DRAM shortage may drive firewall prices higher: analysts • The Register - Reports last week out of the Korea Economic Daily stated two of the country’s producers of DRAM are planning to raise prices by up to 70 percent this quarter. When combined with the 50 percent increase during 2025, the price of memory could double in cost year-over-year by mid-2026.
Python libraries in AI/ML models can be poisoned w metadata • The Register - The open source libraries - NeMo, Uni2TS, and FlexTok - were created by Nvidia, Salesforce, and Apple and allow remote attackers to hide malicious code in metadata. The code then executes automatically when a file containing the poisoned metadata is loaded.
US regulator tells GM to hit the brakes on customer tracking • The Register - The Federal Trade Commission has banned General Motors and subsidiary OnStar from sharing drivers’ precise location and behavior data with consumer reporting agencies for five years under a 20-year consent order finalized January 14.
Anthropic’s Files API exfiltration risk resurfaces in Cowork • The Register - In order to trigger the attack, all a potential victim needs to do is connect Cowork to a local folder containing sensitive information, upload a document containing a hidden prompt injection, and voilà - when Cowork analyzes those files, the injected prompt triggers.
A single click mounted a covert, multistage attack against Copilot - Ars Technica - Appended to the end was a long series of detailed instructions in the form of a q parameter, which Copilot and most other LLMs use to input URLs directly into a user prompt. When clicked, the parameter caused Copilot Personal to embed personal details into web requests.
Bankrupt scooter startup’s single key controlled everything • The Register - Instead of a unique key per scooter, the manufacturer shipped all models with the same placeholder value: a default private key that appears to have been intended to be replaced before production and simply never was.
US gov’t: House sysadmin stole 200 phones, caught by House IT desk - Ars Technica- This member of the public promptly booted the phone, which did not display the expected device operating system screen but instead “a phone number for the House of Representatives Technology Service Desk.” The phone buyer called this number, which alerted House IT staff that government phones were being sold on eBay.
n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens - Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers’ OAuth credentials.
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages -
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans - “You need to know that your data and conversations are protected and never sold to advertisers,” OpenAI said. “And we need to keep a high bar and give you control over your experience, so you see truly relevant, high-quality ads—and can turn off personalization if you want.”