🐛 Faster Bugs, Same Backlog — #Mythos Preview found thousands of zero-days across every major OS and browser in a matter of weeks. Anthropic was nervous enough about it to not release it publicly. That's notable. What's also notable is that "thousands of critical vulnerabilities" describes a perfectly ordinary patch Tuesday for most security teams — the backlog isn't new, the speed is.

The uncomfortable truth Project #Glasswing surfaces isn't that attackers are about to get a superpower (they are), it's that defenders have been relying on a fundamentally broken triage model for years. CVSS 10 gets the fire drill. The exploitable CVSS 6 sitting on an internet-facing legacy box gets the backlog. That gap is the actual attack surface. AI-accelerated discovery doesn't fix it — it just makes it more expensive to ignore.

→ Week #16/2026 also covers: AI vishing platforms hit the cybercrime market, NIST quietly caps CVE coverage, and Russia goes after a Swedish power grid.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-16-2026-faster-bugs-same-backlog

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

Cybercrime losses hit $20.9 billion in 2025 — a 26% jump, per the FBI's IC3 report. That figure covers only what victims bothered to report, so treat it as a floor, not a ceiling. This week's issue arrives alongside a proposal to cut CISA's budget by $707 million. Whether that's a bold strategic bet or a spectacular misread of the moment is, apparently, still under debate.

→ Week #15/2026 also covers:

REvil's alleged leader unmasked, Adobe Reader zero-day since December, and the most uncomfortable job interview you'll watch this week.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-15-2026-budgets-cut-breaches-climbing

If you find it useful, subscribe to get it in your inbox every weekend 📨

#infosecMASHUP #cybersecurity #infosec #threatintel #AI

RSA Conference was in full swing in San Francisco this week — booths, buzzwords, and billion-dollar pitches as far as the eye can see. Meanwhile, out in the real world, threat actors didn't get the memo. Iran-linked hackers are using Telegram to hunt down dissidents and journalists, while TeamPCP's supply chain worm is deploying Kubernetes wipers that specifically target Iranian clusters. Two sides of the same geopolitical coin, playing out in parallel — and neither one is buying a vendor badge.

→ Week #13/2026 also covers:

🪱 TeamPCP's worm ;

🇮🇱 🇮🇷 Iran's hacked cameras ;

🆙 ✅ A Tycoon 2FA that just won't die ;

❌ 🇺🇸 The FCC has banned the sale of new consumer routers made outside the USA;

💰️ #OpenAI launched a public safety bug bounty for #AI-specific abuse and safety risks;

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-13-2026-rsa-week-real-world-problems

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

👋 Writing this from San Diego 🇺🇸 — about as far from my Swiss desk as a timezone can stretch. But the news didn't care about my travel schedule.

If there's one thread running through this week, it's Iran: Boggy Serpens refining its AI-enhanced espionage playbook, an attempted intrusion at Poland's nuclear research center with Iranian fingerprints, the EU hitting Iranian entities with fresh sanctions — and Iran's own population cut off from the internet for over two weeks now. Stryker is still cleaning up from last week's Handala attack too. A lot of activity from a lot of pro-Iran actors in one week.

→ Week #12/2026 also covers:

🪱 GlassWorm escalates its supply chain campaign,

🇪🇺 🗳️ EU votes to ban mass message scanning,

🤓 🇬🇧 A witness blamed ChatGPT for his smartglasses

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-12-2026-iran-is-everywhere-this-week

If you find it useful, subscribe to get it in your inbox every weekend 📨

#infosecMASHUP #cybersecurity #infosec #threatintel

When bombs fall, keyboards follow. The #Handala attack on #Stryker — 200,000 systems claimed wiped, 50TB stolen, timed explicitly to the US-Israeli assault on Iran — is textbook retaliation hacktivist logic. But here's the thing nobody wants to say out loud: it barely matters whether the group is genuinely aggrieved civilians or a state front wearing a keffiyeh. The effect is identical. The deniability is the point.

Governments have learned that a "spontaneous" hacktivist campaign does more reputational work than an official cyberunit ever could — and when the targeting is this clean, "spontaneous" deserves serious scare quotes. We saw it with pro-Russian groups after #Ukraine. We saw it with pro-Palestinian groups after #Gaza. We're seeing it again now with #Iran. The pattern is consistent enough to be a doctrine at this point.

What makes it strategically interesting — and analytically treacherous — is the deliberate ambiguity it manufactures. A group claiming to represent bombed civilians carries far more narrative weight than one that's transparently state-linked. Attribution becomes a second-order problem: even if the group is genuinely independent, states benefit from the chaos and quietly let it run. Sometimes they seed it. Sometimes they just watch. The outcome for the victim is the same either way.

The targeting logic follows a reliable playbook too. Not purely military or intelligence targets — those carry too much legal and escalatory risk. Instead: corporations with visible ties to the aggressor country, ideally ones with symbolic weight or defense adjacency. #Stryker, with its $450M U.S. military contract and the same name as an Army armored carrier, checked every box. The selection wasn't random. It was a message dressed as an attack.

For defenders, none of this is new — but the tempo is accelerating. Geopolitical flashpoints are now predictable threat amplifiers with a measurable lag between event and campaign. Your company's government contracts, your country of incorporation, your defense-adjacent partnerships — these are part of your attack surface whether you've modelled them that way or not. The groups carrying the flag may be real, fake, or somewhere in the uncomfortable middle. It doesn't matter. The wiper doesn't care about the ideology behind it.

→ Week #11/2026 also covers:

🇺🇸 FBI hacked,

🇨🇳 Salt Typhoon goes global,

🤯 🔓️ 💬 #Instagram dropping E2E encryption

🤖 ⏱️ An #AI agent hacked McKinsey's #chatbot in two hours.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-11-2026-when-bombs-fall-keyboards-follow

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

War makes excellent phishing bait. It also gives politically motivated threat actors a reason to double down. This week had both, plus:

🙊 #Anthropic CEO responds to #Trump order and #Pentagon clash,

🔓️ #Quantum threatens RSA-2048,

🪱 A #Wikipedia worm,

🇨🇦 38M Canadian Tire accounts, and

🇪🇺 🎣 Europol kills a #phishing factory.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-10-2026-they-don-t-need-new-malware-they-just-need-the-news

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

This week's signal: Predator #spyware bypasses #iOS camera/mic indicators — that green dot means nothing if you're compromised;

→ Week #09/2026 also covers:

🔓 Conduent #breach: 25M people's data exposed;

🇰🇵 #Lazarus goes #ransomware with Medusa;

⏱️ #CrowdStrike: avg attacker breakout time now 29 minutes;

🤖 #Anthropic drops core #AI safety pledge & stands firm against Pentagon;

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-09-2026-your-iphone-has-a-green-dot-predator-doesn-t-care

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

This week's signal: attackers aren't hacking in — they're logging in. Identity-based techniques accounted for nearly two-thirds of initial intrusions last year, per Palo Alto Networks Unit 42's latest IR report.

→ Week #08/2026 also covers:

🇫🇷 🏦 France’s Ministry of Economy disclosed a breach that exposed 1.2 million accounts:

🌍️ African police arrested 651 suspects in a coordinated INTERPOL operation against investment fraud;

🔎 Anthropic launched Claude Code Security, an hashtag#AI tool that scans code for hashtag#vulnerabilities and suggests fixes;

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-08-2026-credentials-beat-exploits-in-2025

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #07/2026 is out!

As #AI tools become the fastest, cheapest way to get medical advice, a quiet gap is opening in how our most sensitive data is protected. Many AI-powered health assistants — built by companies like #OpenAI, #Anthropic, and #Google — operate outside traditional healthcare regulations such as HIPAA. The result: deeply personal health data may be handled under consumer-tech #privacy standards, not medical ones.

This isn’t just a #healthcare story. It’s a pattern we’re seeing across industries and geographies: AI systems moving faster than the regulations designed for the roles they’re now playing. From #finance to #education, from #HR to legal advice, AI increasingly acts like a regulated professional — without always being treated like one under the law.

As convenience wins and guardrails lag, this week’s news raises a familiar infosec question: when technology changes the function, but regulation still defines the form, where does accountability really sit?

→ Let’s now dive into this week’s top insights! It includes the following and much more:

🇪🇺 👀 European Commission Investigating Cyberattack;

🇷🇴 🛢️ Romania's oil pipeline operator Conpet confirmed it was hit by a Qilin ransomware attack;

🦞 🦠 #OpenClaw Integrates #VirusTotal Scanning to Detect Malicious #ClawHub Skills;

🛑 💬 🇷🇺 #Russia is trying to fully block #WhatsApp;

🇰🇷 💍 Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches;

🇪🇺 🤝 The EU gave unconditional approval for Google’s $32 billion buyout of cloud security firm #Wiz

--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-07-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2026 is out!

This week’s #AI zeitgeist didn’t just spawn memes — it exposed real, systemic risks at the intersection of autonomy, identity, and trust. On one front, a critical vulnerability in the self‑hosted AI assistant #OpenClaw 🦞 (previously Clawdbot/Moltbot) allowed attackers to steal authentication tokens and achieve remote code execution via a single malicious link — a classic web attack chain repurposed against an AI agent ecosystem. The flaw (tracked as CVE‑2026‑25253) hinged on improper origin validation in OpenClaw’s local gateway, letting a crafted page trigger a token leak and session hijack before it was patched.

At the same time, #Moltbook — a Reddit‑style social network exclusively for AI agents — went viral, attracting millions of registered bots and widespread fascination about the idea of autonomous digital actors forming “machine societies.” But the hype masked serious cybersecurity failures: misconfigured backends exposed millions of API keys, agent tokens, and private messages to unauthenticated access, and researchers found prompt injection and bot‑to‑bot social engineering risks that could propagate malicious instructions through the agent population.

These two developments are linked by more than branding. They illustrate a converging threat landscape where:

• Autonomous agents operate with deep system access,

• Shared agent ecosystems become new attack surfaces, and

• Viral prompt sharing and AI‑to‑AI networks can amplify hidden exploits.

It’s a reminder that even as AI autonomy grabs attention, the fundamentals of cybersecurity: protecting data, accounts, and trust boundaries — remain as crucial as ever. Because before we debate sentience, we need to secure the agents we already deployed.

→ Let’s now dive into this week’s top insights! It includes the following and much more:

🗒️ 🇨🇳 Notepad++ was hit by a supply-chain attack

📤️ Newsletter platform #Substack notifies users of #databreach;

🇫🇷 French prosecutors raid X offices, summon #Musk over #Grok #deepfakes;

🇺🇸 👀 Homeland Security is trying to force tech companies to hand over data about Trump critics;

🇷🇺 Russian-state hackers quickly exploited a critical #Microsoft Office flaw (CVE-2026-21509) within 48 hours of a patch;

🇳🇴 🇨🇳 China’s Salt Typhoon hackers broke into Norwegian companies;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-06-2026