Designing AI resistant technical evaluations

Written by Tristan Hume, a lead on Anthropic's performance optimization team. Tristan designed, and redesigned, the take-home test that's helped Anthropic hire dozens of performance engineers.

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)

Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in its unified communications solutions that is being exploited by attackers. The vulnerability stems from improper validation of user-supplied input in HTTP requests, allowing attackers to gain user-level access and potentially elevate privileges to root. Affected products include Cisco Unified Communications Manager, Session Management Edition, IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance. Cisco advises immediate remediation by upgrading to a fixed software release or applying a patch.

GNU InetUtils Security Advisory: remote authentication bypass in telnetd

Old habits die hard: 2025’s most common passwords were as predictable as ever

Old habits die hard: 2025’s most common passwords were as predictable as ever. Data from NordPass and Comparitech reveals that '123456' remains the most popular password, with 25% of the top 1,000 passwords consisting solely of numerals. This trend poses significant security risks, as weak passwords are easily compromised via brute-force or credential stuffing attacks. Users are advised to adopt strong, unique passwords and enable two-factor authentication for enhanced security.

Linux users targeted by crypto thieves via hijacked apps on Snap Store

Cryptocurrency thieves are targeting Linux users by hijacking apps on the Snap Store, turning trusted software packages into crypto-stealing malware. They are taking over expired web domains and associated email servers tied to existing Snap Store publishers to push malicious updates to previously benign packages. Canonical has removed the malicious snaps, but more thorough solutions are required to stem the flood of malicious packages. Users are advised to be especially careful with cryptocurrency wallet snaps and consider obtaining such applications directly from official project sites rather than through any app store.

How to Get Scammed (by DPRK Hackers)

Keylogger targets 200,000+ employees at major US bank

Sansec discovered a keylogger on a major US bank's employee merchandise store, targeting over 200,000 employees. The malware harvests sensitive data, including login credentials and payment card numbers. This breach highlights the importance of securing external sites that handle employee credentials and the need for specialized tools to detect ecommerce-specific attacks.

Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain

In recent weeks, Lumma Stealer infections have followed a specific pattern in follow-up activity. This pattern adds scheduled tasks for the same action, which increases traffic to the same C2 domain. This diary documents an example from one of these infections on January 14, 2026

Firmware scanning time, cost, and where teams run EMBA

Researchers looked at EMBA deployments on a local standalone system and on a Microsoft Azure virtual machine. They focused on execution time, repeatability, cost, and operational characteristics that matter to practitioners who rely on firmware analysis as part of regular securit

Is it time for internet services to adopt identity verification?

This article discusses Australia's new legislation banning social media accounts for those under 16 and explores the broader implications for internet identity verification. It highlights the potential benefits of verified identities in reducing online abuse and harmful content, while also acknowledging the privacy concerns and challenges of implementing such measures.

FTC accuses AI search engine of 'rampant consumer deception'

The company's offerings are allegedly a ploy to lock consumers into recurring charges they don't want, a scheme that ensnared hundreds of thousands of people and that federal regulators are calling "rampant consumer deception."

Microsoft’s Spending on Anthropic AI Is on Pace to Hit $500 Million

How AI image tools can be tricked into making political propaganda

A recent study reveals that AI image tools can be manipulated to generate political propaganda by bypassing safety filters using multilingual prompts. The researchers found that by replacing explicit political names and objects with indirect descriptions and combining them in multilingual prompts, they could bypass the filters. This method was successful in up to 86% of cases on one widely used interface, indicating a significant gap in political safeguards for AI image tools.

Marvell to buy networking equipment firm XConn in $540 million deal amid AI infrastructure push

The transaction amount will include about 60% cash, while the remaining stock portion will be valued at Marvell's 20-day volume-weighted average price. The chipmaker, valued at more than $76.52 billion, will issue around 2.5 million shares under the deal.

Rebranding fail: Microsoft Office is now called Microsoft 365 Copilot

The Microsoft 365 (Office) app is now called the Microsoft 365 Copilot app across web, mobile (iOS, Android), and Windows. The new app name and icon reflects the integration of Copilot within the Microsoft 365 app.

AI security risks are also cultural and developmental

Researchers have found that AI systems embed cultural and developmental assumptions at every stage of their lifecycle. Training data reflects dominant languages, economic conditions, social norms, and historical records. Design choices encode expectations about infrastructure, be

40 million Americans turn to ChatGPT for health care

Schools across the U.S. are rolling out AI-powered surveillance technology, including drones, facial recognition and even bathroom listening devices

The surveillance fostered an atmosphere of distrust: 32% of 14 to 18-year-old students surveyed said they felt like they were always being watched. In focus groups run by the ACLU, students said they felt less comfortable alerting educators to mental health issues and physical ab

Airbus to migrate critical apps to a sovereign Euro cloud

Airbus wants to move key on-premises applications including ERP, manufacturing execution systems, CRM, and product lifecycle management (aircraft designs) to the cloud. The contract – understood to be worth more than €50 million – will be long term (up to ten years), with price p

Microsoft made another Copilot ad where nothing actually works

Microsoft’s holiday ad makes Copilot look like a magical AI sidekick that instantly understands your PC and fixes everything with a festive flourish. In reality, when The Verge tried it out, Copilot mostly got confused, hallucinated buttons, and proved it’s still very much in the

Facebook users were deceived about privacy. It will cost Meta 0.03% of revenue to settle

Meta will pay $50 million in civil penalties and implement reforms to how it oversees third-party applications on the Facebook platform for the next three years.

Micron says memory shortage will ‘persist’ beyond 2026

Supply will remain substantially short of the demand for the foreseeable future.

Should AI access be treated as a civil right across generations?

A new study examines what happens when rising demand for AI collides with limited energy, network capacity, and compute, then proposes a new delivery model to avoid deepening inequality. Even if models keep improving, access to AI outputs will shrink over time unless the underlyi

‘Uniquely evil’: Michigan residents fight against huge data center backed by top tycoons

Residents fear the $7bn center would jack up energy bills, pollute groundwater, and destroy the area’s rural character. The 1.4 gigawatt center would consume as much power as Detroit.

Cisco decides homegrown AI model is fit to power its wares

The model an open-weight, 8-billion-parameter instruction-tuned “Auto-regressive language model that uses an optimized transformer architecture.

OnePlus 15R review: A 165Hz display and big battery for $700

The OnePlus 15R has many of the same strengths as the more expensive OP15, but shaves off $200 off by compromising on cameras.

AMD GPU debugging: Why it’s still so hard and what low-level access reveals

This is a fascinating peek under the covers of a modern graphics card. Ever wonder how to interact with a video card without using something like Vulkan? This post will tell you how.

LLM privacy policies keep getting longer, denser, and nearly impossible to decode

People expect privacy policies to explain what happens to their data. What users get instead is a growing wall of text that feels harder to read each year. In a new study, researchers reviewed privacy policies for LLMs and traced how they changed.