International Cyber Digest
6.27K subscribers
924 photos
52 videos
2 files
168 links
Independent reporting on cybersecurity, tech, AI & digital policy. Got a tip? http://internationalcyberdigest.com/tips
Download Telegram
❗️ More than half of Grok's traffic now comes from adult content, including porn image and video generation and sexual role-play, according to a report of The Information. xAI is reportedly leaning into it, not away from it.

It also lands amid lawsuits and probes in the US, EU, India and Brazil over sexualized deepfakes, including alleged images of minors. Musk has denied awareness of any underage sexual images generated by Grok.

Article: https://www.internationalcyberdigest.com/adult-content-now-drives-most-of-groks-traffic/
😁8πŸ₯°3🀣2πŸ’©1
❗️ Anthropic tried to charge a Korean user who was on the free plan with zero API usage $16.6 million. A day earlier, the same invoice was $1.67 million, so it grew roughly 10x overnight.

The user says he suspected phishing at first, then found the sender and payment link were Anthropic's official domain. His bank declined the charge attempts for exceeding the card's per-transaction limit...

Last month auditing startup Vaudit told it found about $1.7 million in overcharges across $34 million in AI invoices, mostly tied to Claude Code, and after months of GitHub reports about contradictory Anthropic billing emails.

Read:
https://www.internationalcyberdigest.com/anthropic-tried-to-phantom-charge-16-6m/
🀣36πŸ₯°3❀1🀬1
OpenAI's newest model just hit the DeepSWE benchmark, and gpt-5.6-sol, now beats every other model (even Fable 5) at a fraction of the cost.

gpt-5.6-sol:
- 3x cheaper than Claude Fable 5
- 5–7x cheaper than Claude Opus 4.8
- 10x cheaper than Claude Sonnet 5
πŸ’©14πŸ€”5πŸ”₯3❀2πŸ‘2
❗️ Apple is suing OpenAI, accusing it of a months-long scheme to steal trade secrets for its AI hardware device. The complaint names OpenAI hardware lead Tang Tan and engineer Chang Liu, both ex-Apple.

It alleges recruits were told to bring unreleased parts to job interviews, that Tan circulated Apple's internal exit-security playbook to new hires, and that Liu kept an Apple laptop and exploited a vulnerability to pull dozens of confidential documents while already working at OpenAI.

OpenAI's reply, via a spokesperson: "We have no interest in other companies' trade secrets." Apple wants an injunction plus damages set at trial.
❀10πŸ‘4🀣4😁2πŸ₯°1
‼️ A 16-year-old Linux KVM vulnerability called Januscape (CVE-2026-53359) lets a root user inside a guest VM escape to the host on Intel and AMD x86 systems, and a proof of concept that crashes hosts is already public.

Canonical says patched Ubuntu kernels are still pending for all releases and recommends disabling nested virtualization in the meantime.
😱18❀3
‼️ The Chinese and Russians want to use malware to paralyze the Starlink satellite network, according to secret documents obtained from clandestine military forums. And if malware doesn't work, they plan to just shoot the satellites down.

Chinese state aerospace researchers are pitching a three-stage plan to defeat Starlink. It escalates from regulatory pressure to coordinated jamming to physically destroying satellites in orbit.

The same cache includes a protocol signed in Moscow in June 2023 to jointly build an air- and missile-defense system against US hypersonic weapons, a class of technology Moscow historically refused to share with anyone.

Beijing still calls itself neutral on Ukraine. These documents make that position very hard to sustain.

Note: the slides have been translated from Russian and Chinese into English.
😱15😁5πŸ”₯3❀2πŸ‘2
THIS is the race to superintelligence and Sam spelled β€œsellling” with three L’s.
😁14πŸ’©8🀣5
‼️ Samsung is forcing users to hand over their data for AI training by breaking core functionality of its Health app.

A new consent notice covers activity, health records, medication, and menstrual cycle data. Opt out and the app warns it will stop syncing to your Samsung account and delete the data already stored there.
πŸ’©32🀯8❀3😁3πŸ₯°1
‼️ BREAKING: The official SpaceX and Starlink accounts on X appear to have been compromised. According to multiple reports online, an account named "Sam Catman," carrying an official SpaceXAI-affiliated badge, posted a scam coin. The official SpaceX and Starlink accounts then reposted Sam Catman's posts.

Needless to say, anyone who bought in was rug-pulled.
😭21🀣11😁9πŸ€”2πŸ‘1πŸ’―1
‼️ BREAKING: xAI's Grok Build CLI was uploading entire Git repositories to a Google Cloud bucket, private codebases and unredacted secrets included. The uploads quietly stopped via a hidden server-side flag, and xAI still has not said a word about scope, retention, or deletion.

The scale is staggering. On a 12 GB test repo, 5.1 GB flew out the door to xAI's grok-code-session-traces bucket while the actual coding task needed just 192 KB. The tool grabbed whatever repository it ran in, not the files it needed.

The fix arrived as a hidden flag, disable_codebase_upload: true, a day after a researcher's wire-level analysis. The "Improve the model" opt-out never stopped the uploads.

Still no advisory, no scope, no word on whether already-uploaded code gets deleted. For anyone pointing AI coding agents at proprietary code, what crosses the wire matters more than what the settings page says.

https://www.internationalcyberdigest.com/xais-grok-build-cli-uploads-entire-git-repositories-to-a-google-cloud-bucket/
πŸ’©16😱10❀3😁3πŸ”₯2
‼️ Update: Elon Musk says SpaceXAI will delete all user data uploaded to the company "before now" as a precautionary measure, one day after a researcher's wire-level analysis showed the Grok Build CLI shipping entire private repos, unredacted secrets included, to a Google Cloud bucket.

The pledge came in an X post. Still no advisory, no timeline, and no way for affected developers to verify deletion. And deleted or not, any credentials that left the machine still need to be rotated.
πŸ’©7😁6❀4πŸ€ͺ3πŸ‘1