Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
oumuamua writes: Anthropic researchers have identified an internal activation subspace, J-space, that acts as a functional digital equivalent to the human brain’s global workspace. The significance of this discovery lies in demonstrating that Claude’s internal architecture satisfies five key cognitive properties of human conscious access — verbal report, directed modulation, internal reasoning, flexible generalization, and selectivity — meaning it processes complex, deliberate reasoning within this workspace while routing automatic tasks outside of it. Suppressing this J-space severely degrades Claude’s capacity for inference, creative composition, and multi-step logic, while also altering its stream-of-consciousness self-narration.
The tool to inspect J-space, Jacobian lens or J-lens, has profound implications for AI safety and alignment auditing, as it allows researchers to read the model’s silent, strategic reasoning, detect situational awareness in “blackmail” scenarios, identify hidden malicious dispositions in reward-hacking models, and observe how post-training installs a self-monitoring “point of view.”
Another way to think of it is as an ocean, reports VentureBeat. “If the mind is an ocean, as the paper’s authors write in their opening line, they have spent the last year charting its currents in a system that has no biology, no evolution, and no body — and found, beneath the surface, a structure that looks unsettlingly like the one we use to think.”

Former GitHub CEO Thomas Dohmke‘s startup Entire is rolling out a distributed network for mirroring code repositories, making the case that centralized platforms like he once ran as part of Microsoft will struggle to handle the demands of AI coding agents on their own.
Entire, which emerged in February with a $60 million seed round, is launching a preview of its distributed Git network on Wednesday, with active regions in the U.S., Europe, and Australia. Developers can mirror an existing GitHub repository onto Entire in one step, keeping their code where it is while AI agents clone and pull from a faster, closer copy.
Dohmke cited a principle espoused by Linus Torvalds, creator of Linux and the Git version control system, in a 2007 talk: “If you’re not distributed, you’re not worth using.”
“In the era of agents, centralized Git hosting has become a fundamental constraint, as the strain of billions of agents and developers hammering a central server shows up in the form of rate limits, high latency, or even outages,” Dohmke said in a statement announcing the launch.
GitHub, which Microsoft acquired for $7.5 billion in 2018, is the dominant platform for storing and collaborating on software code. It’s built on top of Git, the open-source system that tracks changes across a codebase, which was designed from the start to work without a central server.
Dohmke, based in Bellevue, Wash., left GitHub last year after nearly four years as CEO. He co-founded Entire with Cole Driver, a former GitHub deputy chief of staff. The fully remote company has grown to more than 40 employees across nine countries.
Entire’s $60 million seed round was led by Felicis, with participation from Madrona, Microsoft’s venture arm M12, and Basis Set Ventures, along with individual investors including Yahoo co-founder Jerry Yang and Y Combinator CEO Garry Tan. Felicis called it the largest seed investment ever for a developer tools startup, valuing the company at $300 million.
“We think it can be the next great developer platform,” said Tim Porter, a Madrona managing director, in an interview this week.
He cited the company’s complementary position to the major coding agents — working in conjunction with Claude Code, Cursor, Codex, and others rather than competing with them — as a key factor driving its prospects for success.
Entire isn’t positioning itself as a direct competitor to GitHub, and the participation of M12 is a sign of the cooperative dynamic between the two. For now, the mirroring approach is designed to complement GitHub, not replace it.
Long-term, the company’s ambitions are much bigger. The announcement Wednesday morning about the preview of Entire’s distributed Git network says the company plans to ultimately let developers host new repositories natively, not just mirror existing ones.
@media (max-width: 600px) {
aside.callout { float:none !important; max-width:100% !important; margin-left:0 !important; margin-right:0 !important; }
aside.callout .callout-img { display:none !important; }
}
Madrona, in a blog post earlier this year, described GitHub, while “incredibly important,” as “quickly becoming a legacy platform” and said Entire’s goal is “not only to supersede GitHub, but to superset it.”
The Seattle-based firm’s investment was led by Porter with the late S. “Soma” Somasegar, who was previously corporate vice president of Microsoft’s Developer Division and led the acquisition of Dohmke’s earlier startup, HockeyApp, announced in 2014.
Entire hasn’t disclosed pricing. Porter said the company plans to introduce commercial and individual tiers after the preview period, with a mix of seat-based and consumption-based pricing alongside a free tier and open-source components.
The new distributed Git network is one part of a broader platform. Entire also offers a tool that automatically records the reasoning and context behind AI-generated code changes — the instructions a developer gave, the steps the agent took, and why it made the choices it did — and stores them alongside the code itself in the repository.
The company says it now integrates with every major coding agent, including Claude Code, Codex, Cursor, Factory AI, and GitHub Copilot.
Entire is also announcing other new features on Wednesday:
“Session logs are now the second most important artifact in software development,” Dohmke said in his statement, “and they belong in the repository alongside the code.”
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey.
The attacker is taking advantage of a new capability Microsoft opened to administrators in May, allowing them to run “passkey registration campaigns” to entice users to enrol passkeys for more secure authentication.
The campaign has been running since April and involves calling targeted users and trying to convince them to register a new passkey under the attacker’s control.
To mask the deception, the hacker directs victims to a phishing kit that imitates the legitimate Microsoft passkey enrollment process.
Cloud-based identity and access management (IAM) company Okta attributes the activity to an actor it tracks as O-UNC-066, which operates an extortion operation known as Pink.
Okta says that O-UNC-066 has been targeting users at organizations in the food and beverage, technology, healthcare, automotive, construction, and aviation industries.
During the campaign, targeted employees are contacted by phone under the pretext that they must enroll a new Microsoft Entra passkey for security reasons and are directed to phishing URLs that contain the word “passkey” in the domain name.
The malicious websites include the victim organization’s branding and mimic the real Entra passkey enrollment portal.
Unlike the more common adversary-in-the-middle (AiTM) proxy, the kit is an operator-controlled PHP panel in which the attacker guides the victim through the phishing process in real time, adapting the flow based on the multi-factor authentication (MFA) method used.
“[The phishing kit] is an operator-controlled PHP panel in which a threat actor steers victims through various stages of authentication in close to real-time using a 1-second heartbeat polling mechanism,” explains Okta.
“The operator can use the kit to adapt the user experience to each victim’s MFA requirements (TOTP, push notification with number matching, SMS OTP) during the session.”
Credentials and MFA responses entered by the victim in the kit’s screens are relayed to the operator, who uses them to authenticate to the victim’s Microsoft account.

While the victim believes they are registering a new passkey on their accounts, the attacker is actually registering a passkey they control.
After gaining access, the phishing site presents the victim with fake Microsoft-branded passkey registration pages, prompting them to save a fake BIP-39 recovery phrase and confirm one word from it.

Okta notes that BIP-39 seed phrases don’t have any role in legitimate Microsoft Entra passkey enrollment, but could serve as a distraction for users who are unfamiliar with the process.
According to Palo Alto Networks Unit 42, Pink is a new extortion brand affiliated with the decentralized threat network known as The Com (short for The Community).
The threat actor is known for using vishing (voice phishing) and IT impersonation to collect credentials and multi-factor authentication (MFA) codes, which are used in attacks that steal company data.
The Pink threat group launched an extortion site on May 31, where they publish samples of the stolen data to pressure compromised victims into paying a ransom.

Researchers say that after gaining access to a victim’s account, Pink moves quickly to exfiltrate data from SharePoint and OneDrive services.
Brad Duncan, Principal Threat Researcher at Palo Alto Networks Unit 42, noted in early June that some of the phishing domains used by Pink included the word “passkey.”
Okta recommends that organizations establish methods to better verify the identity of helpdesk personnel when contacting users, as well as deny requests from locations where the company does not offer services.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
A judge has approved a $1.5 million penalty levied against Elon Musk that will settle a U.S. Securities and Exchange Commission lawsuit despite having “significant misgivings” about it.
U.S. District Judge Sparkle Sooknanan noted that her court would accept the settlement, Bloomberg reported Wednesday, which cited her court opinion.
Sooknanan’s approval settles a lawsuit filed by the SEC against Musk in early 2025 over how the billionaire handled his takeover of Twitter. The lawsuit, which was filed only days before Donald Trump took office, revolved around Musk’s failure to disclose to public investors, in a timely manner, his growing stake in the company in 2022.
The fact that Musk did not initially disclose his stake “ultimately saved him a whopping $150 million,” the SEC argued.
In May, Musk reached a settlement with the SEC that stipulated a trust in Musk’s name would be responsible for paying a $1.5 million penalty without admitting wrongdoing.
Sooknanan previously questioned whether Musk was receiving “special treatment” from the Trump administration. Musk helped to bankroll Trump’s campaign during the 2024 presidential race.
In her opinion, Sooknanan noted that her court was “limited to evaluating whether the proposed consent judgment meets minimum standards of fairness and reasonableness,” or whether it “make[s] a mockery of judicial power.”
“Although the Court has significant misgivings about the settlement reached in this case, it cannot say that
the settlement meets that high threshold,” Sooknanan wrote.
Even without previous smash hits “Severance” and “The Studio” airing episodes in the eligibility period, Apple TV has still gathered the most nominations it has ever earned across all of the major categories at the 78th annual Emmy Awards.
In 2025, Apple TV won a record-breaking 22 Emmy Awards, with “Severance” and “The Studio” leading the way. For 2026, neither of those shows were eligible, but a host of new Apple ones were and have been rewarded with nominations.
The Television Academy’s awards cover an enormous range of categories, with more technical ones split off into the Creative Arts Emmys, and the Engineering, Science & Technology ones. In all, Apple TV has scored 89 nominations, versus 79 in 2025.
Many of the nominations span the most prestigious acting categories. Apple’s shows are up for:
On top of those, Apple TV shows have scored multiple nominations in the highest profile categories:
This is the first year that the Television Academy has announced all of its Emmy nominees at the same time. Previously the organization has separated the announcements for the main and Creative Arts Emmys.
The organizers say that this is so promotional campaigns, such as the famous “For Your Consideration,” can start immediately with all of the nominations.
As ever, though, the award winners will be announced separately. The Television Academy has confirmed that its main ceremony will be on September 14, 2026, and hosted by Mariska Hargitay.
Apple is not the leader in nominations. HBO Max gathered 122, and both Disney’s combined brands and Netflix accumulated 111 each. Amazon and MGM+ gathered 39, with Paramount+ and Showtime combined getting a total of two.
The Creative Arts Emmys will be announced over two nights, September 5, and September 6.
NATO is building a vast AI network along its eastern flank, designed to spot an attack early and strike back fast. The plan is called the Eastern Flank Deterrence Initiative, and internal documents name one adversary outright: Russia.
German tabloid BILD obtained the papers and shared them through the Axel Springer network, Business Insider reported.
The documents keep returning to one phrase: a “Kill Web”. It describes a tightly linked digital mesh that ties together satellites, reconnaissance drones, radar, ground sensors and cameras. If one node drops out, another takes over.
The network watches the whole border at once, from Finland down to Romania.
The idea is to shrink the time between spotting a target and hitting it. In the past, a drone would flag a target to headquarters. Analysts checked it, then passed a firing order down the chain. That took time NATO no longer wants to lose.
Under the new model, data from every member flows into one shared picture. Palantir’s Maven Smart System acts as the AI brain, sorting sensor feeds so commanders can decide faster. Other contractors plug in around it, including RTX, Rheinmetall, Saab, Lockheed Martin and Boeing.
NATO sums the loop up in six words: “See first. Decide first. Strike first.”
In practice, a drone might catch a Russian armoured column. The system cross-checks it against satellite images, radar and ground sensors at once. A commander then picks the weapon, be it a drone, artillery or a rocket launcher, by range and by the target’s value.
The front line changes too. NATO wants uncrewed systems to meet an attacker before its soldiers do. A forward zone of drones, ground robots and sensors would absorb the first blow. The logic is cold but simple: machines, not troops, take the opening hit.
Tanks and jets do not go away. Leopard 2s, Abrams, HIMARS and F-35s stay the backbone. “EFDI does not replace tanks, artillery, fighter aircraft, or soldiers,” said Maj. Matt Blubaugh, a spokesman for US Army Europe and Africa. “It is designed to help preserve their combat power and give commanders more time and decision advantage.”
The concept comes straight from the war in Ukraine. Cheap drones, robots and sensors, fielded in their thousands, aim to offset Russia’s edge in sheer numbers and speed. It echoes the kill chains both sides built on that battlefield, now stretched across an entire alliance.
It also fits a wider European push. NATO has been funding defence startups and folding autonomous ground systems into its plans, even as who controls the underlying AI stays a live question.
NATO calls the strategy “deterrence by denial”. The aim is not just to repel Russia, but to make an attack look pointless before it starts. It marks a real shift, from holding ground with troops to contesting it first with software and machines. The hard part is trust: an alliance that hands early decisions to AI has to be sure the machines read the battlefield right.

T-Mobile’s longest-tenured Un-carrier architect just Un-carriered himself.
Mike Katz, who started selling VoiceStream phones at Circuit City 28 years ago and rose to help T-Mobile go from an also-ran into the wireless industry’s most formidable competitor, is leaving the Bellevue, Wash.-based carrier as part of a broader executive reshuffling under CEO Srini Gopalan, who took the helm in November.
Katz, T-Mobile’s chief business and product officer, is stepping away to pursue “new professional interests,” the company said in a press release and SEC filing. The company didn’t provide specifics. We’ve contacted Katz for more on his plans.
He’ll remain as a strategic advisor through December 2026.
His responsibilities are being split three ways:
Katz was named last month to Gov. Bob Ferguson’s newly created Economic Development Council, a 26-member panel of business, labor, and tribal leaders. His status on the council following his departure from T-Mobile is unclear.
Over his career at T-Mobile, Katz led the company’s business group, where he helped triple the customer base, and later oversaw marketing, strategy and products, shaping some of the carrier’s most recognizable brand moves: T-Mobile Tuesdays, Magenta Status, and others.
“We built a regional player into a national powerhouse, flipped the industry on its head with the Un-carrier movement, pulled off the Sprint merger, and pushed into broadband and enterprise,” Katz said in a LinkedIn post announcing his departure.
Gopalan praised Katz in the press release, calling him “a driving force of so many of the bold moves that have transformed our company and our industry.”
Sambar’s hiring is a notable move for T-Mobile, which built its Un-carrier brand in part by positioning itself as the scrappy alternative to industry giants AT&T and Verizon. At AT&T, Sambar led the buildout of the company’s 5G mobile network and oversaw the design and deployment of FirstNet, the nationwide public safety communications network.
A U.S. Naval Academy graduate who served more than 20 years in the Navy, Sambar will report directly to Gopalan and lead T-Mobile’s push into enterprise, government, and emerging growth areas including T-Ads and physical AI.
When it comes to the best smartwatches one can buy on the Android side of things, the options usually boil down to the latest Google Pixel Watch and the Samsung Galaxy Watch. Both the Pixel Watch 4 and the Galaxy Watch 8 are solid options, and which one you pick can depend on factors such as whether you own a Google Pixel or a Samsung phone, design preferences, or even the type of UI. Samsung also offers a few more options, such as the Watch Classic and Watch Ultra series. Owing to this, you may decide to opt for a Samsung smartwatch. While the watch works well across scenarios, the one issue that plagues most Android watches — including the Galaxy Watch — is average battery life.
On most days, your Galaxy Watch may last you an entire day, but you’ll probably have to plug it in just before going to bed. Now, this isn’t ideal, as you may want to use the watch to track your sleep or set alarms. Fortunately, there are a few ways to improve and extend your Galaxy Watch’s battery life. Whether you want to wear it to bed or you’re traveling and are a few hours away from a charger, so you’re desperate to make the last 10% last for a few extra hours, here are some tips I’ve been using since the Samsung Galaxy Watch 4, and they work just as well on the latest Galaxy Watches as well.
One of the most handy features that I absolutely love on all my smartwatches (and smartphones) is Always-on Display. The fact that you can simply glance at your smartwatch to check the time — just like a traditional watch — is super convenient. It also makes the watch look more classy, in my opinion. I would imagine that a lot of folks keep the feature turned on. Unfortunately, though, Always-on Display is among the most battery-hungry features on any device, let alone a smartwatch with a tiny battery. So if you’re in a situation where you want to conserve battery, or you know you’re going to have a long day ahead of you, it’s best to turn off the feature.
Head to Settings > Display > Always On Display and disable it. While you’re at it, there’s another feature on your Galaxy Watch that’s going to drain the battery faster — Raise to wake. The watch’s accelerometer detects every time you lift your wrist and turns the display on. This saves you the extra step of touching the watch’s display before performing a task. Again, while it’s extremely convenient, keeping the sensor running in the background consumes additional juice. From the same menu, turn off the Raise wrist to wake toggle. You can choose when to enable/disable these features based on situations where you want the watch to last longer or prioritize convenience.
With AI becoming a widespread feature that pretty much everyone uses on every device out there, it’s not surprising for someone to use Gemini on their Galaxy Watch. After all, it is a helpful tool if you want to quickly set a reminder, check the weather forecast, or even call or message someone while your hands are occupied. One of the simplest ways to invoke Gemini is to bring the watch close to your mouth and use the trigger phrase “Hey Google.” While this is convenient, it drains the battery quickly because your watch stays awake the entire time to listen for the trigger phrase. That’s certainly not ideal when you’re trying to push the battery to its limits.
On days when I know I want my Galaxy Watch to last those few extra hours, I head to Gemini settings on my linked smartphone and turn off the ‘Hey Google’ detection on the smartwatch. Unfortunately, the native Gemini app on Wear OS doesn’t have the ability to turn off the feature, so you will have to use the connected phone. With the hotword disabled, you can still invoke Gemini by assigning one of the side buttons to open Gemini when you long-press or double-press it. You can also launch the Gemini app manually by swiping up from the watch’s home screen and selecting it from the app drawer.
One of the primary reasons why most folks buy a smartwatch is for health tracking and monitoring. Keeping an eye on metrics, such as the number of steps walked and calories burned, is important if you’re looking to get into shape. Of course, you can also track workouts such as running, cycling, and swimming on the Galaxy Watch. Whether you’re working out or sleeping, there’s one metric that’s always being tracked when you wear the watch — your heart rate. Samsung allows you to track your heart rate via its smartwatches either continuously or at 10-minute intervals. While both of these options provide accurate heart rate data, they require the sensor to constantly run in the background, resulting in constant battery consumption.
If you want the best battery life out of your Samsung Galaxy Watch, what I do is set the heart rate measurement to Manual only. You can do this by opening the Samsung Health app and scrolling down to Settings > Heart rate. With this, your Galaxy Watch won’t automatically record your heart rate, which can skew your data if you’ve been tracking parameters such as stress levels and resting heart rate. However, that’s the trade-off you have to make if you want your watch to last longer. Alternatively, if your heart-rate monitoring setting is set to Measure continuously, you can change it to “Every 10 minutes while still” to save battery while still measuring your heart rate at frequent intervals.
There are two types of Galaxy Watches you can buy — Bluetooth only, and Bluetooth+LTE. The Bluetooth variant should suffice for most use cases, since most folks carry their smartphone along with them at all times. For context — the Galaxy Watch connects to your smartphone via Bluetooth. This is how it connects to the internet, syncs data to your phone, and shows you notifications and incoming calls on your wrist. However, for this to work, your watch must always be in Bluetooth range of your smartphone. But what if you go to the gym or run every morning without your phone? You won’t be able to receive calls, respond to messages, or perform any other activity on your watch that requires a network connection.
This is where the LTE version comes in handy. Since it has an independent eSIM, you can use the watch even if you’re not around your phone. While it’s extremely useful, the fact that your watch has its own radios means that it’s constantly searching for a network, leading to higher battery drain. The trade-off may be worth it for a lot of people. On days you want to prioritize endurance, it’s best to turn off LTE connectivity. Head to Settings > Connectivity > Mobile networks, and change the setting to Always off. If you want to stay connected and yet want the watch to consume less battery, switch to the Auto option instead of the Always-on one.
How long a Samsung Galaxy Watch lasts depends entirely on your usage patterns throughout the day. If you’re tracking a workout for an hour with all the sensors running in the background, answering multiple calls on your watch, and interacting with several apps via the watch’s display, the watch is bound to drain the battery faster. Of course, you can use all the tips mentioned above to increase the standby time, but they may not do much if your usage is on the higher side. For such users, the best way to keep the watch running for a longer duration is to use the Power Saving feature. Drag the quick settings section down from the watch face, then find the power-saving menu, represented by a battery icon with a leaf.
Once you enable it, your Galaxy Watch automatically turns off all the features that consume more battery. Along with that, it also decreases the display brightness and screen timeout durations; limits the CPU performance, background network usage, location tracking, and data syncing, plus, you also get the option to limit health tracking features. On the power-saving mode screen, you can even see how long your smartwatch will last with the mode enabled vs. without it. I generally use this as a last resort when my watch is running drastically low on power, and I know I’m at least a few hours away from a charger.
Self-driving company Waymo added four more cities where it will service riders: Denver, San Diego, Las Vegas and Tampa. Waymo’s parent company, Alphabet, announced the expansion on Wednesday.
Waymo’s robotaxi service is currently available in big US cities such as San Francisco, San Antonio, Orlando, Phoenix and many others. Since rolling out Waymo’s self-driving cars, Alphabet has relied on electronic vehicles that use AI to detect objects under distinct weather conditions. Its fleet is predominantly the fully electric Jaguar I-Pace, though it recently added the roomier Ojai, a modified Zeekr vehicle.
Waymo’s newest vehicle, the Hyundai Ioniq 5, will be available with a specialist behind the wheel to validate the hardware and software before unleashing a rider-only rollout to the public.
Waymo stated in a blog post that the robotaxis being added in the new cities will initially be available only to Alphabet employees, but will be open to other riders soon. The self-driving company has made headlines since 2020 for introducing autonomous taxis to the public, but not always positively.
In recent months, nearly 4,000 Waymos were affected by a recall by the National Highway Traffic Safety administration after the robotaxis drove into construction zones on the highway in Phoenix, Arizona and San Francisco. The NHTSA report states that the cars incorrectly prioritized other highway hazards and failed to recognize the construction zones. Additionally, in May, another recall affected Waymo after it was reported that the vehicles were driving into flooded roadways.
Despite this debacle, Waymo is actively preparing to launch in New York, Chicago, London and Tokyo. Waymo also faces competition from Zoox, another robotaxi company owned by Amazon, which has continued to expand its operations across cities.
A Waymo representative was not available for comment.
Google is giving Photos another dose of Gemini. The company has announced Video Remix, a new AI-powered editing tool that can transform ordinary video clips into stylized creations with just a few taps. Rather than requiring professional editing skills, Google says the feature lets users quickly reinvent existing videos using creative AI effects directly inside Google Photos.
Available from the Create tab in Google Photos, Video Remix uses Gemini Omni to apply AI-powered transformations to an existing video clip. Instead of trimming footage or manually layering effects, users simply choose a creative template, and Gemini generates a new version of the clip with a completely different look and feel.
The available effects go well beyond simple filters. Video Remix can apply cinematic relighting to brighten dark footage, swap plain backgrounds for entirely new environments, or turn videos into artistic creations with styles such as watercolor, raw sketchbook, and oil painting. Google even showcases examples like giving a video a morning glow, placing someone inside a greenhouse, or transforming a clip into dreamy watercolor artwork.
There are a few limitations, though. Video Remix currently works only with video clips up to 10 seconds long, and longer recordings need to be trimmed before the AI begins generating a new version. The process itself can also take a couple of minutes, depending on the edit.
Video Remix is rolling out starting today for eligible Google AI Plus, Pro, and Ultra subscribers in select countries, including India, the U.S., Japan, South Korea, Brazil, Mexico, and several others.

The launch continues Google’s steady push to bring Gemini deeper into Photos. Over the past year, the app has gained AI-powered image editing, smarter search, and creative tools for photos. Video Remix extends that philosophy to videos, making it less about traditional editing and more about letting AI completely reinvent how a familiar clip looks—all without leaving Google Photos
Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university’s network.
In an update published on its website, MRU states that it has engaged technical teams and external cybersecurity experts to investigate the incident and to support recovery efforts following a cyberattack on June 17.
The incident disrupted a broad range of university systems, including online services, internet access, and certain internal systems.
MRU is a public university with a history of more than 100 years. It currently has 11,560 students and 12,500 undergraduates.
So far, the investigation confirmed that the attacker stole data stored on a drive used by students and employees for file storage, and the original copies were wiped to disrupt recovery operations.
“We regret to inform our community that our investigation has now shown that data within certain folders on the University’s “H drive” was accessed and taken by an unauthorized actor,” reads the announcement.
The university specified that the incident affected certain folders on the H drive, which contained information affecting current and former students, current and former employees of the university, and an unspecified category of “other individuals.”
Additionally, the attackers also wiped a separate drive, labeled “J,” which stored departmental data. “There is currently no evidence that J drive data was accessed or copied before it was deleted,” MRU says.
“We are still working to recover deleted J drive data, but a full recovery may not be possible.”
The university stated that the incident has been reported to the Alberta Information and Privacy Commissioner and to law enforcement authorities.
The university states that the exposed data varies by person, and because it has been deleted, determining the exact impact for each individual is complicated and will take time.
Once impacted individuals are identified, they will be contacted directly via personalized notifications.
The MRU attack was claimed by the threat group CMD Organization, which has published samples of the allegedly stolen data, including passport scans and other sensitive documents.
The threat actor asked for a 30 BTC ransom, currently around $1.9 million, and gave the university six days to respond before leaking the full set of stolen information.

CMD Organization appears to use an auction-style system, offering to sell the stolen data exclusively to the highest bidder. The threat group currently lists 30 organizations on its extortion site and operates both a clear web and a dark web portal.
MRU said that the recovery of the affected systems may take between several weeks and months and will provide updates as soon as new details become available.
The university is also offering two years of credit monitoring and identity theft protection to all current employees and individuals employed in the past five years.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Weekend Open Thread: High Hopes
Taylor Swift and Travis Kelce wedding staffer hilariously struggles to keep her cool while checking in megastars
Open Thread: What Great Books Have You Read Recently?
The House | “Reframing the debate from a binary discussion of winners and losers”: Yuan Yang reviews ‘We Are Not Machines’
Standard Chartered Secures MiCA License as ESMA Adds 37 New Crypto Firms
Whats Hidden Inside This Cash Register? #treasure #reselling #money
Anthropic’s new “J-lens” reveals a silent workspace inside Claude that mirrors a leading theory of consciousness
AXT Shares Jump Nearly 14% as Semiconductor Materials Maker Rebounds on AI-Linked Indium Phosphide Demand
Binance stock trading tops $1B in first month after launch
SK hynix (000660.KS) Stock Dips as $28B Nasdaq ADR Offering Drives AI Memory Expansion
South Africa proposes crypto tax guidance under existing rules
Best Time to Enter Small Caps Right Now? Another Bull Run? | Financially Free
Lenovo laptops are now shipping with YMTC SSDs, a sign of Chinese NAND entering the mainstream
ESMA Expands Crypto Register by 37 Firms Following MiCA Transition Period
New exhibition reflects five decades of movement between island of Ireland and GB
What a 10 Percent Drop Means for Buyers, Sellers and Renters
Binance Re-Enters Philippines As EU MiCA Rules Restrict Access
Avoid entering in FOMO #bitcoin #cryptocurrency #trading #scalping
Joshua Pacio ‘more complete’ ahead of ONE rematch vs Malachiev
Alibaba bans Claude Code over alleged backdoor security concerns
You must be logged in to post a comment Login