Katie Moussouris, a cybersecurity veteran and researcher who founded Luta Security, said in a blog post that Anthropic recently shared with her a private copy of a paper written by security researchers describing an alleged guardrail bypass in Fable 5. (The Wall Street Journal reports that the paper’s authors are security researchers at Amazon.) Moussouris said that Anthropic reached out to ask for her take on the paper. Moussouris’ blog post described how the researchers triggered the guardrail bypass, but said that the bypass itself “should never have triggered an export control.” The difference is largely between asking an AI model to “review code for security issues” versus asking it to “fix this code.”

The end result is largely the same, even if the questions are posed slightly differently. “The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense,” said Moussouris, who criticized the export control directive as hasty, heavy-handed, and misguided. Moussouris and dozens of other top security researchers and experts have since called on the Trump administration to revoke the export control order, calling the move to pull advanced cybersecurity capabilities from network defenders in the U.S. as “dangerous.”

Past administrations have made sweeping decisions on knowledge gaps. For instance, language used by the U.S. government during the 2010s to fix export law covering cybersecurity tools that could also be used for cyberattacks was so broad that inadvertently, it nearly outlawed legitimate security and vulnerability research. However, the Trump administration’s directive appears retaliatory. Justin Hendrix, the editor of Tech Policy Press, said the Trump administration’s move is “likely to raise alarms in foreign capitals about the reliability of American AI for critical applications.” The message is that AI companies in the United States can’t be trusted to operate without interference from the U.S. government.

The Trump administration hasn’t confirmed why it invoked its export control directive. Did the officials misread the report and freak out? Did Amazon CEO Andy Jassy say something to senior government officials that prompted the reaction, out of caution or spite? Was something lost in translation, or was this a way to pressure Anthropic, with whom the administration already has a fractious relationship? It’s possible that the White House was unaware of the far-reaching consequences of the letter’s demand and officials are scrambling to undo the damage of their own making. To quote Hendrix, “the climate is one of a cloud of suspicion that senior officials are picking favorites based on personal and political factors.” The aftermath is that the government has set a dangerous precedent about how much control it intends to wield over the release of American-made software. This time the government took issue with Anthropic; tomorrow it could be with anyone else.

Nicolas Boichat with his AI/LLM detection bot detected some questionable messages appearing in AUR content. Russian messages were being added post-install to the bashrc / zshrc / Fish configuration, etc containing offensive messaging. Those commits happened on the 14th, after the recent malware fiasco. And then over the past day reporting on dozens of AUR packages having similar Russian messages containing offensive language.

The latest update on that thread indicates more than 70 AUR packages having this Russian spam / offensive messaging. Among those various Python packages, Ruby packages, Llama.cpp, and others. At least the AI/LLM bots are proving helpful here in proactively picking up on some of the AUR abuses until the fundamental situation can be better handled.

Mozilla has released Firefox 152, the latest update to its popular open-source web browser, with updated settings, improved media controls, experimental JPEG XL support, and various platform-specific fixes for desktop and Android. A key update is the redesigned Firefox Settings page, which now features clearer groupings, improved navigation, and a more streamlined structure for easier customization. The release also expands built-in spellchecker support, adding dictionaries for Croatian, English (UK), Georgian, Persian, Slovenian, Tajik, Tamil, Tibetan, Turkish, Welsh, and Xhosa. […] Importantly, Firefox now offers experimental support for JPEG XL, an image format with improved compression over WebP, JPEG, PNG, and GIF. Users can enable JPEG XL in the Firefox Labs panel within Settings.

Venus’ bizarre and extraordinarily slow retrograde rotation on its axis has long puzzled planetary scientists. But in a new paper presented at the recent European Geosciences Union General Assembly in Vienna, the authors argue that their models indicate that a high angle moon-sized, high-velocity impactor likely triggered Venus’s strange 248-day rotation. And it probably happened within the first 50 million years of Venus’ formation. […] The team found that an impactor that is about a tenth of Venus’ mass hitting the planet at a high angle could drastically show the early young planet’s rotation.

Depending on the actual impact parameters, we can slow down a rapidly rotating early Venus to rotation rates that are that are compatible with long-term evolution towards a slow rotating planet, says [Cedric Gillmann, the paper’s lead author and a planetary scientist at ETH Zurich]. Or even in some cases with large energetic impact that happen with a tangential impact that would even put planets early on in already a retrograde but faster rotation, he says. In the simulations, giant impacts expectedly produce surface magma oceans, the paper’s authors note. Their relative depths vary depending on impact properties: from a shallow melt layer in the order of 100km thick to a fully molten mantle, they note. If the surface can radiate heat to space efficiently, the magma ocean cools down quickly, they write.

If Gillmann and colleagues are correct, Venus’ likely impactor also melted some 99 percent of Venus’ mantle. That is, the interior structure that extends between its core and crust. You will get rid of that impact heat pretty efficiently, and after a few hundred million years, you end up seeing an evolution that is very difficult to distinguish from a case where you don’t have an impact, says Gillmann. What role the impact may have played in Venus’ lack of plate tectonics, however, remains open for debate. But it’s known that Venus’ lack of a large-scale carbon recycling mechanism likely led to its current runaway greenhouse.

The US Space Force confirmed the breakup event in a post on space-track.org, a website used by the military to distribute orbit data to the public. “The tracked pieces are being incorporated into routine conjunction assessment to support spaceflight safety,” the Space Force wrote in an advisory. “There are currently no threats to human spaceflight. Analysis is ongoing.” So far, the Space Force has not added any of the debris fragments to the official catalog of human-made space objects.

[…] The bad news is that the Zhuque-2E’s breakup is the latest chapter in China’s growing contribution to the space junk problem. After decades of leaving spent rocket bodies in orbit, launch operators in most countries now reserve enough fuel to steer their upper stages back to Earth for controlled reentries. Rocket bodies attributed to Russia and the former Soviet Union account for the bulk of the launch-related debris in long-lived orbits, followed by China and the United States. But the Russian and American numbers are declining or holding steady, while the mass of Chinese rocket bodies in these long-lived orbits has grown by more than 150 percent in the past five years, according to a new analysis by Space Domain Awareness expert Jim Shell. The increase comes as China ramps up launches of its own megaconstellations designed to compete with SpaceX’s Starlink.

Rocket bodies are the most concerning sources of space debris because they are typically fairly large in size and mass, often with residual propellant and high-pressure gases that can trigger an explosion. There is no way to maneuver or dispose of them if left abandoned in orbit after releasing their payloads. McKnight characterized the recent breakup of the Zhuque-2E rocket as a “slight space safety issue,” but the trend is not good. China’s Long March 6A rocket has an especially bad track record, including two explosions that littered a higher-altitude low-Earth orbit with more than 1,000 debris fragments, where they will remain for decades or centuries. “Three of the top four breakup events in LEO are of Chinese origin, with two of these events being from Chinese (rocket body) explosions in the last four years,” McKnight said.

A group made up of dozens of cybersecurity experts, including several well-known veterans of the industry, published an open letter to the U.S. government asking it to lift the export control order on Anthropic’s Fable and Mythos models. According to the open letter, “this action has taken the best models away from [cybersecurity] defenders” who now can’t use the models to find vulnerabilities and make their software and products more secure. “To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous,” read the letter.

On Friday, the U.S. government ordered Anthropic to limit the export of Fable and Mythos, citing national security concerns, without explaining the specific reasons behind the order, according to Anthropic. In response, the company suspended access to the models to all users worldwide. As of this writing, the letter is signed by 76 cybersecurity experts, including Alex Stamos, former Facebook chief of security; Casey Ellis, the founder bug bounty platform Bugcrowd; Jon Callas, famed cryptographer and former Apple security design and architecture manager; Paul Vixie, computer scientist ; Dino Dai Zovi, the former head of applied security engineering at Block; Katie Moussouris, the founder of Luta Security; and Rachel Tobac, the CEO of the security awareness training firm SocialProof Security.

[…] Anthropic said that the White House export control order may have been based on a report that there was a method to bypass — or jailbreak — Fable to unlock its powerful Mythos-level capabilities. According to Katie Moussouris, one of the signatories of the open letter, the method was demonstrated by Amazon researchers in a paper that is not public but that she has reviewed. But Moussouris said in a blog post that the paper did not actually demonstrate a real jailbreak. Instead, she wrote, the researchers simply asked Fable to fix open source code with public and known vulnerabilities along with “deliberately planted vulnerabilities,” after the model initially refused to “review the code for security issues.”

“The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense,” Moussouris wrote. “Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day.” Moussouris’ critique was echoed in the open letter, which also said that the group of experts believe the model capabilities in the Amazon paper “can be replicated” on OpenAI’s GPT-5.5, on Anthropic’s own publicly available Claude Opus 4.8 and Sonnet, “and even Chinese models like Kimi 2.7.”

Moussouris told TechCrunch that “the bugs used to demonstrate the techniques in the paper can be found using the other models. The method in the paper is a guardrail bypass technique. Other models that lack the Fable guardrails often won’t refuse the straightforward request to look for security bugs, so they don’t need a bypass.” The letter also asked for transparently and fairly enforced regulations created by “a democratic rule-making process” that are based on scientific research done by industry and academic experts, and “used only to the minimal extent necessary to ensure the safety of the American public.”

Despite the public backlash, the Office of Management and Budget (OMB), the government agency that sets guidance for how agencies implement policies in line with the president’s agenda, is not providing any plans for how federal agencies should manage the sunset or continue to implement reporting beyond the timeline of the law. This, current and former workers at OMB and the General Services Administration (GSA) say, signals that the Trump administration is set to take an even more hands-off approach to data center oversight and regulation.

A replacement for the requirements laid out in FDCEA would, in other administrations, have been in the works for months ahead of its expiration. An employee with the GSA, the agency that oversees the government’s IT services and helps to implement the FDCEA, says that the lack of any sort of plan is highly uncommon. The employee spoke to WIRED on the condition of anonymity for fear of retaliation. “Never in the history of data center policies has a policy expired without another one having been painstakingly worked on for three years behind the scenes,” says the GSA employee. “The technology has changed so much it’s not about getting everything right, it’s about doing the best they can and updating to a new policy. They claim they’re going to make sure private companies pay their fare share, but they haven’t explained how they’ll do that.”

[…] There has been a burst of data-center-related legislation introduced in Congress this year, from bills that mandate environmental reviews of data centers to bills designed to protect local moratoriums. However, it appears that none of these bills are designed to address the requirements in FDCEA, nor do they specifically address federally run or leased data centers. […] A search of reginfo.gov, the OMB website that contains reports on the president’s Unified Agenda, also turns up nothing for the FDCEA.

The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multi-factor authentication codes, and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI.

“Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an “emerging Phishing-as-a-Service platform.” Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.

CyberNews points out a Chromium commit that removes support for the “kExtensionManifestV2Disabled” flag, which is referred to as “dead code” seeing as Chrome no longer supports Manifest V2 extensions. This removal acts as the final stop for many Manifest V2-based ad blocker extensions that were still in use today — the flag was effectively a loophole to continue using these extensions.

A Googler on the commit explains: “MV2 extensions are no longer allowed in any supported version of Chrome, and we are removing support for them and the associated functionality. We won’t be able to provide / maintain this functionality indefinitely due to the complexity and tech debt, as well as the security risks it entails (we’ve actually found a number of bugs that are specific to MV2 lately). Of course, other browsers can continue supporting these if they so desire.”

This will also impact other Chromium-based browsers, though the comment notes that “other browsers can continue supporting these if they so desire.” Neowin points out that Microsoft Edge and Opera are likely to follow suit. Chrome 150, set to be released later this month, will remove this flag, while other leftover bits of Manifest V2 will be removed in the v151 release.

A decade ago, AMD added a protection to its high-end CPUs to protect them against cold boot attacks and other types of physical exploits that siphon sensitive data out of the connected memory chips. Short for Transparent Secure Memory Encryption, TSME encrypts the entire contents stored in memory, making the data useless to physical attackers. Over time, AMD added TSME to lower-end processors, including the consumer version of its Ryzen chips, a CPU that costs less than the Pro version. Over the years, users of these lower-end chips have gotten used to the added security. Recently and without warning or notice, this lower-end line of AMD chips suddenly dropped the protection, and did so in a way that was impossible to detect on Windows machines and required a fair amount of technical work when using Linux.

AMD has yet to say why TSME worked on these CPUs, or even to confirm the change. AMD declined to answer questions sent by email other than to say TSME “is a security feature only applied to PRO CPUs as part of AMD PRO Technologies.” The statement is the first known time the chipmaker has explicitly made this restriction public. […] There’s no indication that AMD ever advertised or marketed TSME as being available in consumer CPUs. AMD has long said that a related memory protection, Secure Memory Encryption (SME), is available only in the Pro and Epyc CPU tiers. SME is OS-managed. It uses a single key and allows the OS to selectively encrypt individual memory pages. TSME is firmware-managed. It encrypts all RAM with no OS involvement. When active, it provides protection against physical attacks, including cold boot exploits, DRAM interface snooping, and memory module removal. It activates silently when enabled in the BIOS, making it the more practically useful of the two protections.

The heavily promoted, $499 T1 “Trump Phone” was originally said to be “Made in the USA” and ship in September 2025. Later, that was downgraded to “Assembled in the USA.” Given the Trump Organization’s lack of engineering or supply chain expertise, many assumed the “T1” would just be a private-label phone made by someone else. After a number of delays, the first phones are finally shipping.

iFixit has performed a teardown and concluded that the T1 is a just gold-painted 2024 HTC U24 Pro — a device from a Taiwanese company, probably using mainland China design and supply chains. In collaboration with NBC News, the iFixit team examined both phones using CT scans, side-by-side teardowns, and even reassembled a working T1 using a U24 Pro main board. As for “assembled in the USA,” that

may

be true, in the same sense that your phone’s repairman can “assemble” a phone from a handful of subassemblies sourced from someone else. Or it may have been assembled in Guangdong, China like the other U24 Pros.

iFixit sums it up: “What you have is not an ‘American-Proud Design,’ but a phone designed in China, made in China, with the vast majority of parts sourced from China. I’m failing to find any stirring of American pride within me. I’ve certainly felt it before, so I can confirm that it is absent at this time.”

British Prime Minister Keir Starmer has announced a sweeping ban on social media use for those under 16, joining other countries around the world seeking to protect children online. “It’s a big step for our country,” Starmer said in a recorded video message released Monday. “Social media is making our children unhappy and unsafe, and as a parent, as much as a Prime Minister, I just can’t let that go on anymore,” he added.

The ban will include social platforms like Snapchat, TikTok, YouTube, Instagram, Facebook and X, while there is no intention for messaging services like WhatsApp and Signal to be included, the government said in a release. […] Starmer’s government called Monday’s announcement a “landmark” move, saying the new measures would be brought to Parliament before Christmas, with protections expected to come into force next spring. Beyond the blanket social media ban, the restrictions will also include blocks on functions such as livestreaming and stranger communication with children for under-16s, it added.

Fox has dabbled in streaming over the past few years — finally launching its Fox One competitor last August — but has lacked a serious streaming business with the ability to compete in a space dominated by YouTube, Netflix, Amazon, Disney+, HBO Max, Paramount+ and Peacock. With CNN parent company Warner Bros. Discovery receiving initial US regulatory approval to combine with Paramount, Fox’s purchase of Roku became more urgent. […] The deal is expected to close in the first half of 2027 with the companies forecasting $400 million in savings.

Google CEO Sundar Pichai delivered Stanford University’s 2026 commencement address, but despite leading one of the companies at the center of the AI boom, he spent very little time discussing artificial intelligence. Instead, the speech focused on optimism, working on hard things, and following your interests. The omission is notable given how many graduates are entering a job market being reshaped by AI. While Pichai briefly referenced a “rewiring of technology,” he largely avoided discussing AI’s impact on careers, automation, or the future of work. Was the Google CEO intentionally steering clear of a controversial topic, or was he simply trying to deliver a timeless commencement speech rather than a technology-focused one?

Voters in Switzerland have rejected an unprecedented far-right proposal to cap the country’s population at 10 million in a divisive referendum dubbed “the Swiss Brexit.” Some 54.79% of voters were against the proposal by the Swiss People’s party (SVP) and 45.21% were in favor. Turnout was 58.86%. A different outcome would have obliged the Swiss government to limit the population, currently 9.1 million, to 10 million by 2050, enacting tough restrictions on family reunification, residency permits and asylum if the number had reached 9.5 million before that date.

Under the proposals, if the threshold of 10 million people was exceeded before 2050, the Swiss government would have been obliged to withdraw from the country’s free movement agreement with the EU — ending its access to the bloc’s single market. The SVP, which has the most seats in parliament, has for years fueled anti-immigrant sentiment, especially concerning workers from neighboring EU countries. The party had insisted that a so-called “sustainability initiative” was needed to address the increase in population, which it argued was putting pressure on Swiss infrastructure, housing, social programs, natural resources and way of life.