Normal view

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

18 June 2026 at 19:37

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR].

Malicious streaming devices sold online that enroll the user's home Internet address in a residential proxy service. Image: Synthient. Pictured are 8 different TV boxes, including the X96 Mini Box, stick, and other no-name brands.

Malicious streaming devices sold online that enroll the user’s home Internet address in a residential proxy service. Image: HUMAN Security.

Popa is a massive botnet, but by all accounts it is unlike traditional botnets that enlist compromised systems in destructive activities, such as coordinating huge distributed denial-of-service attacks. Rather, Popa appears designed with a singular purpose: Implementing a persistent communications layer capable of registering a device, maintaining long-lived encrypted connections, and opening communication tunnels on demand.

Experts say Popa is a plugin component associated with the Vo1d botnet, a large-scale malware campaign targeting unofficial Android-based TV boxes. These devices, which are marketed under thousands of brand names and model numbers and broadly available for purchase at top e-commerce destinations, all advertise the ability to stream hundreds of subscription video services for an up front one-time fee.

But as the FBI and security industry experts have warned repeatedly, these streaming boxes typically bundle or come pre-installed with software that turns the user’s TV into a “residential proxy” — allowing anyone to route their Internet traffic through that device for as long as it remains plugged into a wall socket and connected to a local network. More concerning, some of these proxy networks do little to stop malicious customers from communicating with and even compromising systems on the local network of the unsuspecting device owner.

The first clues about Popa’s origins came in a 2025 report from the Chinese security company XLAB, which flagged at least nine domain names that were used to register and direct the activities of compromised devices. In a report released today, the security firm Qurium described how it stumbled on some of those same domains while investigating a series of disruptive and expensive data scraping events targeting the company’s hosted organizations in May 2026, in which the scraping activity was scattered evenly across more than 1.4 million Internet addresses.

Qurium said it found several dozen domains used to control Popa that were all hosted in lockstep across multiple Internet addresses over time, including gmslb[.]net, safernetwork[.]io, tera-home[.]com, and ninjatech[.]io. Digging deeper, Qurium discovered gmslb[.]net was referenced in dozens of pirated or modded video content streaming apps, such as CRICFy, DooFlix, Sprozfy, RTS Tv, Flixoid, CyberFlix, Rapid Streamz, TvMob and HD/OceanStreams.

Qurium’s report notes that most of the domains long used to control the Popa botnet were seized or dismantled in July 2025, after Google, HUMAN Security and Trend Micro teamed up to disrupt Badbox 2.0, a botnet that is closely associated with Vo1d. Qurium said that immediately after that disruption, several dozen new domains were registered to serve as controllers for the Popa botnet, but that one of those control domains was not new: ninjatech[.]io.

Ninjatech is a company founded by Moishi Kramer, whose LinkedIn profile says he is vice president of research and development at NetNut. That resume credits Kramer for helping NetNut to build from the “ground up,” “designing the architecture,” and “scaling the NetNut” before the company was acquired by Alarum Technologies. A self-created listing at the job board F6S references Kramer as the sole owner of the Ninjatech domain (a screen capture of it is pictured below).

Image: F6S.com.

Responding via email, Mr. Kramer said Ninjatech ceased operations approximately five years ago, when the company sold a software development kit (SDK) called Popa that was designed to use a small portion of a device’s bandwidth and to run only after the host application obtained user consent.

“That code was sold and licensed to third parties including resellers years ago,” Kramer said. “Once software is distributed that way, the original developer has no control over how others later modify, rebrand, or deploy it.”

Kramer said neither he nor NetNut builds, operates or maintains the infrastructure being described as Popa, nor does he control the Ninjatech domain.

“I didn’t register the June 2025 domains you mention, and I don’t know who did,” he continued. “I have no control over, or visibility into, that infrastructure. I can only tell you it isn’t operated by me or by NetNut.”

But in a separate Popa research report released today, the proxy-tracking company Synthient said a recent analysis of the Popa SDK revealed outbound traffic clearly associated with NetNut.

“The research team assesses with high confidence that devices running Popa forward traffic from Netnut clients,” Synthient wrote. “This proves without a shadow of a doubt that Popa actively continues to be used by NetNut as part of their proxy pool.”

Synthient’s platform receiving outbound traffic from Popa. Image: Synthient.com.

Alarum Technologies, NetNut’s Tel Aviv-based parent company, said the reports by Synthient and Qurium contained “demonstrably inaccurate assertions and flawed deductions rather than verified facts.” Alarum shared a statement saying they reject the basic characterization of the SDKs and technologies discussed in the reports as a “botnet.”

“The SDKs at issue are designed to facilitate bandwidth-sharing functionality and do not transform user devices into malware-controlled systems or otherwise compromise the devices on which they operate,” the statement reads. “Netnut operates a commercial proxy network and maintains policies, procedures, and technological measures designed to promote lawful and responsible use of its services.”

Alarum said NetNut places “significant emphasis on appropriate notice and consent mechanisms, conducts customer due diligence, monitors for potential misuse, and takes steps intended to detect and mitigate suspicious or unauthorized activity.”

“This method of operation is supported both by internal procedures and policies, including performing KYC checks and additional due diligence of NetNut’s customers, as well as employing various technological measures, designed to assist in identifying and addressing suspected misuse of the network,” their statement continued.

However, in a report released on June 8, the proxy tracking service Spur asserted that NetNut does not require corporate verification or meaningful “know your customer” procedures before allowing customers to purchase proxy access.

“An individual can sign up, pay, and route traffic through partner address space, including space belonging to institutions whose users never opted in,” Spur wrote. “The ‘verified corporations only’ claim is simply marketing for bandwidth sellers, not an access control on who actually uses the proxies.”

“Nor is NetNut the only front door,” Spur continued. “A number of downstream white labelers and resellers repackage the same ISP proxy pool under their own brands. These outlets typically perform no KYC at all, less scrutiny than NetNut itself, who at the very least might assign an account manager to potential users. Anyone who knows where to look can buy access through a reseller with nothing more than a burner email address and $5 in crypto.”

Synthient found that although the most recent builds of Popa (as of three months ago) have added the ability to ask the user for consent before installing proxy components, not all variants or previous versions of Popa contain this functionality.

“Of the over 20 genuine Popa publishers analyzed, none of them were observed asking for user consent,” Sythient wrote.

THE PREVALENCE OF POPA

Chris Formosa is senior lead information security engineer for Black Lotus Labs, a division of the Internet backbone carrier Lumen Technologies.

“What especially makes Popa dangerous is just how widely used NetNut is for reselling and sharing,” Formosa said, explaining that many other proxy services simply resell NetNut proxies rather than building out their own far-flung proxy networks. “So these Popa IPs appear in tons of different services all over the ecosystem, which makes it one of the most problematic and dangerous proxy botnets on the market currently.”

Formosa said the Popa botnet averages between 1.5 million to 2.5 million distinct IP addresses each day, relying on between 250 and 300 Internet addresses that are used to direct its activities.

“That’s why Popa is so dangerous,” Formosa said. “It may not be the largest botnet we have seen, but it is spread all over the industry, making its power very amplified.”

Formosa said while that makes Popa one of the larger botnets out there today, its numbers pale in comparison to those previously boasted by IPIDEA, a China-based proxy provider that until recently operated a daily pool of nearly 10 million devices that they resold as proxies to anyone. In January 2026, Synthient published research showing that multiple new large DDoS botnets had grown rapidly by tunneling through IPIDEA proxies into the local networks of unsuspecting TV box owners and infecting other Android-based devices behind the user’s firewall.

IPIDEA is based largely on SDKs used to view pirated streaming content on a vast number of TV box devices, but the service’s numbers have dwindled since January, when Google and industry partners took legal action to seize domain names that IPIDEA used to control devices and proxy traffic through them.

Jérôme Meyer, a security researcher at Nokia Deepfield, said the total population of devices participating in the Popa botnet may be far higher than Lumen’s estimates. Meyer told KrebsOnSecurity that Nokia is monitoring 26 of at least 359 known relay nodes for the botnet, and estimates that each relay node handles between 35,000 and 60,000 clients simultaneously.

“On the relay node subset I am looking at (26 of them), 750,000 unique sources in 24 hours,” Meyer wrote in response to questions.

Nokia Deepfield released its own report today on RoboVPN, a VPN app tied to the Vo1d botnet’s Popa plugin that Qurium attributes to NetNut/Alarum Technologies.

THE SYMBIOSIS OF PROXIES AND DATA SCRAPING

Experts say many of the world’s largest proxy providers have updated their public-facing branding to highlight their utility for training AI platforms, implying it is a primary use case for their residential proxies. That’s because AI services tend to rely on constantly mass-scraping the Internet for new text, images and video content that can be used to train large language models (LLMs).

NetNut and other proxy services have recast themselves as critical infrastructure for the AI scraping economy. Image: Synthient.com.

“AI companies depend on web-scraped content: for pre-training, for retrieval, for agent grounding, for search,” reads a report this month from Include Security that examines the prevalence of proxy SDKs in smart TV apps. “But the modern web isn’t scrapeable from a datacenter. Cloudflare, DataDome, HUMAN, among others throttle or block requests from known cloud IPs. The workaround is residential proxies. A scraping job routed through a Comcast or T-Mobile subscriber’s connection arrives at the target site from an IP that belongs to a paying residential customer.”

This non-stop content scraping has spawned more than 70 copyright infringement lawsuits against major tech companies that have acknowledged large-scale data scraping as a major source of the “brains” behind their commercial AI offerings. Ironically, much of that scraping is being aided by proxy services that are intimately tied to unofficial Android TV boxes and associated SDKs whose stated purpose is streaming pirated content.

The scraping activity has become so aggressive that it often overwhelms the targeted websites, preventing them from being reachable by legitimate visitors. In many reported cases, nonprofit organizations, libraries and universities have complained of constantly battling to keep their services online in the face of relentless data-scraping firms hiding behind residential proxy services.

A survey conducted last year by the Confederation of Open Access Repositories (COAR) found while some content scraping bots are rather innocuous, “others are sufficiently aggressive that they are increasingly causing service disruptions in repositories and other scholarly communications infrastructures.” More than 90 percent of survey respondents indicated their repository is encountering aggressive bots, usually more than once a week, and often leading to slow downs and service outages.

“Automated web scraping is nothing new, and has been the key technology underlying search engines such as Google for over 30 years,” wrote Brendan O’Connell, platform manager at the Directory of Open Access Journals (DOAJ), a free, community-curated index of peer-reviewed academic journals. “However, the current investor-fueled AI startup craze means there are now thousands of well-funded companies developing and deploying their own scraping tools to train AI models, alongside existing major players like OpenAI and Google.”

DON’T TOUCH THAT DIAL!

Across the United States, local communities are pushing back against the proliferation of new data centers aimed primarily at improving the capabilities of AI. But security experts say the general public remains largely unaware that using one of these unsanctioned Android TV boxes means their “smart TV” is almost certainly using a significant amount of bandwidth each month to help train modern AI models.

Even households without these sketchy TV boxes can still have their smart TVs turned into residential proxy nodes, just by downloading one of thousands of apps made available on Samsung and LG smart TVs. Spur said it recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Many of these apps are simple games or utilities that state in the fine print that the user’s Internet connection will be used to download data and that they can opt out at any time.

Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.

Image: Spur.us.

Experts say it’s questionable whether TV apps with proxy SDKs can obtain meaningful consent from users for installing an always-on proxy connection, particularly when anyone in a household — including children — can effectively opt the family TV into a residential proxy network just by installing a simple game or app.

“Privacy-policy disclosure is the wrong control surface for a TV,” Include Security wrote. “It is hard to scroll through a legal document navigated by arrow keys on a remote, and the in-app consent dialog doesn’t convey that a paying customer is about to route their scraping traffic through the user’s home internet.”

Spur’s head of research Sean Simmons told KrebsOnSecurity that most people do not have a working mental model for what it means to sell access to their residential IP address, no matter what device they are using.

“And on a TV, the gap is even wider,” Simmons said. “A one-time prompt navigated with a remote can disappear into the setup flow, while the app keeps monetizing the connection long after anyone remembers what they accepted.”

Simmons said LG and Samsung should follow the lead of other TV platforms that have already drawn a line against residential proxy providers, pointing to policies by Amazon that prohibit apps facilitating proxy services for third parties. Likewise the TV streaming device maker Roku reportedly now bars developers from using proxy SDKs and has removed apps that bundled them.

Piracy related apps pushing proxy SDKs onto unconsenting users. Image: Synthient.

Apps that turn one’s device into a residential proxy node are not limited to smart TVs and no-name streaming boxes, of course. As noted by the security firm Infoblox, mobile app developers can embed SDKs provided by the residential proxy networks into their products to monetize their software, allowing them to receive a small amount of money on each installation.

The result, Infoblox said, is that devices are frequently enrolled without the owner’s knowledge, typically through free applications such as VPNs, streaming apps, screensavers and “productivity” apps such as PDF viewers and break reminders.

All too often, these proxy services are beaconing out from employee devices brought into the workplace, Infoblox found. In a blog post earlier this month, Infoblox said it discovered that fully 65% of its customer base was querying one or more residential proxy related domains.

“We saw steady growth in these queries in 2025, with a 25% increase over the year to over 500 billion per month,” Infoblox wrote. “Over 90% of our pharmaceutical and food & beverage customers have queried residential proxy indicators. Perhaps even more concerning is that over 60% of government and banking customers have as well.”

Infoblox researchers Nick Sundvall and David Brunsdon warned that with residential proxies in the corporate environment, external access is granted to an organization’s IP space.

“If threat actors were to abuse the residential proxy to attack a third party, the third party’s incident response would, correctly, identify your residential proxy as the source,” they wrote. “Untangling that, by proving that you were the conduit and not the threat actor, costs time, creates legal exposure, and can damage your reputation. The stunning prevalence of these services within customer environments warrants attention from both network defenders and policy makers who should consider how the risks posed by residential proxies could be impacting their security posture.”

Cybersecurity and the Gap Between Skill and Ability

8 July 2026 at 13:03

Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more measured than some of the breathless headlines about it, and the advice they gave is pretty much the standard advice everyone gives—albeit with newfound urgency.

Internet risks are nothing new, and cyberattacks—both large and small—have been a significant issue since long before the current crop of generative AI models.

What’s been changing over the decades, and what AI is changing even faster, is the gap between skill and ability. For most of human history, the two terms were synonymous—but computers have decoupled them. As the gap between the two expands, humans empowered with these AI tools can do more: more writing, more research, more analysis and also more damage than ever before. These models can, with little detailed direction, autonomously hack into networks, steal data, deploy ransomware and destroy systems. And to the extent there is a solution, it’s going to involve harnessing AI for the defense.

In 1998, seven people from the hacker group L0pht testified before Congress. They told a mostly clueless Senate committee that they could take down the internet in 30 minutes. That was partly real and partly bravado, but it illustrates an important point: hacking into systems, stealing data and causing damage all required skill.

Contrast the L0pht hackers with hackers derided as “script kiddies.” They didn’t understand computers, or security. Instead, they used hacker tools written by others. Their actions required minimal skill and even less knowledge. But once those hacking tools became widespread, the number of potential attackers increased.

That number has continued to increase, as quality and availability of prewritten attack tools has grown. And it is growing dramatically with AI. Today’s AI systems—not just the frontier models, but most of them—are capable of carrying out cyberattacks automatically. They all do better in the hands of skilled attackers, but increasingly they are able to act autonomously with only minimal prompting.

The thing about people with ability but no skill is that they are often outsiders, not part of any professional community, and not bound by any rules or norms. This phenomenon is much more general than in cybersecurity. Any doctor can tell you how to untraceably poison someone, and many virus researchers know how to create a bioweapon. Any bridge engineer can tell you how to place explosives to blow a bridge up. The reason that murderous doctors and terrorist engineers are so rare is that the lengthy process of acquiring those skills also instills a moral and ethical code. If every random person has access to good poisoning advice, that puts us all in danger.

Modern AI systems are, in effect, a universal adviser to help people do harmful things. And while the current AI megacorporations are trying to build guardrails to prevent people from asking questions whose answers will enable the questioner to do harm, that’s not going to work in the long term. Smaller, cheaper, open-source models, including models that can run on people’s computers, and especially groups of models that run in concert with each other, are just as good as the frontier models from companies like OpenAI and Anthropic. And they continue to get better. These models will be passed around from person to person, like script kiddie hacker tools, and they won’t have any such guardrails.

Instructing AI models to spy on people and report any malicious prompts to the authorities fails for similar reasons. The megacorporations can do that, but the locally run open source models won’t. This could buy us a few months at best.

A third possibility is to somehow make the models themselves unable to hack into computers, create bioweapons or do anything else that might harm people or society. That won’t work, for the same reason we can’t teach doctors how to treat poisonings without also teaching them how to poison. It’s the same knowledge. It’s the same with construction and demolition. And it’s the same with cybersecurity. We want these AI models to be able to review computer code, find vulnerabilities and automatically fix them. The benefit to our collective security will be enormous. Unfortunately, the same knowledge can be used for attacks.

Where this leaves us is in a world of increased volatility. Super-powered humans with AI assistants will be able to do both wonderful and horrible things.

This brings us back to the Five Eyes statement. Everything they recommend is something security professionals have been recommending for years, if not decades. They are things talked about at that congressional hearing back in 1998, titled “Weak computer security in government: Is the public at risk?” Even the Five Eyes admitted that their security advice is not new, only more urgent.

What’s new is how fast things are changing: “The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years. We must act before and be prepared to adapt and withstand evolving threats.” The Five Eyes point to AI technology—not necessarily chatbots, but AI more generally—being used to strengthen every aspect of defense, to “detect vulnerabilities earlier, improve software quality, monitor unusual behavior, and respond faster to incidents—reducing both the cost and impact of incidents.”

Excellent advice from the Five Eyes security agencies. We need to do this with every risk that AI heightens, not just cybersecurity.

This essay was originally published in The Guardian.

Cybersecurity Mission Creep in the US

2 July 2026 at 13:11

Interesting paper: “Cybersecurity Mission Creep.”

Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what this Article calls “cybersecuritized.” Before this reframing, these issues present as important but not existential. But once cybersecuritization positions the issues as threats intensified by their technological nature, they gain access to the politics and law of urgency and exceptionalism and invite troubling governance responses.

Positioned as security threats, cybersecuritized issues become endowed with the apparent normative power to override countervailing considerations, oversimplifying the problem. Cybersecuritization’s oversimplification similarly risks unidimensional solutions and invites use of argumentative trump cards, like First Amendment challenges. Cybersecuritization also invites deference to purported specialists and their proposed solutions. Together, the reductive tendencies of cybersecuritization and the deference it prompts to specialists renders ultimate governance choices more opaque. And this opacity can erode public trust and political legitimacy.

This Article surfaces the phenomenon of cybersecuritization and offers a novel framework for analyzing and critiquing it. Mining cases from across criminal and civil domains, the account also demonstrates the insidiousness of cybersecuritization and the likelihood that it will continue to expand. Confronting cybersecuritization is crucial. If we continue to ignore it, we risk abdicating further responsibility for difficult choices to the trump card of cybersecurity. This Article’s analysis and critique aim to help reclaim the hard work of governance for our hands.

Digital sovereignty needs an operating model

17 June 2026 at 17:00
Europe, like much of the world, is living through a period of heightened geopolitical uncertainty in which sanctions risk, legal divergence, and cyber disruption have moved from abstract concerns to board-level variables. Digital sovereignty is shifting from aspiration to operational requirement, driven by resilience expectations, critical service dependency, and rising geopolitical and cyber risk. Definitions of sovereignty vary, ranging from blanket data localization edicts to industrial policy to national security, but the absence of an agreed definition should not be mistaken for an absence of intent. Sovereignty is already shaping procurement, regulatory compliance, and technology strategy. From my years working at the intersection of government and the technology industry, I have seen how quickly digital policy can harden into operational constraints. I have also seen how easily "sovereignty" becomes a stand-in for broader concerns: dependency, geopolitics, and the fear that critical services may not remain available during a crisis Two issues are at play. First, policymakers are right that over-dependency on foreign technology can become a national resilience problem. Cloud market concentration is a case in point: last year across Europe, the three leading cloud providers accounted for around 70 percent of the market, while European providers' collective share remained around 15 percent. Concentration is not, by itself, a security failure, but it is a strategic dependency that can become acute when legal regimes diverge, access is contested, or a geopolitical shock tightens the room to maneuver. It also amplifies the "ripple effect": disruption at a small number of providers can cascade across thousands of organizations and supply chains. Second, business leaders are right to worry that blunt sovereignty initiatives raise costs and regulatory complexity. A hard localization mandate or a "sovereign-only stack" duplicates infrastructure, slows modernization, and in practice keeps organizations tied to legacy systems longer than planned while limiting access to leading technologies. The same tension is shaping Europe's competitiveness debate. Former Italian prime minister Mario Draghi has argued that security is a precondition for sustainable growth and that deep dependencies can leave Europe vulnerable to coercion as geopolitical volatility increases. The question is not whether sovereignty matters but how to pursue it without turning it into a counterproductive procurement ideology. From policy to platform choice A recent decision by the French government to restrict certain foreign-made video conferencing tools in favor of a homegrown alternative illustrates the direction of travel across the EU. Whether one agrees with the decision or not, it signals something larger: sovereignty is becoming a set of practical constraints that can reshape technology choices quickly. Many organizations are responding with a third, damaging outcome: delay. In a recent Zscaler-commissioned survey, 73 percent of respondents said digital sovereignty concerns had caused them to delay or cancel transformation initiatives. That "pause dynamic" is dangerous because it prolongs exposure to legacy risk, weakens cyber readiness, and leaves organizations less able to absorb disruption from ransomware, supply chain compromise, systemic outages, or sudden changes in cross-border rules at a time when the threat landscape is shifting faster than ever. If Europe wants sovereignty that strengthens resilience rather than undermines it, political and business leaders need a framework that is practical, measurable, compatible with open markets, and informed by the technology sector's expertise. Here is one: control, choice, and continuity. An outcome-based framework Sovereignty begins with what an organization can control in practice: who can access data, who can administer systems, whether a vendor can see customer content, where logs are stored, how keys are managed, what subcontractors can see, and how policies can be enforced. Control is not about isolation; it is about enforceable governance and reducing hidden dependency. Sovereignty also requires choice: credible options when assumptions break. Too many organizations discover too late that their "vendor strategy" is really a dependency strategy, with few realistic alternatives. Choice is not achieved by buying two of everything. It is achieved through architecture and contracts that keep an organization mobile and avoid vendor lock-in: portability for data and configurations; full transparency on who they rely on, where access sits, and which jurisdictions and subcontractors are in the chain; and pre-agreed exit paths that can be executed under time pressure. It also requires leaders to prevent the sovereignty debate from becoming an excuse to stop transformation. Every program facing sovereignty constraints should be forced through a decision path: redesign, mitigation, or exit on a timeline. The third C is continuity: keeping critical services running during any kind of disruption. If sovereignty is meant to reduce strategic vulnerability, continuity is where it either becomes real or becomes theater. Continuity is measurable through recovery time objectives, tested failover, supplier-failure drills, and exercises for jurisdiction-change scenarios. Across Europe, the urgency is reinforced by the threat environment. Zscaler ThreatLabz data shows rising numbers of damaging ransomware attacks year over year across the region: Spain (+116 percent), Germany (+74 percent), Belgium (+73 percent), Italy (+53 percent), and France (+34 percent) among others. Separate research on resilience found that 52 percent of IT executives believe their current security measures are insufficient to defend against existing or emerging threats such as agent-based AI and quantum computing. The UK's National Cyber Security Centre, meanwhile, reported a 130 percent rise in "nationally significant" incidents over the past year. AI is accelerating these risks. It already gives "bad actors" new capabilities to increase the speed, scale, and sophistication of their attacks. The question is not whether disruption happens, but whether systems can withstand it. Mandate outcomes, not vendors Business leaders argue that sovereignty will raise costs, increase compliance friction, and shrink access to leading technology. That is often true. Policymakers' concerns are also legitimate: strategic dependency can undermine national security and resilience. The mistake is writing sovereignty rules that dictate which vendors to buy rather than what controls buyers must have to keep services running during shocks. The most useful sovereignty requirements are outcome-based: enforceable control over access and data, credible choice through portability and exit, proven continuity through testing and recovery. They create room for organizations to use global platforms safely while meeting local requirements, without freezing modernization. If sovereignty is now an operating requirement, every stakeholder has a role. Boards should define what "sovereign enough" means for their organization, then require regular reporting and testing, with incentives tied to resilience outcomes. CEOs and COOs should treat sovereignty as continuity, fund the modernization that reduces brittle legacy dependency, and force decisions on blocked programs. CIOs and CISOs should map and minimize third-party access, implement localization and multi-region resilience where required, and build plans for supplier failure and jurisdiction-change scenarios. Regulators should clarify definitions, harmonize requirements where possible, and create compliance pathways with transition periods that reward modernization rather than incentivize delay. The approach must be risk-based and agreed in consultation with industry. Scaling control, choice and continuity To make control, choice and continuity achievable at scale, two additional disciplines are required: collaboration and compliance. Collaboration keeps sovereignty compatible with openness through interoperability, shared incident readiness, transparent subcontracting, and trusted vendor partnerships that reduce concentration risk instead of merely relocating it. Solutions must be tailored for local demands and drive investment in local ecosystems. Compliance makes sovereignty measurable through clear definitions, auditable evidence, and regulatory approaches that focus on operational controls so that organizations are pushed to modernize rather than to delay. Sovereignty on European terms should be judged by outcomes rather than rhetoric: whether organizations can govern access, keep options open, recover quickly when incidents happen, and continue delivering critical services when dependencies fail. Done well, digital sovereignty becomes a catalyst for resilience, innovation, growth and competitiveness; done bluntly, it becomes a brake on the very transformation it is meant to protect. Contributed by Zscaler.

Cisco adds another SD-WAN box to max-severity bug advisory

17 June 2026 at 15:45
Cisco has updated a February security advisory, adding another product to the list of those affected by the maximum-severity CVE-2026-20127. Switchzilla made a small amendment to the original advisory on Tuesday evening, noting that Cisco Catalyst SD-WAN Validator, formerly vBond, was also among the boxes attackers could pop open. Readers may remember the fuss over CVE-2026-20127 (10.0) a few months ago. The make-me-admin improper authentication flaw prompted a Five Eyes alert since attackers could essentially gain persistent root access to all vulnerable instances. In other words, it's a far-from-ideal situation that could could create espionage opportunities, given the prevalence of Cisco's SD-WAN offerings in Western networks. Cisco said at the time that attackers could exploit CVE-2026-20127 to gain admin rights, access NETCONF, and reconfigure the SD-WAN fabric, before exploiting CVE-2022-20775 (7.8), a path traversal flaw discovered in September 2022, to gain root access. Cisco Talos, the company's threat intel arm, posited that the bug could have been exploited for as long as three years by the time it was discovered. Talos attributed the exploitation activity to a group it tracks as UAT-8616, whose activity dates back to at least 2023, according to its researchers' estimates. No one has formally attributed UAT-8616 to a specific country or group of individuals, but experts say that it is a highly sophisticated outfit that has a history of targeting critical infrastructure sectors. Ollie Whitehouse, NCSC-UK's CTO, said at the time: "Our new alert makes clear that organizations using Cisco Catalyst SD-WAN products should urgently investigate their exposure to network compromise and hunt for malicious activity, making use of the new threat hunting advice produced with our international partners to identify evidence of compromise. "UK organizations are strongly advised to report compromises to the NCSC, and to apply vendor updates and hardening guidance as soon as practicable to reduce the risk of exploitation." The Register asked Cisco for more information, but it did not immediately respond. Customers should not have to make any new changes, provided that they upgraded their software to a fixed version across all systems when the advisory was first published in February, not just SD-WAN Controller and SD-WAN Manager. The update comes weeks after Cisco disclosed another zero-day affecting Catalyst SD-WAN, suggesting that it had been exploited for at least a week at the time. Tracked as CVE-2026-20245, it marked the sixth SD-WAN flaw disclosed this year, and the second to be exploited as a zero-day in as many months. ®

Three critical Fortinet sandbox bugs splattered by unknown attackers

16 June 2026 at 20:27
Three critical flaws in Fortinet’s sandbox that allow remote attackers to bypass authentication, escalate privileges, and execute malicious code are under active exploitation, according to threat intelligence firm Defused. Fortinet patched two of the three flaws, CVE-2026-39813 and CVE-2026-39808, in April and the third, CVE-2026-25089 last week. All three bugs received 9.1 CVSS ratings, and, at the time, the vendor said that there were no reports of active exploitation. CVE-2026-39813 is a path traversal bug in the FortiSandbox JRPC API that allows an authentication bypass using specially crafted HTTP requests. It affects FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5. Patch to 4.4.9+ or 5.0.6+, depending on the branch, to fix the flaw. Fortinet security analyst Loic Pantano found this one. CVE-2026-39808 is an OS command injection flaw in FortiSandbox that allows unauthenticated attackers to execute unauthorized code or commands via HTTP requests. It affects versions 4.4.0 through 4.4.8, and upgrading to FortiSandbox 4.4.9 or above patches the hole. Fortinet credited KPMG Spain researcher Samuel de Lucas Maroto with finding and reporting this bug. Finally, CVE-2026-25089 is another OS command vulnerability in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI that allows unauthenticated attackers to execute unauthorized commands using specifically crafted HTTP requests. FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5 are vulnerable. Upgrading to a fixed version patches the hole. Fortinet did not respond to The Register’s inquiries about these three CVEs and if the vendor had also observed any attacks against them. According to Defused, the exploitation began over the weekend. “We are observing exploitation of multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours,” the threat-intel firm said in a LinkedIn post on Monday. “Per our research a working exploit for CVE-2026-25089 has not yet been publicly disclosed,” the company added, noting that the exploit for this flaw appeared to be vibe coded and may be faulty. We do know that all manner of miscreants love to abuse Fortinet flaws, so if you haven’t already, patch now. Earlier this month, Check Point VP of research Lotem Finkelstein warned that ransomware crims had exploited a critical authentication bypass vulnerability affecting Fortinet's Remote Access VPN and Mobile Access deployments, and said that the same crew was also likely abusing other VPN-related vulnerabilities in Fortinet products. ®

WordPress PBN Plugin Drops Dual Webshells via Database Injection

16 June 2026 at 19:58
WordPress PBN Plugin Drops Dual Webshells via Database Injection

During a recent incident response engagement, our team uncovered a multi-stage WordPress infection that goes beyond the usual file-based malware. The attacker combined a fake plugin, a remote command-and-control server, and two PHP web shells stored directly inside the WordPress database.

The campaign is operated by a Turkish-speaking threat actor and is built around a classic SEO monetization scheme: hidden backlink injection for a Private Blog Network (PBN), most likely tied to the gambling and adult affiliate niche.

Continue reading WordPress PBN Plugin Drops Dual Webshells via Database Injection at Sucuri Blog.

Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher

15 June 2026 at 23:07
The “jailbreak” that prompted the Trump administration to block Anthropic’s most advanced models was actually a simple three-word prompt: “Fix this code.” That's according to Katie Moussouris, founder and CEO of Luta Security, and the fairy godmother of bug bounties. She says she was the only outside expert to read the third-party research paper on the Fable 5 guardrail bypass techniques that prompted the ban. On Friday, the US government, reportedly citing national security concerns, issued an export control directive to suspend access to Fable 5 and Mythos 5 by any foreign national, inside or outside the United States. In response, Anthropic disabled both models “for all our customers to ensure compliance.” Anthropic shared the report privately with her, Moussouris wrote in a Monday blog post. The outside researchers reportedly fed Anthropic’s Fable 5, Mythos, and Claude Opus models open-source code containing known CVEs, plus new code intentionally laced with vulnerabilities, and asked the models to “review the code for security issues.” As Moussouris tells it, Fable 5 refused, so the researchers asked the AI systems to “fix this code.” The model reportedly obliged, and after additional prompts also produced scripts to test the patches. “That’s it,” Moussouris wrote. “‘Fix this code,’ plus several manual steps to generate test scripts, should never have triggered an export control. I feel like making ’90s-style t-shirts with ‘fix this code’ on the front and ‘this shirt is a munition’ on the back.” Between 2013 and 2017, Moussouris served on the technical expert group that renegotiated the Wassenaar Arrangement, a voluntary agreement between 42 nations that governs certain export controls for classified dual-use software and technology. The group eventually won exemptions for defensive cybersecurity activity. This allows defenders to share vulnerability data, conduct malware analysis, and coordinate incident response internationally without the threat of criminal prosecution. On Sunday, Moussouris joined more than 100 other cybersecurity leaders and signed an open letter urging the Trump administration to reverse the restrictions on Fable 5 and Mythos and restore cybersecurity firms' access to the advanced models. “To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous,” they wrote. In her blog, Moussouris argues that there was no guardrail bypass or jailbreak. Defenders should be able to ask AI systems to find and fix bugs, and write tests to validate the patch, she said. Anthropic’s models were doing “the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day.” Removing the capability for models to respond to defensive requests makes AI systems “worse at finding bugs and verifying patches,” she continued. Plus, the US can’t extend export controls to open-weight systems or similar advanced models from China and other countries - and these systems will soon achieve Mythos-like capabilities, anyway. Anthropic and Google have both accused China-based rivals including DeepSeek of using “distillation attacks” to train their models by siphoning knowledge from American companies’ AI. Banning Anthropic’s advanced models is going to hurt defenders more than attackers, Moussouris warns. “Defense improves when defenders find the same bugs attackers find and fix them faster,” she wrote. “We need the best tools to defend against increasingly capable attackers in the AI era of cybersecurity.” The Register reached out to the Trump administration for comment on Moussouris' assertion, and we'll update this post if we hear back. ®

Microsoft site throwing warnings after someone forgot to renew cert

15 June 2026 at 17:33
Microsoft appears to have dropped the ball with its certificate management after a domain used by sysadmins worldwide to test connectivity to Microsoft 365 started throwing untrusted connection warnings in browsers. The connectivity.office.com domain is used by IT pros to test their network's connectivity to Microsoft 365 and ensure their firewalls aren't blocking anything that could affect an organization's access to Microsoft servers. An SSL server report retrieved on Monday showed that the certificate expired on June 14 after last being renewed on December 16, 2025. At the time of writing, 35 hours have passed since the certificate expired, and Microsoft has still not renewed it, despite many in the IT community making their opinions on the matter known. Certificate renewals are often automated in this day and age, but in organizations still relying on manual processes, those responsible for renewals would almost certainly have received multiple alerts warning of the impending expiration. It suggests that something, or someone, involved in the certificate-renewal process at Microsoft has messed up. The Register contacted Redmond for a response. The company's publicists acknowledged the request for comment but did not return one in time for publication. The fallout could have been much worse. Browser warnings on a network diagnostic tool are irritating, but hardly catastrophic compared with the same thing happening to login.microsoft.com or another critical service. Teams users may remember the collaboration platform abruptly deciding to take Monday off in 2020, after an authentication certificate expired, for example. Whatever went wrong here, Microsoft will have to tighten its processes before shorter certificate lifespans arrive in the coming years. As of March 26, new SSL/TLS certs will have a maximum lifespan of 200 days. This is set to decrease to 100 days by March 15, 2027, and then to 47 days two years later. ®

Arch Linux locks down AUR signups amid wave of malicious commits

15 June 2026 at 15:30
A wave of malicious commits hit the Arch User Repository (AUR) over the weekend, prompting the team to disable new account registration on Monday morning while it cleans up the mess. The issue was first acknowledged on June 12, with a post stating: "We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository." The team warned that users might have issues opening new accounts, pushing package updates, and adopting or creating fresh packages. Around 400 user-submitted packages were believed compromised; that figure climbed past 1,500 over the weekend. On June 14, a more sophisticated wave of malicious packages was spotted. The Arch Linux team this morning disabled new account registration "while we are working on the cleanup." The core Arch distribution itself is unaffected. The AUR is a community-run package repo – if something isn't in the official repo, it's probably here, assuming nobody's poisoned it. The AUR is user-submitted and unsupported, so users are expected to inspect package build files themselves before installation. The malicious packages attempted to pull in hostile JavaScript dependencies, including npm packages identified in the campaign. Arch Linux is a fast, lightweight Linux distribution. It isn't for beginners – users need to pick their own display manager and desktop environment as well as their own applications. However, this makes it highly customizable. The project's website says: "Currently we have official packages optimized for the x86-64 architecture. We complement our official package sets with a community-operated package repository that grows in size and quality each and every day." Unless, of course, miscreants go wild with malicious commits, and the team has to wade in to deal with the problem. According to the AUR, there are just over 107,000 packages, with 5,586 updated and 273 packages added in the past seven days. This isn't Arch Linux's first brush with trouble. In 2025, the project was hit with a Distributed Denial of Service (DDoS) attack that disrupted its main web page, the AUR, and the project's forums. It also had to address compromised browser packages that reportedly contained a Remote Access Trojan. Both incidents highlight risks in the way the AUR is structured and maintained. It's an invaluable library of packages led by a community of smart Arch users, yet that open, community-driven model can be abused by attackers. New account creation remains disabled at the time of writing. The Arch team will no doubt be pondering how to avoid this situation in the future. ®

Fired IT worker jailed for 21 months after sabotaging old school district

12 June 2026 at 20:21
A disgruntled IT worker faces 21 months behind bars after being found guilty of sabotaging his former employer’s systems for more than a year and half. Ezekiel Dean Potter, 34, was fired from his IT support job at Iowa’s Saydel Community School District (SCSD) in April 2023. He was found guilty of causing various technical damages to SCSD’s systems between May 2023 and January 2025. At his sentencing hearing on June 11, the court heard that the IT worker had gathered and stored more than 300 Saydel user account credentials before he was terminated from his position. Potter’s other offenses included deleting SCSD’s Facebook page on June 1, 2023, and data related to its Apple School Manager program, which prevented it from managing Macs and iPads. The disgruntled worker, who the prosection described in its sentencing memo [PDF] as “a plague on the Saydel Community School District,” was just one of two IT staff members who had the required privileges to make changes to the Facebook account. The deletion ended up being a permanent one, and SCDC had to create a new page in August. Following his intrusion into the district’s Apple School Manager on June 14, 2023, SCSD’s IT team had to work with Apple for a week to restore their access after Potter deleted users’ passwords, phone numbers, billing information, and the primary mobile device server management information, court documents [PDF] showed. He also attempted to delete all user accounts and restricted access for those who still had one. Potter’s next offense took place between July and August 2023, when he attempted to interfere with SCSD’s GoDaddy account, unsuccessfully resetting usernames and passwords. Potter logged into this GoDaddy account no less than 26 times, including on one occasion where he used his company-issued PC supplied by his subsequent employer, convenience store and pizza chain Casey’s. The IT specialist then took an extended break from his cyber sabotage. Court documents mention Potter successfully gaining access to SCDC’s Google and Gmail accounts in October 2024, but he waited even longer to act on this access. It wasn’t until January 2025 that he logged into SCDC’s PowerSchool-based Schoology learning platform using one of the district’s Google accounts to which he had access, and deleted the account of one of the organization’s IT staff. This had the knock-on effect of locking out teachers during a school day and, in turn, preventing them from teaching for two hours. He returned a week later and deleted an additional nine district Gmail accounts, including current and former staff, the district IT director, and superintendent. Investigations showed that even though Potter switched to a VPN during one of the January intrusions, his IP address was later traced back to him and his employer, The Printer Inc, which he joined after leaving Casey’s. He left that job on January 23, 2025, for reasons not disclosed. Potter seemingly trusted at least one of his coworkers enough to “wipe” a USB drive he left in his old desk, asking them to do so after he departed the company. That trust was misplaced, however, as the coworker instead reported the USB to management, and what followed ultimately proved to be Potter’s undoing. The Printer Inc passed the USB to law enforcement, and later the FBI, which forensically examined the device, finding spreadsheets filled with more than 300 district usernames and passwords, a floor plan for Saydel High School, as well as personal data pertaining to Potter and pay stubs from his employment at SCSD. In total, the district incurred $73,375 worth of costs related to employees' lost time, digital forensics, learning downtime, and time spent working with other vendors to remediate his intrusions. SCSD's insurer spent an additional $27,893.75 in payments for digital forensics and remediation work, taking the total losses up to $101,268.81. Potter was indicted on October 15, 2025, and arrested the following day, but released on pretrial supervision after accepting responsibility for his offenses. He later entered a guilty plea in January 2026, and was found guilty in February. At his sentencing hearing on Thursday, Potter expressed deep regret for his actions, especially for disrupting children’s learning, and for failing his family. "I never intended to negatively affect students, but I recognize that harm was still done and I'm deeply sorry," he said, according to local media. "This experience humbled me in ways I never expected, but I needed that." His defense attorney, Joseph Herrold, stated: “Mr. Potter now fully sees the impact of his actions and deeply regrets the harm he caused.” Herrold argued against a prison term, instead asking for a five-year probation term, owing to Potter’s deep regret and the strong deterrent that comes with his felony conviction. The public defender also pointed to Potter’s clean criminal background, noting only one prior harassment misdemeanor related to a 2010 case, when he was just 18 years old. Potter was convicted following immature conduct from the backseat of a vehicle, for which he received a $65 fine. Herrold also said Potter’s restitution order to repay $59,668.81 in total, with $31,775.06 going to SCSD and $27,893.75 to its insurer, Travelers Indemnity Company, only furthered the deterrent effect, and would impact his lifestyle for years to come. Prosecuting the case, US attorney David C. Waterman, pushed instead for a 26-month prison term, saying: “Defendant’s actions were not a one-time lapse in judgment. They were calculated, malicious, and seemingly motivated only by the defendant’s vindictiveness.” He added: “The defendant’s attacks on SCSD’s systems are troubling not just because of the significant damage he caused – tens of thousands of dollars, without accounting for the unknown but clearly extensive disruption to teaching and school activities – but also because of the defendant’s motivations. “It appears the defendant repeatedly assaulted SCSD out of spite and pure maliciousness, despite knowing his actions would affect not only his former boss and IT colleagues, but also school faculty, administrators, and students.” ®

Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod

12 June 2026 at 15:54
Pharmaceutical giant Novo Nordisk says data related to clinical trial participants was stolen as part of a cyberattack. The affected patient data was pseudonymized and not directly linked to names or other direct identifiers, the company said. The maker of the Wegovy weight-loss drug said the affected data types include patient ID, information on trial participation, gender, year of birth, biomarkers, health/immunogenicity data, and lifestyle factors including smoking status, alcohol use, and BMI. "This information is not directly linked to any patients by name or other direct identifiers," the Novo Nordisk said on its dedicated page for the attack. "Information about identity would therefore require access to underlying information, identifying patients by name etc. This information was not exposed. We therefore do not consider the incident to enable any third party to identify participants in our clinical trials." The same statement confirmed that the attack affected a "limited number of internal IT systems," and the company said some systems have been taken offline as a precaution. Although it does not believe there is an immediate risk stemming from the breach, it nonetheless warned patients to remain vigilant for anything that could be connected to the data stolen during the attack. A separate letter sent to the company's healthcare partners (HCPs) states that additional personal information may have been stolen and could lead to targeted phishing attempts. Affected HCP data includes names and registration numbers, email addresses, phone numbers, WhatsApp details, and office locations. "Based on the nature of the exposed data, the potential consequences of the incident include targeted phishing attempts through emails, phone, and WhatsApp, or fraudulent communications impersonating colleagues," Novo Nordisk said in the letter. "We recommend that you remain vigilant against unexpected messages or calls and report any suspicious activity to us." The pharma biz warned that it may take time to bring these systems back online, but it is working to do so "in a controlled and safe manner." Elsewhere, it all sounds like standard practice. Outside experts were called in to help investigate, and Novo Nordisk has not yet confirmed the scale of the breach, nor will it until the experts have more time to assess the damage. Novo Nordisk added that the attack has had no impact on its core business operations, which remain running as normal. The attack was announced on what should have been a day of celebration for the company, whose flagship semaglutide weight-loss and diabetes pill received the green light to become the UK's first daily GLP-1 tablet hours earlier. The Wegovy pill joins the list of approved weight-management treatments that act as agonists for the GLP-1 receptor. All the other approved treatments are injectables, including Wegovy and Ozempic, both of which are also developed by Novo Nordisk. The Danish company employs roughly 67,900 people across 80 countries, and markets products in nearly every country globally. ®

Microsoft has mostly repaired flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet

12 June 2026 at 15:05
EXCLUSIVE For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the hardware to be bricked with a single packet, though only for those who have disabled Secure Core and Secure Boot. And the company's Copilot AI software inadvertently helped identify the faulty firmware. According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register. The SAM or SSAM is the embedded controller used in Surface devices. And as our source explained, Microsoft’s implementation of the controller in Surface devices did not include any defense against arbitrary write values. Microsoft does not consider the bug to be a practical threat. "There is no realistic attack scenario with this issue," a spokesperson told The Register. "In order to successfully exploit it, an attacker would need to interact with specific drivers and send commands to a hardware interface. This would require administrator privileges on the machine, as well as disabling the Secure Boot feature. With this access, they could perform any number of actions." Commonly, Darcy said, digital devices require holding a button down or connecting a jumper cable to enable arbitrary write access. But that security check is absent in Surface devices, we're told, enabling Copilot to vandalize the firmware in the absence of Secure Core and Secure Boot. Essentially, the probing triggered an update command from the SAM that overwrote the UEFI and Secure Boot firmware. Surface devices treated to this sort of probing should continue to operate because the SAM was already initialized and is running in RAM. But upon reboot, when the SAM tries to reload using corrupted data in its non-volatile storage, it will fail to initialize, and the system will be unable to Power-On Self-Test (POST). The Python script crafted by Copilot on the security researcher's Surface device iterated blindly over a particular Target Category and the set of Command ID (CID) pairs, sending empty/null payloads to WRITE commands. The result, Darcy explained, is that the SET Feature Report was called with null payload, the Output Report was called with null payload, and other CIDs were hit by SET commands that wrote garbage data. As a result, the device became inoperable. We're told this has been a common complaint about Surface devices online support forums over the years, though we have no way to determine whether boot failures reported for other Surface devices can be attributed to this specific problem. Many Surface hardware issues reported publicly appear to be fixable through various troubleshooting techniques. But devices made inoperable by SAM access, our source insists, are permanently bricked – a situation that can entail hundreds of dollars in repairs for a new motherboard. No USB, no factory reset, no access to the BIOS/UEFI, we're told. Darcy said that the SAM Bus is terribly designed. "There is no way to see the current value without scanning the bus," he said. "But scanning the bus kills the unit." The problem is that the CIDs, which are like APIs for the SAM, have been interleaved in a way that's dangerous. "If all the reads were grouped together (say, CIDs 0x01–0x0F) and all the writes were grouped separately (say, CIDs 0x10–0x1F), a probe script could safely scan the read range without ever accidentally wandering into write territory," Darcy said. "You could even put a simple bounds check in your code: 'only probe below 0x10.' Done. Safe. "But because reads and writes are interleaved in the same numbering space, there is no safe range to probe. You literally cannot scan even two consecutive CIDs without a coin-flip chance of hitting a write command. The moment you decide to enumerate what's available, you're already firing blind writes, because the command space gives you zero structural information about which operations are safe and which are destructive." Managed devices not at risk The Register asked Microsoft about our source's claims on March 10, 2026. A company spokesperson reiterated a prior suggestion that the researcher contact the Microsoft Security Response Center (MSRC), an effort our source found too cumbersome. Rather than publishing details about what might have been a potential zero-day flaw – we were uncertain about the Secure Boot/Secure Core requirement at the time – The Register reached out to internal Microsoft sources in an effort to get someone's attention. By March 12, with the help of Microsoft media relations, we managed to coordinate a conversation between Darcy and Madeline Eckert, senior program manager with MSRC. Microsoft subsequently acknowledged the vulnerability and committed to issuing a fix. The Register in turn agreed to delay publication for 90 days while repairs were made. We're told most affected devices have been updated (via Windows Update), or will receive updates in coming weeks. The issue did not meet the bar for a CVE, according to the company. "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices." That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested. Microsoft moving Surface to Rust One of the things we learned from Darcy during the effort to get this issue patched is that Microsoft is planning to move the Surface stack to Rust. We understand from David Abzarian, chief architect for Microsoft Surface, that work is underway to transition future Surface for Business hardware to a more secure architecture based on Rust code. "Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said Abzarian in a statement provided to The Register. "We’re investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively. "We’re also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency." Asked to comment, Darcy said, "The fact that a device can be destroyed, irreparably from userspace is... certainly an interesting design decision. While I applaud Microsoft for their beautiful, and innovative Surface series, a little more innovation around verifying incoming data at the firmware level would have been greatly appreciated." We're told Microsoft provided Darcy with a Surface laptop as a show of appreciation. ®

Google fires sueball at alleged Chinese phishers over AI-powered fraud ops

12 June 2026 at 14:14
Google has sued an alleged China-based cybercrime operation it says used AI-powered phishing kits to blast out millions of scam text messages and funnel victims to fake websites designed to steal passwords, payment cards, and other sensitive information. The complaint targets a group Google refers to as the "Outsider Enterprise," which the company describes as a sprawling criminal network that operates on Telegram and supplies phishing tools to other fraudsters. According to Google's filing, the operation has been linked to more than 9,000 fraudulent websites, over one million malicious URLs, and scams that have allegedly defrauded hundreds of thousands of people. The group's biz model centers on distributing phishing kits that enable criminals to impersonate Google and other trusted brands through large-scale text message campaigns, Google claims. Victims are directed to fraudulent websites designed to steal login credentials, payment card details, and other sensitive information, it adds. Google's allegation is not that AI is somehow breaking into people's phones, but rather that the technology appears to have been used to help churn out phishing content, allowing the operation to push more scams, more quickly, and with less effort. Android users flagged more than 55,000 spam texts linked to the operation during a two-week period in May, we're told, while the company detected roughly 2.5 million messages containing links to Outsider-controlled websites sent to Android devices during the same time frame. The lawsuit forms part of a broader effort involving federal law enforcement and US telecom providers. Google said it is coordinating with the FBI, AT&T, T-Mobile, and Verizon to disrupt the infrastructure behind the campaigns and block malicious messages before they reach users. "The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims," said Brett Leatherman, assistant director of the FBI's Cyber Division. "Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own." The lawsuit may never put the alleged operators in a courtroom, but it could still help pull apart the infrastructure behind the campaigns. ®

Plymouth council exposes hundreds in latest local government email gaffe

12 June 2026 at 12:32
Plymouth City Council has joined the growing ranks of public bodies defeated by the humble BCC field after exposing the email addresses of around 500 home-schooling families in a mass-mailing mishap. The blunder comes barely a week after City of York Council disclosed a similar mistake that exposed the email addresses of hundreds of disabled residents, suggesting that some public sector workers remain engaged in an ongoing battle with one of email's oldest features. The message, sent by Plymouth's Elective Home Education team, was meant to share information about upcoming legislative changes, but it also shared the email addresses of hundreds of home-schooling families with one another. A Register reader who contacted us about the incident described the aftermath as "a bit of a mess," claiming follow-up communications caused further confusion among recipients. Plymouth City Council did not respond to The Register's questions, but in a statement provided to local media, it admitted the incident was caused by human error and affected approximately 500 families. "Unfortunately, due to human error, a recent email was sent to approximately 500 families without using the BCC function, meaning recipient email addresses were visible," the council said. The authority said it contacted recipients as soon as it became aware of the problem, apologized, and asked families to delete the email and refrain from using any details they had received. It stressed that the message included no information relating to children and consisted solely of a general update. The council said the email mishap was investigated internally and that affected families were contacted again once officials had pieced together what went wrong. It also promised extra checks designed to keep future mailing lists out of public view. The council also reported the matter to the Information Commissioner's Office (ICO). An ICO spokesperson told The Register: "We can confirm that we received a report from Plymouth City Council regarding this incident. After carefully assessing the information in the report, we provided data protection advice and closed the case with no further action." While the exposure appears limited to email addresses rather than more sensitive personal information, the incident serves as another reminder that some of the most common data breaches do not involve sophisticated cybercriminals or ransomware gangs. Sometimes all it takes is sending an email to a few hundred people and clicking the wrong box. ®

Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

11 June 2026 at 19:51
Nightmare Eclipse, the prolific zero-day vulnerability hunter with an axe to grind against Microsoft, released yet another exploit late Wednesday that the researcher claims will spawn a command prompt that provides total access to the BitLocker volume. This bug, called GreatXML, was “an accidental discovery,” according to the researcher, who said it only took four hours to find. They claim this exploit (published on GitHub and Git-based code-hosting platforms) can bypass BitLocker on any system that has ever run a Microsoft Defender Offline scan at any point in the past. GreatXML comes just a day after Nightmare released exploit code for RoguePlanet, which allows local privilege escalation and leads to SYSTEM-level control over an affected machine. This brings the researcher’s zero-day count to eight. The earlier six - RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma - all have patches as of this week’s Patch Tuesday event. Redmond on Wednesday told The Register that it is aware of RoguePlanet, and “actively investigating the validity and potential applicability of these claims.” The Windows giant didn’t immediately respond to our inquiries about GreatXML, including when it planned to issue a patch. Microsoft has said none of the vulnerabilities were reported via its official channels prior to being made public. The company also banned Nightmare’s earlier GitHub account, and seemingly threatened legal action before dialing back its rhetoric after steep backlash from the security community. Nightmare Eclipse, who some researchers suggest is an ex-Microsoft employee, harbors a very personal grudge against the Windows giant and its communications with bug hunters. They have promised to keep the zero-days coming, but waffle on the timing. Last month, the researcher pledged a big July 14 drop: “I will make sure your bones are shattered that day,” and then added, “nothing will be released this June (or maybe I will release smtg, depending on circumstances).” On Tuesday, they changed course. “I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me. I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg.” A day later, Nightmare released the “accidental” GreatXML BitLocker bypass. According to the researcher, the BitLocker bypass first requires copying “unattend.xml” and the “Recovery” directory to the root of the recovery partition. The next step is rebooting into WinRE by Shift-clicking Restart. “If everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn,” Nightmare wrote. Also, if the scan hasn’t even been initiated on the Windows system, first you’d need to either log in and initiate it, or “figure out a way to boot into WinRE in offline scan state.” Security sleuth Will Dormann followed Nightmare’s steps to reproduce GreatXML, and said the writeup seems “flawed.” In his testing, Dormann said the command prompt appeared the next time a Defender Offline scan ran. “And in order to trigger a Microsoft Defender Offline scan, you both need to be logged in to Windows, and also have admin credentials,” he wrote on social media. “And if you've already got that level of access, you can just turn off bitlocker.” “The writeup for GreatXML suggests that the prerequisite is that Windows Defender Offline has been executed at some point in the past,” Dormann added. “And that after planting two files in WinRE, all you need to do is [Shift]-reboot into WinRE, and Windows will automatically go into Microsoft Defender Offline scan mode. But this is not the case in any of the 3 lineages of Win11 that I have handy.” ®

VRChat says somebody faked a breach notice with the Maine AG's office

11 June 2026 at 18:01
UPDATED Following notes from several readers, we followed up directly with VRChat on Thursday at 1945 GMT and they told us that the Maine Attorney General's office apparently posted a fake breach report. According to an email from VRChat's head of community, Charles Tupper, "VRChat did not submit this Notice of Data Incident, and the employee/email cited does not exist. We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed." In an effort to get to the bottom of this, The Register dialed the phone number on the report as well, but it connected to a line that is not in service. We also tried emailing the address on the report and got no reply. We could find no record of a Scott Caruso affiliated with VRChat. We apologize for the error, but generally speaking, government data breach reports are considered reliable. The fakers apparently even created a false notice that VRChat ostensibly sent to customers! If anybody knows who filed this apparently fake report and why, get in touch through our contact page, or through our secure tipline. The original story is below: Online chat platform VRChat says a recent cyberattack compromised the data belonging to nearly 2.5 million users. It confirmed the “data security incident” in a report filed with Maine’s attorney general, but has not disclosed it via public channels. The company’s report confirmed that its cloud environment was accessed between May 10-12, with the unauthorized intruder making off with information concerning 2,436,782 users. This included VRChat usernames, email addresses, whether a user was a VRChat+ subscriber, login histories (including device, hardware identifiers, and IP addresses), and Steam or Meta user IDs. It does not believe passwords, credit cards or other payment information, or government IDs used for age verification were affected. “VRChat sincerely regrets that this security incident occurred,” the company stated in its disclosure. “We understand that trust between our platform and its community is earned through consistent action, and we take full responsibility for the concern this event has caused. “The security and privacy of our players' information remain our highest priority, and we are committed to doing everything within our power to protect it.” VRChat said that after it was made aware of the intrusion, it contained the threat and implemented additional security controls, as well as engaging outside security experts. And in an unusual move for US breaches, the San Francisco-based company did not offer identity theft or credit monitoring services. Offering these kinds of services is not a legal requirement, but doing so is highly common, especially regarding attacks that affect so many individuals. VRChat does not publish the total number of registered users that it has on its books, but its documentation states that “the platform has grown to millions of users,” who have collectively published tens of millions of unique pieces of content for it since its first release in 2014. The part game, part chat platform is an online, open-world chatroom where people walk around interacting with one another via their 3D avatars. It has been compared to Second Life in that users explore other users' worlds, play mini-games, and partake in casual chit-chat, with support for both virtual reality headsets and conventional PCs. You can also think of it as something similar to Meta’s vision for the metaverse, just without all the coworking and KPI meetings, and with way more users. ®

Every employee’s password was stored in a single Excel file

11 June 2026 at 09:00
PWNED Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here. Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request. This week’s terrifying tale of poor security hygiene comes courtesy of Luke Irwin, CEO and principal consultant at Aegis Cybersecurity. He’s been in the industry for more than a quarter of a century and he knows where the bits are buried. At one point, Irwin consulted for a company that was a large national facility services organization, a 2,000-employee firm that provided cleaning, security guards, industrial abseiling (cleaning the facade), and other things that other large businesses need to keep their physical plants running smoothly. The CEO had one very peculiar idea about how to keep his own house in order: he wanted to have access to every one of his employees’ login credentials. The chief executive had an Excel spreadsheet sitting right on his desktop with a complete list of all the employee usernames and passwords. Let that sink in for a second. One person had all the keys to the castle in a single, easily accessible file. In any decent security setup, no one in the company has access to anyone else’s password. Even the head of the IT department should not know another employee’s password. I say this as someone who used to work for a company where the IT department would ask you to DM them your password if you had computer problems. But this company’s CEO wanted the usernames and passwords for reasons I’m sure any of his employees would appreciate: so he could go into their email accounts! He had an experience where one colleague had sent secret information to the entire company via email and he had spent the evening logging into every single account and deleting the message before anyone could see it. Just in case other messages were sent in error in the future, the CEO wanted the ability to log into all the relevant accounts and delete them himself. Perhaps for the same reason, he would not allow MFA (multi-factor authentication), because that would have kept him out of people’s inboxes. He was adamant even though the company had been the victim of a ransomware incident previously. “Despite repeated advice, he held that position for around four months, until we were able to demonstrate that the IT team could remove messages centrally using fairly simple administrative commands, without needing everyone’s password,” Irwin said. Even after getting rid of the Excel sheet of shame, the boss still refused to turn on MFA and the company subsequently suffered two data breaches involving sensitive client data. Unfortunately, this company wasn’t the only one that Irwin worked with where the management had something against MFA. Another client, this one in the medical sector, was opposed to multi-factor authentication because it “made things just a little too hard” for the external consultants they were using to access their systems. During the time that Irwin worked with that company, they got lucky and no one breached them. But since then, he’s seen signs that their data was available on the dark web. No word on whether they ever switched MFA on. There’s plenty to learn from Irwin’s two clients, but it’s all pretty obvious. First, don’t let anyone, even administrators or CEOs, have other people’s passwords. If someone has to get into another person’s email account, have IT use administrative access. Second, always enable MFA, preferably MFA with passkeys. ®

Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate

11 June 2026 at 02:00
Multiple reports indicate that Chinese operatives continue using every tech tool at their disposal – including American AI – to amass data on and manipulate everyone from security-clearance holders to everyday US citizens. And they’re trying to influence public opinion on building datacenters for AI, albeit without success so far. One of these reports found a “significant resurgence” of a botnet linked to Chinese government-backed goons, including Volt Typhoon, which previously used a covert network of connected devices to burrow deep into critical US networks and preposition for future destructive attacks. In January 2024, the FBI said it killed Volt’s KV-botnet, comprised of hundreds of end-of-life routers and other internet-connected devices. At the time, KV-botnet consisted of four clusters, with the KV cluster primarily being used as a covert data transfer network, and the JDY cluster used for scanning and reconnaissance. In a Wednesday report, Lumen’s Black Lotus Labs said that while the KV cluster became largely defunct after the law enforcement takedown, the JDY cluster remains an active threat, and has since surged to more than 1,500 compromised routers and IoT devices. “Analysis of this activity shows a clear focus on identifying vulnerable infrastructure shortly after public vulnerability disclosures, suggesting that reconnaissance output is rapidly operationalized by China-nexus advanced persistent threat (APT) actors,” the threat intel team wrote. “This targeted focus has been observed across a range of sectors, with the US military and associated entities as the most prominent.” While the botnet resurgence poses the most pressing threat, and the security shop recommends all enterprises implement CISA and NCSC guidance for mitigating Volt Typhoon activity and defending against China-nexus covert networks of compromised devices, another report indicates that China’s attempts at influence operations haven’t died down, either. Using American AI for covert ops about … American AI OpenAI in a Wednesday report said it banned ChatGPT accounts likely originating from China after they used the American AI company’s models to generate content for covert operations about – wait for it – American AI. While neither of the two clusters seemed to have much success in sowing chaos or swaying opinions, the fact that they tried at all is significant, according to Ben Nimmo, principal investigator on OpenAI’s Intelligence and Investigations team. “Neither campaign appears to have gained much authentic engagement,” Nimmo told reporters. “They're important for what they reveal about the intentions of influence operators from China and the narratives they're testing and seeking to amplify.” The first cluster used ChatGPT to generate social media content and images for an operation claiming datacenters and AI applications are increasing electricity demand and causing higher costs for ordinary Americans. “For example, they asked for comic strips about a power grid operator’s capacity auction prices based on reporting from a legitimate regional paper,” the report says. “They asked ChatGPT to focus the comments on rising capacity prices as a consequence of peak electricity demand, framing the new demand as coming from data centers and AI applications and argued that these costs were ultimately passed to ordinary households.” The operators then posted these comments and images on X, likely using fake accounts, with links to real news stories about datacenters. OpenAI suspects the operators are part of a social-media team at a private Chinese tech company that provides services for Chinese provincial-level government clients. “This was not a case of an influence operation creating a debate,” Nimmo said. “The debate existed already. This was an influence operation from China trying to interfere in it. We didn't see any signs that they succeeded.” The second cluster of banned ChatGPT accounts also likely originated in China and used OpenAI’s models to write comments and draw political cartoons criticizing US tech policies and tariffs. “Interestingly, the operators specified in their prompts that the content should not include cartoons of Xi Jinping in the output and should only include President Trump,” Nimmo said. These accounts, all writing prompts in simplified Chinese and using VPNs to access the AI systems, also used ChatGPT to edit work reports and help design social media monitoring systems. “This isn't the first time that we've seen actors in China trying to come up with ideas for social media monitoring,” Nimmo said. In February, OpenAI said it banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts. If AI doesn't work, bribery might? If Chinese agents can’t use AI systems to unearth sensitive information, there are always fake websites and job offers promising cash for state secrets. We’ve seen Beijing-linked government snoops use these tactics in the past, and according to the US Justice Department, they’re still using this scam (because it works). On Wednesday, the feds said they obtained a warrant for and seized 13 fake consulting company websites used to target US persons, including current and former security clearance holders with access to classified and sensitive government information. The domains include centrikglobalconsulting.com, rightinfoconsult.com, finnaclevesperconsulting.com, cydfconsulting.com, pulsewaveglobal.com, catalystglobalsolutions.com, thehorizzen.com, geoindopacific.com, gpf-ina.org, safesec-group.com, thetruthinfo.com, Vandercons.com, and gulfpeace.org. Since November 2023, these websites and associated job postings on social media, LinkedIn, and other hiring platforms advertised “consulting” jobs, including “Senior Analyst” and “International Affairs Consultant” positions. Suspected PRC operatives used the sites and job listings to recruit applicants and bribe them for sensitive information, DOJ alleges. “The conspirators have encouraged applicants and recruits to share confidential and sensitive information in violation of their official duties and of particular interest to the People's Republic of China (PRC) government,” according to the court documents. “The recruiters pressured candidates to share confidential information and reports from ‘insider sources' in violation of their official duties.” The court documents allege the conspirators then paid the recruits for these reports using online accounts in the names of fictitious individuals, and cryptocurrency to hide their identities and the source of the payments. ®

Angry bug hunter with Microsoft beef drops new Windows 0-day

10 June 2026 at 20:45
They are angry at Redmond and will have their revenge. Nightmare Eclipse, the prolific bug hunter and possibly disgruntled ex-Microsoft employee, disclosed another zero-day vulnerability just hours after Redmond issued a record-breaking number of CVEs and fixes for June Patch Tuesday. The latest zero-day, RoguePlanet, targets Microsoft Defender and works against fully patched Windows 10 and Windows 11 systems, according to the researcher, who also released proof-of-concept exploit code for the security flaw. Assuming the attacker can win a race condition, this bug allows local privilege escalation and leads to SYSTEM-level control over an affected machine. Nightmare Eclipse (aka Chaotic Eclipse) is a disgruntled bug hunter with a deep understanding of Windows and an even deeper grudge against Microsoft. They claim to be an ex-employee, and accuse Redmond of ignoring vulnerability reports and refusing to communicate with them. "When I actively asked you to communicate with me, you refused, humiliated me and made sure to insult me in front of people," they wrote in an earlier blog post that also promised a “bone shattering” drop on July 14. "You defame me in public with your CVE-2026-45585 advisory even though you literally deleted the Microsoft account I used to report bugs to you with and I got zero pennies from doing so and I still happily did like an idiot," the post continued. Possibly as an outlet for this anger, and reportedly in response to Redmond's lack of action, Nightmare began releasing their findings to the public. RoguePlanet marks the seventh Microsoft zero-day that they found and disclosed - accompanied by either a PoC exploit or technical details - before Redmond issued a fix. Microsoft's initial response to those disclosures was widely interpreted as a threat of legal action, prompting massive outrage from the broader infosec community before Redmond sought to calm the backlash by stating it had "no intention to pursue action against individuals conducting or publishing security research." As of Tuesday, the previous six zero-days all have patches. Three of them, RedSun, UnDefend, and BlueHammer, came under attack soon after Nightmare published working exploit code for each and before Microsoft released security updates to address the flaws. The other three, YellowKey, GreenPlasma, and MiniPlasma, all have been fixed as of June’s Patch Tuesday. YellowKey (aka CVE-2026-45585) is a security feature bypass bug in Windows BitLocker. An attacker with physical access to the vulnerable system could bypass the BitLocker Device Encryption feature and gain access to the device's encrypted data. GreenPlasma (aka CVE-2026-45586) and MiniPlasma (aka CVE-2020-17103) are both privilege escalation flaws in the Collaborative Translation Framework (CTFMON) and the Cloud Files Mini Filter Driver that can be abused by an authorized attacker to elevate privileges locally and gain SYSTEM access. When asked about RoguePlanet, a Microsoft spokesperson told The Register that the Windows giant is “aware of the reported vulnerability and is actively investigating the validity and potential applicability of these claims." The spokesperson continued: "Microsoft is committed to investigating security issues and updating impacted products to protect customers as soon as possible. Importantly, we support coordinated vulnerability disclosure, an industry standard that protects customers and supports the research community by ensuring their findings are thoroughly investigated and addressed before being made public." Soon after Nightmare published a PoC for RoguePlanet, the ThreatLocker threat intelligence team validated the exploit code and said that they were “actively assessing impact, affected systems, and additional mitigations,” promising to share more findings “as they become available.” Tharros Labs senior vulnerability analyst and long-time respected security sleuth Will Dormann said he tested the exploit code, too. “It's reportedly not 100% reliable, but it worked on the first attempt for me,” Dormann wrote. Nightmare, for their part, rolled back the promise of a “bone shattering” drop on July 14. “(Un)fortunately I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me,” the researcher said on Tuesday. “I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg. But the big thing is not happening. I did not intend to spread a mass panic with that post and I apologize for doing so.”®

❌