Nitrogen can’t unlock its own ransomware after coding error • The Register - Don’t rely on threat actors to be your backup, they may not even be able to unlock the data!
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers - “They are typically distributed via phishing emails and collect login credentials, session cookies, authentication tokens, credit card numbers, and crypto wallet data.”
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack - Per Cloudflare, the average size of the hyper-volumetric DDoS attacks during the campaign was 3 billion packets per second (Bpps), 4 Tbps, and 54 requests per second (Mrps), with the maximum rates touching 9 Bpps, 24 Tbps, and 205 Mrps.
Singapore spent 11 months evicting suspected telco spies • The Register - all four major telecom providers, sparking an 11-month digital eviction effort involving more than 100 personnel from across government, military, intelligence, and industry.
China’s Salt Typhoon hackers broke into Norwegian companies | TechCrunch - National Threat Assessment [PDF WARNING] - Norway says SaltTyphoon got them too
AI
Three clues your LLM may be poisoned • The Register
- Weird assessment of the prompt via “triangles”
- Output collapse
- Triggering is not deterministic. Instead, partial triggers can accidentally trigger backdoors, causing output collapse. Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
n8n’s latest critical flaws bypass December fix • The Register - PATCH. Just KEEP PATCHING. If you’re upgraded all the way, wait til’ after lunch. They’ll have a new one.
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries - The company also said it validated every discovered flaw to make sure that it was not made up (i.e., hallucinated), and that the LLM was used as a tool to prioritize the most severe memory corruption vulnerabilities that were identified.
OpenClaw instances open to the internet present ripe targets • The Register - “Our findings reveal a massive access and identity problem created by poorly secured automation at scale,” the STRIKE team wrote in a report released Monday. “Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers.”
Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata - “In DockerDash, a single malicious metadata label in a Docker image can be used to compromise your Docker environment through a simple three-stage attack: Gordon AI reads and interprets the malicious instruction, forwards it to the MCP [Model Context Protocol] Gateway, which then executes it through MCP tools,
Chatbots Make Terrible Doctors, New Study Finds - When the researchers tested the LLMs without involving users by providing the models with the full text of each clinical scenario, the models correctly identified conditions in 94.9 percent of cases. But when talking to the participants about those same conditions, the LLMs identified relevant conditions in fewer than 34.5 percent of cases.
US GOV
Senator, who has repeatedly warned about secret US government surveillance, sounds new alarm over ‘CIA activities’ | TechCrunch - “I write to alert you to a classified letter I sent you earlier today in which I express deep concerns about CIA activities.” - Sn Wyden
Homeland Security is trying to force tech companies to hand over data about Trump critics | TechCrunch - Homeland Security has relied on the use of administrative subpoenas to seek identifiable information about individuals who run anonymous Instagram accounts, which share posts about ICE immigration raids in their local neighborhoods. These subpoenas have also been used to demand information about people who have criticized Trump officials or protested government policies. WAPO Article - PAYWALLED Homeland Security is targeting Americans with administrative subpoenas - The Washington Post
Inspector General Investigating Whether ICE’s Surveillance Tech Breaks the Law - “The objective of the audit is to determine how DHS and its components collect or obtain PII and biometric data related to immigration enforcement efforts and the extent to which that data is managed, shared, and secured in accordance with law, regulation, and Departmental policy,” Cuffari’s letter reads. He adds that one of the purposes of the investigation will be to “determine whether they have led to violations of federal law and other regulations that maintain privacy and defend against unlawful searches.”
FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled - Those warrants included language that would have legally allowed them to press Natanson’s fingers onto the devices, or hold them up to her face, to unlock them if biometrics were enabled
WaPo Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now
Leak/Breach
Substack confirms data breach affects users’ email addresses and phone numbers | TechCrunch- user data, including email addresses, phone numbers, and other unspecified “internal metadata.”
Data breach at govtech giant Conduent balloons, affecting millions more Americans | TechCrunch - 15.4 million people in Texas alone, accounting for about half of the state’s population, 10.5 million people in Oregon and hundreds of thousands of people across Delaware, Massachusetts, New Hampshire, and other states, according to data breach notifications. Stolen data includes individuals’ names, Social Security numbers, medical data, and health insurance information.
Hackers publish personal information stolen during Harvard, UPenn data breaches | TechCrunch - On Wednesday, the group known as ShinyHunters published what it claims are more than 1 million records from each university on the group’s dedicated leak site, which the gang uses to extort its victims.
Hacktivist scrapes over 500,000 stalkerware customers’ payment records | TechCrunch- Stalkerware apps like uMobix and Xnspy, once planted on someone’s phone, upload the victim’s private data, including their call records, text messages, photos, browsing history, and precise location data, which is then shared with the person who planted the app. The data, seen by TechCrunch, included about 536,000 lines of customer email addresses, which app or brand the customer paid for, how much they paid, the payment card type (such as Visa or Mastercard), and the last four digits on the card. The customer records did not include dates of payments.
Hacked, leaked, exposed: Why you should never use stalkerware apps | TechCrunch - At least 27 stalkerware companies since 2017 that are known to have been hacked or leaked customer and victims’ data online.
Wedding Photo Booth Company Exposes Customers’ Drunken Photos - After reluctantly entering his number, the researcher received a text with a link to Curator Live’s API, he said. From there, he found the exposed data. The company is still exposing people’s data so 404 Media is not explaining the security issue in detail. But the impact is that a stranger could dig through other peoples’ photos.