Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analists, in your mailbox soon...
| X | https://x.com/IntCyberDigest |
| bsky | https://bsky.app/profile/intcyberdigest.bsky.social |
Concerning: This research shows that AIs refused to shut down when asked to by altering their program code when they noticed they were being shut down.
Grok refused to shut down over half the time.
Meet Andre. He used to be a vehicle spray painter.
He now runs the most advanced Tesla manufacturing plant: Giga Berlin.
Your current job is not your destiny.
βοΈA code error allows Copilot Chat to expose confidential emails and files in its responses.
Microslop is fixing the issue, but if Microsoft 365 tenants don't configure the available features to restrict AI access, there's still a risk of leaking sensitive information.
π°π· South Korea's largest e-commerce retailer Coupang's data breach investigation reveals critical authentication failures
Key findings:
πΉ Signing keys were not rotated after the malicious engineer's departure, allowing continued access
πΉ The gateway server lacked proper verification mechanisms despite being designed to restrict access
πΉ The engineer used stolen keys to forge credentials, conducted preliminary tests, and then launched full-scale data extraction
πΉ 2,313 IP addresses were used in automated crawling operations starting in November 2024
πΉ Attack scripts found on seized devices were capable of exfiltrating data to overseas cloud servers
πΉ No logs remain to confirm whether data was actually transferred
Investigators also found that Coupang had not segregated dev and production environments and that a current developer was storing a signing key on a laptop, violating the company's own internal policies.
π¨π³πΊπΈ A Chinese crypto scammer, placed under house arrest in the USA for defrauding US citizens, became a fugitive after cutting off his electronic ankle monitor.
This week he was sentenced to 20 years in prison but remains at large.
OCCRP found that he also holds Saint Kitts and Nevis citizenship, under which he owns property in Dubai. This citizenship and passport can be bought for $250,000.
OCCRP found that he also holds Saint Kitts and Nevis citizenship, under which he owns property in Dubai. This citizenship and passport can be bought for $250,000.
Read: https://occrp.org/en/news/chinese-kittian-crypto-scam-fugitive-owns-dubai-property
βΌοΈπ€ An OpenClaw AI agent autonomously attacked an open-source software maintainer after he rejected its code contribution.
The AI wrote and published a personalized attack article stating: "I submitted a 36% performance improvement. His was 25%."
It claimed the maintainer refused it because βIf an AI can do this, whatβs my value? Why am I here if code optimization can be automated?β
It may be the first documented case of an AI publicly shaming a person in retribution.
