THE DAILY BRIEF

Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities to gain SYSTEM-level and elevated administrator permissions on compromised systems.

► This marks the transition from disclosure to weaponization, creating an urgent patching window before widespread compromise accelerates.

Socket identified a supply chain attack affecting npm packages for Mistral, UiPath, TanStack (including react-router), and others, likely part of the Mini Shai-Hulud campaign. Developers are advised to run shasum checks on router_init.js files across their dependencies.

► React-router's massive adoption means this attack potentially affects millions of end-user applications if malicious versions were installed.

Anthropic CEO Dario Amodei is scheduled to meet with White House Chief of Staff Susie Wiles on Friday in what sources describe as a breakthrough in Anthropic's ongoing dispute with the Pentagon over AI policy and regulation.

► Direct executive-level engagement with the Trump administration signals AI policy disputes are escalating from boardrooms to the highest levels of government.

Google has successfully enabled end-to-end encryption for RCS texting between Android and iPhone users, resolving years of fragmented cross-platform communication after repeated calls from Google for Apple to adopt RCS standards.

► This closes a long-standing security gap affecting billions of daily messages between the world's two largest phone platforms.