A WIRED investigation this week offers insight into a predictive policing program in Bristol, England that has involved 23 separate models over more than a decade, intended to score the likelihood of specific individuals will perpetrate or be victims of different crimes. The investigation draws on data from public records requests and other reporting to reveal a messy law enforcement apparatus that has real implications for the community—but that most people in the area know nothing about.
After the identities of members of Peter Thiel’s private “Dialog” group were exposed last week, the organization claimed that a “criminal” hacker was behind the breach. But evidence shows that members’ personal information—including that of a White House intelligence official and an active-duty special operations officer—was publicly accessible and likely exposed as the result of a Dialog website misconfiguration.
As Anthropic and the White House continued to negotiate a path for its latest Claude Mythos 5 and Fable 5 models, the company’s critics pointed out that Anthropic seems to be rapidly accumulating power—a strategy that the company says is necessary for AI safety and responsible development. On Friday evening, the White House gave Anthropic permission to make Mythos 5 available again to a select group of US companies and government agencies.
Amid the turmoil, OpenAI this week launched an improved version of its limited-release GPT-5.5-Cyber model as well as a full-scale effort—“Patch the Planet”—to support open source projects on vulnerability patching and other security issues as AI accelerates bug discovery as well as exploit development. And as the AI arms race between China and the US escalates, WIRED met with a slew of China’s top AI experts and found that both sides are worried about the threat of a “Chernobyl moment.”
Meanwhile, as the World Cup knockout stage approaches, scams related to the massive soccer tournament are getting harder to spot.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there
The password manager LastPass has had a string of significant data breaches over the years, and now there’s one more to add to the list. This week, the company informed customers of a breach that included names, phone numbers, email addresses, physical addresses, support case data, and sales-related data. The attack was the result of a breach at the AI business intelligence firm Klue. Attackers compromised access tokens for Klue customers, including LastPass, and then used them to grab data from Salesforce and other integrated platforms. LastPass emphasized that the situation was not a breach of its own infrastructure and did not affect password vaults.
“We recommend that customers remain vigilant of potential phishing attacks or social engineering attempts, which could leverage exposed contact details,” LastPass wrote in its customer notification. “Always exercise caution regarding unsolicited communications, including emails, phone calls, or requests for sensitive information.”
John Bolton, a former national security adviser, pleaded guilty on Friday to a single count concerning mishandling and illegal retention of classified defense information. Bolton, 77, struck a plea deal that could allow him to avoid prison time, though the agreement recommends a prison sentence of no more than five years. US District Judge Theodore Chuang in Maryland will make the determination about sentencing at a hearing scheduled for October 28. Bolton served in the first Trump administration but subsequently became a prominent critic of President Donald Trump. As part of the deal, Bolton also agreed to pay a fine of $2.25 million, but he can withdraw his guilty plea if Chuang decides on a bigger fine or longer prison sentence than what the deal recommends.
Microsoft, Europol, and other partners announced on Wednesday that they disrupted infrastructure of the Amadey and StealC infostealers, malware that is central to the cybercriminal ecosystem. The work was part of Operation Endgame, which targets platforms and tools facilitating ransomware and other cybercrime. The action involved identifying, mapping, and then seizing and taking down malware infrastructure, including actions against 326 servers and 142 domains. The operation flagged about $47 million worth of stolen cryptocurrency and recovered up to 27 million stolen access credentials. Microsoft emphasized that the action was enabled by innovative techniques including AI-assisted analysis that showed Amadey and StealC were relying on the same backend infrastructure and could be targeted together.
Australia’s Security and Intelligence Organisation (ASIO) said this week that it is establishing teams focused on countering nation-state cyberattacks on critical infrastructure after finding actors inside the country’s systems. “We discovered nation-state hackers had compromised the network of an Australian critical infrastructure provider,” ASIO’s director general, Mike Burgess, said in remarks on Wednesday. “ASIO assessed the hackers were preparing for sabotage. … They were mapping out the network and maintaining access so they could cripple it at a time of their choosing.”
Burgess spoke alongside the release of ASIO’s annual threat assessment. “In this case, a state-sponsored group didn’t just achieve access to the Australian critical infrastructure provider, it successfully acquired credentials—login details and passwords—for active users of the networks, including the IT professionals guarding it,” he added.
