International Cyber Digest
6.27K subscribers
924 photos
52 videos
2 files
168 links
Independent reporting on cybersecurity, tech, AI & digital policy. Got a tip? http://internationalcyberdigest.com/tips
Download Telegram
‼️🇪🇺 A black day for freedom and civil rights in Europe.

The European Parliament has voted in favour of "chat control." The lapsed derogation that lets platforms scan private messages for child sexual abuse material (CSAM) is back into force until 2028.

Parliament killed this same text 311 to 228 in March. Today it passed.

How it passed also matters, it was a democracy undermining move from The European People's Party (EPP), the largest group in Parliament, who revived the Council's text as a second-reading position, meaning it stood unless an absolute majority of all MEPs, at least 361, voted to reject or amend it.
🤬24💩101😢1😨1🤪1
DuckDuckGo's browser now blocks most YouTube video ads, including pre-roll and mid-roll, using community uBlock Origin filter lists plus its own compatibility rules.

It's on by default on iOS, Mac, and Windows (manual on Android), putting it alongside Brave and Opera in the browser-vs-Google fight over YouTube's ad model.

DuckDuckGo's cautions the feature is new and may break temporarily whenever YouTube changes how it serves ads.
32👏12👍2
❗️ Meta just silently opted in every adult Instagram user for their new Muse AI Image generator, which lets anyone create AI images of your likeness by tagging your public handle in a prompt, no notification when your photos are used, and no removal of images generated before you opt out.

To opt out on Instagram: Profile > Menu > Sharing and reuse, then switch off the reuse toggles under "Allow people to reuse your content on Instagram and with AI features at Meta."
🤬214🥰2🙏2🔥1😁1
❗️ An Israeli startup founder secretly uploaded a cluster of malicious typosquatted npm packages that impersonate Anthropic, Vercel, LangChain, Ollama, OpenAI and Aspect Security and profile developer machines on install.

The packages skip passwords and tokens by design. Instead, the install script harvests identity: hostname, every git and SSH email on the box, teammate emails from the git reflog, AWS/GCP profile and account details, and the corporate DNS domain, all shipped to a Google Cloud Run endpoint.

There were about 20k downloads before takedown.

Article: https://www.internationalcyberdigest.com/npm-infostealer-campaign-traced-to-israeli-cybersecurity-startup/
💩16🤬5😁2😱2🤣2🤪21😭1
‼️ Dutch police have just released a statement claiming the Odido hack was carried out by Dutch criminals. The breach happened because an Odido employee, after being misled, authorized a malicious Salesforce connected app. Police plan to release the voice recording of the actor who called Odido and impersonated IT support.

The hack, which is attributed to ShinyHunters, led to the leak of sensitive information belonging to over 6 million people. After Odido refused to pay, the data was leaked to the public. Criminals are now using the Odido dataset for phishing and identity theft.

Article: https://www.internationalcyberdigest.com/dutch-police-point-to-suspects-in-odido-hack-and-may-release-callers-voice/
🥰4🤣21💩1
Huawei’s telephoto camera turned a twin-engine jet into a bird.
🤣474😭4👍2😁1
❗️ More than half of Grok's traffic now comes from adult content, including porn image and video generation and sexual role-play, according to a report of The Information. xAI is reportedly leaning into it, not away from it.

It also lands amid lawsuits and probes in the US, EU, India and Brazil over sexualized deepfakes, including alleged images of minors. Musk has denied awareness of any underage sexual images generated by Grok.

Article: https://www.internationalcyberdigest.com/adult-content-now-drives-most-of-groks-traffic/
😁8🥰3🤣2💩1
❗️ Anthropic tried to charge a Korean user who was on the free plan with zero API usage $16.6 million. A day earlier, the same invoice was $1.67 million, so it grew roughly 10x overnight.

The user says he suspected phishing at first, then found the sender and payment link were Anthropic's official domain. His bank declined the charge attempts for exceeding the card's per-transaction limit...

Last month auditing startup Vaudit told it found about $1.7 million in overcharges across $34 million in AI invoices, mostly tied to Claude Code, and after months of GitHub reports about contradictory Anthropic billing emails.

Read:
https://www.internationalcyberdigest.com/anthropic-tried-to-phantom-charge-16-6m/
🤣36🥰31🤬1
OpenAI's newest model just hit the DeepSWE benchmark, and gpt-5.6-sol, now beats every other model (even Fable 5) at a fraction of the cost.

gpt-5.6-sol:
- 3x cheaper than Claude Fable 5
- 5–7x cheaper than Claude Opus 4.8
- 10x cheaper than Claude Sonnet 5
💩14🤔5🔥32👍2
❗️ Apple is suing OpenAI, accusing it of a months-long scheme to steal trade secrets for its AI hardware device. The complaint names OpenAI hardware lead Tang Tan and engineer Chang Liu, both ex-Apple.

It alleges recruits were told to bring unreleased parts to job interviews, that Tan circulated Apple's internal exit-security playbook to new hires, and that Liu kept an Apple laptop and exploited a vulnerability to pull dozens of confidential documents while already working at OpenAI.

OpenAI's reply, via a spokesperson: "We have no interest in other companies' trade secrets." Apple wants an injunction plus damages set at trial.
10👏4🤣4😁2🥰1
‼️ A 16-year-old Linux KVM vulnerability called Januscape (CVE-2026-53359) lets a root user inside a guest VM escape to the host on Intel and AMD x86 systems, and a proof of concept that crashes hosts is already public.

Canonical says patched Ubuntu kernels are still pending for all releases and recommends disabling nested virtualization in the meantime.
😱183
‼️ The Chinese and Russians want to use malware to paralyze the Starlink satellite network, according to secret documents obtained from clandestine military forums. And if malware doesn't work, they plan to just shoot the satellites down.

Chinese state aerospace researchers are pitching a three-stage plan to defeat Starlink. It escalates from regulatory pressure to coordinated jamming to physically destroying satellites in orbit.

The same cache includes a protocol signed in Moscow in June 2023 to jointly build an air- and missile-defense system against US hypersonic weapons, a class of technology Moscow historically refused to share with anyone.

Beijing still calls itself neutral on Ukraine. These documents make that position very hard to sustain.

Note: the slides have been translated from Russian and Chinese into English.
😱15😁5🔥32👍2