Todd Bookman (via Roman Loyola):
Then, according to Carter, the cards are carefully placed back in their original packaging, and are returned to the store’s shelves, where an unsuspecting customer will hopefully purchase them and add money to the card.
[…]
The scale of the scheme is mind-boggling: Apple, working with police, determined that the company shipped 46,364 products to a single warehouse in Windham, New Hampshire during a 10-week window last summer, with a total value of $47 million. That works out to an average of $600,000 a day in Apple products to a single location. A separate facility in Amherst received another $35 million in iPhones over the same period.
[…]
Chinese nationals are working and, in some cases, living inside these rented warehouses. There, workers receive the new Apple products from UPS or FedEx, sometimes thousands a day. They unbox the products, then consolidate all of the electronics into larger, anonymous brown boxes.
[…]
Once the electronics are repackaged into unmarked boxes, the warehouse workers go to UPS or FedEx to ship them to their next destination. Often, that’s to an international exporter based in Florida. From there, it’s on to China, Dubai, or South America, where the iPhones and other devices are resold for profit.
I don’t think I’ve seen anything yet about electronic gift cards not being safe.
Previously:
Apple Apple ID Law Enforcement Payments Shopping
John Voorhees:
Late yesterday, Anthropic announced messaging support for Claude Code, allowing users to connect to a Claude Code session running on a Mac from a mobile device using Telegram and Discord bots. I spent a few hours playing with it last night, and despite being released as a research preview, the messaging integration is already very capable, but a little fiddly to set up.
Tim Hardwick:
Anthropic are out with yet another update to Claude AI: the company’s Claude Code and Cowork tools can now remotely control your Mac on your behalf.
[…]
The capability pairs with Dispatch (released last week) which lets you assign Claude tasks from your iPhone and return to finished work on your desktop. In the YouTube video embedded below, Anthropic’s demo shows a user asking Claude to export a pitch deck as a PDF and attach it to a meeting invite, all while the user is away from their Mac.
[…]
The new feature is essentially Anthropic’s version of OpenClaw, the open-source AI agent that went viral earlier this year.
John Gruber:
The Claude Mac client itself remains a lazy Electron clunker. If Claude Code is so good I don’t get why they don’t prove it by using it to make an even halfway decent native Mac app.
Tim Hardwick:
Anthropic has released a redesigned Claude Code experience for its Claude desktop app, bringing in a new sidebar for managing multiple sessions, a drag-and-drop layout for arranging the workspace, and more.
[…]
Anthropic has also dropped more of the developer workflow into the app itself. There’s now an integrated terminal for running tests and builds, an in-app file editor for spot edits, a rebuilt diff viewer aimed at large changesets, and an expanded preview pane that handles HTML files and PDFs alongside local app servers. Each pane is also drag-and-drop friendly, so the layout can be arranged to suit.
[…]
In related news, Anthropic also announced Routines – a new way to set up Claude Code automations that run without an active session. A routine bundles a prompt, a repo, and any relevant connectors into a single configuration that can run on a schedule, fire from an API call, or trigger off a GitHub event such as a new pull request.
Wade Tregaskis:
I strongly suspect Claude’s Mac app is written by Claude.
That’s not a compliment.
[…]
There’s its general everyday bugginess – it frequently resets the scroll position of conversations to some arbitrary point miles back in time, for example. Or just abruptly removes focus from the text field while you’re in the middle of typing (doesn’t move it anywhere else, just defocuses). It smells, in a nutshell.
But the “vibe coding” stench really wafts in when you consider that [cynically] their most important user flow – the upsell – doesn’t even work.
Previously:
Artificial Intelligence Claude Discord Electron Mac Mac App macOS Tahoe 26 Telegram
Khanh:
Early this week, we had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser printed, in honor of our hacker friends.
[…]
The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled.
[…]
We didn’t build the chain alone. Mythos Preview helped identify the bugs and assisted throughout exploit development.
Previously:
Apple M5 Artificial Intelligence Bug Claude Exploit Kernel Mac macOS Tahoe 26 Mythos Security
Bobby Holley:
Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148.
As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.
[…]
Our work isn’t finished, but we’ve turned the corner and can glimpse a future much better than just keeping up. Defenders finally have a chance to win, decisively.
[…]
Encouragingly, we also haven’t seen any bugs that couldn’t have been found by an elite human researcher. Some commentators predict that future AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension, but we don’t think so.
Mozilla (Hacker News):
In this post, we’ll go into more detail about how we approached this work, what we found, and advice for other projects on making good use of emerging capabilities to harden themselves against attack.
Dan Goodin:
The engineers said their earlier brushes with AI-assisted vulnerability detection were fraught with “unwanted slop.”
[…]
Mozilla’s work with Mythos was different, Mozilla Distinguished Engineer Brian Grinstead said in an interview. The biggest differentiating factor was the use of an agent harness, a piece of code that wraps around an LLM to guide it through a series of specific tasks. For such a harness to be useful, it requires significant resources to customize it to the project-specific semantics, tooling, and processes it will be used for.
Previously:
Artificial Intelligence Bug Claude Firefox Mac Mac App macOS Tahoe 26 Mythos Security
