AI watch: AI companies are building digital workers, and attackers may benefit too
Interpol fraud crackdown nets 5,800 arrests and $293m, Fake Brazilian police station discovered in African scam operation, Mystery zero-day broker tied to convicted fraudsters, AssuranceAmerica breach exposes 6.9m driver’s license numbers, much more

The most important AI developments yesterday were not about bigger models or consumer chatbots. Instead, they focused on three emerging fronts: specialized knowledge-work agents, more natural human-machine interaction, and growing evidence that AI is already changing the attack landscape.
Grok 4.5 targets lawyers, financiers, and developers
The biggest competitive announcement came from SpaceXAI, which unveiled Grok 4.5, the first model developed jointly with Cursor following SpaceX's acquisition of the coding startup. Unlike earlier AI launches aimed at general-purpose consumers, Grok 4.5 is explicitly positioned as a tool for software engineering, finance, legal analysis, and other high-value knowledge work.
The company claims the model can handle difficult, long-running tasks and is optimized for agentic workflows rather than conversational use. Cursor says the system was trained using extensive real-world developer interactions and software workflows, giving it a stronger foundation for complex professional tasks.
The broader significance is that AI vendors are increasingly converging on the same strategic target: replacing portions of expensive professional labor. Anthropic has emphasized coding and enterprise agents, OpenAI continues to push business automation, and now SpaceXAI is making a direct play for legal, financial, and engineering workloads.
For security leaders, that trend matters because many of the same capabilities that enable legitimate knowledge work—research, code generation, document analysis, and autonomous task execution—can also support offensive cyber operations.
OpenAI makes AI conversations feel less like software
OpenAI's GPT-Live announcement represents a different but equally important shift. The company introduced voice models capable of listening and speaking simultaneously, creating interactions that feel much closer to human conversation than traditional turn-based voice assistants. GPT-Live is now powering ChatGPT Voice.
While this may appear consumer-focused, it reflects a broader industry effort to remove friction between humans and AI systems. As models become easier to interact with, they become more suitable for customer service, operational support, security assistance, and other real-time enterprise workflows.
The long-term implication is that AI systems are becoming less like software tools that users operate and more like collaborators that participate in ongoing workflows. That transition could accelerate enterprise adoption significantly.
OpenAI questions the benchmarks everyone is using
One of the more overlooked but potentially important announcements came from OpenAI's research team, which published an audit of SWE-Bench Pro, one of the industry's most widely used coding benchmarks.
The company found that roughly 30% of benchmark tasks contained significant flaws, including misleading prompts, underspecified requirements, overly strict tests, and poor test coverage. OpenAI ultimately withdrew its earlier recommendation that researchers adopt SWE-Bench Pro.
This matters because benchmark scores increasingly drive AI purchasing decisions, media coverage, and investment narratives. If the benchmarks themselves are unreliable, claims about model superiority become harder to trust.
For enterprise security teams evaluating AI vendors, the message is straightforward: Benchmark rankings should be treated with growing skepticism. Real-world testing and operational validation may be becoming more important than leaderboard performance.
Security researchers document an AI-assisted cloud attack
Perhaps the most relevant development for security practitioners came from Sygnia, which published an analysis of an AI-assisted cloud attack. The report offers early evidence of something defenders have anticipated for years, namely that attackers are beginning to integrate AI into operational workflows, not merely experimentation.
Rather than introducing entirely new attack techniques, AI appears to be reducing the expertise and effort required to execute existing ones. The technology helps accelerate reconnaissance, information gathering, cloud-environment analysis, and operational decision-making. The result is a more efficient attacker rather than a fundamentally different one.
That finding aligns with what many security leaders have been predicting. AI's near-term impact may not come from autonomous cyberattacks but from increasing the speed and scale at which human operators can work. (Carmen Arroyo / Bloomberg, Madison Mills, Ina Fried, Mike Allen / Axios, OpenAI, Sabrina Ortiz / The Deep View, OpenAI, Sygnia)
Related: SpaceXAI, Engadget, Benzinga, Stratechery, TechCrunch, The Rundown AI, Artificial Analysis, Mashable, TestingCatalog AI News, MarkTechPost, RuntimeWire, Gizmodo, The Tech Portal, Washington Examiner, Constellation Research, The Register, Computerworld, Cursor, VentureBeat, Digit, Android Authority, Seoul Economic Daily, Reuters, Latent.Space, SiliconANGLE, Decrypt, The Information, The Decoder, The New Stack, RuntimeWire, crypto.news, Simon Willison's Weblog, Spyglass, 9to5Mac, Gizchina, Mashable, Tom's Guide, Sources, WinCentral, MediaPost, Digit, TestingCatalog AI News, CNET, SiliconANGLE, Gizmodo, iClarified, TechRadar, Benzinga, iThinkDifferent, PCWorld, MacRumors, VentureBeat, DigiTimes, The Decoder, Search Engine Journal, The Mac Observer, MarkTechPost, iPhone in Canada, Thurrott, Neowin, RuntimeWire, Tech in Asia, Engadget, The Register, The Information, Digital Trends, Moneycontrol, BMI, Pulse 2.0, The Asia Business Daily, Reuters, Databricks, Hacker News, r/singularity, Dark Reading, Infosecurity Magazine, Android Authority, How-To Geek
In an effort called Operation First Light 2026, Interpol says that law enforcement agencies have arrested 5,811 suspects and seized $293 million in illicit assets in a global anti-fraud operation spanning 97 countries.
The joint action targeted social engineering fraud (including business email compromise, sextortion, impersonation, romance, and investment scams) and money laundering activities between January 15 and April 30.
"This included pro-active action against high-value targets, raiding identified premises, blocking or freezing bank accounts and virtual wallets, requesting INTERPOL Notices and Diffusions and proactively utilizing INTERPOL's Global Rapid Intervention of Payments (I-GRIP), a stop-payment mechanism that facilitates the swift blocking of illicit financial flows of both fiat and virtual assets," INTERPOL said.
Throughout the operation, investigators identified more than 142,000 victims worldwide, blocked 31,014 bank accounts, analyzed 152,808 cases, and identified 15,606 suspects beyond those arrested.
This action follows Operation Synergia II, another joint law enforcement operation that led to the arrest of 41 suspects between April and August 2024 and the seizure of 1,037 servers and other cybercrime infrastructure operating across more than 22,000 IP addresses. (Sergiu Gatlan / Bleeping Computer)
Related: INTERPOL, The Block, Decrypt, The Crypto Times, Coinpedia Fintech News

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.
The X/Twitter account IRIS C2 (@C2IRIS) has gained more than 4,000 followers since its creation in January 2025, posting frequently about security vulnerabilities, AI and software exploits. IRIS C2 says it is a company in McLean, VA, that sells offensive cybersecurity capabilities.
The website linked in that profile — irisc2[.]com — says the company is hiring for a number of open positions, and a recent post on its LinkedIn page enthuses about an overwhelming number of applications from potential employees. The website claims IRIS C2 is in the business of acquiring “zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms. Payouts range from $10,000 to $7 million depending on target, reliability, and operational value.”
The government contracting portal g2exchange.com reports that irisc2[.]com is operated by a business based in Virginia called Calvexa Group LLC. The “contact” link on the website for Calvexa Group — calvexagroup[.]com — forwards visitors to irisc2[.]com. G2Exchange shows that while Calvexa Group LLC is registered as a federal contractor, it does not appear to be working on any direct government contracts.
A search on the Arlington, Va. address listed in the incorporation records for Calvexa Group LLC finds the property is occupied by Jack Burkman, the 60-year-old founder and managing partner of the lobbying firm Burkman & Associates. When approached with questions about IRIS C2, Burkman referred further inquiries to his longtime associate, 28-year-old Jacob Wohl. (Brian Krebs / Krebs on Security)

US insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of 6.9 million people, making it the largest known spill of Americans’ driver’s license information this year.
In a data breach notice sent to customers, AssuranceAmerica said it discovered hackers in its computer systems on March 17. The company concluded its investigation on June 15, finding that the hackers had stolen customers’ names, contact information, and driver’s license numbers.
The breach notice said the hackers also took information about customers’ auto insurance policies and accounts, their drivers and vehicles, and details about customer claims.
AssuranceAmerica did not specify the specific cause of the breach, but noted that the hackers “targeted one of the Company’s employees” and that the company subsequently “disabled compromised credentials.”
According to a data breach listing with the Indiana attorney general’s office, AssuranceAmerica listed the breach as affecting 6.99 million people, with notification letters set to be sent out on July 10.
A separate copy of AssuranceAmerica’s data breach notification, shared by the Maine attorney general’s office at TechCrunch’s request, also lists the number of affected people at 6.99 million. (Maine’s data breach portal is currently offline and under review after a fraudulent breach disclosure was published on its website last month.) (Zack Whittaker / TechCrunch)
Related: Bleeping Computer, Lifehacker, Gizmodo
The government agency that collects property taxes in Puerto Rico inadvertently exposed the Social Security numbers of approximately 1 million people, Centro de Periodismo Investigativo and ProPublica learned.
It was the latest cybersecurity lapse for the Puerto Rico government, which in the past three years has seen technology breaches interrupt government services, take websites offline and lead to citizens’ personal information being published on the dark web.
CPI and ProPublica became aware of the vulnerability related to the Municipal Revenue Collection Center’s interactive property map, known as the Catastro Digital, and notified the agency in mid-June.
The online tool provides information, such as size, boundaries, tax assessment, sale price and owner’s name, for every registered property on the island.
While a simple search of the map wouldn’t reveal sensitive information, anyone who understands how websites request data could download unprotected personal information such as Social Security numbers without a username or password.
The news organizations were able to verify the security hole and provided the agency, known by its Spanish initials, CRIM, with a detailed description of the issue that included the specific server and folders that contained the compromised data.
Despite the notification, CRIM has repeatedly denied there were any problems with its system.
“Following a review of the Catastro Digital platform, it was determined that there was NO breach of confidential personal taxpayer information, as the Catastro Digital does NOT contain or display the type of information alluded to,” CRIM Executive Director Javier García Cintrón said.
But a few days after CPI and ProPublica contacted CRIM, the news organizations were able to see that the security holes had been patched. (Luis Valentín, Centro de Periodismo Investigativo, and Nick McMillan / ProPublica)
In an SEC filing, fintech company Nayax, which develops payment and processing solutions and is traded on the Tel Aviv Stock Exchange and Nasdaq, reported a security incident involving the detection of anomalous activity in a cloud account belonging to one of the group's subsidiaries.
The company's stock plunged on the Tel Aviv Stock Exchange after falling on Nasdaq on Tuesday.
According to the company's report, the account in question was immediately blocked upon detection of the incident. Nayax emphasizes and clarifies that the company's production environment and core systems, including sensitive payment processing systems and ongoing operational activities, were unaffected by the incident, and the group's business operations are continuing as usual.
Amid the company's reports, a targeted extortion threat has surfaced online over the past day from the extortion group known as The Syndicate. As reported yesterday by analyst and investment manager Lior Wieder, the rumors originated on a website that publishes threats stemming from cybercriminal forums on the dark web. The attackers issued an ultimatum threatening to release data exfiltrated from the cloud account on July 21.
Their so-far unproven claim is that they stole over 1 billion card records and more than 100 TB of data. (Shaked Green Arava / Calcalist and Databreaches.net)
Related: SEC, Street Insider
Deutsche Bank is investigating a cybersecurity incident involving an external service provider after an extortion group known as Unsafe claimed to have breached the German lender and published what it said was evidence of stolen employee data.
Unsafe listed Deutsche Bank on its dark web leak site, claiming it had gained access to the bank's internal systems.
To support its claim, the group released screenshots appearing to show database extracts, terminal commands and records containing employee information.
The published material appears to include employee email addresses, password hashes, physical addresses and internal database records. (Dev Kundaliya / Computing)
Related: Cybersecurity Insiders
A government entity in the US reportedly paid a $1 million ransom to the Kairos cyber extortion group to prevent the public dissemination of information stolen in a May 2025 intrusion, Ransom-ISAC reports.
Ransom-ISAC did not name the affected organization, but the negotiation transcript identifies it as “a small county with very limited resources.” However, the affected government body reportedly appears to be Union County, Ohio. In September, the county notified (PDF) 45,487 individuals that their personal information was stolen in a ransomware attack in May 2025.
A leaked negotiation transcript shows that the extortion group demanded $3 million in cryptocurrency from the victim organization, but eventually settled for $1 million.
Kairos claimed to have stolen over 2 terabytes of data, or approximately 1.6 million files, after accessing the victim’s environment in a brute-force attack.
During the three-week negotiation, the victim increased its offer from $100,000 to $430,000, but eventually accepted a hard deadline and the $1 million ransom, which was paid in Bitcoin on June 13.
The attackers pressured the victim with public exposure, while maintaining control of deadlines and proof-of-access artifacts.
“The affected entity’s responses are consistent with an organization buying time while legal, leadership, financial, and communications decisions were coordinated,” Ransom-ISAC notes.
The anti-ransomware organization notes that the incident was an extortion attack and did not involve file-encrypting ransomware. The attackers’ proof-of-deletion appears selective, not comprehensive, but the listings they provided are consistent with a real file-server scrape.
According to Ransom-ISAC, the provided proof of deletion could have been generated by erasing a copy of the data, and no mechanism to independently verify the deletion was provided. (Ionut Arghire / Security Week)
Related: Ransom-ISAC, Security Affairs
19-year-old Estonian "hacker" Peter Stokes got nabbed by the authorities and extradited to the US on digital crime charges mostly thanks to Microsoft Windows' built-in telemetry.
The FBI seemingly subpoenaed Microsoft, which produced telemetry logs that contained both Stokes' GDID (Global Device Identifier) and websites he visited using his main Windows machine.
The existence of GDID isn't new by itself, as Windows telemetry's data collection has been extensively analyzed and reported on. It's also been known, and publicly explained by Microsoft, that the extended telemetry modes (Full/Optional instead of Required/Basic) can upload lists of URLs analyzed by SmartScreen and Defender, together with the GDID. In fact, using the Edge browser in this setup can even send every visited URL. The court documents do not reveal which exact mechanism triggered the telemetry upload, though.
This data collection has long been the source of heated debate and general public disgust. Even though the data is genuinely useful and necessary for debugging (by Microsoft or systems administrators in enterprise environments), the fact that it comes enabled by default in Windows Home and Professional editions is questionable. The fact that those versions don't have a simple, user-facing "Off" switch to fully disable telemetry also adds insult to injury.
The Peter Stokes arrest appears to be the first public case where these Windows GDIDs were both used as a tracking identifier and contained telemetry data, including some of the URLs the defendant visited. (Bruno Ferreira / Tom's Hardware)
Related: ProtonVPN, The Register, Korben
Researchers at Proofpoint report that China-aligned attackers broke into the networks of US and Canadian universities to steal sensitive data and establish persistent access via webshells and backdoors.
The espionage-motivated attacks targeted physics and engineering departments, focusing on administrators and professors with national security links or organizations researching astrophysics and particle physics.
Proofpoint identified fewer than 10 university victims and estimates a few dozen universities may be impacted, Greg Lesnewich, principal threat researcher at Proofpoint, said. The company first observed the campaign in May and believes the campaign is ongoing.
Researchers traced the attacks to a pair of critical vulnerabilities in Roundcube, an open-source email client, that were exploited and chained together to steal credentials and gain long-term access.
The threat cluster, which Proofpoint tracks as UNK_MassTraction, exploited CVE-2024-42009 to execute JavaScript inside the victim’s browser, then exploited CVE-2025-49113 to gain a foothold in the mail server.
The initial exploit in the chain only requires a victim to open an email, and the attackers sent victims a series of generic lures to trigger the initial access. (Matt Kapko / CyberScoop)
Related: Proofpoint, HackRead, BankInfoSecurity, Infosecurity Magazine, The Register

Microsoft has released a security patch to address a Defender zero-day vulnerability known as "RoguePlanet," disclosed after the June 2026 Patch Tuesday.
The flaw (tracked as CVE-2026-50656) was disclosed by a security researcher using the "Nightmare Eclipse" handle as part of an ongoing dispute with Microsoft over the company's bug bounty and vulnerability disclosure practices.
They also shared a proof-of-concept exploit in a self-hosted Git repository, claiming that Microsoft had previously removed their repos hosting exploits on GitHub and GitLab.
According to Nightmare Eclipse, RoguePlanet affects fully patched Windows 10 and Windows 11 devices, allowing attackers to spawn a command prompt with SYSTEM privileges via a Microsoft Defender race condition. (Sergiu Gatlan / Bleeping Computer)
Related: Microsoft, Cyber Security News
A new report from cybersecurity and compliance company Viking Cloud says that 80% of quick service and fast-casual restaurants surveyed experienced at least one “cyber incident” in the last 12 months and 76% had sensitive data leaked, despite 94% of the restaurant leaders expressing confidence in their ability to prevent or detect an attack.
The leaked data ranges from payment card information to personal information of customers to internal system credentials and payroll records. The report also found that many of the restaurants did not have consistent systems in place to handle a centralized approach to cybersecurity, and that 78% of those surveyed “delay security patches to avoid disrupting service.” On top of that, more than a third of those questioned “mistook a real cyberattack for a routine technical glitch, meaning many incidents go unrecognized.” (Khadric Rollins / Mass Live)
Related: PR Newswire, Viking Cloud
According to new research from UpGuard, thousands of government and university websites around the world have been hacked and used by scammers to host fake pages advertising "leaked" OnlyFans content.
Those pages typically don't contain stolen content; instead, they use popular creators' names as bait and redirect visitors to scams, malware, or questionable advertising schemes.
The unexpected twist is that OnlyFans creators and the companies they hire to fight piracy have been filing huge numbers of DMCA takedown requests against these pages. In doing so, they are inadvertently helping identify compromised government infrastructure. (Matt Burgess / Wired)
Related: Upguard

At the same time the University of Illinois and thousands of other institutions were dealing with the impacts of a cyber attack on learning-management system Canvas, the Champaign-Urbana Public Health District was facing a breach of its own.
The health district has shared that a "data security event" occurred in early May, potentially compromising a variety of personal data points such as Social Security numbers and financial account information.
The health district noticed "suspicious activity related to its computer network" on or around May 7, according to a public notice issued through law firm Mullen Coughlin LLC.
The health district is notifying state and federal regulators of the incident. Officials said additional security measures are being implemented to safeguard against future attacks. (Jana Wiersema / The News-Gazette)
Datadog Security Research has been tracking what it calls a “sustained pattern” of GitHub API abuse over the past several months that seeks to map organizations and their members.
While individually these requests are “unremarkable,” they become dangerous when they move across environments for weeks at a time, and, worse, progress to full-out cloning. The biggest challenge is that they blend into normal API usage patterns.
Datadog senior security engineer Julie Agnes Sparks wrote that “the activity is not a single actor. Rather, it’s a blend of custom automated scanner tools, opportunistic abuse of leaked credentials, and coordinated networks of burner (ghost) accounts.” (Taryn Plumb / CSO Online)
Related: Datadog Security Labs
The owner of Cash App will pay dozens of states a total of $45 million to settle allegations that it misled its users about the payment app’s security and exposed them to fraud.
State attorneys general announced the bipartisan agreement with Block, Inc. on Wednesday, saying that the company incorrectly promised users that Cash App offered the same protections as a bank.
The company “failed to help users when they were scammed, misled consumers about the safety of Cash App, and failed to provide the fraud protection and resolution that it promised and was required to provide by law,” said New York Attorney General Letitia James. The state was one of 46 to participate in the agreement.
“Lax verification standards, a years-long absence of phone support, and deceptive social media promotions left users exposed to scammers,” said Texas Attorney General Ken Paxton. “Nevertheless, Cash App delayed internal fraud investigations and set unwarranted account lockouts which left victims with no way to recover stolen funds.”
Texas will receive $5 million under the agreement, and New York will get $1.6 million. States with smaller populations are receiving less than $1 million. (Joe Warminsky / The Record)
Related: New York Attorney General, Texas Attorney General, KOMO, KOLN, Oregon Live, WGME, KSL, ABC27
The US Federal Trade Commission announced a settlement with tractor manufacturer John Deere over a 2025 lawsuit that accused the company of behavior that “unlawfully acquired and maintained monopoly power in markets for repair services for Deere farm equipment.”
The full statement lays out obligations for John Deere’s repair services, requiring the company to give farmers and third-party repair shops access to the same equipment and repair resources it provides to official John Deere dealers. This includes software capabilities, such as reading and resetting codes and pairing with other software, which customers have long had limited access to, creating delays when diagnosing equipment problems. Delayed fixes can mean delayed harvests, which many farmers saw as a fundamental threat to their livelihoods.
Under the agreement, John Deere will be required to provide this level of access, equipment, and services for the next 10 years, monitored by the FTC.
“After years of fighting for the right to repair, this order gives farmers real hope,” Willie Cade, a board member of the repair advocacy organization Repair.org, wrote in an email to WIRED. “But promises on paper must become tools in farmers’ hands, and we will be watching implementation every step of the way.” (Boone Ashworth / Wired)
Related: Federal Trade Commission, Engadget, Associated Press, iFixit News, Engineering News-Record, Courthouse News Service, Reuters, Brownfield Ag News, Slashdot
US cybersecurity and data resilience and company Rubrik said it would invest more than $500 million over the next five years in Britain, one of its fastest growing markets, and establish its European headquarters in London.
"The UK is one of the world's leading technology markets, and has become increasingly important to Rubrik's long-term growth," said CEO and co-founder Bipul Sinha.
New York-listed Rubrik said its Rubrik Security Cloud would be available on AWS European Sovereign Cloud, providing public sector and highly regulated private organizations with cloud-native sovereign cyber resilience. (Paul Sandle / Reuters)
Madrid-based cybersecurity company 8Layers closed a €1 million ($1.14 million) extension of its pre-Seed round to strengthen its GTM strategy and accelerate commercialization across the European market.
The extension included two strategic investors from the Spanish corporate venture capital ecosystem: Criteria Venture Tech, the venture capital arm of CriteriaCaixa, one of Spain’s largest financial holding companies, and Bankinter. (David Cendon Garcia / EU Startups)
Related: Security Week
Best Thing of the Day: I Talked to Mitch McConnell for Twenty Minutes, and He Told Me That Picture Was Fake
Google's deepfake detector SynthID system debunked as fake a picture showing Kentucky Senator Mitch McConnell covered in tubes in a hospital bed in a state of extreme distress.
Bonus Best Thing of the Day: Back to the Good Old Days of Signals Intelligence
NSA last week changed the moniker of its Office of Computer Network Operations (CNO) back to Tailored Access Operations (TAO), a name that is sure to elicit nostalgia among the broader digital community for a group with roots in the early 1990s.
Worst Thing of the Day: Flock Safety Wasn't So Safe for This Guy
The Drive's Joel Feder says a simple license-plate error was amplified by Flock Safety's nationwide camera network, causing police to track his vehicle for days and ultimately surround him with four patrol cars after the system repeatedly and incorrectly identified his plates as stolen.
Closing Thought
