Meta just solved the biggest problem in RAG! Most RAG systems waste your money. They retrieve 100 chunks when you only need 10. They force the LLM to process thousands of irrelevant tokens. You pay for compute you don't need. Meta AI just solved this. They built REFRAG, a new

GPT-5.1 is LIVE! OpenAI just released GPT-5.1, a major upgrade making ChatGPT smarter, warmer, and more conversational. The new Instant model responds faster and adapts its reasoning for complex questions, while Thinking gives clearer, more human explanations with emotional

We partnered w/ @OpenAI, @AnthropicAI, & @GoogleDeepMind to show that the way we evaluate new models against Prompt Injection/Jailbreaks is BROKEN We compared Humans on @HackAPrompt vs. Automated AI Red Teaming Humans broke every defense/model we evaluated… 100% of the time🧵

We’re investigating reports of issues accessing Microsoft 365 services. More details can be found in the Microsoft 365 admin center Service Health Dashboard under MO1169016.

Elastic Security has scored a 99.3% in the recent AV-Comparatives EPR test! By successfully blocking all 50 attack scenarios with zero workflow interruption and low cost of ownership, this reaffirms Elastic’s role as a leading XDR solution. Learn more: https://t.co/chok1pn9jo

https://t.co/1u0MOGvJWU

our livestream tomorrow at 10 am PDT will be longer than usual, around an hour. we have a lot to show and hope you can find the the time to watch!

We just shipped automated security reviews in Claude Code. Catch vulnerabilities before they ship with two new features: - /security-review slash command for ad-hoc security reviews - GitHub Actions integration for automatic reviews on every PR

New research on NOVABLIGHT, a NodeJS infostealer sold as MaaS! Discover its tactics, from credential theft & cryptowallet compromise to advanced obfuscation & anti-analysis techniques: https://t.co/cJVZrAMkHr #ElasticSecurityLabs #infostealer

MaaS Appeal: An Infostealer Rises From The Ashes

This hurts... Please don't: - Let AI create infographics - Post them with AI created slop text - Claim you created the infographic - Delete any comments with constructive feedback - Let rundll3.exe or certufl.exe run, it probably isn't good despite what the infographic says.

New research from our #ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion tool to deploy data-stealing malware. Learn more & get our unpacker: https://t.co/7IvybAvyuL #malware #rhadamanthys #ghostpulse

Introducing Minos - A new classifier for detecting refusals from LLMs. A potentially very useful tool for redteamers and jailbreakers - it's a binary classifier that will return the likelihood of a final response in a chat being a refusal. https://t.co/3IOCZcpDLk Built on

You can access our #detectionengineering repos, but how about a closer look? The 2025 State of Detection Engineering at Elastic is a new #report from #ElasticSecurityLabs detailing how we create and assess our prebuilt rules. Check it out: https://t.co/mi3cOwjzMu

🧑‍🍳Now we're cooking with🔥 Stay tuned...

#IoT devices like Wi-Fi cameras are convenient, but exploitable. Take a look at how some of the most popular baby cameras can be abused:

o3 and o4-mini are super good at coding, so we are releasing a new product, Codex CLI, to make them easier to use. this is a coding agent that runs on your computer. it is fully open source and available today; we expect it to rapidly improve.

The best code editor is Google sheets?!!? 🫨

Great find and write-up from the team @Unit42_Intel. I wrote a small unsafe PyYAML loader script to remotely load and execute the YAML deserialization payload. I also built out a Python+Flask C2 Server on an "attacker" VM to handle all communication as specified in the loader and

we've got a lot of good stuff for you this coming week! kicking it off tomorrow.