👋 Writing this from San Diego 🇺🇸 — about as far from my Swiss desk as a timezone can stretch. But the news didn't care about my travel schedule.

If there's one thread running through this week, it's Iran: Boggy Serpens refining its AI-enhanced espionage playbook, an attempted intrusion at Poland's nuclear research center with Iranian fingerprints, the EU hitting Iranian entities with fresh sanctions — and Iran's own population cut off from the internet for over two weeks now. Stryker is still cleaning up from last week's Handala attack too. A lot of activity from a lot of pro-Iran actors in one week.

→ Week #12/2026 also covers:

🪱 GlassWorm escalates its supply chain campaign,

🇪🇺 🗳️ EU votes to ban mass message scanning,

🤓 🇬🇧 A witness blamed ChatGPT for his smartglasses

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-12-2026-iran-is-everywhere-this-week

If you find it useful, subscribe to get it in your inbox every weekend 📨

#infosecMASHUP #cybersecurity #infosec #threatintel

When bombs fall, keyboards follow. The #Handala attack on #Stryker — 200,000 systems claimed wiped, 50TB stolen, timed explicitly to the US-Israeli assault on Iran — is textbook retaliation hacktivist logic. But here's the thing nobody wants to say out loud: it barely matters whether the group is genuinely aggrieved civilians or a state front wearing a keffiyeh. The effect is identical. The deniability is the point.

Governments have learned that a "spontaneous" hacktivist campaign does more reputational work than an official cyberunit ever could — and when the targeting is this clean, "spontaneous" deserves serious scare quotes. We saw it with pro-Russian groups after #Ukraine. We saw it with pro-Palestinian groups after #Gaza. We're seeing it again now with #Iran. The pattern is consistent enough to be a doctrine at this point.

What makes it strategically interesting — and analytically treacherous — is the deliberate ambiguity it manufactures. A group claiming to represent bombed civilians carries far more narrative weight than one that's transparently state-linked. Attribution becomes a second-order problem: even if the group is genuinely independent, states benefit from the chaos and quietly let it run. Sometimes they seed it. Sometimes they just watch. The outcome for the victim is the same either way.

The targeting logic follows a reliable playbook too. Not purely military or intelligence targets — those carry too much legal and escalatory risk. Instead: corporations with visible ties to the aggressor country, ideally ones with symbolic weight or defense adjacency. #Stryker, with its $450M U.S. military contract and the same name as an Army armored carrier, checked every box. The selection wasn't random. It was a message dressed as an attack.

For defenders, none of this is new — but the tempo is accelerating. Geopolitical flashpoints are now predictable threat amplifiers with a measurable lag between event and campaign. Your company's government contracts, your country of incorporation, your defense-adjacent partnerships — these are part of your attack surface whether you've modelled them that way or not. The groups carrying the flag may be real, fake, or somewhere in the uncomfortable middle. It doesn't matter. The wiper doesn't care about the ideology behind it.

→ Week #11/2026 also covers:

🇺🇸 FBI hacked,

🇨🇳 Salt Typhoon goes global,

🤯 🔓️ 💬 #Instagram dropping E2E encryption

🤖 ⏱️ An #AI agent hacked McKinsey's #chatbot in two hours.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-11-2026-when-bombs-fall-keyboards-follow

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

War makes excellent phishing bait. It also gives politically motivated threat actors a reason to double down. This week had both, plus:

🙊 #Anthropic CEO responds to #Trump order and #Pentagon clash,

🔓️ #Quantum threatens RSA-2048,

🪱 A #Wikipedia worm,

🇨🇦 38M Canadian Tire accounts, and

🇪🇺 🎣 Europol kills a #phishing factory.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-10-2026-they-don-t-need-new-malware-they-just-need-the-news

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

This week's signal: Predator #spyware bypasses #iOS camera/mic indicators — that green dot means nothing if you're compromised;

→ Week #09/2026 also covers:

🔓 Conduent #breach: 25M people's data exposed;

🇰🇵 #Lazarus goes #ransomware with Medusa;

⏱️ #CrowdStrike: avg attacker breakout time now 29 minutes;

🤖 #Anthropic drops core #AI safety pledge & stands firm against Pentagon;

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-09-2026-your-iphone-has-a-green-dot-predator-doesn-t-care

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

This week's signal: attackers aren't hacking in — they're logging in. Identity-based techniques accounted for nearly two-thirds of initial intrusions last year, per Palo Alto Networks Unit 42's latest IR report.

→ Week #08/2026 also covers:

🇫🇷 🏦 France’s Ministry of Economy disclosed a breach that exposed 1.2 million accounts:

🌍️ African police arrested 651 suspects in a coordinated INTERPOL operation against investment fraud;

🔎 Anthropic launched Claude Code Security, an hashtag#AI tool that scans code for hashtag#vulnerabilities and suggests fixes;

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-08-2026-credentials-beat-exploits-in-2025

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #07/2026 is out!

As #AI tools become the fastest, cheapest way to get medical advice, a quiet gap is opening in how our most sensitive data is protected. Many AI-powered health assistants — built by companies like #OpenAI, #Anthropic, and #Google — operate outside traditional healthcare regulations such as HIPAA. The result: deeply personal health data may be handled under consumer-tech #privacy standards, not medical ones.

This isn’t just a #healthcare story. It’s a pattern we’re seeing across industries and geographies: AI systems moving faster than the regulations designed for the roles they’re now playing. From #finance to #education, from #HR to legal advice, AI increasingly acts like a regulated professional — without always being treated like one under the law.

As convenience wins and guardrails lag, this week’s news raises a familiar infosec question: when technology changes the function, but regulation still defines the form, where does accountability really sit?

→ Let’s now dive into this week’s top insights! It includes the following and much more:

🇪🇺 👀 European Commission Investigating Cyberattack;

🇷🇴 🛢️ Romania's oil pipeline operator Conpet confirmed it was hit by a Qilin ransomware attack;

🦞 🦠 #OpenClaw Integrates #VirusTotal Scanning to Detect Malicious #ClawHub Skills;

🛑 💬 🇷🇺 #Russia is trying to fully block #WhatsApp;

🇰🇷 💍 Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches;

🇪🇺 🤝 The EU gave unconditional approval for Google’s $32 billion buyout of cloud security firm #Wiz

--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-07-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2026 is out!

This week’s #AI zeitgeist didn’t just spawn memes — it exposed real, systemic risks at the intersection of autonomy, identity, and trust. On one front, a critical vulnerability in the self‑hosted AI assistant #OpenClaw 🦞 (previously Clawdbot/Moltbot) allowed attackers to steal authentication tokens and achieve remote code execution via a single malicious link — a classic web attack chain repurposed against an AI agent ecosystem. The flaw (tracked as CVE‑2026‑25253) hinged on improper origin validation in OpenClaw’s local gateway, letting a crafted page trigger a token leak and session hijack before it was patched.

At the same time, #Moltbook — a Reddit‑style social network exclusively for AI agents — went viral, attracting millions of registered bots and widespread fascination about the idea of autonomous digital actors forming “machine societies.” But the hype masked serious cybersecurity failures: misconfigured backends exposed millions of API keys, agent tokens, and private messages to unauthenticated access, and researchers found prompt injection and bot‑to‑bot social engineering risks that could propagate malicious instructions through the agent population.

These two developments are linked by more than branding. They illustrate a converging threat landscape where:

• Autonomous agents operate with deep system access,

• Shared agent ecosystems become new attack surfaces, and

• Viral prompt sharing and AI‑to‑AI networks can amplify hidden exploits.

It’s a reminder that even as AI autonomy grabs attention, the fundamentals of cybersecurity: protecting data, accounts, and trust boundaries — remain as crucial as ever. Because before we debate sentience, we need to secure the agents we already deployed.

→ Let’s now dive into this week’s top insights! It includes the following and much more:

🗒️ 🇨🇳 Notepad++ was hit by a supply-chain attack

📤️ Newsletter platform #Substack notifies users of #databreach;

🇫🇷 French prosecutors raid X offices, summon #Musk over #Grok #deepfakes;

🇺🇸 👀 Homeland Security is trying to force tech companies to hand over data about Trump critics;

🇷🇺 Russian-state hackers quickly exploited a critical #Microsoft Office flaw (CVE-2026-21509) within 48 hours of a patch;

🇳🇴 🇨🇳 China’s Salt Typhoon hackers broke into Norwegian companies;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-06-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #05/2026 is out!

Security keeps failing for the same boring reasons — not because we lack tools or frameworks, but because we keep externalizing risk and calling it “integration.”

This week’s mashup spans breaches, vulnerabilities, and AI security, but the connective tissue is familiar: overtrusted vendors, overprivileged access, shallow due diligence, and controls that exist on paper rather than in production. Most high-profile incidents still originate in third-party environments — MSPs, SaaS providers, data processors, support platforms — yet “vendor risk management” remains a checkbox exercise: SOC 2 PDFs, contractual assurances, and zero technical enforcement. No architectural reviews. No hard IAM boundaries. No continuous validation. Just implicit trust wired directly into core systems.

Until organizations start treating partners as hostile by default — with scoped access, verifiable controls, and ongoing monitoring — we’ll keep cycling through the same breach narratives, the same patch-now CVEs, and the same AI security surprises, week after week.

→ It includes the following and much more:

🇺🇸 🤦‍♂️ Trump’s acting cybersecurity chief uploaded sensitive government docs to #ChatGPT;

🤗 Hugging Face abused to spread thousands of #Android #malware variants;

🇺🇸 🇨🇳 🧑‍⚖️ Former Google engineer was convicted for stealing over 2,000 #AI-related trade secret documents;

🇫🇷 💰️ #France fined its national employment agency €5 million after the 2024 data breach;

🇨🇳 🗑️ Google disrupted a #China-based residential proxy network;

--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-05-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2026 is out!

→ It includes the following and much more:

🎣 📩 LastPass warns of a #phishing campaign pretending to be #LastPass;

🇺🇸 🎽 Under Armour investing #breach;

🇯🇴 📲 Jordanian authorities used #Cellebrite phone-cracking tools to extract data from activists’ phones without consent;

🇮🇪 👀 #Ireland plans a new law to let police use #spyware;

💬 🔐 @moxie launched #Confer, a #ChatGPT-like service built to protect user #privacy;

💥 Attackers exploiting critical Fortinet #FortiCloud flaw;

🇷🇺 🇵🇱 Russian government hackers likely tried to knock out parts of Poland’s power grid;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-04-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #03/2026 is out!

→ It includes the following and much more:

🔓️ #BreachForums had its user database leaked;

❌ #RedVDS Infrastructure seized by #Microsoft and Law Enforcement;

🇪🇸 🇪🇺 #Europol and Spanish police arrested 34 people linked to the Black Axe;

🇮🇷 🔌 #Iran has cut off internet and phone access nationwide for more than a week

🐧 New modular #Linux malware framework called #VoidLink;

🩸 #MongoBleed, a critical, unauthenticated #MongoDB memory-leak vulnerability;

📆 🩹 Microsoft #PatchTuesday addresses 112 defects, including one actively exploited zero-day;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-03-2026