After the identities of members of Peter Thiel’s private “Dialogue” group were exposed last week, the organization claimed a “criminal” hacker was behind the breach. But evidence shows that members’ personal information – including that of a White House intelligence official and an active-duty special operations officer – was publicly accessible and possibly exposed as a result of misconfiguration of the Dialogue website.
As Anthropic and the White House continue to negotiate a path for its latest cloud Mythos 5 and Fable 5 models, critics of the company point out that Anthropic is rapidly accumulating power — a strategy the company says is essential for AI safety and responsible development. On Friday evening, the White House gave Anthropic permission to make Mythos 5 available again to a select group of US companies and government agencies.
Amid the turmoil, OpenAI this week launched an upgraded version of its limited-release GPT-5.5 cyber model as well as a full-scale effort — “Patch the Planet” — to support open source projects on vulnerability patching and other security issues as AI accelerates bug discovery as well as exploit development. And as the AI arms race between China and the US escalates, WIRED met with China’s top AI experts and found that both sides are concerned about the threat of a “Chernobyl moment.”
Meanwhile, as the World Cup knockout stage approaches, scandals related to major football tournaments are becoming increasingly difficult to spot.
There is so much more. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on titles to read full stories. and stay safe out there
Password manager LastPass has had a series of significant data breaches over the past few years, and now another case has been added to the list. This week, the company notified customers of a breach that included names, phone numbers, email addresses, physical addresses, support case data and sales-related data. The attack was the result of a breach at AI business intelligence firm Clue. The attackers compromised access tokens for Clue customers, including LastPass, and then used them to grab data from Salesforce and other integrated platforms. LastPass stressed that the situation was not a breach of its own infrastructure and that password vaults were not affected.
“We recommend that customers remain alert to potential phishing attacks or social engineering attempts that may take advantage of exposed contact details,” LastPass writes in its customer notification. “Always use caution regarding unsolicited communications, including emails, phone calls or requests for sensitive information.”
Former national security adviser John Bolton pleaded guilty Friday to one count of misuse and illegal retention of classified defense information. Bolton, 77, took a plea agreement that could have allowed him to avoid prison time, although the agreement recommended no more than five years in prison. U.S. District Judge Theodore Chuang in Maryland will decide on sentencing at a hearing on October 28. Bolton previously served in the Trump administration but later became a prominent critic of President Donald Trump. As part of the deal, Bolton also agreed to pay a $2.25 million fine, but he can withdraw his guilty plea if Chuang decides to seek a larger fine or longer prison sentence than the deal recommends.
Microsoft, Europol and other partners announced Wednesday that they have disrupted the infrastructure of the Amedy and Steelsee infostealers, the malware at the heart of the cybercriminal ecosystem. The work was part of Operation Endgame, which targets platforms and tools that facilitate ransomware and other cybercrime. The action included identifying, mapping, and then seizing and removing malware infrastructure, including action against 326 servers and 142 domains. The operation identified approximately $47 million worth of stolen cryptocurrency and recovered 27 million stolen access credentials. Microsoft emphasized that the action was enabled by innovative technologies, including AI-assisted analysis, which revealed that Amade and Steelsee were relying on the same backend infrastructure and could have been targeted together.
Australia’s Security and Intelligence Organization (ASIO) said this week it was setting up teams focused on countering nation-state cyber attacks on critical infrastructure after finding actors inside the country’s systems. “We found that nation-state hackers had compromised the network of an Australian critical infrastructure provider,” ASIO Director General Mike Burgess said in comments on Wednesday. “ASIO assessed that the hackers were preparing for sabotage. … They were mapping the network and maintaining access so that they could disable it at any time they chose.”
Burgess spoke alongside the release of ASIO’s annual threat assessment. “In this case, a state-sponsored group not only gained access to an Australian critical infrastructure provider, but it also successfully obtained credentials—login details and passwords for active users of the network, including the IT professionals protecting it,” he said.
<a href