Cybersecurity

Frontier AI Beat: AI security becomes a geopolitical arms race

Microsoft uses AI to link malware groups in RICO case, Ukraine exposes Russian messenger hacking, Nation-state hackers mapped CI for sabotage, DPRK-linked election attacks surge 68-fold, DraftKings hacker 'Snoopy' gets 18 months, ICE surveillance spending hits record high, much more

Source: istolethetv from Hong Kong, China.

Metacurity is the cybersecurity industry's daily reality check—independent, agenda-free coverage that cuts through vendor hype, social media noise, and recycled talking points to explain what matters and why.

Trusted by thousands of cybersecurity professionals, including many of the industry's most influential security leaders, Metacurity delivers the context, analysis, and perspective that busy readers don't have time to assemble themselves.

If you find value in that work, please consider becoming a paid subscriber. Metacurity remains independent because its readers choose to support it.

Upgrade my subscription

Yesterday's most important frontier AI developments suggest the industry is entering a new phase, one where the central question is no longer how quickly models are improving, but who gets access to those capabilities and how effectively they can be protected, copied, or controlled.

The clearest example comes from Anthropic's Mythos model, which, according to reporting by the Associated Press, was able to identify vulnerabilities in classified US government systems during testing with intelligence agencies. While officials emphasized that vulnerability discovery is not the same as exploitation, the exercise reinforced a reality that security leaders are increasingly confronting: advanced AI systems can now accelerate tasks that have traditionally required highly specialized security expertise.

That capability is one reason Mythos has become the focus of an escalating dispute between Anthropic and the Trump administration. As Wired reported, White House officials remain locked in a standoff with the company over restrictions placed on Anthropic's most advanced models, including Mythos and Fable 5. The administration's position reflects growing concern that frontier models capable of advanced software engineering, vulnerability discovery, and autonomous reasoning should be treated less like commercial software and more like sensitive strategic technology.

Bloomberg reported that Anthropic has accused Alibaba of conducting what it described as an industrial-scale effort to access Claude through nearly 25,000 fraudulent accounts and 28.8 million interactions between April and June. According to Anthropic, the objective was to extract some of Claude's most valuable capabilities, including software engineering and agentic reasoning, through a process known as adversarial distillation.

Whether Anthropic's allegations are ultimately proven, the episode highlights a growing reality of the frontier AI market: the most valuable asset may no longer be model weights or infrastructure alone, but the capabilities embodied in the models themselves. If advanced reasoning, coding, and cyber capabilities can be systematically extracted and replicated at a fraction of the original development cost, frontier AI companies face a challenge that looks increasingly similar to intellectual property theft—except at machine speed and potentially global scale.

Anthropic's allegations have already begun influencing policy discussions in Washington. According to Bloomberg, lawmakers are considering measures that would sanction Chinese firms found to be improperly accessing US AI model outputs to train competing systems. Meanwhile, Anthropic, OpenAI, and Google have reportedly begun sharing information about suspected distillation efforts, signaling that model-copying has become significant enough to trigger unprecedented cooperation among direct competitors.

Against that backdrop, Reuters reported that Chinese cybersecurity company 360 Security Technology claims to have developed AI tools capable of matching some of Mythos's cybersecurity capabilities, including vulnerability discovery and defensive security functions. Whether those claims ultimately prove accurate may be less important than what they reveal about the strategic environment. Restrictions on access to frontier models are increasingly creating incentives for competitors to build alternative systems domestically, accelerating what looks increasingly like an AI capability race.

The final piece of the puzzle comes from the commercialization of frontier AI expertise itself. The Wall Street Journal reported that Mirendil, a startup founded by former Anthropic researchers, has raised $200 million to help scientists develop specialized AI systems.

On its face, the story is about scientific research. More broadly, however, it reflects a larger trend: frontier AI knowledge is escaping the confines of a handful of elite labs and becoming accessible to a much wider set of organizations. (Eduardo Baptista / Reuters, Hugo Lowell / Wired, Maggie Eastland / Bloomberg, Ben Finley / Associated Press, Tina Li / Wall Street Journal)

In cooperation with Europol, along with Germany’s Federal Criminal Police Office, the Dutch and Danish National Police, IBM, and Proofpoint, as part of Operation Endgame, Microsoft deployed artificial intelligence to link two separate hacking tools and help take them down, a shift the company says reflects how AI is reshaping both sides of the digital crime landscape.

The company’s Digital Crimes Unit used AI — including its Copilot assistant — to analyze the malware behind Amadey and StealC, two cybercrime tools that share the same digital infrastructure. Instead of manually examining long lines of complex code, investigators were able to ask questions in plain English and establish a relationship between the two tools that might otherwise have stayed hidden.

That connection allowed Microsoft to file a single civil lawsuit under the Racketeer Influenced and Corrupt Organizations Act, or RICO, the US law designed to target organized crime. Treating both tools as part of one conspiracy let the company go after multiple parties at once rather than suing them separately.

That was important because hackers often use the Amadey hacking technologies in coordination with StealC. Amadey helps attackers gain access to devices. StealC is an “infostealer” that collects sensitive data from browsers, cryptocurrency wallets, messaging apps, email clients, and gaming platforms. In the first two weeks of May, the two tools were linked to more than 140,000 infected computers globally, according to Microsoft. (Lorelei Smillie / Bloomberg)

0:00

/1:46

Cyber experts of the Security Service of Ukraine (SBU), jointly with the Federal Bureau of Investigation, exposed Russian special services in systematic cyberattacks on messengers of officials, military personnel, politicians, and activists from Ukraine, Europe, and the USA, the SBU reports.

"The goal of these hacks is to gain access to sensitive information of a military, political, and economic nature exchanged by users, as well as to steal their personal data," the Ukrainian special service stated on its Telegram channel on Thursday.

According to the SBU, Russian hackers use various tools and methods for such cyberattacks.

"For instance, to lure out account passwords, the enemy most often uses SMS mailings on behalf of support teams," the agency specifies.

The SBU explains that such actions are masked as the operation of official bots, and the messages themselves arrive in the morning hours when the user is highly vulnerable due to their physical and emotional state.

Australia’s Security and Intelligence Organization (ASIO) has established dedicated teams to counter nation-state attacks on critical infrastructure, Director General Mike Burgess revealed.

“We discovered nation-state hackers had compromised the network of an Australian critical infrastructure provider,” Burgess said yesterday in remarks accompanying the release of ASIO’s annual threat assessment, a task it performs in its role as Australia’s equivalent to the FBI and MI5.

“ASIO assessed the hackers were preparing for sabotage. They weren’t planting ‘digital dynamite’ as such; they were mapping out the network and maintaining access so they could cripple it at a time of their choosing.”

“In this case, a state-sponsored group didn’t just achieve access to the Australian critical infrastructure provider, it successfully acquired credentials – login details and passwords – for active users of the networks, including the IT professionals guarding it,” he added.

Burgess said ASIO “identified, tracked and attributed the hack, and worked with the victim company and our security partners to remediate the compromise – work which is ongoing.”

“The scale of this activity – led by one nation-state in particular – is difficult to overstate,” he added, before saying Australia is not alone in facing such attacks. “We struggle to find a single country in our region that has not been compromised by this state’s cyber apparatus.” (Simon Sharwood / The Register)

Related: ASIO, The Australian, SBS News, Sky News

The number of cyberattacks on Korea's National Election Commission has surpassed 100,000 cases in the first half of this year alone, marking a historic high. Cyberattacks attributed to North Korea surged from 52 cases last year to 3,543 cases in the first half of this year, a 68-fold increase.

According to the “Central Election Commission Cyberattack Status” report obtained by the office of People Power Party Representative Shin Dong-wook on the 24th, cyberattack attempts on the Commission’s website, servers, and systems totaled 101,179 cases from January to the 18th of this month. The Commission explained that cyberattacks typically increase during election years. However, even compared to 2022, which saw 39,896 cases amid the 20th presidential election and the 8th local elections, and last year’s 47,140 cases during the 21st presidential election, this year’s figures show a notable spike.

By internet protocol (IP) address, the attacks originated most frequently from the United States (17,884 cases), Vietnam (6,084 cases), India (5,719 cases), North Korea (3,543 cases), Türkiye (3,303 cases), and the Philippines (2,668 cases). Last year, the top sources were the United States (15,514 cases), China (4,414 cases), India (3,164 cases), and domestic addresses (1,998 cases). Experts suggest the decline in Chinese IP addresses and rise in Vietnamese ones may reflect hackers switching to alternative IP addresses for attacks.

The Central Election Commission attributed the surge in attacks this year to the widespread use of AI automation tools by hackers, stating, “The increase in attempts does not mean the election system has been compromised.” (Lee Hae-in / The Chosun Daily)

A 21-year-old using the alias "Snoopy" was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack.

In December 2025, the man, Nathan Austad of Minnesota, pleaded guilty to conspiracy to commit computer intrusion, admitting that he and co-conspirators compromised 60,000 DraftKings user accounts.

During the attack, the hackers added payment methods under their control to 1,600 accounts and stole $600,000.

In May 2023, US authorities charged Joseph Garrison for his role in the scheme, accusing him and his co-conspirators of selling access to hacked DraftKings accounts through online marketplaces such as the “Goat Shop.”

In January 2024, prosecutors charged additional suspects for the cyberattack, including Kamerin Stokes ("TheMFNPlug") and Nathan Austad ("Snoopy").

Austad reportedly operated his own shop where he sold access to stolen accounts and also used other platforms for the same purpose.

“AUSTAD directly controlled and profited from his own shop, which was named after the character Snoopy from the Peanuts comic strip,” the US Department of Justice says.

Joseph Garrison received an 18-month imprisonment sentence in January 2024, while Kamerin Stokes received a 30-month sentence in April 2026.

In addition to the prison sentence, Austad received three years of supervised release and was ordered to pay $463,684 in forfeiture and $1,327,061 in restitution. (Bill Toulas / Bleeping Computer)

Austad's shop selling access to victim accounts. Source: DoJ,

A sweeping analysis by immigration rights organization Mijente, legal advocates Just Futures Law, and research group Surveillance Resistance Lab sheds light on the unprecedented growth of the US government’s immigration surveillance arsenal, revealing fresh details about how spending on technology and AI tools to find and track migrants has soared to record levels during Donald Trump’s second term.

The groups analyzed US Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) contracts with 11 companies, the authors said, that provide surveillance tech. They found the money awarded to these firms doubled from 2024 to 2025, to just over $310m – and in 2026, that number soared to a record $513m.

Researchers traced these contracts as far back as 2013, when they hovered under $50m, and found a steady increase over time, with a bigger jump over the last two years.

Their report notes this new growth is primarily driven by huge new contracts for Palantir, a data analytics company that is central to ICE’s enforcement operations, as well as Anduril, a defense company that has built AI-powered surveillance systems, tech-infused border towers, drones, and sensors. (Sanya Mansoor / The Guardian)

Related: NoTechforIce

Researchers at Symantec report that a new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, education, IT, and professional services sectors.

The malware is believed to be linked to KongTuke/Woodgnat, an initial access broker active since at least 2024 that specializes in compromising corporate networks and selling that access to ransomware groups, including Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta.

Symantec says that Mistic has been used in intrusions since April.

In at least one incident, it was deployed shortly after ModeloRAT, a backdoor attributed to KongTuke and delivered via social engineering attacks over Microsoft Teams.

Symantec believes that Mistic is a newly developed, stealthy backdoor designed for long-term persistence in compromised networks. (Bill Toulas / Bleeping Computer)

Researchers at Mandiant revealed new details on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices.

The CVE-2026-20245 vulnerability is a high-severity command injection flaw in Cisco Catalyst SD-WAN Manager (vManage), Controller (vSmart), and Validator (vBond) that allows authenticated attackers to execute arbitrary commands as root by uploading a crafted file.

Cisco said the vulnerability stemmed from insufficient validation of user-supplied input and could be exploited by authenticated attackers with local access to affected devices.

When Cisco disclosed the flaw earlier this month, the company warned that it had been exploited in a limited number of attacks but did not provide any details.

Cisco only stated that successful exploitation allowed attackers to gain root privileges and that some incidents involved unauthorized configuration changes being pushed to edge devices.

Now, Mandiant says that CVE-2026-20245 was exploited as a privilege-escalation vulnerability after attackers had already gained access to targeted SD-WAN devices.

According to the researchers, the intrusion began with unauthorized SD-WAN peering connections observed on a service provider's infrastructure.

Beginning in March 2026, the threat actor established new rogue peer connections and authenticated to affected SD-WAN Manager devices using the vmanage-admin account.

Mandiant believes the rogue peering may have been created by exploiting previously disclosed Cisco SD-WAN authentication bypass zero-days, CVE-2026-20127 and CVE-2026-20182, though the exact method remains unclear.

After gaining access, the attackers changed the default admin account password, logged in to the SD-WAN Manager web interface, and extracted configuration information for edge devices, controllers, and SD-WAN templates. (Lawrence Abrams / Bleeping Computer)

Related: Mandiant, Security Affairs

Researchers at Zscaler report that a malicious Microsoft Edge extension dubbed ‘Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor.

Access to the local system is obtained by leveraging the Chrome Native Messaging protocol that allows browser extensions to interact with native desktop applications, such as a password manager communicating with the extension to fill in web forms.

This allows the browser to launch the native application as a separate process and communicate with it over standard input/output data streams.

An Edgecution compromise begins with the attacker posing as IT support personnel on Microsoft Teams and directing employees to a fraudulent page under the pretense of installing a spam filter update.

Edgecution is deployed by an initial access broker (IAB) connected to the Payouts King ransomware operation.

In recent attacks using tactics previously associated with the IAB, the threat actor directed victims to a fake Microsoft “Outlook Updates Management Console” presenting download buttons for update packs or software verification.

However, the buttons downloaded malicious components, copied scripts to the clipboard, or launched forms requesting Microsoft 365 and Outlook passwords.

The researchers warn that the method used by Edgecution "illustrates the evolving sophistication" of threat actors tied to ransomware operations, and allows them to establish persistence on compromised hosts.

They recommend that organizations strengthen monitoring of browser extensions and enforce strict controls over native messaging host configurations to reduce the risk of compromise. (Bill Toulas / Bleeping Computer)

AI is not a cybersecurity strategy.

Organizations with strong security programs will use AI to move faster. Organizations with weak security programs will use AI to create bigger, faster failures.

That's why I wrote The NIST 2.0 Cybersecurity Framework: Practical Risk Management Using Real-World Incidents. The book moves beyond compliance checklists and theory to show how real organizations succeed—or fail—when security fundamentals break down.

If you're trying to build a resilient security program in the age of AI, this book provides a practical roadmap grounded in actual incidents and operational experience.

Wiley is offering Metacurity readers a 20% discount with code ENG20. Order your copy today, and contact me about bulk orders or customized editions for your organization.

Order the book today!

Longtime security researcher Scott Helme created a website called whynopasskeys.com that names and shames companies that still don’t offer passkeys to users.

Passkeys are now widely considered the gold standard for user security, but are still not offered by one in four major apps and services on the internet, including Instagram, Netflix, and Spotify, according to Helme. (Lorenzo Franceschi-Bicchierai / TechCrunch)

The hackers who stole a large cache of data from Madison Square Garden called a low-level employee and tricked them into letting the hackers into MSG’s systems, according to the hackers and 404 Media’s review of the stolen data.

“Employee vishing on their Microsoft Entra,” a member of the hacking group behind the MSG breach, called ShinyHunters, told 404 Media when asked to explain how the group got in. Microsoft Entra is Microsoft’s identity management product, similar to Okta, which lets employees log into whatever tools or services they need to at work.

Last week, 404 Media reported hackers had uploaded data stolen from MSG. A sample 404 Media reviewed at the time included files mentioning Knicks-related personalities, with fields such as “address,” “claim to fame,” and “cost of talent.” In some cases, the data included a risk score for certain celebrities, with actor, director, and Knicks fan Ben Stiller described as “Low Risk” and rapper Boogie with da Hoodie marked “High Risk.” (Joseph Cox / 404 Media)

Security researcher Eaton Zveare revealed vulnerabilities they found in two very different Johnson & Johnson web apps.

The first flaw affected a campus recruiting application, where Eaton was able to bypass the Microsoft Authentication Library (MSAL) login flow by modifying client-side code. Because backend APIs were authenticated using a hardcoded AWS API key instead of the user's Microsoft token, Zveare gained access to recruiter functions, including applicant records, interview notes, and ratings for nearly 1,000 students. Johnson & Johnson later replaced the API-key authentication with bearer-token validation.

The second vulnerability involved the company's internal Audit Tracking Management System (ATMS), used across roughly 20 Johnson & Johnson business units. found that unauthenticated APIs exposed information on approximately 13,600 employees, enabling him to spoof an administrator's identity, obtain a valid session, and gain administrative access to the application. He said he intentionally avoided viewing confidential audit documents and internal meeting records after confirming the extent of the exposure.

Zveare said they reported both issues in October 2025. The recruiting application was fixed within weeks, but the ATMS vulnerability remained unresolved for roughly six months despite repeated follow-ups. He says the issue was remediated only after a journalist contacted the company's media relations team in April 2026. (Eaton Works)

Related: r/webdev

Best Thing of the Day: Time for the LLMs to Pay Up

Publishers that collectively own and operate nearly 400 newspapers are suing OpenAI Inc. and Microsoft Corp. for scraping their content to build products like ChatGPT and Microsoft Copilot without permission or compensation.

Bonus Best Thing of the Day: More Privacy Is Always Good

Google is rolling out new privacy controls for Search services and Google Play, giving users more control over saved history and personalized recommendations.

Extra Bonus Best Thing of the Day: The Heydey of Cybercrime Fora May Be Over

The BreachForums clone at breached[.hn] was listed for sale for $3k USD, but has dropped its price to $ 1,500 USD and still couldn’t seem to sell it,

Worst Thing of the Day: Can't Swing a Dead Cat Without Hitting a Scam

Most Americans are inundated with scam attempts on a daily basis, and about 3 in 10 have personally lost money or personal information to scams, according to a new AP-NORC survey.