‼️ A 15-year-old in Japan used ChatGPT to write a program that mass-unsubscribed 46,812 Bandai Anime streaming users, Tokyo police say. He has now been arrested.
The November attack forced Bandai Namco Filmworks to take the anime streaming service offline for six weeks, with data on up to 1.366 million members potentially exposed.
Police say the self-taught teen found the server flaw by studying network traffic, then let ChatGPT automate the rest. He told investigators he had no grudge against the company.
Read the article:
https://www.internationalcyberdigest.com/japanese-police-arrest-15yo-over-chatgpt-assisted-cyberattack-against-bandai-channel/
The November attack forced Bandai Namco Filmworks to take the anime streaming service offline for six weeks, with data on up to 1.366 million members potentially exposed.
Police say the self-taught teen found the server flaw by studying network traffic, then let ChatGPT automate the rest. He told investigators he had no grudge against the company.
Read the article:
https://www.internationalcyberdigest.com/japanese-police-arrest-15yo-over-chatgpt-assisted-cyberattack-against-bandai-channel/
🤣26👏11❤4😁1
‼️ BREAKING: New research shows you can copy any signed GitHub commit into a second one that looks identical, without the author's secret key, creating a distinct commit with an identical tree, identical metadata, a valid signature, and a "Verified" badge from GitHub.
On GitHub, a green "Verified" badge is supposed to mean two things: a trusted author signed it, and its ID is a one-of-a-kind fingerprint for that exact code. A new Carnegie Mellon preprint from Jacob Ginesin says the second promise, the unique fingerprint, does not hold.
Why it matters: security teams and package systems (behind tools like Go, Nix, and GitHub Actions) trust that ID as a unique handle for code. Block or pin the "bad" version, and an attacker can re-issue the same signed code under a fresh, still-verified ID that slips past. The author says Git and GitHub have not fixed it.
PoC: https://github.com/JakeGinesin/git-chain-malleator
Article: https://www.internationalcyberdigest.com/new-research-a-verified-github-commit-is-not-unique/
On GitHub, a green "Verified" badge is supposed to mean two things: a trusted author signed it, and its ID is a one-of-a-kind fingerprint for that exact code. A new Carnegie Mellon preprint from Jacob Ginesin says the second promise, the unique fingerprint, does not hold.
Why it matters: security teams and package systems (behind tools like Go, Nix, and GitHub Actions) trust that ID as a unique handle for code. Block or pin the "bad" version, and an attacker can re-issue the same signed code under a fresh, still-verified ID that slips past. The author says Git and GitHub have not fixed it.
PoC: https://github.com/JakeGinesin/git-chain-malleator
Article: https://www.internationalcyberdigest.com/new-research-a-verified-github-commit-is-not-unique/
🤯8🔥6🤬3❤1😁1
From today, every new car, van, truck and bus registered in the European Union must carry a camera-based Advanced Driver Distraction Warning system under the General Safety Regulation, with gaze tracking that alerts inattentive drivers and rules that ban facial recognition and keep the data inside the vehicle.
https://www.internationalcyberdigest.com/driver-monitoring-is-now-mandatory-in-every-new-vehicle-registered-in-the-eu/
https://www.internationalcyberdigest.com/driver-monitoring-is-now-mandatory-in-every-new-vehicle-registered-in-the-eu/
🤣13😱5❤1
❗️ If your Windows 11 PC keeps running out of storage and you can't figure out why, it might not be your files. It might be Windows itself.
A bug causes a hidden system file to grow without limit. The file is supposed to be a small log of which apps use your camera, microphone, and location, normally just a few megabytes. On affected PCs it never gets cleaned up, and users have found it at 70GB, 200GB, and in one case roughly 500GB.
The worst part is you can't see it. Storage settings just show a huge "System files" entry with no explanation, so most people blame their photos or games and start deleting the wrong things. The folder itself is locked, so even File Explorer says access denied.
Microsoft never listed the bug as a known issue. The fix arrived quietly inside June's optional update (KB5095093), and everyone else gets it automatically in the next monthly update, expected July 14.
To check now, open Settings > System > Storage > System & Reserved. If "System files" shows hundreds of gigabytes, install the June update. If your drive is already too full to update, there's a Safe Mode workaround: rename the oversized file and Windows rebuilds a fresh one. 😂
https://www.internationalcyberdigest.com/windows-11-bug-lets-a-hidden-log-file-swallow-hundreds-of-gigabytes/
A bug causes a hidden system file to grow without limit. The file is supposed to be a small log of which apps use your camera, microphone, and location, normally just a few megabytes. On affected PCs it never gets cleaned up, and users have found it at 70GB, 200GB, and in one case roughly 500GB.
The worst part is you can't see it. Storage settings just show a huge "System files" entry with no explanation, so most people blame their photos or games and start deleting the wrong things. The folder itself is locked, so even File Explorer says access denied.
Microsoft never listed the bug as a known issue. The fix arrived quietly inside June's optional update (KB5095093), and everyone else gets it automatically in the next monthly update, expected July 14.
To check now, open Settings > System > Storage > System & Reserved. If "System files" shows hundreds of gigabytes, install the June update. If your drive is already too full to update, there's a Safe Mode workaround: rename the oversized file and Windows rebuilds a fresh one. 😂
https://www.internationalcyberdigest.com/windows-11-bug-lets-a-hidden-log-file-swallow-hundreds-of-gigabytes/
❤7🤬4😁2😱1🥴1😭1
‼️BREAKING: US commanders overrode explicit warnings in Pentagon targeting databases that Iran intelligence was years out of date, approving strikes that included the hit on a school in Minab. The strike killed at least 168 children and 14 teachers.
The outdated data flags sat inside the databases and required senior sign-off to bypass.
An analyst had observed and logged changes at the school site in a separate tool that never fed the official targeting databases.
Four months later the Pentagon has not released its investigation. US Central Command declined to comment to CNN.
Article: https://www.internationalcyberdigest.com/us-commanders-overrode-stale-intelligence-warnings-before-strike-that-destroyed-iranian-school/
The outdated data flags sat inside the databases and required senior sign-off to bypass.
An analyst had observed and logged changes at the school site in a separate tool that never fed the official targeting databases.
Four months later the Pentagon has not released its investigation. US Central Command declined to comment to CNN.
Article: https://www.internationalcyberdigest.com/us-commanders-overrode-stale-intelligence-warnings-before-strike-that-destroyed-iranian-school/
🤬19😢4💩4❤3🥴1
Signal just rolled out a single verified Official Chat inside the app, taking direct aim at the impersonation scams the FBI and CISA have linked to Russian intelligence.
The move follows months of warnings. US and German authorities spent early 2026 flagging fake "Signal Support" chats used to phish politicians, military personnel, and journalists, and Der Spiegel reported roughly 300 political accounts were compromised in Germany alone.
New rule for anyone with sensitive chats: if a "Signal" chat has no verified badge, it is not Signal.
Article: https://www.internationalcyberdigest.com/signal-launched-verified-in-app-chat-to-combat-phishing/
The move follows months of warnings. US and German authorities spent early 2026 flagging fake "Signal Support" chats used to phish politicians, military personnel, and journalists, and Der Spiegel reported roughly 300 political accounts were compromised in Germany alone.
New rule for anyone with sensitive chats: if a "Signal" chat has no verified badge, it is not Signal.
Article: https://www.internationalcyberdigest.com/signal-launched-verified-in-app-chat-to-combat-phishing/
🤣12😁5❤3🔥1
‼️ Accenture has confirmed a security incident after a threat actor listed 35GB of allegedly stolen source code and cloud secrets for sale. Accenture says it has remediated the source with no operational impact, but has not confirmed scope, exfiltration, or client-data involvement.
We analyzed the sample treefile. It shows a large application/source-code structure with staging/prod projects, .env files, config files, SQL files, upload folders, and certificate-related artifacts. Claimed haul includes source code, RSA/SSH keys, Azure PATs, and storage access keys.
Note: our review of the sample tree only proves these file types exist in the structure, not that their contents leaked.
Read the article: https://www.internationalcyberdigest.com/accenture-br-confirms-security-incident/
We analyzed the sample treefile. It shows a large application/source-code structure with staging/prod projects, .env files, config files, SQL files, upload folders, and certificate-related artifacts. Claimed haul includes source code, RSA/SSH keys, Azure PATs, and storage access keys.
Note: our review of the sample tree only proves these file types exist in the structure, not that their contents leaked.
Read the article: https://www.internationalcyberdigest.com/accenture-br-confirms-security-incident/
👍3🥰1💩1
The UK wants to put goal-oriented autonomous AI at the core of national cyber defence to protect critical infrastructure. That includes automated scanning of critical UK IP ranges and automated blocking of malicious domains.
Cyber Shield, a blueprint from the National Cyber Security Centre and the UK's science and tech department, envisions federated "red" and "blue" AI agents hunting vulnerabilities, containing intrusions, and sharing insight across government and critical infrastructure at machine speed.
NCSC says AI is already compressing attack steps that took weeks into minutes, and expects frontier models to become capable of automating the full intrusion lifecycle.
Article: https://www.internationalcyberdigest.com/uk-wants-to-use-autonomous-ai-to-protect-critical-infra/
Cyber Shield, a blueprint from the National Cyber Security Centre and the UK's science and tech department, envisions federated "red" and "blue" AI agents hunting vulnerabilities, containing intrusions, and sharing insight across government and critical infrastructure at machine speed.
NCSC says AI is already compressing attack steps that took weeks into minutes, and expects frontier models to become capable of automating the full intrusion lifecycle.
Article: https://www.internationalcyberdigest.com/uk-wants-to-use-autonomous-ai-to-protect-critical-infra/
😭12🤔2❤1🤣1🤪1
Proton is now publicly calling Windows spyware over the Global Device ID that Microsoft uses for every Windows installation. They say users never consent to the GDID, can't remove it, and that reinstalling Windows only partially helps since Microsoft keeps the old records.
The company found exactly one mention of the identifier in all of Microsoft's public documentation.
Every Windows installation carries a Global Device ID that Microsoft can hand to law enforcement, and a federal complaint against an alleged Scattered Spider hacker just showed it defeating a VPN.
Per the FBI affidavit, Microsoft records tied one GDID to the creation of an ngrok account used in a May 2025 jewelry retailer breach, then gave investigators the device's full IP history. Cross-referenced against the suspect's Apple, Snapchat, and Facebook logins, the VPN didn't matter.
Read:
https://www.internationalcyberdigest.com/proton-calls-windows-gdid-spyware/
The company found exactly one mention of the identifier in all of Microsoft's public documentation.
Every Windows installation carries a Global Device ID that Microsoft can hand to law enforcement, and a federal complaint against an alleged Scattered Spider hacker just showed it defeating a VPN.
Per the FBI affidavit, Microsoft records tied one GDID to the creation of an ngrok account used in a May 2025 jewelry retailer breach, then gave investigators the device's full IP history. Cross-referenced against the suspect's Apple, Snapchat, and Facebook logins, the VPN didn't matter.
Read:
https://www.internationalcyberdigest.com/proton-calls-windows-gdid-spyware/
😱8🔥3😁2🤔2🥴1
Two AI labs are shipping flagship models today: xAI's Grok 4.5 and OpenAI's GPT-5.6 both go public today.
Grok 4.5 is the coding play. It runs on V9, xAI's new 1.5 trillion parameter foundation, about three times the size of the model behind Grok 4.3, and it was trained on real developer data from Cursor. Musk is calling it "Opus-class," meaning he says it matches Anthropic's Claude Opus 4.8 while running faster and cheaper. It's live now in Grok Build and inside Cursor, but not yet in the EU.
GPT-5.6 isn't one model but three: Sol, the flagship for hard reasoning and coding; Terra, a balanced tier at about half the cost of GPT-5.5; and Luna, the fast cheap one. It's the more loaded launch, held to roughly 20 partners for a month at the U.S. government's request over its cyber capability, and only cleared by the Commerce Department for a broad release this week.
The common thread is cost. Both labs are selling price and token efficiency over raw scores, betting cost per solved task wins developers faster than a leaderboard spot.
Benchmarks:
- http://openai.com/index/previewing-gpt-5-6-sol
- http://x.ai/news/grok-4-5
Read the article: https://www.internationalcyberdigest.com/two-frontier-ai-models-ship-on-the-same-day-grok-4-5-and-gpt-5-6/
Grok 4.5 is the coding play. It runs on V9, xAI's new 1.5 trillion parameter foundation, about three times the size of the model behind Grok 4.3, and it was trained on real developer data from Cursor. Musk is calling it "Opus-class," meaning he says it matches Anthropic's Claude Opus 4.8 while running faster and cheaper. It's live now in Grok Build and inside Cursor, but not yet in the EU.
GPT-5.6 isn't one model but three: Sol, the flagship for hard reasoning and coding; Terra, a balanced tier at about half the cost of GPT-5.5; and Luna, the fast cheap one. It's the more loaded launch, held to roughly 20 partners for a month at the U.S. government's request over its cyber capability, and only cleared by the Commerce Department for a broad release this week.
The common thread is cost. Both labs are selling price and token efficiency over raw scores, betting cost per solved task wins developers faster than a leaderboard spot.
Benchmarks:
- http://openai.com/index/previewing-gpt-5-6-sol
- http://x.ai/news/grok-4-5
Read the article: https://www.internationalcyberdigest.com/two-frontier-ai-models-ship-on-the-same-day-grok-4-5-and-gpt-5-6/
💩8👍5🤪4❤1