Crypto Cash Fuels Boom in Chinese Peptide Labs

Meta has quietly stored dormant face recognition software on over 50 million phones, according to a WIRED report this week. The code sits inside the companion app for its Ray-Ban and Oakley smart glasses. Internally called NameTag, the feature could allow wearers to identify people by matching captured faces against a biometric gallery stored on the device. This is the same type of technology Meta claimed it abandoned in 2021 after paying billions to settle biometric privacy lawsuits in Texas and Illinois.

In a separate legal battle, xAI is pushing a federal judge to force four plaintiffs suing the company over Groak-generated deepfake nudes to drop their pseudonyms and litigate publicly under their real names. One plaintiff alleges the chatbot fabricated sexual images of her as a child. The plaintiffs argue they would rather withdraw the lawsuit than face harassment and doxing from Elon Musk’s online supporters. xAI’s lawyers counter that since the deepfakes will remain under seal, there is “nothing inherently stigmatizing” about naming the individuals involved.

Google introduced a new Android feature this week targeting the surge in AI-powered impersonation scams. These attacks allow fraudsters to spoof a familiar phone number and clone a person’s voice. The feature is bundled with Google Dialer and rolls out to devices running Android 12 or later. It silently pings the caller’s device for a cryptographic handshake. If the call is fake, Android flags it and removes the contact photo from the screen, but only works when both parties use Google Dialer, leaving iPhones unprotected.

WIRED also reported that the Manhattan Institute, the right-wing think tank behind 1990s broken-windows policing and the Trump administration’s anti-DEI push, is now promoting model legislation to turn minor protest-related offenses into felonies under a novel theory it calls “civil terrorism.”

Researchers have detailed a new browser side-channel attack named FROST. It fingerprints other browser tabs and sometimes apps on your device by measuring how long it takes to read from a sandboxed file on your SSD. The attack runs entirely in JavaScript and feeds timing data through a neural network trained on the I/O signatures of common software. There is no evidence yet that anyone is using it in the wild.

And that’s not all. Each week, we round up the security and privacy news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.

The supplements known as peptides,chains of amino acids that promise to help users achieve everything from weight loss to skin rejuvenation through smearing, ingestion, or injection,have evolved into a largely unregulated pharmaceutical subindustry. Unsurprisingly, their growth is fueled by cryptocurrency, often sent directly to Chinese labs that sell these mysterious panaceas.

Crypto-tracing firm Chainalysis this week published an analysis of crypto flows to peptide sellers, a gray market now valued at over $100 million annually and expanding. Chainalysis specifically found that some Chinese labs previously selling fentanyl precursors have shifted to manufacturing and selling peptides. The transition, Chainalysis believes, is designed to capitalize on the wave of “looksmaxing” hype across social media that has boosted peptide sales, while also avoiding the risk of a law enforcement crackdown on opioid manufacturers.

AI can accomplish a wide range of tasks if you simply ask it: code an app, touch up photos, or even hack President Barack Obama’s Instagram account. Since Meta announced in March that its account support would become increasingly automated with AI, including functions like password resets, hackers discovered they could exploit the tool to take over high-profile accounts. Among the victims reported by 404 Media are Obama, the chief master sergeant of the US Space Force, and makeup chain Sephora. Meta says the issue is now fixed and affected accounts have been secured. However, the wave of takeovers highlights the risks of off-loading security functions to AI, particularly at a company like Meta that has publicly touted its all-in approach to AI adoption.

When AI firm Anthropic rolled out its powerful Mythos tool to a select group of organizations for testing, it raised eyebrows by including the US National Security Agency (NSA) on the initial access list. Mythos is reportedly capable of finding previously hidden, hackable vulnerabilities in software with alarming speed, raising fears it could be used for automated mass surveillance and cyberattacks. But the NSA also has a defensive mission, and initial reporting suggested the agency might use Mythos to find bugs in popular software used by Americans, such as Microsoft’s. Yet the Financial Times now reports that Anthropic is helping the NSA take its use of Mythos further, deploying engineers to the agency to teach it how to use the AI tool for offensive hacking. The FT could not confirm that Mythos is being used in active hacking operations. But given the growing use of AI for state-sponsored hacking, it would be surprising if the US is not joining the field of modern-day automated cyberintrusions.

President Donald Trump has selected Bill Pulte to temporarily serve as acting director of national intelligence. Pulte replaces Tulsi Gabbard, who stepped down citing her husband’s health issues. Trump has said he is considering other candidates for the permanent role, but the confirmation process could take months. As acting director, Pulte would oversee the entire US intelligence community, coordinating 18 agencies including the Central Intelligence Agency and NSA.