Plus: Gay bars in San Francisco using face scanners, France quits Palantir, Apple plans to change its private email, and more. Meta is testing face-recognition software built by the United States military and regional police department supplier Rank One, WIRED found in an investigation this week. Meta has been exploring the possibility of adding face recognition tech into its smart glasses, and WIRED previously reported that the app for the glasses contained code --now deleted--that would have enabled the company to activate face-recognition features on the devices. Anthropic is still negotiating with the Trump administration, after apparent White House concerns about the safety of new public model Claude Fable 5 resulted in Anthropic pulling the product off the market entirely. But security experts point out that AI models with advanced capabilities for discovering and exploiting software vulnerabilities--in other words, creating potentially dangerous hacking tools-- will be ubiquitous soon around the world .

PCWorld reports that Have I Been Pwned added 56 million email addresses and 124 million passwords from infostealer malware targeting Windows PCs. These credentials were stolen directly from infected devices rather than corporate breaches, with users often unaware of the ongoing data theft. Immediate password changes, two-factor authentication, and unique passwords for each service are essential to protect against these prevalent cybercriminal tools. The data breach notification service Have I Been Pwned (HIBP) has added a large number of compromised login credentials to its database. In total, 56.3 million email addresses and 124 million passwords have been added. What makes this dataset notable is its origin. Unlike many previous entries, it does not stem from a single cyberattack on an online service. Instead, HIBP says the information was extracted directly from infected computers and devices.

On June 5, reported that attackers had been using Meta's AI customer support agent to steal Instagram accounts. Their approach was simple: They asked the agent to link the accounts to email addresses that they controlled, and the agent complied. One attacker broke into the dormant Obama White House account and made pro-Iran posts; others took over accounts with valuable, single-word handles, possibly in order to sell them. AI cybersecurity concerns are nothing new. Since Anthropic announced in April that its Mythos model was too good at hacking to be released to the general public, commentators, researchers, and federal officials alike have fixated on the idea that superpowered AI systems could lay waste to our computer infrastructure. That's not quite what this Instagram hack was: There, AI was the target rather than the attacker, and the method was far simpler than anything Mythos would cook up. But as companies offload more work to AI, these comparatively unsophisticated attacks could wreak their own havoc. "As AI becomes more and more widely used--especially when AI is more and more widely used to automate our work flows, like account recovery--I think attackers are going to be more and more motivated to attack AI itself," says Neil Gong, a professor of electrical and computer engineering at Duke University.

We apply one-dimensional convolutional neural networks to the Frobenius traces of elliptic curves over $\mathbb{Q}$ and evaluate and interpret their predictive capacity. In keeping with similar experiments by Kazalicki--Vlah, Bujanović--Kazalicki--Novak, and Pozdnyakov, we observe high accuracy predictions for the analytic rank across a range of conductors. We interpret the prediction using saliency curves and explore the interesting interplay between murmurations and Mestre--Nagao sums, the details of which vary with the conductor and the (predicted) rank.

Under Armour data breach investigation reveals 72 million customer email addresses were exposed after researchers found personal information on hacker forums.

A.I. was going to be what broke our shared reality. It turns out, it wasn't needed. Enter your email to receive alerts for this author. You can manage your newsletter subscriptions at any time. You're already subscribed to the aa_Molly_Olmstead newsletter.

Amazon.com is using an experimental artificial intelligence tool to duplicate independent sellers' product listings, sometimes without their knowledge, then make purchases on behalf of Amazon customers. Sometime around Christmas, Sarah Burzio noticed that the holiday sales bump for her stationery business included some mysterious new customers: a flurry of orders from anonymous email addresses associated with Amazon.com. Burzio, who doesn't sell her products on the retail giant's site, soon discovered that Amazon had duplicated her product listings and made purchases on behalf of Amazon customers under email addresses that read like gibberish followed by buyforme.amazon. I didn't worry about, it to be honest," she said. In a time of both misinformation and too much information, quality journalism is more crucial than ever. By subscribing, you can help us get the story right.

Google rolls out Gmail address replacement tool that converts old email into automatic alias, allowing users to receive messages at both addresses.

How can one publish a dataset with sensitive attributes in a way that both preserves privacy and enables joins with other datasets on those same sensitive attributes? This problem arises in many contexts, e.g., a hospital and an airline may want to jointly determine whether people who take long-haul flights are more likely to catch respiratory infections. If they join their data by a common keyed user identifier such as email address, they can determine the answer, though it breaks privacy. This paper shows how the hospital can generate a private sketch and how the airline can privately join with the hospital's sketch by email address. The proposed solution satisfies pure differential privacy and gives approximate answers to linear queries and optimization problems over those joins. Whereas prior work such as secure function evaluation requires sender/receiver interaction, a distinguishing characteristic of the proposed approach is that it is non-interactive. Consequently, the sketch can be published to a repository for any organization to join with, facilitating data discovery. The accuracy of the method is demonstrated through both theoretical analysis and extensive empirical evidence.

Plus: Cisco discloses a zero-day with no available patch, Venezuela accuses the US of a cyberattack, and more. Federal contracting records reviewed by WIRED this week show that United States Customs and Border Protection is transitioning from testing small drones to using them as standard surveillance tools, a move that will further expand CBP's already extensive dragnet that in some cases extends far beyond US land borders. Meanwhile, US Immigration and Customs Enforcement is planning to incorporate a broad cybersecurity contract that will include expanding employee surveillance and monitoring . The move comes as the US government is escalating leak investigations and condemning internal dissent. The Chinese-language artificial intelligence app Haotian can be used to create "nearly perfect" face swaps during live video chats, and it is a favorite tool of Southeast Asian scammers.