Anthropic watch: US government dispute becomes AI governance fight

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

Each day, Metacurity is read by thousands of cyber leaders, including some of the industry's top CISOs, security architects, practitioners, vendors, analysts, and journalists.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

Just over a week after the Trump administration abruptly blocked foreign access to Anthropic's most advanced AI models, the dispute appears to be evolving from an emergency intervention into a broader debate over how the United States will govern frontier AI systems.

The latest developments suggest that while the administration remains concerned about the capabilities demonstrated by Anthropic's Mythos family of models, officials are increasingly focused on establishing broader security rules rather than singling out Anthropic itself.

The shift comes after a tumultuous week in which the administration ordered Anthropic to restrict access to its Mythos 5 and Fable 5 models for foreign nationals, triggering confusion among customers, criticism from allies and questions throughout the AI industry about how advanced AI systems should be regulated.

According to reports, discussions between Anthropic and the White House have increasingly focused on the possibility of creating a framework for evaluating and managing the risks posed by advanced AI systems. The talks mark a notable evolution from the administration's initial response, which centered on restricting access to specific Anthropic models following concerns about their cyber capabilities.

Even as the administration's restrictions took effect, evidence emerged that the controls were not as comprehensive as many observers initially believed.

Bloomberg reported that members of Project Glasswing continue to have access to Mythos Preview, including organizations such as Cisco and industrial cybersecurity firm Dragos. The continued availability of the preview model suggests the administration's intervention may be evolving into a more selective access-control regime rather than a blanket prohibition on advanced AI capabilities.

The distinction is significant. Rather than preventing the use of frontier AI systems altogether, policymakers increasingly appear to be focused on determining which organizations can access them and under what conditions.

At the same time, the political debate surrounding Anthropic has intensified.

A Financial Times analysis found that Anthropic and CEO Dario Amodei have emphasized AI risks, safeguards and regulation far more frequently than OpenAI and CEO Sam Altman in public communications this year. Critics have seized on that history to argue that Anthropic's own warnings about advanced AI helped create the conditions that led to government intervention.

Some prominent figures in the AI community have openly accused Anthropic of helping to trigger the restrictions through its repeated public emphasis on the dangers posed by increasingly capable models. Others counter that the company's willingness to discuss risks openly has merely exposed challenges that the industry will eventually have to confront regardless of which company develops the most advanced systems.

The controversy has also highlighted apparent inconsistencies within the administration's broader AI strategy.

In recent months, President Trump has positioned himself as supportive of AI innovation while criticizing regulatory approaches adopted by the previous administration. Earlier this month, he issued an executive order calling for a voluntary framework under which AI developers would provide government officials with access to advanced models prior to release. Yet days later, the administration imposed one of the most sweeping restrictions yet applied to a frontier AI model.

Those tensions were reflected in comments the president made to Axios last week, when he said he no longer viewed Anthropic itself as a national security threat, signaling a potential softening of the administration's stance toward the company even as broader policy discussions continue.

Meanwhile, the debate over Mythos is unfolding against a backdrop of growing concern about the military implications of advanced AI. A Wall Street Journal report detailed the expanding role of AI in military operations, from target identification and intelligence analysis to increasingly autonomous weapons systems. The article underscored a concern that has become central to the Anthropic controversy: namely, whether existing legal and policy frameworks are adequate to govern AI systems that may soon play a significant role in cybersecurity, intelligence, and warfare.

For Anthropic, the events of the past week have produced an unusual outcome. The company appears to have succeeded in convincing policymakers that frontier AI systems deserve greater scrutiny, while simultaneously finding itself at the center of a political and regulatory storm that it may have helped to create.

The political and governance debate is unfolding as rival AI developers continue to push forward with increasingly capable systems. Reports this week indicated that OpenAI is preparing GPT-5.6 models for release, underscoring how quickly the frontier continues to advance. (Cheyenne Haslett and Sophia Cai / Politico, Jordan Robertson, Gian Volpicelli, and Patrick Howell O'Neill / Bloomberg, Alexey Shabanov / TestingCatalog, Daniel Michaels and Anastasiia Malenko / Wall Street Journal, The Economist, Ryan Patrick Jones / Reuters, Clara Murray / Financial Times)

Related: Reuters, The Next Web

International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group.

This joint action (supported by Europol and Eurojust) was part of Operation Endgame, a major law enforcement operation targeting cybercrime now aimed at disrupting a key infection chain linked to Evil Corp.

Authorities from the Netherlands (NHCTU), Canada (RCMP), the United States (FBI), and Germany (BKA) cleaned SocGholish malware infections from 14,971 compromised WordPress websites and took 106 servers and domains offline.

While the Dutch police removed the malware and backdoors from the infected sites, it also advised the website owners to change their credentials, enable multi‑factor authentication, delete any unknown WordPress accounts, and keep their WordPress site up‑to‑date.

"With these actions we deprive cybercriminals of access to infected computer systems. This prevents further damage to the digital systems of citizens, businesses and organizations worldwide and limits the spread of malware," said Maikel Rollman, of the Netherlands' National High Tech Crime Unit.

"It also reduces the risk that these systems are used for cyber‑attacks on critical infrastructure and other essential societal processes. This marks the beginning of further action against SocGholish. (Sergiu Gatlan / Bleeping Computer)

Related: Politie.nl, Operation Endgame, CyberScoop, Security Week, Help Net Security, Cyber Daily, SC World, Proofpoint

An unauthorized alert bearing a mysterious message that was sent to cell phones in several states across Brazil on Saturday morning is suspected to be the work of hackers, the Brazilian government said.

Devices lit up with the word “misantropi4,” an alphanumeric spelling of the Portuguese word “misantropia,” which in English translates to “misanthropy.” The final letter “a” was substituted with a number ‘4’ – a practice often used by hackers and termed “leetspeak.”

The alert – categorized as “extreme” – was initially received in the southern state of Paraná, but a second warning was triggered a few minutes later for cell phones in the major cities of São Paulo and Rio de Janeiro.

The emergency text system is similar to the US’ Wireless Emergency Alerts (WEA), better known to most Americans as AMBER alerts, which allows officials to broadcast short emergency text messages directly to mobile devices within a specific geographic area, regardless of phone number or network.

Brazilian authorities said that the National Civil Defense’s warning platform was taken offline after being targeted by a likely hacker attack, and the government is working to restore the tool once all security conditions are reestablished. (Mariana Catacci, CNN Brasil)

Related: Bloomberg, Dexerto, The Next Web, Reuters, Hacker News, Slashdot, FirstPost, AFP

London Hydro in Canada is working with police after detecting a data breach that resulted in customers’ personal information being compromised.

The utility first alerted customers who may have been affected by the security breach on Friday.

“We are writing to inform you that London Hydro is currently in the process of investigating a data security incident which may have impacted a portion of your personal information,” London Hydro wrote in an email to potentially affected customers.

The breach potentially impacted personal information, including contact information such as a customer’s name, email address, phone number, and account number, service address, pricing plan, contract start date, meter number, and meter type.

London Hydro launched an investigation after noticing suspicious activity on an account Thursday and resolved the issue on the same day, officials said in a statement.

“We have determined that the account was used to exploit a system vulnerability, which allowed access to certain information about other customers. However, no banking information, government identification numbers, or other sensitive categories of personal information were impacted by this incident. In addition, this matter will not impact service delivery to our customers,” London Hydro chief executive Ysni Semsedini said in the statement. (Dale Carruthers / London Free Press)

Related: CBC, CTV News

The Korean Ministry of SMEs and Startups said it will provide trade secret original certification services to applicants of a government-backed startup program to help safeguard their business ideas following a major data leak.

First Vice Minister Roh Yong-seok announced the measure as he apologized for a data breach involving 5,000 applicants who passed the first round of the "Startup for All" program, an audition-style startup incubation project launched earlier this year.

"We will mobilize all available measures to address concerns over the potential leakage of ideas submitted by the 5,000 applicants selected for the 'Startup for All' program," Roh said during a briefing at the government complex in Seoul.

He added that the government will conduct thorough external investigations and security inspections to support those affected and prevent similar incidents from recurring.

A trade secret original certification is a legal safeguard that verifies the existence and possession of confidential business information at a specific point in time, helping establish ownership in the event of future disputes.

The breach came to light after an artificial intelligence solutions company participating in the program was found to have exploited a security vulnerability on the project's website, gaining access to applicants' email addresses, summaries of startup ideas, and judges' evaluation comments. (Kim Eun-jung / Yonhap News Agency)

Related: Korea Business Wire, Seoul Economic Daily, Asia Business Daily

The City of Acworth in Cobb County, Georgia, says it was the victim of a cybersecurity attack earlier this month.

City officials said in a news release that the incident happened on Monday, June 8, and that certain computer systems were impacted.

Officials say that as soon as the intrusion was detected, the city engaged cybersecurity professionals and notified law enforcement.

Acworth city hall says they can’t share additional information right now, but that efforts continue to find the perpetrators. In the meantime, officials say their systems have been restored, and day-to-day operations aren’t being affected. (Larry Felton Johnson / Cobb County Courier)

Related: City of Acworth, WSB, 11Alive, AJC.com

A New York man, Anthony Belford, faces cyberstalking charges after allegedly sharing AI-generated nude images and fabricated racist messages using fake social media profiles to harass a Georgia college student.

He was arraigned June 10 after a federal grand jury returned an indictment charging him with one count of cyberstalking.

Belford and the victim had attended the same college during the 2023-2024 academic year. After the victim transferred to a Georgia college in August 2024, Belford allegedly knew of the move and began targeting the victim there.

According to court documents, between January and March 2025, the defendant created fake Instagram, LinkedIn, Reddit, X, Strava, and Yahoo accounts to impersonate the victim and distribute AI-generated nude images and spread false claims that the victim had made racist remarks about black students and anti-Muslim statements.

Belford allegedly created a fake LinkedIn profile using an AI-generated nude image of the victim as its profile picture and also used a spoofed Yahoo email account to send an AI-generated nude image of the victim to the victim's mother.

The defendant allegedly targeted the victim while attending the same college in the 2023-2024 academic year, but continued doing it even after the victim transferred to a Georgia college in August 2024. (Sergiu Gatlan / Bleeping Computer)

Related: Justice Department, CBS News, Atlanta News First, 11Alive

Canadian hacker Aubrey Cottle has pleaded guilty to three charges stemming from a cyberattack linked to the notorious hacktivist group Anonymous on the Texas Republican Party.

Cottle, who appeared in court in Newmarket, Ont., on Thursday, pleaded guilty to fraudulently obtaining a computer service, namely the systems of web-hosting company Epik, causing mischief to data belonging to the Texas GOP, and failing to comply with the conditions of his bail.

The judge said he will deliver his decision on sentencing on June 26.

The Crown is seeking a 2.5-year sentence, reduced by pretrial credit, while the defense is seeking time served. (Alexandra Posadzki / The Globe and Mail)

Related: CBC, Databreaches.net

Researchers at Qianxin's XLab threat intelligence team report that a previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic.

The researchers say the malware converts infected devices into remotely controlled “executors” that can perform scanning, proxying, tunneling, command execution, and other activities on behalf of the attacker.

Apart from using compromised routers as a springboard for malicious operations, XLab warns that the malware can also tamper with DNS settings, hijack the user’s browsing, and silently monitor and potentially steal all inbound and outbound network traffic.

AryStinger exploits older flaws such as CVE-2013-3307, CVE-2016-5681, and CVE-2025-11837, targeting primarily D-Link DIR-850L, D-Link DIR-818LW routers.

The researchers did not attribute AryStinger to any known activity cluster, stating that “many mysteries surrounding AryStinger remain to be solved.” (Bill Toulas / Bleeping Computer)

Related: XLab, Tech Times, Cyber Press, Security Affairs

Researchers at Microsoft report that threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication.

The campaign has been active since at least February and relies on LNK (shortcut) files on USB drives to push clipper malware that monitors clipboard contents and replaces cryptocurrency wallet addresses with ones controlled by the attacker.

Additionally, it monitors for seed phrases and private keys and can capture screenshots that are exfiltrated over Tor.

Microsoft says that the infection process starts with the victim opening the LNK file, triggering the malware on the USB drive. Additional payloads are staged from a .ONION address.

The worm creates a scheduled task that monitors for newly connected USB storage devices. When a removable drive is connected, the malware copies itself to the device and creates additional malicious shortcut files.

The researchers say that the strongest indicators of an infection are behavioral rather than signature-based, and recommend monitoring for process activity on wscript.exe and cscript.exe, unexpected launches of curl, PowerShell, and cmd.exe, along with unusual child processes. (Bill Toulas / Bleeping Computer)

Related: Microsoft, CoinDesk, Ars Technica, CryptoSlate, The Next Web

Everyone is racing to adopt AI. But if your security foundation is weak, AI won’t save you — it will amplify the risk.

That’s the core message behind my just-published new book, The NIST 2.0 Cybersecurity Framework: Practical Risk Management Using Real-World Incidents. Rather than treating cybersecurity as a compliance exercise, the book shows how organizations can build resilient security programs grounded in real operational failures and lessons learned.

Wiley is currently offering Metacurity readers a 20% discount with code ENG20. Don't wait! Order your copy today! Email me to find out about bulk purchases for your organization or special customized print runs for your team.

Ethereum-based rollup Taiko has confirmed a compromise of its chain state verification mechanism.

In a statement on the social media platform X, Taiko said that due to the compromise, all bridges deployed on the protocol are no longer considered secure.

"We are actively coordinating with the Security Council and ecosystem partners to contain the incident, pause affected systems where possible, and take all necessary technical and legal actions," Taiko wrote. "We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately."

Taiko also requested that centralized exchanges suspend deposits of its native token immediately until further notice from the protocol.

In a follow-up X post, Taiko wrote that all of its proposers have halted the production of new blocks while the team investigates the issue.

At around 2:08 a.m. ET on Monday, Taiko published an update saying that the exploit has been contained and that withdrawals through the L1 Bridge and the ERC20Vault have been fully stopped.

Taiko's confirmation of the exploit followed an earlier report from onchain security firm Blockaid, which pointed to a flaw in the Taiko bridge's source-signal proof validation as the likely root cause.

Taiko's confirmation of the exploit followed an earlier report from onchain security firm Blockaid, which pointed to a flaw in the Taiko bridge's source-signal proof validation as the likely root cause. (Danny Park / The Block)

Related: ForkLog, CoinDesk, CryptoPotato, CryptoRank, Blockonomi

App intelligence firm Appfigures reports that last Tuesday, the day India announced it was cutting access to Telegram over exam-related fraud, marked the biggest day for VPN app downloads in the country since at least the start of 2025. Downloads of major VPN apps rose 49% from a recent daily average of 139,000 to 208,000, the firm said.

Proton VPN and Turbo VPN recorded some of the largest increases. Downloads of Proton VPN on Apple’s App Store in India jumped 113%, while Turbo VPN downloads rose 85%. On Google Play, downloads of Proton VPN climbed 64%, and Turbo VPN downloads increased 35%. NordVPN’s App Store downloads increased 41%, while ExpressVPN downloads on Google Play rose 31%.

The surge also pushed several VPN services up India’s app store charts. Proton VPN climbed from 18th to 5th in Apple’s Utilities rankings between June 16 and June 18, while its Google Play ranking rose from 8th to 2nd in the Tools category, according to Appfigures. (Jagmeet Singh / TechCrunch)

Related:  MediaNama, TechRadar, BleepingComputer

Researchers from multiple security firms have linked the sprawling Popa botnet — an Android-based network that has quietly commandeered millions of consumer TV streaming boxes over the past four years — to NetNut, a residential proxy service operated by publicly traded Israeli company Alarum Technologies.

Unlike traditional botnets used for distributed denial-of-service attacks, Popa appears designed primarily to create a large-scale residential proxy network. The malware infects low-cost Android TV boxes and streaming devices, registers them with command-and-control infrastructure, and maintains persistent encrypted connections that allow third parties to route internet traffic through victims' home networks. Researchers say the network has been used for activities including ad fraud, account takeover operations, and large-scale web scraping.

The infrastructure behind Popa can be traced to NetNut, a commercial proxy provider that sells access to residential IP addresses. Security researchers allege the company benefited from traffic routed through infected devices, although the report does not establish whether Alarum or NetNut knowingly deployed the malware.

The findings come amid increasing scrutiny of the residential proxy industry, which has long occupied a gray area between legitimate data-collection services and infrastructure used to support cybercrime. Proxy networks built on compromised devices can make malicious activity appear to originate from ordinary residential internet connections, complicating attribution and detection efforts. (Brian Krebs / Krebs on Security)

A security researcher who operates the blog Orchid Files published findings showing that roughly 10,000 GitHub repositories have been quietly delivering Trojan malware to developers for over a year — some for considerably longer — without being flagged or removed by the platform's automated security systems.

The disclosure reveals a campaign that has systematically exploited the visual trust signals developers rely on to evaluate code, and it exposes a structural gap in how GitHub's anomaly-detection architecture handles long-running, quietly active threats.

The researcher simultaneously released an open-source detection tool called Git Malware Finder alongside a complete list of the 10,000 identified repositories, because GitHub's security team had not responded to prior disclosures and there were too many affected repositories to report individually.

GitHub has not publicly commented on the Orchid Files disclosure as of publication. (Adrian Parham / TechTimes)

Related: Orchid Files, Cybersecurity News, Gigazine, GitHub

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new "Icarus" extortion group publicly claims the attack.

The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce CRM data from multiple organizations.

In a statement published this week, Klue CEO Jason Smith confirmed that the company discovered unauthorized activity on June 12 affecting part of Klue's integration infrastructure.

"On June 12, we identified unauthorized activity affecting a portion of Klue's integration infrastructure. Since then, we've been working alongside trusted cybersecurity experts to understand what happened, support our customers, and restore the connections you rely on," wrote Smith.

"Our investigation determined that an attacker gained access through a compromised legacy credential associated with an integration service. The attacker used that access to obtain OAuth tokens used to connect Klue with certain third-party platforms, including Salesforce, and subsequently accessed data within a number of connected customer environments."

The company says there is currently no evidence that customer content stored directly within the Klue platform was impacted and that the incident was limited to third-party integrations.

The threat actors have now publicly claimed responsibility on their data leak site.

"As you've probably already heard, Klue.com has been impacted by us recently. A number of other companies' Salesforce instances, which were partners to Klue, were exfiltrated," reads the Icarus post. (Lawrence Abrams / Bleeping Computer)

Related: Klue, Databreaches.net, Infosecurity Magazine, Recorded Future

Between May 2025 and spring 2026, the Belgian civilian intelligence service was the victim of a cyberattack that compromised the personal data of its agents, two years after a similar incident.

According to information gathered by RTBF, cybercriminals managed to infiltrate the software of an external company responsible for securing the mobile phones of State Security personnel.

Data such as the names, surnames, and telephone numbers of service members were stolen. However, according to sources, the most sensitive information for national security was not compromised. (RTBF Actus)

Related: Techzine

The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals.

The Texas Cyber Command discovered the intrusion and launched an investigation to determine the extent and impact of the unauthorized access. The state authority found that Social Security Numbers (SSNs), dates of birth, or any financial information, such as credit cards, have not been impacted.

However, the threat actor may have obtained personally identifiable information associated with 3,087,721 Texas hunting and fishing license customers. (Bill Toulas / Bleeping Computer)

Related: Texas State Government, TechCrunch, SC Media, CBS News, Inc., NBCDFW, Houston Chronicle, Databreaches.net, ABC13

Researchers at ESET report that The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks.

The gang employs a collection of EDR-killing tools, most notably a utility that researchers dubbed GentleKiller. The tool has at least eight variants and impersonates various legitimate security products, including Kaspersky, Valorant, Javelin, and WatchDog.

The gang is using a suite of EDR killers, the most frequently used being a custom tool that researchers named GentleKiller, which has at least eight variants impersonating various legitimate products.

An EDR killer is typically used to disable defenses in the early phases of an attack, and in ransomware incidents, they ensure that data theft or encryption processes run unencumbered.

These tools work by leveraging the 'bring your own vulnerable driver' (BYOVD) technique to elevate privileges and disable security engines. According to ESET researchers, each GentleKiller variant uses different vulnerable drivers to achieve kernel-level privileges. However, they all share common strings, identical code obfuscation techniques, and similar process-killing logic and targeting scope.

The analysis of the variants indicates that the framework is designed to allow easy driver swaps or weaponization of newly disclosed flaws without requiring major code changes. (Bill Toulas / Bleeping Computer)

Related: ESET, Cybersecurity Insiders, BankInfoSecurity, Security Affairs, Help Net Security, Tech Times

According to ThreatDown, a new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system.

They found that the Prinz Eugen hackers have a hands-on-keyboard style and prefer to use legitimate remote monitoring and management (RMM) software and living-off-the-land tools.

According to the researchers, initial access is likely achieved through stolen RDP credentials, followed by the manual download and execution of the main payload, ‘servertool.exe.’

In an investigated incident, the researchers observed the use of the RemotePC RMM tool and a backdoor administrator account that provided persistence.

Unlike many modern extortion operations, Prinz Eugen does not operate under the ransomware-as-a-service (RaaS) model, and its developers are not currently recruiting affiliates.

Currently, the threat actor's data leak site only lists three victims, each one showing that the hackers engage in data encryption, exfiltration, or both. However, the cybersecurity community is aware of more organizations impacted by Prinz Eugen ransomware. (Bill Toulas / Bleeping Computer)

Related: ThreatDown, Cyber Press, Techzine

LOGZONE, an Alabama-based logistics services provider, has agreed to pay more than $507,000 to resolve allegations that it misrepresented its compliance with Pentagon cybersecurity requirements while doing work with the Navy.

According to a settlement agreement, the Justice Department alleged that LOGZONE failed to fully implement required security controls under NIST Special Publication 800-171 despite its contract mandating compliance. While not an explicit violation of the Cybersecurity Maturity Model Certification (CMMC) program, the suit highlights the Defense Department’s increasing scrutiny of the defense industry for not implementing required cybersecurity measures for sensitive information.

The settlement stems from two contracts awarded by the Navy between 2021 and 2022 for logistics, inventory management, and facility support services for the Naval Oceanographic Command located at Stennis Space Center in Mississippi. According to the settlement agreement, LOGZONE received more than $682,000 under the contracts through March 2025.

NIST SP 800-171 establishes cybersecurity requirements for defense contractors that handle controlled unclassified information (CUI) on non-federal systems. The framework includes 110 security controls covering areas such as access management, incident response, system monitoring, and risk management against which vendors must self-assess compliance. (Mikayla Easley / DefenseScoop)

Related: Justice Department, AL.com, Lawyer Monthly, WeIsRadio, WBMA

Nintendo of America confirmed that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised.

The company’s statement comes after claims from the Shadowbyt3$ “extortion-as-a-service” threat group that they exfiltrated sensitive data related to Nintendo of America employees.

“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” stated Nintendo.

“Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed. Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed."

"The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years,” the company said. (Bill Toulas / Bleeping Computer)

Related: Mashable, HackRead, The Cyber Express, Tech Times

Mount Royal University in Calgary, Canada, says it's investigating a cyberattack that disrupted its systems last Wednesday.

"When the issue was identified, the university took prompt steps to contain the threat and protect its systems," the university wrote in a post on a separate page from its main website, which was still down as of 12 p.m. Friday.

"We have retained external cyber security experts to assist with the response and investigation, and we are following our established incident response protocols."

Along with its main website being disrupted, the university's online service MyMRU, on-campus internet access, telephone services, and other services have been affected.

On Friday, MRU said a new public wireless internet network is available across campus to help students and staff access services, including Gmail. (CBC News)

Related: Mount Royal University, Calgary Journal, City News, CTV News, Global News

Apple released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations.

"An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests," Apple explained.

"This is a vulnerability in open source code, and Apple Software is among the affected projects. The CVE-ID was assigned by a third party."

Apple patched the vulnerability in Beats Firmware Update 1B211, which will be automatically delivered to vulnerable headphones when they are paired and within Bluetooth range of the user's iPhone, iPad, or Mac. (Sergiu Gatlan / Bleeping Computer)

Related: Apple, Mashable, Tech Radar, Cyber Press, Malwarebytes

The Senate Judiciary Committee approved a new bill this week, the No Fakes Act, that seeks to prevent unauthorized deepfakes of American artists, performers, and public figures.

The bill, introduced by Sens. Chris Coons (D-DE) and Marsha Blackburn (R-TN), would give Americans near-exclusive rights to their own digital AI replicas, and those rights would live on, passing to heirs, executors and estates for at least 70 years after an individual dies.

While living, creators would be able to essentially license their likeness and image to others, over 10-year contracts for adults and 5 years for minors.

It would also permit individuals to sue anyone who uses their AI-generated image without permission and pay up to $750,000 for violations. Blackburn submitted letters of support for the bill from more than 40 groups, including the Screen Actors Guild – American Federation of Television and Radio Artists, the American Medical Association, Creative Artists Agency, the Broadcasters’ Associations and the Human Artistry Campaign. (Derek B. Johnson / CyberScoop)

Related: MusicRow, IP Watchdog, Net Choice, SAG Aftra, American Medical Association, Deadline, EFF

Accenture announced it will take a majority stake in industrial cybersecurity firm Dragos and fully acquire asset intelligence company runZero and device security specialist NetRise.

While cybersecurity budgets remain focused on IT systems, greater internet connectivity and AI use ​are making factories, power grids ​and other critical infrastructure more ⁠vulnerable to hackers, drawing attention to tools that protect them. The deals, expected to close in August or September pending regulatory approvals, will add companies with a combined annual recurring revenue ​of $208 million to Accenture's offerings. (Anhata Rooprai / Reuters)

Related: Rob Lee on LinkedIn,  TheStreet, Wall Street Journal, The American Bazaar, Accenture. Bloomberg, SecurityWeek, GovInfoSecurity.com, Fortune India, Constellation Research,  CyberScoop, CRN, Blockonomi, Reuters, Finimize. Times of India

Deductive AI, a startup that uses AI to catch and resolve bugs in software, has agreed to be sold to enterprise software company Elastic for up to $85 million, according to a person with knowledge of the deal.

The sale marks a speedy exit for Deductive, which is operating in a fast-growing sector known as AI site reliability engineering (AI SRE). Building AI-powered SRE tools has become an important area, driven by the massive influx of AI-written code.

Replacing manual debugging with AI enables human SREs to shift focus from constantly fixing outages and other problems to spending more time on helping with product development. (Marina Temkin / TechCrunch)

Related: Silicon Angle

Best Thing of the Day: But They're So Supportive...

Signal’s Meredith Whittaker wants you to remember that AI chatbots "are not your friends."

Bonus Best Thing of the Day: Wait Until They Are Cut Off Mid-Conversation

Virgin Media O2 and Vodafone Three have introduced a “kill switch” to disable phones that have been stolen from their stores, after Apple, Samsung and other manufacturers resisted calls for broader anti-theft measures, a capability that will only apply to devices that have not yet been sold.

Worst Thing of the Day: This Isn't Hyperbole in Japan

Softbank Group founder Masayoshi Son said the "greatest crisis for Japan since the arrival of the Black Ships," referring to the heavily armed US warships that penetrated Japan's isolation in the mid-1800s, is cyberattacks powered by artificial intelligence.

Closing Thought