|
|
|
|
|
PHOTO: PRAKASH SINGH/BLOOMBERG
|
|
|
|
|
Anthropic said it is softening its core safety policy to stay competitive with other AI labs. Anthropic previously paused development work on its model if it could be classified as dangerous, but said it would end that practice if a comparable or superior model was released by a competitor. (WSJ)
|
|
|
-
Anthropic is also locked in a battle with the Defense Department over how its Claude tools are used after it told the Pentagon they couldn’t be used for domestic surveillance or autonomous lethal activities.
-
The company has until Friday to relax its usage policies. If it doesn’t, it could lose its Pentagon contract or face other consequences, Defense Secretary Pete Hegseth told Anthropic Chief Executive Dario Amodei on Tuesday.
|
|
|
An Amazon logistics unit in Italy must stop using employees' personal data, such as information on medical conditions, marriage breakups and union activities, the country's privacy regulator said. Amazon must also stop processing data from video footage from cameras near break areas and restrooms. (Reuters)
|
|
|
Reddit was fined $19.5 million in the U.K. for poor protection of children's information, the Information Commissioner’s Office said. The U.K. privacy watchdog also said the social network's age-verification measure, which depends on a user declaring to be over 13 years old, is easy to get around. Reddit plans to appeal. (Associated Press)
|
|
|
Wynn Resorts said it is investigating a breach of employee data. Hacking group ShinyHunters last week said in a post online that it had 800,000 records stolen from the casino company and threatened to leak the material. (Bleeping Computer)
-
The post has since been removed. Wynn didn't say whether it paid a ransom.
|
|
|
|
|
34 minutes
|
|
Average time it took a cybercriminal to move laterally in a network after initially compromising it last year, according to new research from ReliaQuest. That's down from an average of 48 minutes in 2024. The cloud-security company analyzed customer incidents during 2025.
The fastest breakout time last year was 4 minutes.
|
|
|
|
|
|
|
From Dow Jones Risk Journal
|
|
|
|
|
|
PHOTO: DADO RUVIC/REUTERS
|
|
|
|
|
U.S. sanctions a Russian seller of exploits under a never-used law. The Treasury Department on Tuesday announced sanctions against Sergey Sergeyevich Zelenyuk, whose company Operation Zero allegedly sold stolen cyber tools created for the U.S. government and certain allies. The move was the first under the Protecting American Intellectual Property Act, signed into law in 2023. Read more from Risk Journal.
|
|
|
-
In a related action, Australian national Peter Williams was sentenced Tuesday to 87 months in prison after pleading guilty in October to two counts of theft of trade secrets.
-
From 2022 to 2025, Williams stole eight zero-day exploits from his then-employer, U.S. defense contractor L3Harris. He sold the exploits to Operation Zero for $1.3 million in cryptocurrency.
|
|
|
|
Analysis: Russian cyber threat to critical infrastructure
|
|
|
There are signs that Russia is becoming more ambitious in its targeting of industrial controls systems in critical infrastructure. The recent cyberattack on Poland’s energy systems was unusually wide-reaching, targeting over 30 sites in a coordinated attack.
-
The incident was also notable for going after distributed energy resources, which are smaller energy facilities closer to where electricity is used, rather than central power plants. Read more from Risk Journal.
|
|
|
|
|
|
|
|
|
|
|
|
