A library of snippets
xxx
The best known case of Russia’s use of wipers came in 2017 with the release of NotPetya. The destructive worm was intended to target only Ukraine, but quickly spread around the world and wreaked havoc as it disrupted computer operations. The event is estimated to have cost governments and businesses $10 billion, making it likely the most expensive computer intrusion in history.
From: Wiper malware targeted Poland energy grid, but failed to knock out electricity – Ars Technica.
xxx
xxx
In Taiwan, the group responsible for the laundering built two payment platforms, HeroPay and MatchPay, to serve as intermediaries for illegal gambling traffic. By routing funds through their own processors, they were able to mask source and destination, sidestep traditional detection systems and scale to nearly a billion dollars in illicit volume. When they eventually launched their own gambling portal, they didn’t need to find a bank to work with. They already had the rails.
From: Fintech has outpaced the guardrails meant to protect it.
xxx
xxx
A paper published last week has found more than 700 endpoints delivering such texts on behalf of more than 175 services that put user security and privacy at risk. One practice that jeopardizes users is the use of links that are easily enumerated, meaning scammers can guess them by simply modifying the security token, which usually appears at the right of a URL. By incrementing or randomly guessing the token—for instance, by first changing 123 to 124 or ABC to ABD and so on—the researchers were able to access accounts belonging to other users. From there, the researchers could view personal details, such as partially completed insurance applications.
From: Millions of people imperiled through sign-in links sent by SMS – Ars Technica.
xxx
xxx
Richard Crone’s analysis of UCP quantifies the stakes: intent data worth $267-$736 per monthly active user, cross-sell revenue (33-76% of incremental sales) shifting to whoever controls the agent conversation, retail media margins under pressure when discovery moves off-platform.
The same week UCP launched, Amazon was litigating against Perplexity for building shopping features using Amazon’s product data. Amazon understood what was being intermediated. They had resources to protect it.
Most merchants don’t have that leverage. The choice looks binary: adopt and gain discoverability, or refuse and become invisible to AI-mediated commerce.
There’s a third option. Adopt on terms that preserve merchant interests.
The hotel industry learned this with OTAs. Properties that refused Expedia declined. Properties that listed without strategy became commoditised warehousing. The winners participated for reach while retaining enough customer data to compete on experience.Merchants evaluating UCP should demand data parity:
→ Bank-grade verification of who built and deployed the agent
→ Contextual metadata passthrough for fraud signals
→ Audit trails documenting the instruction chain
→ Equivalent data to on-site checkout, or liability allocation that reflects the gapUCP explicitly leaves agent identity to “other layers.” The question is whether merchants require those layers before participating.
From: (3) Post | LinkedIn.
xxx
xxx
Private-equity firm Brookfield is starting its own cloud business, going up against tech giants like Amazon by arguing it can bring down the costs of developing AI. The firm, which has long invested in infrastructure and energy, is becoming the first major investment firm to try to lease chips inside data centers directly to developers, rather than just owning or developing the physical structures that surround them.
The cloud business will be tied to a new $10 billion AI fund that the firm is starting and a cloud company called Radiant that Brookfield will operate. In November, Brookfield laid out plans to acquire up to $100 billion of land, data center and power assets for AI.
From: Brookfield to Start Cloud Business to Lower Cost of AI — The Information.
xxx
xxx
In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.
From: AI Models on Realistic Cyber Ranges \ red.anthropic.com.
xxx
xxx
To understand how a stablecoin-backed card program actually works, a look at the names on the plastic or metal might help, but as most of this audience already knows, there’s more to it than that. From a cardholder’s perspective, the experience is familiar. Under the hood, however, the system added several new, tightly coordinated layers, each with its own responsibilities and failure modes.
xxx
xxx
GPTZero, a detector of AI output, has found yet again that scientists are undermining their credibility by relying on unreliable AI assistance.
The New York-based biz has identified 100 hallucinations in more than 51 papers accepted by the Conference on Neural Information Processing Systems (NeurIPS). This finding follows the company’s prior discovery of 50 hallucinated citations in papers under review by the International Conference on Learning Representations (ICLR).
From: AI conference’s papers contaminated by AI hallucinations • The Register.
xxx
xxx
Bank of New York Mellon said it now employs dozens of artificial intelligence-powered ‘digital employees’ that have company logins and work alongside its human staff.
xxx
xxx
Indeed, D&D’s complex rules, extended campaigns and need for teamwork are an ideal environment to evaluate the long-term performance of AI agents powered by Large Language Models, according to a team of computer scientists led by researchers at the University of California San Diego.
From: AI models tested on Dungeons & Dragons to assess long-term decision-making.
xxx
Snippings