❗️ BREAKING: Over 2 million hijacked consumer devices, including smart TVs and streaming boxes, were quietly acting as residential proxy exit nodes. All of them, per Google, were part of the NetNut residential proxy network.
Google, working with the FBI and Lumen, has moved to dismantle the NetNut network. In a single week, Google tracked 316 distinct threat clusters, including espionage groups, routing attacks and password sprays through suspected NetNut exit nodes.
Le cookie est mort alors ils ont cuisinés une nouvelle merde pour vous traquer 👉
Utiq, c'est un système de tracking qui n'a pas besoin de cookie. Il utilise votre opérateur télécom.
Le site que vous visitez transmet votre IP à Utiq. Utiq la transmet à Orange, SFR ou Bouygues. Votre opérateur crée un identifiant lié à votre numéro de téléphone. Et cet identifiant vous suit sur tous les sites partenaires.
Vider votre cache ne change rien. La navigation privée non plus. C'est cross-plateforme. Votre IP = votre identifiant publicitaire. Formidable.
Derrière Utiq, on trouve Deutsche Telekom, Orange, Telefónica et Vodafone. Les opérateurs qui transportent vos données depuis 20 ans viennent de décider qu'ils allaient aussi les monétiser.
C'est présenté comme une alternative "éthique et européenne" aux GAFAM. 😂
Vous échangez Google contre votre opérateur télécom. Qui connaît votre numéro de téléphone, votre adresse, et tout votre trafic réseau.
Cliquez sur Rejeter.
👀This @GrapheneOS X @Moto collab is bigger than I thought!
If we didnt get this NOW, who knows what direction privacy on mobile would be headed!
Did you know: @Google Pixel 10 delays and tighter controls threw off GrapheneOS support timelines, making it harder to keep up with fast Pixel releases.
Its almost like they were TRYING to brick @GrapheneOS
Perfect timing for the @Moto partnership: 2027 flagships will let you unlock the startup security, install GrapheneOS, then lock it back so the phone checks everything’s safe.
Samsung stays locked.
Apple gives you no choice.
Real secure Android options are finally coming.
👀
This is the start of something great!
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
‼️🚨 BREAKING: Cloudflare's CISO just published what Anthropic's unreleased Mythos did against more than 50 of their own production repos. According to him, Mythos is too powerful and must "include additional safeguards" before releasing to the public.
Turns out the model can chain multiple low-severity bugs into a single severe exploit with a working PoC, where previous frontier models would stop at "interesting bug, unclear if exploitable."
At triage time, that means fewer hedged findings and less time spent asking "is this even real?" A finding that arrives with a PoC is a finding you can act on.
Cloudflare is also explicit about the safety side. The Mythos Preview build provided for Project Glasswing did not include the safeguards present in generally available models like Opus 4.7 or GPT-5.5. The model's organic refusals are real, but Cloudflare states they are not consistent enough to serve as a complete safety boundary on their own, and that any cyber frontier model made generally available in the future must ship with additional safeguards on top of that baseline.
Interesting detail: Cloudflare was not on the original Project Glasswing launch partner list with Apple, AWS, Google, Microsoft, CrowdStrike, and others. Instead they got invited later on.
Feb 2026: Hackers now use custom AI agents to map Active Directory and grab Domain Admin rights in minutes.
Not phishing. Full speed attacks.
Your team still in meetings?
Picus shows how to fight at machine speed.
Watch the latest session 👇 https://t.co/QsCUxC06Ay
🚨 BREAKING: Toronto Police just seized “SMS Blasters” fake cell towers never seen before in Canada.
These portable devices hijack thousands of phones at once, blast fake bank/Canada Post texts, and knock out real service (even 911 calls).
Tens of thousands of phones hit.
Over 13 MILLION disruptions.
Three men charged 🇨🇳
• Dafeng Lin, 27, of Hamilton
• Junmin Shi, 25, of Markham
• Weitong Hu, 21, of Markham
This is next-level cyber crime on our streets. Stay alert. Never click surprise links.
#Toronto #CyberCrime #ScamAlert
In all seriousness though, companies that are investing in these tools have zero control over code quality, how to protect from prompt injection, what gets shoved and executed into the developers environment, what gets shoved into production.
Zero. Controls.
Death of cybersecurity? Nah. It's just getting started.
BREAKING: You checked the weather this morning.
And you just told a surveillance company where you sleep.
Meet #Webloc, used by ICE, cops & foreign govs to track 500m+ phones.
No warrant required.
Our latest @citizenlab investigation + how to protect yourself 🧵/1
26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.
We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.
Check our paper: https://t.co/zyWz25CDpl
North Korean hackers have breached more than 400 GitHub repositories to plant malicious tasks.json files. Users loading or cloning one of the hacked repos in the VS Code IDE would have malware installed on their systems. The campaign, named TasksJacker, abused a VS Code feature that auto-executes instructions placed in a tasks.json file.
⚠️ Our team at Google is releasing more details on the recent NPM #axios supply chain attack. Notably, we now attribute this activity to #UNC1069, a financially motivated North Korean 🇰🇵 nexus threat actor active since at least 2018.
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
For nearly 30 years, journalists have relied on the Internet Archive to see how stories were originally published, before edits, removals, or changes. We need to safeguard that. https://t.co/WjLMSMhMnz
The DarkSword iPhone exploit code just leaked on GitHub. This changes the threat model for everyone, not just Apple users.
Here's what most coverage is missing.
DarkSword was originally a nation-state grade tool — tracked by Google's Threat Intelligence Group since November 2025, used by Russian espionage groups and customers of a Turkish commercial surveillance vendor. This was elite capability reserved for high-value targets.
Now it's on GitHub. Anyone can download it, study it, modify it, and redeploy it.
That's the moment a spyware-grade exploit chain goes from "targeted espionage" to "commodity attack tool." Google themselves warned this is exactly what happens - leaked code gives threat actors a starting point to test, tweak, and iterate.
Three malware families deploy after compromise: GhostBlade, GhostKnife, and GhostSaber. Together they steal data, establish a backdoor for re-entry, and execute code - compressing the entire kill chain into a single click.
But here's the enterprise angle nobody is connecting.
SecurityScorecard's CISO Steve Cobb put it perfectly: once attackers gain credentials on a compromised phone, they're no longer limited to that device. They move into SaaS platforms, cloud environments, and partner systems without needing another exploit.
Now think about how many people use the same iPhone for:
→ Corporate email and Slack
→ AI agent control channels (Telegram, WhatsApp, Discord)
→ Two-factor authentication
→ Cloud storage with synced credentials
A compromised iPhone isn't a phone incident anymore. It's an enterprise access incident. If your CISO is running an OpenClaw agent through Telegram on their Mac and their iPhone connects to the same Telegram account - the phone becomes a lateral entry point to the agent.
This is the second iOS exploit kit disclosure this month. Coruna gave attackers 23 exploits across iOS 13 through 17.2.1. DarkSword covers iOS 18.4 through 18.7. Between them, nearly every iPhone version in the wild has been targeted.
What to do right now:
→ Update to iOS 26.3 immediately - this patches the DarkSword chain
→ Enable Lockdown Mode on any device you can't update
→ If your org allows BYOD, assume unpatched personal devices are compromised
→ Review what enterprise services are accessible from mobile - email, cloud, SSO tokens, AI agent channels
→ Test whether your mobile security controls can actually detect and block these exploit chains, not just in theory
The pattern is clear: nation-state exploit tools are leaking faster than organisations can patch. DarkSword is public now. The window between "elite capability" and "commodity attack" just collapsed.
Patch today. Not tomorrow.
More Info: https://t.co/U4G4e1IIkL
This is the REAL reason behind the 3D printing bans.
The corporations that hold manufacturing contracts, charging $5,644 for a $10 (or less) part, aren’t going to let 3D printing take that from them.
Micro-manufacturing in the hands of the average human is disruptive.
an open source AI tool was just caught BREACHING 600+ Fortinet firewalls across 55 COUNTRIES
fully AUTONOMOUS, zero human in the loop
its called CyberStrikeAI
100+ offensive security tools baked in, nmap, sqlmap, metasploit, nuclei, burpsuite, the entire attack chain automated
you literally chat with it
> hack this target, make no mistakes
AI agents coordinate the attack themselves, one does recon, another scans, another exploits, another writes the report, they talk to each other and adapt based on what they find
this is cobalt strike meets chatgpt except its free, open source, and backed by a state actor