Independent cybersecurity / privacy / AI risk journal
Tracking the cybersecurity, privacy, and AI risk signals that matter, beyond the headline breaches.
Lead briefing
The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announ…
Today’s briefings
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges.
The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend.
In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data an…
Latest updates
A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information about essentially a…
A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands…
Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity.
This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future.
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation.
Topics
219 entries
Cybersecurity briefings on breaches, exploited vulnerabilities, ransomware, incident response, and systemic security failures.
39 entries
Privacy briefings on data misuse, tracking changes, surveillance harms, regulator action, and data rights enforcement.
73 entries
AI risk briefings on model misuse, deployment failures, safety regressions, governance gaps, and synthetic-media harms.
22 entries
Governance briefings on enforcement, standards, court action, regulator opinions, institutional accountability, and policy shifts.
7 entries
Infrastructure briefings on cloud, telecoms, public systems, network edge, and critical infrastructure risk developments.
3 entries
Surveillance briefings on biometrics, monitoring systems, identity correlation, tracking technology, and public or private observation systems.