Moonshot's Kimi K3 raises stakes in battle over AI vulnerability-hunting models

DHS seizes 30K SIM cards in anti-fraud crackdown, Coca-Cola's Fairlife ransomware attack disrupts US production, US charges pair in $43m cyber scam laundering ring, Police use Flock cameras to search for people, Italian telecom fined €1.7mover data breaches, much more

Share
Moonshot's Kimi K3 raises stakes in battle over AI vulnerability-hunting models
Screeenshot of the KIMI chatbot. Source: Metacurity.

Metacurity is the cybersecurity industry's daily reality check—an independent briefing that cuts through vendor spin, social media outrage, and endless recycled narratives to explain what actually matters and why.

Every weekday, thousands of cybersecurity professionals—including many of the industry's most respected security leaders—rely on Metacurity to separate signal from noise. We do the reading, research, and analysis so you don't have to.

If Metacurity helps you stay informed, save time, or see the bigger picture, please consider becoming a paid subscriber. Reader support is what keeps Metacurity independent, agenda-free, and focused on serving the cybersecurity community—not advertisers, vendors, or investors.

A series of reports yesterday suggests that advanced AI cyber capabilities are becoming a strategic concern for governments, technology companies, and security teams alike.

The discussion intensified following the release of Moonshot's Kimi K3 model, which the Chinese startup says rivals leading systems from OpenAI and Anthropic. The launch came as Chinese President Xi Jinping used the World AI Conference in Shanghai to promote international cooperation on AI while emphasizing that increasingly powerful models must remain controllable and secure.

According to Bloomberg, Chinese officials have recently discussed with companies including Alibaba how to address risks posed by advanced AI systems, with restrictions on foreign access reportedly among the options considered.

The discussions mirror concerns in Washington, where advanced AI cyber capabilities have increasingly become a national security issue.

Google DeepMind CEO Demis Hassabis proposed creating an international organization to conduct independent testing of frontier AI models before release. Hassabis said concerns surrounding Anthropic's Mythos model helped motivate the proposal, describing the technology as a "warning shot" for society.

The proposal comes as governments wrestle with how to handle AI systems capable of identifying software vulnerabilities and potentially assisting with exploit development.

At the same time, vendors are moving quickly to commercialize those capabilities. According to The Information, Microsoft is preparing a security product known as Project Perception that would use models from Microsoft, OpenAI, and Anthropic to identify software vulnerabilities and automatically generate fixes. The company reportedly hopes to provide a lower-cost alternative to Anthropic's Mythos.

The debate over access to advanced models is also becoming more public. CNBC reported that Microsoft CEO Satya Nadella criticized Anthropic's restrictions on access to its Fable model, highlighting growing industry disagreement over whether frontier cyber-capable systems should be tightly controlled or broadly available.

Governments outside the US and China are taking notice as well. South Korea is developing its own security-focused AI model intended to identify software vulnerabilities, with officials citing the need for sovereign capabilities rather than reliance on foreign providers.

Meanwhile, Google announced that its Gemini Notebook product will gain access to a secure cloud-based code execution environment. While not designed specifically for cybersecurity, the move reflects a broader shift toward AI systems that can analyze information, execute code, and perform increasingly sophisticated technical tasks. (Jeanny Yu and Sunny Bangia / Bloomberg, Bloomberg News, Shirin Ghaffary / Bloomberg, Aaron Holmes / The Information, Simon Sharwood / The Register, Jordan Novet / CNBC, Josh Woodward / Google Labs)

Related:  Kimi, CNET, GSMArena.comEngadgetNeowinAndroid AuthorityThe Verge, The DecoderThurrottForbes9to5Google, TechCrunch, TechCrunch, The American Bazaar, CNBC, Reuters, Fortune, Digital TrendsComputerworld, The Indian Express, Fortune, Wall Street Journal, TechCrunch, The American Bazaar, Reuters

US Homeland Security Investigations recently seized more than 30,000 mobile phone SIM cards from sites around the country, in an operation that the agency says dismantled infrastructure criminals used in widespread telephone fraud.

Over several weeks in June and July, agents confiscated the devices from so-called SIM farms, which fraudsters use to place mass calls and send text messages meant to dupe people into sharing their personal information, HSI officials said.

Criminals use SIM farms to route large volumes of calls and texts over the internet while disguising their true origin. A SIM card, short for subscriber identity module, is a removable microchip that helps connect a device to a cellular network. The people running and profiting from these frauds are often overseas, which can make it difficult for US authorities to arrest them.

The seizures are part of a broader HSI investigation, dubbed “Operation Signal Break,” that’s meant to combat these phone scams, according to the agency, which is part of the Department of Homeland Security. Since 2024, investigators have seized more than 500,000 SIM cards from farms in 15 states, along with more than $700,000 of illicit profit, the agency said. Agents working the operation have made 11 arrests for violation of immigration laws, and one man is facing criminal charges, according to HSI.

The HSI operation aims to hinder fraudsters by breaking down their tools and systems, Kimberly Long, acting deputy assistant director for the Department of Homeland Security’s Cyber Crimes Center, said.

“It forces the criminals to rebuild their infrastructure,” Long said. “They have to spend more, and then it slows down their operation.” (Lorelei Smillie / Bloomberg)

In an SEC filing, Coca-Cola said it had temporarily suspended production operations of its Fairlife milk in the US after an unauthorized third party gained access to some of its systems.

The cyberattack was connected to a ransomware event, Coca-Cola said in a statement Thursday afternoon. Coca-Cola said the third party had gained access to some of its production-related systems in the US, but that product quality and safety were not affected.

“The full scope, nature and impacts of the incident are not yet known,” the company said in the statement. Coca-Cola said it had notified law enforcement and was working with outside advisers and cybersecurity experts.

The attack did not impact Fairlife’s Canadian production operations, the company said. (Kristina Peterson / Bloomberg)

Related: SEC, Atlanta Journal-Constitution, TechCrunch, WTOC, Dairy News, Bleeping Computer, PCMag, The Eastern Herald, The Register, Security Week, Cyber Daily, FoodBev Media, Engadget, HelpNetSecurity, Atlanta News First, Reuters

US prosecutors charged a New York man and woman for their roles in a large-scale crime ring that laundered money stolen in cyber investment fraud scams.

27-year-old Zhuoying Chen and 38-year-old Haojie Zhang allegedly managed a network of over a dozen people based in Queens and Brooklyn between 2020 and 2022.

Chen and Zhang allegedly transferred at least $43 million in proceeds from investment scams laundered to bank accounts in China by the criminal network using 140 bank accounts under roughly 45 shell companies, according to an unsealed indictment.

The underlying schemes involved criminals contacting potential targets via social media or messaging services to build trust and persuade them to invest in fraudulent opportunities. Victims were then shown fake profiles with profits to encourage further investment before additional funds invested in the scheme were stolen.

If found guilty of conspiracy to commit money laundering, Chen and Zhang face a maximum sentence of 20 years in prison. (Sergiu Gatlan / Bleeping Computer)

Related: Justice Department, Northwest Asian Weekly, The Cyber Express

Police departments around the country have used Flock cameras at least hundreds of times to search for specific people, not cars, using searches such as “heavy-set male with a black and white hat,” “person on skateboard,” and “person wearing orange vest and construction hat,” according to data reviewed by 404 Media.

Sometimes searches reference a target’s race or signs of their political affiliation.

The searches highlight that while most people associate Flock cameras with scanning license plates and tracking vehicles, some of the cameras are also capable of following the movements of particular people or groups of people. Flock’s nationwide network of cameras lets police officers in one state search for a vehicle across many other states at once; the people searches do a similar thing, typically on a smaller scale, sometimes querying many hundreds of cameras at once.

These are called “FreeForm” searches, and allow cops to use Flock’s system as though they would use a search engine, with Flock’s AI and image recognition interpreting what footage and which people are relevant to a police officer’s search. (Joseph Cox / 404 Media)

Related: PSU.edu, r/technology

Italy's data protection authority has fined telecoms operator WINDTRE €1.7 million ($1.94 million) for "serious ​shortcomings" in its data security systems, leading ‌to two unauthorized breaches and the exposure of personal information belonging to more than 365,000 customers.

The ​investigation was prompted by the CK Hutchison-owned company's notification of the breaches in ⁠February 2025.

It revealed that hackers posed ​as support technicians to gain access to corporate ​systems through employees at two retail points, the authority said in a statement.

The compromised data included personal ​and contact details of customers, with sensitive ​payment information, such as bank account details, partially obscured credit ‌card ⁠numbers, and expiration dates, affecting 41,359 of them.

The regulator found that WINDTRE had failed to manage access credentials and digital ​certificates adequately. (Gianluca Semeraro / Reuters)

Related: Databreaches.net, ANSA

Researchers at Cisco Talos report that a financially motivated Russian threat actor tracked as UAT-11795 is using trojanized software to steal credentials and cryptocurrency by deploying a new backdoor called Starland RAT.

Attacks have been occurring since at least June 2025 and have focused on users in the US, although victims in Germany, Romania, and Venezuela have been observed as well.

According to researchers at Cisco Talos, the threat actor distributes the payload via trojanized installers for legitimate software such as MobaXterm, WebEx, Zoom, DBeaver, and FaceIT.

Although the researchers could not confirm the infection vector, they speculate that the malicious files are likely pushed using the ClickFix method.

Talos also discovered that UAT-11795 uses a previously undocumented PowerShell C2 framework called WLDR, which uses encrypted (PBKDF2-SHA256) beaconing and communications, operates entirely in memory, and binds payload delivery to each victim’s hardware identifier.

To defend against UAT-11795 attacks, organizations should use the indicators of compromise IoCs in the Cisco Talos report. (Bill Toulas / Bleeping Computer)

Related: Cisco Talos

Overview of the UAT-11795 attack chain. Source: Cisco Talos

Nightmare Eclipse, the disgruntled security researcher who has been dropping zero-day exploits targeting Microsoft products, released another unpatched Windows vulnerability this week, right on the July 2026 Patch Tuesday.

The fresh exploit, named LegacyHive, is a local privilege escalation bug in the Windows User Profile Service that allows an attacker to load other users’ hives, including those of administrators.

Also known as Chaotic Eclipse, Nightmare Eclipse released proof-of-concept (PoC) exploit code that works on systems running Microsoft’s July 2026 patches.

“The PoC requires another standard user credentials and a third username (which can be an administrator account), if the PoC is successful, it will end up mounting the target user hive in current user classes root,” the researcher explains.

Unlike previously dropped zero-day exploits from Nightmare Eclipse, LegacyHive was released with a stripped PoC to prevent the security defect’s in-the-wild exploitation.

According to the researcher, the exploit originally did not require user credentials and allowed any hive to be loaded, not just the usrclass.dat hive. That is still possible, the researcher says, but would require some work. (Ionut Arghire / Security Week)

Related: GitHub, Bleeping Computer, r/cybersecurity, The Register, Security Affairs, TechRadar

Researchers at Group-IB say that a new macOS malware they call ClickLock Stealer leverages social engineering and process killing to bypass the operating system’s protections and obtain valuable information from victims. 

Group-IB came across ClickLock Stealer in early June, and the malware appears to have been around since at least late May. Researchers say it has targeted at least 100 users across 33 countries, more than half in Europe.

The stealer is designed to collect various types of data from compromised systems, including web browsers, cryptocurrency wallets and wallet extensions, and password manager extensions. It can also harvest blockchain addresses from six chains and target the macOS Keychain, FTP credentials, and shell history. The stolen data is added to an archive file and exfiltrated to a Telegram bot.

While Group-IB researchers could not definitively determine how ClickLock Stealer is distributed, they believe threat actors may have used SEO poisoning, social media posts, or compromised websites to lure victims to a ClickFix attack page disguised as a Cloudflare verification.

Users who land on this page are instructed to copy a bash command, paste it into macOS’s Terminal, and execute it. Once the command is run, an orchestrator script file is downloaded and executed, which in turn fetches four other scripts representing a credential stealer, a cryptocurrency stealer, a Keychain stealer, and a backdoor installer.

The backdoor remains on the compromised machine, but the other scripts are removed once they have harvested the targeted data and sent it back to the attacker. (Eduard Kovacs / Security Week)

Related: Group-IB, Bleeping Computer, The Register, Infosecurity Magazine

Fake Cloudflare progress bar on the Terminal. Source: Group-IB

Federal agents arrested a South Florida man, Zyaire Dontaevious Zamarion Wilkins, accusing him of participating in a video game malware conspiracy in which dozens of unsuspecting victims lost six figures worth of cryptocurrency after downloading infected games.

Investigators say Wilkins financed and procured the malware and then helped market the infected games, which were distributed on a “popular digital distribution software company.”

That company is not directly named in the complaint, but information contained within strongly suggests that it was the platform Steam, one of the largest of its kind.

Games identified in the complaint ― including BlockBlasters, Dashverse, Lunara and PirateFi ― were named in a plea for victim information in a “Steam malware investigation” by agents in the FBI’s Seattle office. The case against Wilkins and others involved is being prosecuted in Seattle federal court, and Steam’s parent company, Valve Corporation, is based in nearby Bellevue, Washington.

Agents said in the scheme, Wilkins and others “gained unauthorized access to approximately 80 cryptocurrency wallets and stole cryptocurrencies worth at least $220,000″ from May 2024 to this February by “launch(ing) eight games embedded with malware and infect(ing) the devices of approximately 8,000 individual customers.” (Chris Gothner / Local10.com)

Related: Dangerous Minds, Crypto Briefing

New reports suggest that Arion Kurtaj, the teenage hacker who leaked dozens of Grand Theft Auto 6 videos in 2022, has been released from a secure hospital and transferred to a standard prison in the UK.

Kurtaj famously hacked Rockstar Games and accessed Grand Theft Auto 6's confidential files while awaiting trial for his other cybercrime offenses.

In September 2022, Arion Kurtaj, a key member of the hacker group Lapsus$, was awaiting trial for previous cybercrimes in a protected hotel room. Since his laptop and phone were confiscated, he bought an Amazon Fire Stick and used his hotel room's TV to access a virtual server and breach Rockstar Games. He was found guilty in 2023, but psychiatrists determined that the teenage GTA 6 hacker was unfit to stand trial due to severe autism, so he was ordered to remain in a secure hospital indefinitely.

According to BBC's Joey Tidy, Arion Kurtaj is no longer being held in a secure hospital and has been transferred to a normal prison. Ironically, he is set to face trial in November, the same month GTA 6 will be released. (Mohsen Baqery / GameRant)

Related: IGN, ghacks, RockStarIntel, GamingBible, PC Gamer, Games.gg, Polygon

Russian military intelligence hackers have begun using fake CAPTCHA prompts on compromised websites to trick Ukrainian targets into infecting their own computers, researchers have found.

In a report, Ukraine's computer emergency response team (CERT-UA) said it observed a shift this spring and summer in how the Kremlin-backed hacking group Sandworm gains initial access to the systems of Ukrainian targets.

The agency said the group has increasingly adopted a version of the social engineering technique known as ClickFix. In this case, victims are directed to compromised websites displaying a fake CAPTCHA security check designed to distinguish humans from computers.

Rather than verifying they are human, users are instructed to copy and paste a PowerShell command into their Windows computers. The command downloads malware that allows hackers to maintain access to the computer and deploy additional malicious tools later.

The initial malware, dubbed GhettoVibe, can be followed by a reconnaissance tool called ScoutCurl, which collects information about the infected computer, including system details, installed software, files, and browser data, to help attackers determine whether the target is worth further compromising. Researchers also observed two malware loaders: FluidLeech, disguised as antivirus removal software, and LoadLoop.

CERT-UA said it observed the ClickFix technique on more than 10 compromised websites during June and July. The agency did not report the number of compromised devices.

Despite its shift toward ClickFix attacks, Sandworm continues to rely on familiar social engineering methods as well. The agency warned that the group targets Android devices with malware disguised as security applications and distributed through messaging apps.

Once installed, the malware can secretly collect contacts, files, device information, and real-time location data. (Daryna Antoniuk / The Record)

Related: CERT-UA, SC Media, Techzine

The report, required by the FAA Reauthorization Act of 2024, examines whether TSA and the Federal Aviation Administration are fulfilling their cybersecurity responsibilities.

“Aircraft depend on avionics and ground systems to get from one place to the next safely. The growing interconnectivity of these aviation systems to support flight operations has increased their exposure to cyber-based threats. As a result, cybersecurity remains a fundamental consideration for FAA and TSA leadership in the aviation subsector,” GAO noted.

“FAA has taken steps to define its roles and responsibilities for aviation cybersecurity, to include overseeing avionics and managing ground systems in the NAS [national airspace system],” it said.

“However, TSA’s Cybersecurity Roadmap does not describe the agency’s cybersecurity-related roles and responsibilities for overseeing airport and aircraft operator security programs or identify the TSA entities responsible for implementing the goals and objectives it outlines. Without clearly defined roles and responsibilities, TSA may be challenged in holding relevant entities accountable or enabling continuous improvements to its related efforts,” it said. (Tom Leithauser / Vital Law)

Related: GAO

A total of eight cyber personnel have served in a program that began in 2022 to rotate workers between federal agencies to bolster the workforce, according to the US Government Accountability Office.

Over the life of the Federal Rotational Cyber Workforce program that effectively went away last year, 13 agencies offered 106 positions and received 634 applications.

Eight workers won approval to participate.

The goal of the Office of Personnel Management-led program, established by bipartisan legislation, was that “participating employees develop knowledge and skills that they can bring back to their home agencies,” as the GAO noted.

A couple of major factors account for the low participation, the study found. One was the sharp decline in eligible advertised positions: 75 in 2023, 31 in 2024 and none in 2025 or 2026. (Tim Starks / CyberScoop)

Related: GAO

New research from Cato Networks shows how much power can come from a harness, or bespoke platforms that organizations create to leverage LLM models into their own unique tools.

Cato paired OpenAI’s ChatGPT 5.5 and GPT 5.5-Cyber models with its own tool and tested the abilities of the agent to hack into a victim network with as little human direction as possible.

Across six different scenarios, the pairing achieved complete end-to-end attack chains, including domain administrator privileges and Active Directory access, sometimes in as little as 40 minutes.

Critically, the most successful scenarios happened when the model was given appropriate operational context from the technical harness developed by Cato Networks. (Derek B. Johnson / CyberScoop)

Related: CATO Networks, Infosecurity Magazine, Digit

An illustration of an agentic AI attack chain and lateral movement within victim networks. Source: Cato Networks.

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform.

These two critical-severity security flaws (tracked as CVE-2026-39808 and CVE-2026-25089) were addressed by Fortinet on April 14 and June 9, respectively.

As the company detailed in security advisories issued at the time, successful exploitation allows unauthenticated threat actors to execute unauthorized code remotely through low-complexity command injection attacks that require no user interaction.

To resolve these issues and block incoming attacks, admins must upgrade all affected deployments to the latest released versions.

While Fortinet has yet to tag these two vulnerabilities as used in attacks, and has not yet replied to BleepingComputer's emails regarding in-the-wild exploitation, threat intelligence company Defused revealed on June 16 that attackers had started abusing them in the wild. (Sergiu Gatlan / Bleeping Computer)

Related: CISA

1Password launched a new Claude integration for Mac users designed to let Anthropic’s AI agent sign in to websites without seeing a user's password or two-factor authentication code.

According to 1Password, approved credentials are delivered through a secure channel and injected directly into the destination page. The password, one-time code, and other secrets never enter Claude’s context, memory, or Anthropic’s systems. (Zac Hall / 9to5Mac)

Related: 1Password1, EngadgetCNETThe VergeIncZDNETTom's GuideWall Street JournalThe Deep ViewFinancial PostThurrottWeRSMiPhone in CanadaSiliconANGLE, MacRumors

Source: 1Password.

Best Thing of the Day: Trump Admits Russia Interfered in the 2020 Election to Help Him

A document released by Donald Trump provides proof that the Russian government sought to assist Trump in his 2020 reelection bid against Joe Biden.

Bonus Best Thing of the Day: Taking Aim at Face-Swap Apps

The San Francisco City Attorney’s Office sent tech giants cease-and-desist letters telling them to stop profiting from 13 nudify “face-swap” apps that are overwhelmingly used to target women and girls.

Worst Thing of the Day: Calling All AI Auditors

Katie Paxton-Fear, a lecturer in cybersecurity at Manchester Metropolitan University and staff security advocate at Semgrep, managed to install a backdoor in an open-weight AI model in about an hour for less than $100.

Bonus Worst Thing of the Day: I Got Rejected by Columbia, But Hackers Stole My Data Anyway

Columbia University says that the data from unaffiliated prospective students, including their Social Security numbers, was also stolen in a ransomware attack last summer.

Closing Thought

Read more