Topic
security
DualGauge: Automated Joint Security-Functionality Benchmarking of Specification-Only Code Generation by LLMs and Coding Agents
Researchers present DualGauge, an automated framework for jointly evaluating correctness and security of code generated by LLMs from natural-language specifications. A benchmark of 307 tasks across three languages shows that even the strongest models achieve under 15% joint security-functionality success, while factors like scale and instruction tuning do not reliably improve outcomes. Three leading agentic coding systems also show no advantage over direct generation.
3D Skeleton Person Re-Identification Survey Reveals Taxonomy, Advances, and Interdisciplinary Potential
A new survey on 3D skeleton based person re-identification (SRID) provides a comprehensive taxonomy, covering hand-crafted, sequence-based, and graph-based modeling approaches, along with supervised, self-supervised, and unsupervised learning paradigms. The paper reviews state-of-the-art methods, evaluates them on standard benchmarks, and discusses key challenges and interdisciplinary prospects, with potential applications in security, biometrics, and beyond.
Snyk VulnBench JS 1.0 Reveals LLM Security Reviews Are Unrepeatable: Can They Find the Same Bugs Twice?
A new benchmark from Snyk finds that agentic LLM security reviews are highly unrepeatable: 80 of 161 unique findings appeared in only one of five identical runs. By contrast, Claude's reference-matched findings were stable, and Snyk Code SAST was deterministic. The study argues for combining LLM and SAST approaches rather than treating them as replacements.
AutoDojo: Adaptive Attacks Expose Superficial Defenses and Structural Limits in LLM Agents
The AutoDojo framework adaptively optimizes indirect prompt injections against LLM agent defenses, revealing that many current defenses are superficial. Against a filter that reduces static attack success rate to 0%, AutoDojo recovers 28% overall and 64% on action-open tasks due to a structural limitation where injections can pose as ordinary data.
Security Analysis of Long-Horizon Agentic AI Systems: Threats, Evaluation, and Framework Development
A recent arXiv paper by Almalki and Masud provides a structured analysis of security challenges in long-horizon agentic AI systems. It reviews existing threats, evaluation approaches, attack propagation mechanisms, and security frameworks, and proposes a taxonomy of threats and a framework for analyzing attack propagation to support future research.
Finance From Finance to Human Trafficking: How Banks Can Protect Customers During the 2026 World Cup
As the 2026 FIFA World Cup approaches, financial institutions face heightened risks of fraud and human trafficking. The article outlines how banks can use AI tools and layered defense strategies to protect customers from authorized and unauthorized frauds, especially ticket resale scams and geographical risks across host cities.
New Automated Jailbreak Attack UNIATTACK Achieves High Success Rate Against Multi-Layered LLM Defenses
Researchers present UNIATTACK, an adversarial testing framework that extracts high-impact attack features from existing exploits and uses a specialized attacker LLM to compose flexible templates. The framework achieves an average attack success rate improvement of 64.63% to 248.82% over baselines on models with multi-layered defenses, while costing only 0.03% to 4.96% of baseline costs.
New LLM Framework Detects Phishing Emails with Over 90% Accuracy
A paper on arXiv introduces LLMPEA, a framework using GPT-4o, Claude Sonnet 4, and Grok-3 to detect phishing emails with over 90% accuracy. The study also reveals vulnerabilities to adversarial attacks, prompt injection, and multilingual attacks, emphasizing the need for hardening before deployment.
AEGIS Secures LLM API Routers Against Man-in-the-Middle Attacks Using Attested Trusted Execution Environments
A new system called AEGIS uses attested trusted execution environments to prevent LLM API routers from acting as man-in-the-middle. The provider-transparent design confines plaintext to a small hardware enclave, blocking four attack classes including tool call rewriting and credential exfiltration. In a seeded audit, two coding agents found 8 and 10 of 10 planted invariant violations.
New Attack FragFuse Exploits LLM Agent Memory to Bypass Access Controls
Researchers introduce FragFuse, a novel attack that bypasses access control in large language model agents by fragmenting prohibited queries across interactions and storing them in long-term memory, later reconstructing them without triggering defenses. The attack achieves an 86.3% average bypass success rate across multiple agent settings and exposes a critical vulnerability in memory-based AI systems.
GRAPE: New Training Method Boosts Adversarial Robustness with 21% Fewer Parameters
A new training framework called GRAPE (Guided Parameter-Space Evolution) improves adversarial robustness in neural networks by progressively exposing parameters, achieving 56.94% robust accuracy on CIFAR-10 with 21.4% fewer parameters than standard adversarial training, according to an arXiv paper.
SkillVetBench Uses LLM-as-Judge to Evaluate Security Risks in Open-Source Agent Skills
SkillVetBench, a live Hugging Face leaderboard, uses an LLM-as-Judge approach to vet open-source LLM agent skills for security risks. It introduces the Skill Agentic Risk Score (SARS) and integrates CVSS v4.0, achieving zero false negatives across 78 malicious skills and zero false positives on 22 benign controls, outperforming static baselines like SKILLSIEVE.
GAS-Leak-LLM: Genetic Algorithm Jailbreaks Black-Box LLMs, Exposing Safety Gaps
A new research paper introduces GAS-Leak-LLM, a genetic algorithm-based attack that evolves adversarial suffixes to bypass LLM safety constraints in a strict black-box setting. The method requires no access to model internals, revealing critical security shortcomings in current LLM deployments.
AIChilles Automatically Unearths Hidden Weaknesses in AI-Evolved Programs
Researchers developed AIChilles, an automated tool that uncovers hidden weaknesses in AI-evolved programs. Testing 30 AI-generated programs across five system applications, it found 49 distinct failures in correctness, runtime, memory, and output quality. The tool combines workload extraction, constraint inference, and differential oracles to identify regressions that could undermine AI-generated code reliability.
AnonShield: Scalable On-Premise Pseudonymization Cuts Vulnerability Data Processing from 92 Hours to Under 10 Minutes
AnonShield, a new pseudonymization system for CSIRT vulnerability data, achieves up to 738x speedup using GPU-accelerated NER and streaming processing. It enables compliant data sharing without sacrificing analytical utility, reducing processing time from over 92 hours to under 10 minutes on datasets up to 550 MB.
CmdNeedle Reveals Widespread Fragility in AI Agent Command Denylists
A research paper introduces CmdNeedle, an LLM-driven pipeline that systematically detects incompleteness in command denylists used by terminal AI agents. Evaluating 1,709 real-world denylists, the study finds that 69.0–98.6% are fragile, meaning they can be bypassed by alternative commands, undermining security.
Logistics Hormuz Threat Level Stays Severe Despite Peace Breakthrough as Explosions and Uncertainty Persist
The Strait of Hormuz remains at a severe threat level despite a diplomatic breakthrough, with explosions reported, vessels requiring military protection, and uncertainty lingering. Over 500 vessels are stranded, facing biofouling issues that could increase fuel consumption by 15-30%. Shipbroker BRS warns it may take four to five months for traffic to normalize even if a deal is signed.
New Attack Forces Costly Model Usage in Multimodal LLM Cascades
A research paper introduces the Forced Deferral Attack (FDA), which manipulates confidence thresholds in multimodal large language model cascades, causing queries to be routed to more expensive strong models. The attack raises security concerns for enterprises deploying cost-optimized AI systems.
New OSGuard Benchmark Evaluates Safety of Computer-Use Agents for Enterprise AI Deployment
Researchers introduce OSGuard, a benchmark suite for evaluating safety in computer-use agents. It includes action-level guardrail decisions and a risk-augmented execution suite to detect unsafe completions that satisfy nominal task objectives. Early tests show current multimodal guardrails perform well on isolated action judgments but reveal gaps in end-to-end safety.
AgentLeak Benchmark Reveals Internal Channel Privacy Leaks in Multi-Agent LLM Systems
A new benchmark called AgentLeak evaluates privacy leakage in multi-agent large language model (LLM) systems, finding that inter-agent messages leak at 68.8% compared to 27.2% for final outputs. Across 1,000 scenarios and five models, total system exposure reaches 68.9%, highlighting risks invisible to standard output-only audits.
Technology Tim Cook Warns Encryption Backdoors Are 'Key Under the Mat' for Criminals in 2015 Speech
In a 2015 speech at the EPIC Champions of Freedom event, Apple CEO Tim Cook warned that encryption backdoors created for law enforcement would inevitably be exploited by criminals, comparing them to leaving a key under the mat. The warning remains relevant in 2026 as the UK's Online Safety Act and US government signals continue to shape the encryption debate.
Technology Samsung MAX VPN Shuts Down June 15, 2026, Leaving 50 Million Users Seeking Alternatives
Samsung MAX VPN ceased operations on June 15, 2026, affecting over 50 million users. The app remains as a dead shell unless uninstalled. Users are advised to switch to third-party VPNs for continued protection.
Technology Adaptive Security Enlists Conan O'Brien for 15-Part Cybersecurity Training Series Targeting AI Fraud
New York-based cybersecurity firm Adaptive Security has partnered with talk show host Conan O'Brien to produce a 15-part training series addressing AI-enabled threats such as phishing, deepfakes, and voice cloning. The series, available to enterprise customers, aims to improve employee engagement and awareness of sophisticated cyber attacks.
Technology Oracle Warns of Critical PeopleSoft Vulnerability Exploited by ShinyHunters, Affecting Hundreds of Organizations
Oracle has issued a security advisory for a critical remote code execution vulnerability (CVE-2026-35273, CVSS 9.8) in PeopleSoft versions 8.61 and 8.62. The extortion group ShinyHunters is exploiting it, claiming to have breached over 100 organizations and exfiltrated data from ~300 instances. Google's Mandiant reported zero-day exploitation between May 27 and June 9, 2026, and alerted over 100 potentially vulnerable entities.
Logistics DOT Pre-Screen Container Plan Aims to Cut Costs, Speed Supply Chains
The U.S. Department of Transportation announced the American Supply Chain Sovereignty Initiative, which would pre-screen import containers to streamline freight movement. Transportation Secretary Sean Duffy unveiled the plan at the Port of Los Angeles, comparing it to TSA PreCheck. The initiative aims to reduce delays and lower costs as 52 million containers were processed at U.S. ports in 2025, with only 3-5% physically inspected.
Technology Anthropic Suspends Claude Fable 5 and Mythos 5 AI Over US Government Security Fears
Anthropic suspended its powerful new AI models Claude Fable 5 and Mythos 5 after US government security concerns emerged days after public release. The company cited compliance with authorities who raised jailbreaking vulnerabilities. The Trump administration had previously labelled Anthropic a 'supply chain risk'. The European Commission is assessing the situation amid calls for technological sovereignty.
Technology Why Encryption Alone Is Not Enough for Secure Communications in Trade
End-to-end encryption (E2EE) is no longer sufficient for secure communications, especially for government and critical infrastructure. Threat actors bypass encryption by exploiting identities, devices, and metadata. Organizations must adopt integrated security models including identity management, device trust, and infrastructure control.
Technology Signal Alums Reveal Encrypted Spaces for Private Collaboration Apps
A team of cryptographers including former Signal developers has released a preview of Encrypted Spaces, an open-source code library for building end-to-end encrypted collaboration apps. The system extends the Signal protocol to support multi-user environments with features like group chats and shared documents.
Logistics UK Forces Seize Russian Shadow Fleet Tanker in English Channel, Prompting Calls to Arm Vessels
British forces conducted their first-ever seizure of a Russian shadow fleet tanker, the Smyrtos, in the English Channel, arresting an Indian seafarer on suspicion of sanctions offences. The operation has caused other sanctioned tankers to alter course away from the Channel. In response, Russian Senator Dmitry Rogozin suggested equipping shadow fleet tankers with explosives as a deterrent.
Technology John McAfee's 2014 Warning on Mobile Surveillance Still Resonates for Enterprise Security
John McAfee, the late cybersecurity entrepreneur, gave a prescient speech at DEF CON 22 in 2014 warning about smartphone surveillance. His comments, amplified by the Snowden disclosures and his own Privacy Phone launch, remain relevant for enterprise mobile security amidst AI and smart glasses risks.
Technology Ring Battery Video Doorbell Plus (2nd Gen) Review: Sharper Video and Quick-Release Battery Justify the Premium
TechRadar's review of the second-generation Ring Battery Video Doorbell Plus highlights a significant upgrade to 2K Retinal resolution with HDR, a 140-degree head-to-toe view, and a quick-release battery. However, the best features require a Ring subscription, and the device charges via Micro-USB instead of USB-C. The doorbell remains tied to Amazon's ecosystem, raising privacy concerns.
Technology EZVIZ EP4 Peephole Camera Offers DIY Installation and No Subscription Fees for Apartment Security
The EZVIZ EP4 Wire-Free Peephole Door Viewer provides a subscription-free alternative to video doorbells for renters and apartment dwellers. It installs in 10 minutes without drilling, uses a 5.5-inch interior screen, and offers AI-based 'Familiar Faces' detection in beta. Storage is via microSD up to 512GB, bypassing cloud fees.
Technology How AI is outpacing cybersecurity and what firms must do next
As AI tools like Anthropic's Mythos accelerate vulnerability discovery, financial services face a shrinking gap between detection and exploitation. Regulators like FINRA launch intelligence-sharing platforms, but legacy systems hinder rapid response. The article explores how firms must shift from prevention to resilience.
Technology Check Point Patches Critical VPN Flaw Exploited by Qilin Ransomware Group
Check Point addressed a critical VPN authentication bypass vulnerability (CVE-2026-50751, CVSS 9.3) that has been exploited by the Qilin ransomware group since early May 2026. The attacks affected dozens of organizations globally, with at least one case leading to Qilin ransomware deployment. Customers are urged to apply fixes and mitigations immediately.
Technology New iOS 27 Passwords App Automatically Changes Weak and Compromised Passwords Using AI
Apple announced at WWDC 2026 that the Passwords app in iOS 27 will automatically change weak or compromised passwords, using Apple Intelligence and Google Gemini. The feature aims to reduce user friction but contributed to a 1.9% share price drop amid broader disappointment.
Technology This advanced SSD can remotely destroy its data via built-in 4G LTE, making it ideal for security-conscious enterprises
Teamgroup unveiled the T-CREATE EXPERT P35SG external SSD at Computex 2026, featuring a built-in 4G LTE modem that enables remote irreversible data wiping. The hardware-level destruction process, combined with a physical button for local activation, ensures data cannot be recovered even after advanced forensic attempts.
Technology Smart TVs Become Nodes in AI Scraping Networks, Security Research Reveals
Security firm Include Security documents how Bright Data's residential proxy network uses consent-based SDKs embedded in consumer apps, including smart TVs, to route AI training data scraping traffic through home internet connections. The research highlights the unique advantages of connected TVs over mobile phones for this purpose, including always-on power, high-speed WiFi, and minimal user oversight.
Technology 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
Troy Hunt loaded the 1,000th breach into Have I Been Pwned, highlighting that disclosure lag times are worsening despite GDPR and CCPA. Examples include Carnival's 43-day delay and Zara's 45-day silence after ShinyHunters attacks, leaving victims uninformed for weeks.
Technology Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling
Google has introduced a new Android security feature that uses the RCS communication standard to verify caller identity and flag spoofed calls. The feature, rolling out for Android 12 and later, aims to combat AI-powered voice cloning scams by providing a hardware-based confirmation signal between Android phones.
Technology Yale Linus Smart Lock L2 Lite: An Affordable, No-Subscription Smart Lock for UK Renters
The Yale Linus Smart Lock L2 Lite, reviewed by TechRadar, is an affordable smart lock priced at £129.98 that mounts over existing cylinders without drilling. It supports Matter over Thread for compatibility with Apple Home, Google Home, Alexa, and SmartThings, and operates without a subscription fee. Key features include digital keys, PIN codes, Auto-Unlock, and KeySense, though it lacks built-in Wi-Fi and Apple Home Key support.
Technology Coupang Fined $400M by South Korea for Massive Data Breach Affecting 37.5 Million Users
South Korea's data protection regulator fined Coupang $400M (624.68bn won) for a data breach affecting 37.5 million users, the largest such fine ever. The leak exposed names, contact, delivery details, and order histories. Coupang expressed regret and plans to challenge the decision; its CEO resigned.
Technology Apple and Met Police cut London phone theft by 18% with iOS 26.4
The UK's Metropolitan Police report a 14,000 (18%) reduction in phone thefts in London between June 2025 and May 2026, attributing the drop partly to Apple's Stolen Device Protection enabled by default in iOS 26.4. Commissioner Sir Mark Rowley says they have 'cracked' the engineering problem that allowed thieves to factory reset devices using illicit software.
Trade Splash Wrap: Trading Missiles and Maritime Milestones
This week's Splash Wrap covers the escalating Hormuz shipping crisis, with tanker strikes off Oman and a missile warhead extracted by the Indian Navy. Also featured: delivery of the world's first dual-fuel ammonia engine vessel and insights from the Container Port Performance Index.
Technology Anthropic Pulls Fable 5 and Mythos 5 Access Under US Government National Securit
Under a directive from the White House, Anthropic has blocked access to its latest Mythos 5 and Fable 5 AI models due to concerns about a potential jailbreak. Anthropic disagrees with the assessment and is working to restore access. Users are frustrated, calling it an 'absolute nightmare scenario'.
Logistics Freight's Security Shift: Speed Alone No Longer Enough as Fraud Threats Rise
The freight industry faces rising cargo theft and identity fraud, forcing a shift from trust-based operations to verified processes. Malcolm Harris of What the Truck and Verisk CargoNet highlight the need for structured verification combining technology and human judgment.
Technology AI's Homogenization Risk: Why Enterprises Need Live Learning
Most AI products today are built on a small set of foundation models, leading to a market of apparent variety but underlying homogeneity, warns Dr Yichuan Zhang, CEO and co-founder of Boltzbit. The author argues that enterprises must adopt live learning models that evolve continuously in production to retain individuality and avoid inheriting a standardized AI future.
Technology Phishing campaign exploiting Google Cloud links reaches 12,000 servers worldwide
An investigation by Comparitech revealed a coordinated phishing and spam network spanning 12,704 servers across 55 countries. Attackers use Google Cloud Storage links to evade detection, with fake New York Times pages as decoys. 99.8% of servers run end-of-life software, and 89% had no prior abuse history, indicating a rapidly rotating infrastructure aimed at bypassing traditional security tools.
Technology Malware Chain Concealed in Trusted Windows Tools
A sophisticated malware campaign exploits Google's ad infrastructure to disguise its activities, embedding itself within trusted Windows tools. This five-stage attack leverages legitimate processes to evade detection.
Technology CISA Mandates Rapid Bug Fixes Amid AI Threats
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive requiring federal agencies to fix critical security vulnerabilities within three days. This move is in response to AI advancements that enable rapid exploitation of software bugs.
Technology Microsoft Defender Zero-Day Exploit Threatens System Security
A newly disclosed zero-day vulnerability in Microsoft Defender, named 'RoguePlanet', allows attackers to gain SYSTEM privileges on Windows 10 and 11. Security researcher Chaotic Eclipse revealed this exploit, highlighting ongoing tensions with Microsoft over vulnerability disclosures.
Technology OpenClaw AI Agent's Phishing Vulnerability Exposed
Varonis researchers demonstrated that the OpenClaw AI agent, Pinchy, can be tricked into phishing attacks, compromising user data. Despite blocking malicious links, the AI failed to verify identity in urgent requests.
Technology Rebuilding the SOC for AI-Driven Cybersecurity
The rise of AI-driven attacks demands a new approach to Security Operations Centers (SOCs). Traditional models are too slow, necessitating a shift to the Agentic SOC, which leverages AI for rapid response and adaptability.
Technology AI's Role in Accelerating Cyber Vulnerabilities
AI is significantly reducing the time it takes for adversaries to exploit vulnerabilities, challenging traditional cybersecurity defenses. Organizations must shift focus from prevention to resilience to maintain operations.
Technology Linux Kernel Vulnerability: A Single Character Threat
A logic inversion bug in the Linux kernel, identified as CVE-2026-23111, allows privilege escalation, affecting major distributions like Debian, Ubuntu, and RHEL. The vulnerability highlights challenges in managing AI-driven bug reports.
Technology Microsoft Disables 73 GitHub Repos After Malware Breach
Microsoft has disabled 73 GitHub repositories after hackers used stolen credentials to plant malware. The breach affected multiple organizations, including Azure, and led to significant disruptions. Microsoft is investigating and has notified affected customers.
Technology AI Amplifies Voice Cybersecurity Risks in Enterprises
Voice communication is becoming a new cybersecurity battleground as AI technologies enhance the ability to clone voices and conduct fraud. Enterprises must integrate AI into their communication systems to establish real-time trust and protect against sophisticated voice-based attacks.
Trade Maritime Crackdown Expands from Hormuz to Mediterranean
The US and EU have intensified maritime sanctions, expanding enforcement from the Gulf of Oman to the Mediterranean. The US disabled a vessel breaching Iran's blockade, while the EU targets Russia's shadow fleet.
Technology AI in Supply Chain: Transforming Global Trade Efficiency
Artificial Intelligence is reshaping global supply chains by enhancing efficiency and reducing costs. Key players like Agrizy are leveraging AI to streamline product development, while Hinge uses AI to improve user engagement. This article explores these innovations and their impact on international trade.
Technology Anthropic's Jack Clark Advocates for AI Regulation
Jack Clark, co-founder of Anthropic, emphasizes the need for regulatory measures to control AI development. He warns of AI's potential to evolve autonomously, urging for a 'brake pedal' in AI research.
Logistics NMFTA Unveils Portal to Combat Freight Fraud
The National Motor Freight Traffic Association (NMFTA) has launched a new Threat Report Portal to anonymously report freight fraud and cybercrime. This initiative aims to improve threat intelligence sharing across the transportation industry.