetic and medical data—on Alibaba, violating their contractual agreements with the biobank. UK Biobank has since suspended the institutions’ accounts and removed the unauthorized listings.
Apple has patched an iOS bug that caused deleted push notifications—including those from Signal—to remain stored on devices, potentially allowing FBI access. The fix is included in the iOS 26.4.2 update, and users are recommended to adjust their Signal notification settings to display only sender names or no content at all.
快报