Inlay

NEW: Cybercrime group ShinyHunters claimed to have hacked into more than 100 organizations' Oracle PeopleSoft servers, including several universities. The hackers said they stole student data, including home addresses, phone numbers, emails, and dates of birth.

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order "safety" is risky. 1/

"Now, we are collaborating with Google and NVIDIA to run new Apple Intelligence workloads on Google Cloud, extending our industry-leading PCC privacy commitments to third-party data centers for the first time." #WWDC26 security.apple.com/blog/expan...

Alongside the next generation of Apple Intelligence, today we’re expanding Private Cloud Compute (PCC) beyond Apple’s data centers. When Apple introduced Private Cloud Compute in 2024, we defined a new frontier for private AI inference, extending the security and privacy of Apple devices into the cloud for those AI workloads more complex than on-device models can handle. Now, we are collaborating with Google and NVIDIA to run new Apple Intelligence workloads on Google Cloud Platform, extending our industry-leading PCC privacy commitments to third-party data centers for the first time.

Ugh, apparently neither @github.com, nor @fastmail.com, nor @slack.engineering support post-quantum TLS key exchanges, making everything sent and received over these connections vulnerable to harvest-now-decrypt-later attacks, maybe as early as 2029.