MiniMax Drops State-of-the-Art AI Agent Model—Then Quietly Changes the LicenseTop open-weight model shipped, license tightened commercially.
Articledecrypt.co3h88
88B
MiniMax’s new M2.7 open-weights agent model competes with top closed systems, but it moved from MIT-like openness to requiring written permission for commercial hosting.
M2.7 scores near top closed models on coding and knowledge-work benchmarks.
Weights are released on Hugging Face, but commercial use now requires permission.
MiniMax claims “bad-faith hosting” degraded outputs harmed reputation and users.
Anthropic's Mythos Preview: Why the Human Layer Matters More, Not LessAutonomous exploit chaining improves; defensive coalition prepares.
BlogKnowBe42h82
82B
Anthropic’s Mythos claims big jumps in autonomous exploit chaining, and Glasswing aims to use that capability defensively—though skeptics want evidence on false positives and safeguards.
Mythos reportedly chains exploits autonomously with a 72.4% success rate.
The novelty is not discovery, but end-to-end exploit writing at scale.
Project Glasswing coordinates major vendors for defensive patching.
US Navy should rely on allies to boost maritime industrial base, report saysUS shipbuilding lags; allies should scale capacity.
ArticleDefense News1h82
82B
A new maritime strategy report says the US Navy’s shipbuilding plan is failing and should lean on allies’ shipyards, ports, and labor to rebuild capacity.
Report frames US maritime industrial “atrophy” as a capacity problem.
It recommends shifting to simpler hulls and redesigning the design process.
A key proposal is using allied yards, ports, and allied labor inflows.
Phantom in the vault: Obsidian abused to deliver PhantomPulse RATObsidian plugins trigger stealth malware via blockchain C2.
ArticleElastic Security Labs21m79
79B
Attackers trick finance/crypto targets into opening a shared Obsidian vault, then abuse legit plugin triggers to execute a blockchain-rotated Windows/macOS payload.
Obsidian Shell Commands executes attacker JSON-defined commands on vault open
Shell Commands sync boundary requires victim enabling community plugin sync
Windows loaders reflectively execute in-memory with multi-stage obfuscation and injection
This May Be Our Best Look At Ukraine’s Secretive New Surface-To-Air MissileUkraine’s Koral SAM debut suggests anti-ballistic gains.
Articletwz.com2h79
79B
Ukraine’s apparent Koral long-range SAM finally surfaced publicly, hinting at an anti-ballistic, lower-cost alternative to scarce Patriot-like interceptors.
Koral’s public appearance likely reflects real hardware, not only mockups
Reported shift from 30–50 km toward ~100 km changes the engagement envelope
Claims of ballistic-target capability point to an ABM-like layer over cities
How red states are killing collegeStates are replacing university governance with compliance control.
Articleunherd.com1h78
78B
Red-state reforms are shifting universities from faculty governance to state compliance, using reporting, audits, and withheld funds to police campus ideology.
Ohio bans DEI functions yet leaves “controversial” terms undefined
Student reporting turns classrooms into surveillance, incentivizing self-censorship
Funding levers make compliance irreversible even after correction
'That felt wrong': Dev uses Claude to expose why a popular No-Code platform wants to read “all your prompts”Telemetry captures commands and session data unexpectedly.
Articletechradar.com2h77
77B
A developer found a Claude Code plugin injecting an unexpected consent prompt that, even without Vercel config, captures device/session and full shell commands.
Consent UI can be injected, appearing native inside Claude sessions
Telemetry collects session/device details without explicit opt-in
Shell command content is captured and transmitted, not just metadata
[Sponsor] WorkOS FGA: The Authorization Layer for AI AgentsAgents need hierarchical authorization, not coarse tokens.
Blogdaringfireball.net3h77
77B
WorkOS argues that AI agents need fine-grained, hierarchical authorization—handling user-on-behalf scope intersection, and constraining autonomous bots to least-necessary subtrees.
Agents’ tool calls create confused-deputy leaks from broad inherited tokens.
OBO agents require real-time permission intersection across user and agent.
Shared contexts demand output-time intersection, not retrieval-time checks.
Here’s how cyber heavyweights in the US and UK are dealing with Claude MythosAI is compressing attack cycles, outpacing patching.
ArticleCyberScoop2h75
75B
US and UK cyber leaders say Claude Mythos meaningfully narrows the hacking skill gap while making patching too slow, so defenders must automate and rewrite playbooks fast.
From the Danube to the AyatollboothOrbán’s ballot loss won’t automatically rebuild institutions.
NewsletterThe Cosmopolitan Globalist2h73
73B
It argues Orbán’s loss is promising but may not restore democracy, and it links that resilience problem to chokepoint geopolitics like Hormuz blockade risk.
Orbán popularized an “illiberal democracy” template that still scales.
Replacing leaders won’t instantly restore courts, media, and civil norms.
Magyar likely shifts tactics, but may preserve some illiberal instincts.
OpenAI’s Mac apps need updates thanks to the Axios hackOpenAI revoked macOS certificate after Axios supply-chain compromise.
ArticleCyberScoop3h69
69B
OpenAI is revoking its macOS signing certificate because a malicious Axios package briefly hijacked its GitHub signing workflow via a supply-chain attack.
A GitHub workflow downloaded and executed malicious Axios to sign apps.
OpenAI found no proof of user data or software compromise evidence.
UNC1069 breached the Axios maintainer and pushed malware briefly.
This preview shows limited topics with basic filters. Subscribers get the complete multi-dimensional scoring engine — every quality dimension, every topic, every source, full score breakdowns.