A gunman attempted to enter the White House Correspondents’ Dinner in Washington, DC, last weekend, when President Donald Trump, Vice President JD Vance, and other administration officials were in attendance. Media reports and Trump himself he quickly recognized the shooting suspect as 31-year-old engineer and computer scientist Cole Tomas Allen. The California resident was arrested at the scene on Saturday and was arraigned Monday in the US District Court for the District of Columbia they face three federal charges: attempting to assassinate the president, transporting firearms in interstate commerce, and providing firearms during a crime of violence.
The authentication standards organization known as the FIDO Consortium announced working groups this week with Google and Mastercard to develop technical standards for authenticating and protect transactions initiated by the AI agent. At the same time, considering the increasing and increasing sensitivity of certain tasks using AI, OpenAI launched a “high” security vulnerability. for ChatGPT and Codex accounts that face a high risk of attack.
A new study this week sheds light on that event 90,000 screenshots taken from a European celebrity’s phone were leaked online-emphasizing the dangers of commercially available spyware as an invasion of personal privacy and the threat of data breaches and widespread abuse. And WIRED watched arrests in the United Arab Emirates due to people sharing screenshots and other online content.
And there is more. Each week, we round up security and privacy news that we didn’t cover in depth ourselves. Click on the headlines to read the full story. And stay safe out there.
The Happiest Place on Earth just got a whole lot more exciting. The Walt Disney Company he announced this week guests visiting Disneyland Park and Disney California Adventure Park will have the option to “opt in” to enter the park through a gate equipped with facial recognition technology. While the company says engaging in facial recognition is “absolutely optional,” it notes that you “may still be photographed” entering the park through a path without facial recognition systems. Disney’s facial recognition, like many others, works by converting images of people’s faces into numerical values, which can be used to compare faces in other images. The company says these numeric values will be deleted after 30 days, “except in cases where the data must be kept for legal or fraud prevention purposes.”
Facial recognition systems are widely used throughout the United States and around the world. Law enforcement agencies often use technology, but it has also spread into everyday aspects of life, from airports for MLB and NFL sports fields for Madison Square Garden.
Anthropic’s Mythos Outline AI model has been described as so adept at digging out hackable bugs in software that its use has so far been carefully restricted to prevent it from falling into the hands of malicious hackers. So it would probably be more of a surprise if the National Security Agency was it is not ready to try it out.
Bloomberg News and Axios reported this week that the NSA was among the agencies and companies granted early access to Mythos, which has been limited to 40 organizations so far, according to Axios. The agency has used the tool to find bugs in Microsoft software—quite a bit, given that it still runs on most of the world’s PCs—and has been impressed by its speed and efficiency in finding exploitable vulnerabilities, according to sources who spoke anonymously to Bloomberg. The agency’s proposals, however, include some elements to help the US government discover and fix security vulnerabilities in the software it uses, as well as sometimes exploiting those vulnerabilities in the NSA’s own operations.
The NSA’s testing or adoption of Anthropic’s AI tool appears to have continued despite the Department of Defense’s ban on Anthropic, which followed Defense Secretary Pete Hegseth’s claims that the company represented a supply chain risk. Hegseth said in February, however, that the DOD would phase out Anthropic’s tools for six months, and Anthropic has sued to prevent the ban from being enacted. Given that the NSA is part of the DOD, it’s currently unclear whether the NSA is only using Mythos in the window before the ban goes into effect, or whether the tool is powerful enough to convince the NSA to reconsider its ban—or make an exception.
The ransomware group known as Scattered Spider has been responsible for some of the most extortionate hacking campaigns in recent memory, including breaches at MGM Resorts, Caesars Entertainment, and retailers such as M&S and Harrods. It’s also distinguished among ransom gangs for its membership: Often very young English-speaking hackers living in countries that cooperate with US law enforcement—and, therefore, tend to get caught.
The latest alleged member to be identified and charged is 19-year-old Peter Stokes, who was arrested at an airport in Finland, where he intended to board a flight to Japan. According to the Chicago Tribune, Stokes’ alleged involvement in targeting four Scattered Spider victim companies is detailed in a criminal complaint that has been placed under seal. Stokes is reportedly accused of helping to steal millions from the unknown victims’ companies, which include an online dating platform and a luxury retailer. According to the complaint, he also led a jet-setting lifestyle, traveling from Dubai to Thailand to New York and appearing in one photo wearing a diamond necklace that read “HACK THE PLANET.”
A Medicare database inadvertently left open on the Internet exposed Social Security numbers and other personal information to health care providers across the United States, the Washington Post reports. The database was linked to the online directory of the Centers for Medicare and Medicaid Services (CMS), which allowed Medicare patients to check which insurance plans are accepted by health care providers. According to the Post, the exposed sensitive data was online for “at least several weeks.” The release of the directory is part of the Trump administration’s effort to “create a national database of health care providers,” the Post reports, which is being overseen by Amy Gleason, the acting head of the US DOGE Service who also serves as an official at CMS.
