Security News This Week: Last Pass Users Had Their Data Stolen—Again | WIRED

Overview

Security News This Week: Last Pass Users Had Their Data Stolen—Again

A WIRED investigation this week offers insight into a predictive policing program in Bristol, England that has involved 23 separate models over more than a decade, intended to score the likelihood of specific individuals will perpetrate or be victims of different crimes. The investigation draws on data from public records requests and other reporting to reveal a messy law enforcement apparatus that has real implications for the community—but that most people in the area know nothing about.

Details

After the identities of members of Peter Thiel’s private “Dialog” group were exposed last week, the organization claimed that a “criminal” hacker was behind the breach. But evidence shows that members’ personal information—including that of a White House intelligence official and an active-duty special operations officer—was publicly accessible and likely exposed as the result of a Dialog website misconfiguration.

a White House intelligence official and an active-duty special operations officer

exposed as the result of a Dialog website misconfiguration

As Anthropic and the White House continued to negotiate a path for its latest Claude Mythos 5 and Fable 5 models, the company’s critics pointed out that Anthropic seems to be rapidly accumulating power—a strategy that the company says is necessary for AI safety and responsible development. On Friday evening, the White House gave Anthropic permission to make Mythos 5 available again to a select group of US companies and government agencies.

Amid the turmoil, Open AI this week launched an improved version of its limited-release GPT-5.5-Cyber model as well as a full-scale effort—“Patch the Planet”—to support open source projects on vulnerability patching and other security issues as AI accelerates bug discovery as well as exploit development. And as the AI arms race between China and the US escalates, WIRED met with a slew of China’s top AI experts and found that both sides are worried about the threat of a “Chernobyl moment.”

support open source projects on vulnerability patching

Meanwhile, as the World Cup knockout stage approaches, scams related to the massive soccer tournament are getting harder to spot.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there

Last Pass Suffers Yet Another Compromise Resulting From a Partner Breach

Last Pass Suffers Yet Another Compromise Resulting From a Partner Breach

The password manager Last Pass has had a string of significant data breaches over the years, and now there’s one more to add to the list. This week, the company informed customers of a breach that included names, phone numbers, email addresses, physical addresses, support case data, and sales-related data. The attack was the result of a breach at the AI business intelligence firm Klue. Attackers compromised access tokens for Klue customers, including Last Pass, and then used them to grab data from Salesforce and other integrated platforms. Last Pass emphasized that the situation was not a breach of its own infrastructure and did not affect password vaults.

“We recommend that customers remain vigilant of potential phishing attacks or social engineering attempts, which could leverage exposed contact details,” Last Pass wrote in its customer notification. “Always exercise caution regarding unsolicited communications, including emails, phone calls, or requests for sensitive information.”

Former Trump Adviser John Bolton Pleads Guilty in Case Over Retaining Classified Data

Former Trump Adviser John Bolton Pleads Guilty in Case Over Retaining Classified Data

John Bolton, a former national security adviser, pleaded guilty on Friday to a single count concerning mishandling and illegal retention of classified defense information. Bolton, 77, struck a plea deal that could allow him to avoid prison time, though the agreement recommends a prison sentence of no more than five years. US District Judge Theodore Chuang in Maryland will make the determination about sentencing at a hearing scheduled for October 28. Bolton served in the first Trump administration but subsequently became a prominent critic of President Donald Trump. As part of the deal, Bolton also agreed to pay a fine of $2.25 million, but he can withdraw his guilty plea if Chuang decides on a bigger fine or longer prison sentence than what the deal recommends.

Europol, Microsoft, and Others Disrupt Widely Used Infostealers Facilitating Cybercrime

Europol, Microsoft, and Others Disrupt Widely Used Infostealers Facilitating Cybercrime

Microsoft, Europol, and other partners announced on Wednesday that they disrupted infrastructure of the Amadey and Steal C infostealers, malware that is central to the cybercriminal ecosystem. The work was part of Operation Endgame, which targets platforms and tools facilitating ransomware and other cybercrime. The action involved identifying, mapping, and then seizing and taking down malware infrastructure, including actions against 326 servers and 142 domains. The operation flagged about $47 million worth of stolen cryptocurrency and recovered up to 27 million stolen access credentials. Microsoft emphasized that the action was enabled by innovative techniques including AI-assisted analysis that showed Amadey and Steal C were relying on the same backend infrastructure and could be targeted together.

Australia Found Nation-State Hackers Inside Critical Infrastructure, Ready to Sabotage

Australia Found Nation-State Hackers Inside Critical Infrastructure, Ready to Sabotage

Australia’s Security and Intelligence Organisation (ASIO) said this week that it is establishing teams focused on countering nation-state cyberattacks on critical infrastructure after finding actors inside the country’s systems. “We discovered nation-state hackers had compromised the network of an Australian critical infrastructure provider,” ASIO’s director general, Mike Burgess, said in remarks on Wednesday. “ASIO assessed the hackers were preparing for sabotage. … They were mapping out the network and maintaining access so they could cripple it at a time of their choosing.”

In your inbox: Brian Kahn’s guide to how the universe works

In your inbox: Brian Kahn’s guide to how the universe works

Meta added face recognition—and deleted it after a WIRED report

Meta added face recognition—and deleted it after a WIRED report

Big Story: Jeff Bezos’ hunt for the brain’s ‘core algorithm’

Big Story: Jeff Bezos’ hunt for the brain’s ‘core algorithm’

El Niño is here to turn the world’s weather upside down

El Niño is here to turn the world’s weather upside down

WIRED event: Pepsi Co’s once-in-a-generation transformation

WIRED event: Pepsi Co’s once-in-a-generation transformation

Key Takeaways

• Security News This Week: Last Pass Users Had Their Data Stolen—Again

• A WIRED investigation this week offers insight into a predictive policing program in Bristol, England that has involved 23 separate models over more than a decade, intended to score the likelihood of specific individuals will perpetrate or be victims of different crimes

• After the identities of members of Peter Thiel’s private “Dialog” group were exposed last week, the organization claimed that a “criminal” hacker was behind the breach

• a White House intelligence official and an active-duty special operations officer

• exposed as the result of a Dialog website misconfiguration