Plus: Meta officially kills encrypted Instagram DMs, the Trump administration targets "violent left wing extremists," leaked documents reveal Russia's school for elite hackers, and more. Cramming for finals is bad enough without the platform you use to do your schoolwork suddenly shutting down. Unfortunately for countless students across the US, that's exactly what they faced on Thursday after Canvas went into "maintenance mode" following a ransomware attack on education tech firm Instructure. Hackers using the name ShinyHunters claimed responsibility for the breach, and experts say the chaos they caused shows how far these actors will go to extort their victims. Did you know that Google Chrome includes an automatic download of the Gemini Nano AI model?

Hackers and other cybercriminals are complaining about "AI shit" flooding platforms where they discuss cyberattacks and other illegal activity. "I'm disappointed that you are working to incorporate AI garbage into the site," one annoyed person, posting anonymously, said in an online message. "No-one is asking for this--we want you to improve the site, stop charging for new features." Only, this is not a regular internet user moaning about AI being forced into their favorite app . Instead, they are complaining about a cybercrime forum's plans to introduce more generative AI.

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites--and stole as much as $12 million in three months. The advent of AI hacking tools has raised fears of a near future in which anyone can use automated tools to dig up exploitable vulnerabilities in any piece of software, like a kind of digital intrusion superpower. Here in the present, however, AI seems to be playing a more mundane, if still concerning, role in hackers' toolkit: It's helping mediocre hackers level up and carry out broad, effective malware campaigns. That includes one group of relatively unskilled North Korean cybercriminals who've been discovered using AI to carry out virtually every part of an operation that hacked thousands of victims to steal their cryptocurrency. On Wednesday, cybersecurity firm Expel revealed what it describes as a North Korean state-sponsored cybercrime operation that installed credential-stealing malware on more than 2,000 computers, specifically targeting the machines of developers working on small cryptocurrency launches, NFT creation, and Web3 projects.

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people's Signal accounts, and more. The United States and Israel's war with Iran has now been ongoing for two weeks, and the bombs continue to fall. But many of Iran's missiles are failing to hit their targets. WIRED's team in the Middle East detailed how countries in the Gulf region are intercepting these weapons . Of course, the international conflict is not just happening in the physical realm.

PCWorld reports that Google's Threat Intelligence Group documented state-sponsored hackers from Russia, China, North Korea, and Iran exploiting Gemini AI for cyberattacks. These malicious actors leverage Gemini's capabilities for surveillance, target identification, vulnerability discovery, and debugging exploit code, including developing WinRAR exploits. Google restricts access for identified bad actors, but the report highlights AI's dual-use nature and emerging cybersecurity challenges. "AI" systems aren't just great for raising the price of your electronics, giving you wrong search results, and filling up your social media feed with slop.

AI coding platform's flaws allow BBC reporter to be hacked The BBC has been shown a significant - and unfixed - cyber-security risk in a popular AI coding platform. Orchids is a so-called vibe-coding tool, meaning people without technical skills can use it to build apps and games by typing a text prompt into a chatbot. Such platforms have exploded in popularity in recent months, and are often heralded as an early example of how various professional services could be done quickly and cheaply by AI. But experts say the ease with which Orchids can be hacked demonstrates the risks of allowing AI bots deep access to our computers in exchange for the convenience of allowing them to carry out tasks autonomously. The BBC has repeatedly asked the company for comment but it has not replied.

Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows. Infrastructure delivering updates for Notepad++--a widely used text editor for Windows--was compromised for six months by suspected China-state hackers who used their control to deliver backdoored versions of the app to select targets, developers said Monday. "I deeply apologize to all users affected by this hijacking," the author of a post published to the official notepad-plus-plus.org The post said that the attack began last June with an "infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org." The attackers, whom multiple investigators tied to the Chinese government, then selectively redirected certain targeted users to malicious update servers where they received backdoored updates.

Security News This Week: Jeffrey Epstein Had a'Personal Hacker,' Informant Claims Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more. As the standoff between the United States government and Minnesota continues this week over immigration enforcement operations that have essentially occupied the Twin Cities and other parts of the state, a federal judge delayed a decision this week and ordered a new briefing on whether the Department of Homeland Security is using armed raids to pressure Minnesota into abandoning its sanctuary policies for immigrants. Meanwhile, minutes after a federal immigration officer shot and killed 37-year-old Alex Pretti in Minneapolis last Saturday, Trump administration officials and right-wing influencers had already mounted a smear campaign, calling Pretti a "terrorist" and a "lunatic ." As part of its surveillance dragnet, Immigration and Customs Enforcement has been using an AI-powered Palantir system since last spring to summarize tips sent to its tip line, according to a newly released Homeland Security document. DHS immigration agents have also been using the now notorious face recognition app Mobile Fortify to scan the faces of countless people in the US--including many citizens .

Ubisoft, one of the world's largest games developers, says it's working to fix an apparent hack on popular online shooter Rainbow Six Siege. Servers for the tactical multiplayer game were taken offline on Saturday and Sunday after in-game currency thought to be worth millions of pounds was distributed to players. The company has since restored service, but suspended the game's marketplace until further notice and warned players they may face queues when trying to log on. In a statement on X, Ubisoft said it would continue to make investigations and corrections over the next two weeks. Rainbow Six Siege, commonly referred to as R6, has been a success story for Ubisoft, which is also behind the Assassin's Creed and Far Cry series.

The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program--years before the group targeted Cisco's devices in a spy campaign. Cisco's Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: "We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era," reads the first line on its website. That laudable statement, however, reads a bit differently when the "destiny" of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West--and many of Cisco's own products . That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon . That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans' real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others.