Fox Tempest's Malware-Signing Service Is Dead — But the Ransomware Damage Isn't
Microsoft has disrupted a malware-signing-as-a-service operation run by a threat actor it calls Fox Tempest, which abused Microsoft's own Artifact Signing service to generate fraudulent code-signing certificates. Those certificates were then sold to ransomware gangs and other criminal groups, allowing their malware to appear legitimate to security tools. Microsoft says thousands of machines were compromised globally, including more than a dozen on Microsoft's own network. The takedown involved revoking certificates and booting the operation off the platform — but signed malware already in the wild remains a problem. It's a reminder that code-signing trust is only as strong as the weakest CA or signing service in the chain.
The Hacker News ↗ChromaDB Flaw Gives Unauthenticated Attackers Root on AI App Servers
A maximum-severity vulnerability in ChromaDB — the open-source vector database popular with AI application developers — allows an unauthenticated attacker to execute arbitrary code on any exposed server. The flaw exists in the Python FastAPI implementation and requires no credentials to exploit. ChromaDB is widely used as the memory layer for AI agents and retrieval-augmented generation (RAG) pipelines, making this more dangerous than your average database bug: a compromised ChromaDB instance can expose the entire context window and conversation history of an AI application, plus whatever data was used to build its knowledge base. Developers should check whether their ChromaDB deployments are publicly reachable — many are, inadvertently.
Bleeping Computer ↗Mini Shai-Hulud Worm Hits 320+ npm Packages, Drops Disk Wiper in Azure PyPI Package
A fresh supply chain attack dubbed Mini Shai-Hulud has compromised more than 320 npm packages across the @antv namespace after attackers seized a maintainer account. The malicious versions drop a worm that fetches a destructive disk-wiper payload, and a related campaign injected the same wiper into a Microsoft Azure PyPI package. The @antv namespace is used heavily in data visualisation tooling, meaning the packages sit in a lot of enterprise frontend pipelines. Organisations running automated dependency updates — particularly in CI/CD environments — should treat this as an active threat and audit recent installs. Given the prevalence of Azure services in Australian enterprise, the Azure PyPI vector warrants immediate attention from local teams.
iTnews ↗YellowKey BitLocker Bypass Gets a Mitigation — But No Patch Yet
Microsoft has published a mitigation for YellowKey (CVE-2026-45585), a BitLocker security feature bypass that lets an attacker with physical or pre-boot access read data from an encrypted drive without the decryption key. The fix involves blocking the FsTx Auto Recovery Utility from launching during Windows Recovery Environment startup — it's a workaround, not a patch. With a CVSS score of 6.8 the flaw is moderate on paper, but in practice it undermines a core data-at-rest protection relied on by millions of Windows devices. YellowKey is one of several Windows zero-days disclosed in recent weeks by the same researcher, suggesting a systematic audit of Windows boot-time components is underway in the research community.
SecurityWeek ↗Verizon DBIR 2026: Exploits Are Now the No. 1 Way In
Verizon's annual Data Breach Investigations Report lands with a finding that should reshape patch prioritisation conversations everywhere: vulnerability exploitation now accounts for 31% of initial access in confirmed breaches, overtaking stolen credentials for the first time. The report also finds that median time-to-exploit for known vulnerabilities has dropped to under five days after public disclosure, while organisations' median patch time sits at weeks. That gap — between when an exploit is public and when most organisations close the hole — is where attackers live. For Australian organisations subject to the ASD Essential Eight, this data strengthens the case for Patch OS: at least 48 hours for internet-facing systems as the minimum viable standard.
CyberScoop ↗Anthropic Quietly Fixed a Claude Code Sandbox Bypass — No CVE, No Announcement
A security researcher discovered that Claude Code's execution sandbox could be bypassed, potentially allowing a crafted prompt injection to chain into data exfiltration. Anthropic silently patched the issue without issuing a CVE or public advisory. The researcher noted that Claude itself, when asked to assess the vulnerability, agreed it was real and serious. The silent-fix approach is becoming a recurring pattern in AI lab security — Anthropic's own SDK had a similar quiet update last week. As AI coding tools become embedded in development workflows, the lack of a standard disclosure process for AI platform vulnerabilities is an increasingly glaring governance gap. The EU AI Act and Australia's emerging AI governance framework both touch on transparency obligations that could eventually change this.
SecurityWeek ↗OpenAI Cracks an 80-Year-Old Maths Problem — and the Experts Actually Agree
OpenAI says one of its reasoning models has disproved a conjecture in discrete geometry that has stood unsolved since 1946 — the unit distance problem. More significantly, the mathematicians who publicly embarrassed OpenAI over its last inflated maths claim have reviewed this one and are backing it up. The model reportedly generated a constructive counterexample that human mathematicians had been unable to find despite decades of effort. It's a meaningful data point in the ongoing debate about whether large language models can do genuine mathematical discovery versus pattern-matched approximation. OpenAI published the result on its blog alongside the model's working, inviting independent verification — a transparency step it hasn't always taken.
OpenAI Blog ↗OpenAI September IPO Takes Shape as Musk Lawsuit Falls Away
With Elon Musk's lawsuit against OpenAI formally dismissed, the company is reportedly moving swiftly toward a public listing as early as September 2026. The lawsuit, which challenged OpenAI's structural conversion from a non-profit to a for-profit entity, had cast enough uncertainty over the company's governance to complicate IPO preparations. Now that it's resolved, bankers and advisers are said to be back in active planning mode. Given that OpenAI is reportedly valued at around $300 billion in private markets, the IPO would dwarf Cerebras's recent $5.5 billion listing and likely become one of the largest tech debuts ever. SpaceX's IPO filing also landed this week, making it an unusually busy period for mega-cap tech listings.
TechCrunch ↗Discord Goes All-In on E2E Encryption as Instagram and TikTok Back Away
Discord has completed a migration that makes end-to-end encryption the default for all users — a notable move given the broader industry trend running in the opposite direction. Instagram and TikTok have both recently announced they are removing end-to-end encryption from their messaging features. Discord's rollout covers direct messages and group DMs, with the company positioning it as a trust differentiator for its largely young, privacy-conscious user base. The divergence is interesting: platforms with advertising-based business models appear to be retreating from E2E encryption, while those without are leaning in. For Australian users, Discord's move is positive news — the Online Safety Act's pressure on platforms to moderate content has sometimes been cited as a reason to weaken encryption.
The Record ↗Intuit Lays Off 3,000 to Accelerate AI — The Restructuring Playbook Spreads
Intuit — the company behind TurboTax and QuickBooks — is cutting more than 3,000 employees, framing the move as a restructuring to reduce complexity and reinvest in AI product development. CEO Sasan Goodarzi's memo to staff explicitly ties the layoffs to AI capability-building, continuing a pattern seen at Cisco, Microsoft, and others: headcount reductions positioned not as cost-cutting but as a reallocation toward AI. Whether this framing holds up depends on whether the AI investment actually materialises into product. For small business users in Australia, where QuickBooks and related Intuit products are widely used, the near-term risk is degraded support capacity during a period of product transition.
TechCrunch ↗AustralianSuper Appoints Its First Head of AI and Automation
AustralianSuper, the country's largest superannuation fund managing over $340 billion in retirement savings for more than three million members, has appointed its first dedicated Head of AI and Automation. The role was filled by a current vendor CTO, signalling that the fund is moving from ad-hoc AI adoption toward a structured, executive-led programme. Super funds have come under significant scrutiny following the wave of credential-stuffing attacks that hit the sector earlier this year, and a formal AI leadership position suggests the fund is looking at automation both as an efficiency tool and a potential security asset. It's a hire worth watching — decisions made at this level will shape how AI is deployed across a fund that touches a significant slice of Australian retirement savings.
iTnews ↗Google's Chromium Exploit: 29 Months From Report to Public Code
Google has published working exploit code for a Chromium vulnerability that was first reported to the team 29 months ago. The bug — now patched — affects the rendering engine shared by Chrome, Edge, and every other Chromium-based browser, meaning the exposure window was enormous. Google's Project Zero has a policy of publishing exploit details after a patch ships, but the 29-month gap between report and fix raises harder questions about internal triage and patch prioritisation for older, complex bugs. The exploit is now public, which means unpatched deployments of older Chromium-based browsers — common in enterprise and government environments — are immediately at risk. Australian government agencies running legacy browser deployments should treat this as an urgent patch prompt.
Ars Technica ↗