Risky Bulletin

A sparring match over an AI assistant's safeguards versus military demands sparks debate about surveillance and lethal autonomous weapons. The trade-offs between value-driven AI and a warrior ethos get unpacked. A persistent Chinese hacking group, Volt Typhoon, is still lurking in critical infrastructure, raising alarms about premature victory claims and the need for sustained private-sector vigilance.

Russian authorities opening a criminal investigation into Telegram's founder makes headlines. Teen hackers tied to a South Korean bike-share breach were arrested. Allegations surface that firms scraped and distilled an AI maker's outputs. Major hacks and sanctions ripple through crypto, ISPs, healthcare platforms and exploit brokers.

A deep look at how elite intelligence services will adopt AI cautiously, favoring stealth and correctness over reckless use. Discussions cover AI-powered espionage trends, task decomposition for intelligence workflows, and which cyber roles are most AI-friendly. They explore AI for continuous monitoring, mapping target networks, speeding coding and malware development, and how AI might complicate attribution.

An AI-assisted campaign used DeepSeek and Claude to compromise 600+ Fortinet firewalls. A VPN product was exploited to gain data center access. Chinese actors stole Italian police officer data. Archive.today was blacklisted after causing DDoS-like traffic. A PayPal loan bug exposed customer data and new malware in NPM packages is stealing credentials.

Feross Aboukhadijeh, open-source developer and security expert behind WebTorrent, explains how AI is reshaping open source and swelling dependency webs. He recounts real supply-chain compromises and emergent worm attacks. He also introduces Socket Firewall and a behavior-focused approach to blocking malicious packages at install time.

Researchers found many RPKI backend servers are vulnerable to DNS hijacks and route attacks. A French ministry breach exposed over a million bank records. New UK rules force rapid takedowns of non-consensual explicit images. Click-fix copy-paste attacks now account for about half of malware infections. Several major cyber incidents disrupted hospitals, transport and fintech systems.

Tom Uren, policy and intelligence editor who analyzes cybersecurity and AI policy. He discusses European debates over building cyber strike capabilities and why political will, not just tools, determines impact. He explains distillation attacks that let rivals clone AI models by querying them and why firms seek government help on chips, compute and export controls.

A firmware supply-chain backdoor infecting thousands of Android tablets gets explored. The EU turns off AI features on lawmakers' devices over security and data worries. Reports cover Cellebrite usage against an activist and a Chinese APT exploiting a Dell zero-day. Multiple ransomware, data leak, botnet, and browser zero-day incidents round out the headlines.

A brisk debate on whether middle powers should build military cyber capabilities. A look at how cyber effects compare to kinetic strikes and when cyber is most useful. Discussion of niche specialization inside alliances and the tradeoffs of using covert tools. Exploration of strategic, non-spectacular cyber impacts on finance, reputation, and regime stability.

Cambodia vows to dismantle cyber scam compounds by April after raids and arrests. CISA pushes the OpenEOX standard amid staffing concerns. Linux, macOS and Windows add post‑quantum signature support. Reports say attribution was softened in an APT report to avoid fallout. A range of breaches, malware botnets and vulnerabilities get spotlighted.