OpenAI launches GPT-5.6 as AI vendors compete for enterprise users
Federal investigators say DOGE records were deleted, Europe revives voluntary message scanning, Britain plans AI-powered cyber defense system, Chinese and Indian hackers target Pakistani police, AI gateway compromise leads to cryptomining, Ransomware negotiator sentenced to 70 mos., much more

Metacurity is the cybersecurity industry's daily reality check—independent, agenda-free coverage that cuts through vendor hype, social media noise, and recycled talking points to explain what matters and why.
Trusted by thousands of cybersecurity professionals, including many of the industry's most influential security leaders, Metacurity delivers the context, analysis, and perspective that busy readers don't have time to assemble themselves.
If you find value in that work, please consider becoming a paid subscriber. Metacurity remains independent because its readers choose to support it.
A series of announcements from OpenAI, Meta, and Anthropic yesterday highlight both the rapid evolution of frontier AI models and the growing challenges of delivering increasingly powerful AI capabilities at scale.
OpenAI unveiled GPT-5.6, its latest flagship model, positioning it as a major upgrade for coding, reasoning, and agentic workflows. The release is likely to draw close attention from security teams, which increasingly use large language models for vulnerability analysis, malware investigation, threat hunting, code review, and security automation. The launch also raises fresh questions about how organizations will evaluate, govern, and secure increasingly capable AI systems operating within corporate environments.
OpenAI also announced the retirement of Atlas, its standalone AI browser product, as the company shifts users toward more integrated workplace AI tools. The move reflects a growing industry trend toward AI agents that can interact directly with web applications, enterprise data, and business processes. While the browser shutdown itself is largely a product decision, the broader shift toward agentic platforms carries security implications, including credential management, access controls, prompt-injection risks, and governance of autonomous AI actions.
Meta introduced Muse Spark 1.1, an updated AI model designed to support coding, debugging, multimodal analysis, and agent-based workflows. The release expands the field of frontier models available to enterprises and developers and is expected to be evaluated alongside offerings from OpenAI, Anthropic, and Google for software development, operational automation, and AI-assisted analysis.
Anthropic announced that subscribers will begin paying usage-based fees to access Claude Fable 5, making it one of the first frontier AI models to move from flat-rate subscriptions to API-style billing for consumers. The change reflects growing pressure on AI vendors to balance demand for increasingly compute-intensive models against finite infrastructure capacity and highlights the escalating costs associated with deploying the industry's most advanced AI systems. (OpenAI, Ina Fried, Madison Mills / Axios, Harshita Mary Varghese and Katie Paul / Reuters and Maxwell Zeff / Wired)
Related: OpenAI, Forbes, Computerworld, New York Times, Ars Technica, ZDNET, ChannelX, The Rundown AI, Simon Willison's Weblog, The Algorithmic Bridge, Forbes Australia, The Neuron, Gizchina, Cyber Security News, Rohan's Bytes, RuntimeWire, Latent.Space, The Mac Observer, Platformer, The Deep View, CNET, TestingCatalog AI News, Digital Trends, crypto.news, MarkTechPost, PCWorld, CNBC, The Verge, OpenAI, Reuters, TechRadar, Digital Trends, SiliconANGLE, International Business Times, TechCrunch, TestingCatalog AI News, Meta, CNET, Reuters, Spyglass, TestingCatalog AI News, The Verge, Business Standard
Federal investigators said records that could have shown what Department of Government Efficiency personnel accessed at the National Labor Relations Board were deleted before the Government Accountability Office could examine them.
The revelation appears in a footnote to an April 2026 GAO report reviewing DOGE activity at the agency.
The NLRB deleted DOGE user accounts and associated access information in August 2025, shortly after the detailees left the agency. Because those records were gone, GAO investigators said they could not independently verify what systems DOGE personnel accessed or whether staff accounts of their activity were accurate. The report covered only the period after an April 2025 whistleblower complaint alleging that DOGE officials received broad access to sensitive NLRB systems and may have exfiltrated data.
Records-retention experts said the deletions may have violated federal requirements governing systems containing personnel and other sensitive information, particularly because an inspector general investigation was already underway. The missing records leave unresolved whether DOGE accessed or copied sensitive labor, whistleblower, personnel, or investigative data before the period examined by the GAO. (Vittoria Elliott / Wired)
Related: r/technology
The European Parliament has voted to extend legislation allowing tech companies to voluntarily scan users’ private messages for child sexual abuse material, despite a majority of lawmakers voting against the proposal.
The ruling reinstates permissions for firms including Meta, Google, and Microsoft to scan private text, email, and social media messages through a bill nicknamed “Chat Control” by critics. End-to-end encrypted chats, such as those on WhatsApp and Signal, remain exempt.
“It will mean that private companies may deny your right to have confidential digital conversations,” Simeon de Brouwer, policy adviser at the Brussels-based advocacy group European Digital Rights, says. “They could, if they want to, read every message you write, every email you send, every picture you share.”
The European People's Party, the largest political group in the European Parliament, has been battling to bring back tech firms’ legal basis to scan messages since a prior law expired in April. Members say firms’ voluntary detection activities have helped identify and rescue victims of online child sexual abuse, and disallowing them leaves children unprotected. They have been rushing to reinstate the legislation before parliament disperses for its summer break at the end of the month.
“We cannot go to the summer recess knowing that our children are not protected,” party vice-chair Tomas Tobé told lawmakers earlier in the week.
But the implications for privacy mean the legislation has faced fierce opposition from other parties and civil rights activists. The EPP resorted to a procedural maneuver to force fresh votes on this legislation this week after talks collapsed in March. This “urgent procedure” skips preliminary committee debates where amendments would often be introduced and stipulates that the regulation passes unless an absolute majority of 361 MEPs vote against it. (Isabella Ward / Wired)
Related: Athens News, The Register - Security, CyberInsider, Patrick Breyer
Britain’s cyber agency laid out plans for what it called “a national scale, sovereign defense capability” that would use agentic AI systems to discover and fix cybersecurity weaknesses across government networks and critical national infrastructure.
The capability, called Cyber Shield, is designed to counter a threat the National Cyber Security Centre (NCSC) said could see attackers “move at machine speed and greater scale, reducing opportunities for detection and response.”
Adversaries aided by AI, the agency said in a blog post, can already compress reconnaissance and vulnerability discovery from weeks into minutes.
“This has the potential to overwhelm traditional defenses and increase the risk of advantage shifting towards the attacker,” the NCSC said. “Developing viable solutions that scale and execute at the pace we need in the modern era is the remit of the Cyber Shield.”
The agency has separately warned of an AI-driven “patch wave” — a surge of newly discovered vulnerabilities emerging faster than most organizations can fix them — and a recent alert from GCHQ said it was likely both offensive and defensive cyber capabilities would be fundamentally transformed within just months.
At the heart of the plan is a model of paired “red” and “blue” AI agents — the former probing systems for weaknesses, the latter defending them in real time — operating across critical national infrastructure under the control of the organizations that own them.
The NCSC said Cyber Shield will require six core functions, ranging from automated scanning of British networks — which already exists in some form — to fully autonomous fixing of vulnerabilities, which does not. Some of these functions, the agency acknowledged, “present challenges which will need significant progress in research to unlock.” (Alexander Martin / The Record)
Related: NCSC, Digital Shield, Infosecurity Magazine, IT Pro, Circle ID, CSO Online, Computer Weekly, Security Week, FutureScot, Digit, UK Authority, Cointelegraph
Researchers at SentinelOne report that multiple Pakistani law enforcement agencies were targeted in separate hacking campaigns linked to groups associated with China and India.
SentinelOne said it found evidence of multiple hacking campaigns and intrusions carried out by Chinese- and Indian-linked hacking groups between February 2024 and April 2026, most notably against the Balochistan police, which serves Pakistan's southwestern province of the same name.
The report said Chinese interest in the agencies could be linked to the safety of Chinese nationals working in Pakistan, who have been targeted in deadly attacks in recent years. Interest from groups linked to India could be related to tensions between the two countries and Pakistan's broader security posture, it said.
According to SentinelOne, the operations targeting the Balochistan police involved network equipment, web servers and several online applications, including the force's Complaint Management System.
Other targets included the Khyber Pakhtunkhwa police, the Islamabad police and the Punjab Safe Cities Authority (PSCA), an autonomous government agency that operates systems used by the police in major cities in Punjab province. (AJ Vicens / Reuters)
Related: Sentinel One, Hindustan Times

According to researchers at Darktrace, an Amazon EC2 instance running LiteLLM and connected to Amazon Bedrock was compromised and used for cryptomining, specifically Monero.
Darktrace found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock, eventually deploying XMRig cryptomining malware, along with attempts to abuse cloud identities and AI services.
Although the attack ended in cryptomining, researchers said the bigger concern is that AI gateways centralize model access, identities, and cloud privileges, making them valuable targets.
Darktrace said the EC2 instance, named “LiteLLM-Proxy,” appeared to operate as an AI gateway and had an instance profile with access to Amazon Bedrock resources. That role made the host more valuable than a typical compute server because AI gateways can handle authentication, model routing, prompts, logs, policy controls, and cloud permissions. (Shweta Sharma / CSO Online)
Related: Darktrace, Silicon Angle, CSO Online, HackRead
The US Justice Department announced that Angelo John Martino III, former ransomware negotiator for DigitalMint, was sentenced to 70 months in jail for deceiving his employer’s clients and conspiring with ransomware affiliates to extort a combined $75.3 million from five US companies he was entrusted to aid during their moments of extreme crisis.
shared confidential information he gained from his work as a ransomware negotiator, including victim organizations’ negotiating positions and insurance policy limits, to extract the maximum payment for himself and other BlackCat affiliates he colluded with in backchannels.
Five of Martino’s victims hired DigitalMint, which assigned the 41-year-old to conduct ransomware negotiations on their clients’ behalf — a rare position he exploited to play both sides, effectively conducting ransomware negotiations with himself and his co-conspirators.
The five victims, all of which paid a ransom between April 2023 and September 2023, include a nonprofit that paid a nearly $26.8 million ransom, a financial services company that paid nearly $25.7 million, and a hospitality company that paid almost $16.5 million. (Matt Kapko / CyberScoop)
Related: Justice Department, Bleeping Computer
Armenian Karen Serobovich Vardanyan pleaded guilty to targeting five U.S. companies and one private school with Ryuk ransomware attacks, including a business in Oregon that had its data and credentials stolen in 2019, according to court records.
“As part of the scheme, ransom payments were extorted from victim companies in exchange for decryption keys to regain access to their data,” the US Attorney's Office said. “A ransom note was placed on the computer systems demanding ransom payments in Bitcoin, a form of cryptocurrency, and provided an email address that victims could use to communicate with the cybercriminals.”
Officials revealed that a Michigan company paid Vardanyan and his co-conspirators 200 bitcoin, or more than $1.1 million, to recover its network. The group also attacked a Wilsonville company in February 2020 before attacking a Texas school, according to the agency.
Authorities estimate the co-conspirators deployed the ransomware on hundreds of servers and workstations, and received around 1,610 bitcoins — or about $15 million. (Jashayla Pettigrew / KOIN)
Related: Justice Department, Oregon Live
The US Department of Justice is accusing Rossen G. Iossifov, a convicted fraudster and federal inmate, of orchestrating the unauthorized removal of about $290,000 in cryptocurrency that had already been seized and forfeited to the US government, marking a new criminal case tied to assets from his earlier conviction.
Iossifov appeared in federal court in the Eastern District of Kentucky earlier this week on charges of removal of property to prevent seizure, aiding and abetting, and conspiracy to commit money laundering, the DOJ said.
Iossifov allegedly conspired to transfer the crypto in January 2024, nearly three years after his 2021 conviction in the Eastern District of Kentucky.
The DOJ said he transferred the assets through multiple cryptocurrency exchanges and illicit mixing services while serving an 111-month federal prison sentence, allegedly to prevent the U.S. government from taking possession of the funds.
Prosecutors said Iossifov’s 2021 conviction followed his participation in an online auction fraud scheme that laundered nearly $5 million in cryptocurrency over a period of less than three years. That case resulted in a court order to pay $2,642,297.43 in victim restitution alongside the asset forfeiture. (Brian Danga / The Block)
Related: Justice Department, Bloomberg, Crypto Briefing, BeInCrypto
Researchers at Microsoft report that for over eight months, a threat actor dubbed GigaWiper has been using a destructive backdoor and wiper that has multiple system-level sabotage capabilities.
The malware is a sophisticated Go-based backdoor that consists of multiple malware families and robust command-and-control (C&C) capabilities.
According to Microsoft, the malware in GigaWiper was folded into the form of on-demand backdoor commands, allowing the attacker to execute a standalone wiper, a ransomware-like encryption command, and a wiping command that performs multiple erase passes.
“The consolidation of multiple destructive capabilities into a modular backdoor reflects a notable shift in wiper malware, which is typically designed purely to destroy rather than to extort and carry real-world consequences,” Microsoft notes.
First observed in October 2025, GigaWiper contains a wiper that operates at the physical disk level. It enumerates drives using Windows Management Instrumentation (WMI) to identify the Windows partition, removes partition references from non-Windows drives, wipes each drive, and then reboots the system.
GigaWiper appears to have been built by the Crucio ransomware developer, based on the encryption code, but also shows connections to FlockWiper, which emerged in June 2025, sharing an identical wiping function that has been ported to Go. (Ionut Arghire / Security Week)
Related: Microsoft, CSO Online, SC Media, Security Affairs, HackRead, CyberSecurityNews, Cyber Press

Researchers at Wiz report that a “systematic vulnerability pattern” in at least six of the most widely used AI coding assistants can be abused to trick agents into accessing files outside the workspace sandbox, leading to remote code execution on the developer's machine.
Wiz found the security gap, which it named "GhostApproval," and reported it to all six: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.
Amazon, Cursor, and Google deemed the flaw critical or high-severity, fixed it, and either already issued (AWS and Cursor) a CVE tracker or are in the process of getting that done (Google).
Augment and Windsurf acknowledged the Wiz-submitted vulnerability report, but haven’t patched the issue or warned users.
Anthropic eventually added a warning as part of "proactive security hardening based on internal review."
While there’s no indication that attackers in the wild are actively exploiting this vulnerability, it’s still a serious threat to enterprises rushing to deploy code-writing agents in their environments. (Jessica Lyons / The Register)
Related: Wiz, DevOps, Security Week, CSO Online, SC Media, HackRead

Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases.
Application security companies, including Ox Security and StepSecurity, detected the supply-chain attack via version 1.20.21 of the @injectivelabs/sdk-ts npm package.
Injective SDK is a TypeScript/JavaScript software development kit (SDK) for building applications on the Injective blockchain, a Layer-1 blockchain focused on decentralized finance (DeFi), tokenized assets, and decentralized exchanges.
The package has 50,000 weekly downloads on npm and is used by developers building cryptocurrency wallets, trading bots, decentralized exchanges, DeFi applications, and payment tools.
According to the researchers, the attacker compromised a GitHub account belonging to a legitimate project contributor and made the first suspicious commits on June 8, publishing the malicious version of the package shortly afterward. (Bill Toulas / Bleeping Computer)
Related: Ox Security, Step Security, Yellow, Crypto Briefing, Cointelegraph

Microsoft warned that Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase.
Microsoft said advances in AI have significantly accelerated vulnerability discovery, allowing engineers to identify more security issues before they can be exploited in zero-day attacks.
"The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis," Microsoft said.
As part of this approach, the company is using Microsoft Security's multi-model agentic scanning harness (MDASH), an AI-powered vulnerability discovery system previously detailed by Microsoft, which scans critical binaries and validates potential vulnerabilities using multiple AI models.
Microsoft says the system scans critical Windows binaries for vulnerabilities and then validates the findings using multiple AI models. Vulnerability candidates are then passed through a second Windows-specific validation pipeline designed to eliminate false positives before engineers investigate the issues. (Lawrence Abrams / Bleeping Computer)
Related: Microsoft, The Verge, Neowin, Techzine, The Register
Researchers at ThreatLocker report that a malicious Windows installer masquerading as LetsVPN deploys a remote access trojan (RAT) alongside the legitimate VPN software.
The malware, dubbed GoodPersonRAT, grants attackers full control over infected systems and employs multiple stealth techniques to evade detection.
The researchers found that the malicious MSI installs the authentic, signed LetsVPNLatest.exe application after first deploying the malware, making the installation appear legitimate to unsuspecting users.
LetsVPN is a widely used VPN service that helps users bypass China's Great Firewall, making it an attractive lure for threat actors targeting people seeking unrestricted internet access. This is not the first time the VPN has been abused for malware distribution. Last year, Rapid7 reported a separate campaign in which trojanized LetsVPN installers delivered the Winos v4.0 malware through a different multi-stage, memory-resident infection chain.
The malicious package, Kuailian_win-setup.86.msi, contains three embedded files: the legitimate LetsVPN installer, a loader named promecefplugilte8.exe, and an encrypted payload stored as 20260609.dat. The loader decrypts and reflectively loads the final payload directly into memory, leaving little evidence on disk and making the malware more difficult to detect. (Amar Ćemanović / CyberInsider)
Related: ThreatLocker, SC Media

A cyberattack on Greenbaum Rowe Smith & Davis LLP, a New Jersey-based law firm that represents some of the state’s top healthcare systems, may have exposed the data of nearly 13,000 patients.
Greenbaum Rowe Smith & Davis LLP discovered unauthorized access to its systems via a compromised user account in November 2025. Afterward, it “immediately” took steps to secure its systems, according to a notice from the firm.
In addition to resetting passwords and replacing compromised machines, Greenbaum notified law enforcement. It also launched a comprehensive investigation with assistance from cybersecurity experts to determine the cause and scope of the incident.
Completed in April, the probe determined that an unauthorized third party acquired certain information in Greenbaum’s systems between Nov. 25–27, 2025, the notice said. Besides names and addresses, the potentially affected data may have included medical record numbers, medical history, provider details, medical bill costs and health insurance. (Kimberly Redmond / NJBiz)
Related: NJBiz, IDX, New Jersey 101.5, NJ.com
Cybersecurity startup QIZ Security Ltd. today announced it has raised $17 million in seed funding.
Bessemer Venture Partners and Merlin Ventures co-led the round. Evolution Equity Partners, Qbeat Ventures, Singtel Innov8 Pte. Ltd. and Qino Cyber Capital Ltd. also participated. (Duncan Riley / Silicon Angle)
Related: SC Magazine, VC News Daily, RuntimeWire
AI is not a cybersecurity strategy.
Organizations with strong security programs will use AI to move faster. Organizations with weak security programs will use AI to create bigger, faster failures.
That's why I wrote The NIST 2.0 Cybersecurity Framework: Practical Risk Management Using Real-World Incidents. The book moves beyond compliance checklists and theory to show how real organizations succeed—or fail—when security fundamentals break down.

If you're trying to build a resilient security program in the age of AI, this book provides a practical roadmap grounded in actual incidents and operational experience.
Best Thing of the Day: If Raising the Bugaboo of Huawei Won't Work, Nothing Will
Rep. Ro Khanna (D-CA) urged the White House to suspend use of an app recently installed on federal devices over its possible connection to Chinese software made by already-banned Chinese telecom tech provider Huawei.
Worst Thing of the Day: Sue Musk to Smithereens
In March, a girl’s stepfather took his own life after cops discovered that he had used Grok to create 7,000 sexually explicit images using one photo taken when his stepdaughter was 11 years old.
Closing Thought
