#infosecmashup — Public Fediverse posts

Offense Just Got a Co-Pilot.

The story that should not get buried under this week's patch pile is a quiet one from the ICS/OT section: attackers used #Claude and #ChatGPT to assist an intrusion into a water utility in Monterrey. The OT #breach ultimately failed — but that's almost beside the point. What the Dragos report actually documents is AI being used as a competent recon assistant: autonomously identifying a vNode SCADA/IIoT interface, recommending a password-spray attack, and generating a Python toolkit on the fly. No novel exploit. No nation-state budget. Just patience and a chat window.

This is the part of the AI-in-security conversation that tends to get lost between the breathless vendor marketing and the "fully autonomous AI attacks are not yet observed" reassurances. The threat doesn't need to be autonomous to be meaningful. Lowering the reconnaissance floor — making #OT infrastructure more legible to attackers who previously lacked the domain knowledge to navigate it — is already a significant capability shift. The Monterrey incident didn't succeed. The next one will be run by someone who learned from it.

→ Week #19/2026 also covers: A 64-day cPanel zero-day window, #ShinyHunters hits an ed-tech giant, and Europe blocks #Huawei from its solar grid.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-19-2026-offense-just-got-a-co-pilot

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

Offense Just Got a Co-Pilot.

The story that should not get buried under this week's patch pile is a quiet one from the ICS/OT section: attackers used #Claude and #ChatGPT to assist an intrusion into a water utility in Monterrey. The OT #breach ultimately failed — but that's almost beside the point. What the Dragos report actually documents is AI being used as a competent recon assistant: autonomously identifying a vNode SCADA/IIoT interface, recommending a password-spray attack, and generating a Python toolkit on the fly. No novel exploit. No nation-state budget. Just patience and a chat window.

This is the part of the AI-in-security conversation that tends to get lost between the breathless vendor marketing and the "fully autonomous AI attacks are not yet observed" reassurances. The threat doesn't need to be autonomous to be meaningful. Lowering the reconnaissance floor — making #OT infrastructure more legible to attackers who previously lacked the domain knowledge to navigate it — is already a significant capability shift. The Monterrey incident didn't succeed. The next one will be run by someone who learned from it.

→ Week #19/2026 also covers: A 64-day cPanel zero-day window, #ShinyHunters hits an ed-tech giant, and Europe blocks #Huawei from its solar grid.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-19-2026-offense-just-got-a-co-pilot

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

Offense Just Got a Co-Pilot.

The story that should not get buried under this week's patch pile is a quiet one from the ICS/OT section: attackers used #Claude and #ChatGPT to assist an intrusion into a water utility in Monterrey. The OT #breach ultimately failed — but that's almost beside the point. What the Dragos report actually documents is AI being used as a competent recon assistant: autonomously identifying a vNode SCADA/IIoT interface, recommending a password-spray attack, and generating a Python toolkit on the fly. No novel exploit. No nation-state budget. Just patience and a chat window.

This is the part of the AI-in-security conversation that tends to get lost between the breathless vendor marketing and the "fully autonomous AI attacks are not yet observed" reassurances. The threat doesn't need to be autonomous to be meaningful. Lowering the reconnaissance floor — making #OT infrastructure more legible to attackers who previously lacked the domain knowledge to navigate it — is already a significant capability shift. The Monterrey incident didn't succeed. The next one will be run by someone who learned from it.

→ Week #19/2026 also covers: A 64-day cPanel zero-day window, #ShinyHunters hits an ed-tech giant, and Europe blocks #Huawei from its solar grid.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-19-2026-offense-just-got-a-co-pilot

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

Offense Just Got a Co-Pilot.

The story that should not get buried under this week's patch pile is a quiet one from the ICS/OT section: attackers used #Claude and #ChatGPT to assist an intrusion into a water utility in Monterrey. The OT #breach ultimately failed — but that's almost beside the point. What the Dragos report actually documents is AI being used as a competent recon assistant: autonomously identifying a vNode SCADA/IIoT interface, recommending a password-spray attack, and generating a Python toolkit on the fly. No novel exploit. No nation-state budget. Just patience and a chat window.

This is the part of the AI-in-security conversation that tends to get lost between the breathless vendor marketing and the "fully autonomous AI attacks are not yet observed" reassurances. The threat doesn't need to be autonomous to be meaningful. Lowering the reconnaissance floor — making #OT infrastructure more legible to attackers who previously lacked the domain knowledge to navigate it — is already a significant capability shift. The Monterrey incident didn't succeed. The next one will be run by someone who learned from it.

→ Week #19/2026 also covers: A 64-day cPanel zero-day window, #ShinyHunters hits an ed-tech giant, and Europe blocks #Huawei from its solar grid.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-19-2026-offense-just-got-a-co-pilot

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

Offense Just Got a Co-Pilot.

The story that should not get buried under this week's patch pile is a quiet one from the ICS/OT section: attackers used #Claude and #ChatGPT to assist an intrusion into a water utility in Monterrey. The OT #breach ultimately failed — but that's almost beside the point. What the Dragos report actually documents is AI being used as a competent recon assistant: autonomously identifying a vNode SCADA/IIoT interface, recommending a password-spray attack, and generating a Python toolkit on the fly. No novel exploit. No nation-state budget. Just patience and a chat window.

This is the part of the AI-in-security conversation that tends to get lost between the breathless vendor marketing and the "fully autonomous AI attacks are not yet observed" reassurances. The threat doesn't need to be autonomous to be meaningful. Lowering the reconnaissance floor — making #OT infrastructure more legible to attackers who previously lacked the domain knowledge to navigate it — is already a significant capability shift. The Monterrey incident didn't succeed. The next one will be run by someone who learned from it.

→ Week #19/2026 also covers: A 64-day cPanel zero-day window, #ShinyHunters hits an ed-tech giant, and Europe blocks #Huawei from its solar grid.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-19-2026-offense-just-got-a-co-pilot

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🕵🏻‍♂️ [InfoSec MASHUP] - This week's news cycle handed us the usual parade of breaches, arrests, and patch-your-stuff urgency — but if you squint at the #Malware section long enough, a more uncomfortable story emerges. #SAP-related npm packages backdoored with a credential stealer. A popular #PyPI package hijacked via a forged signed release pushed through a compromised GitHub Actions workflow. Seventy-three "sleeper" extensions quietly sitting in #OpenVSX, waiting. The common thread: attackers aren't breaking down the front door anymore. They're walking in through the tools developers use every day, often with a valid signature and a clean commit history.

What makes this particularly fun — in the way a slow-motion disaster is fun — is that the blast radius isn't just the developer who ran pip install. It's every downstream user, every CI/CD pipeline, every AI coding agent that helpfully executed the preinstall hook without asking questions. The supply chain isn't a niche threat vector reserved for nation-state ops anymore. It's where commodity attackers are increasingly playing, because it scales beautifully and the detection gap remains embarrassingly wide.

→ Week #18/2026 also covers: Supply chain attackers found the path of least resistance, #OpenSSH patched a bug older than most junior devs, and #Europe is done pretending U.S. #cloud is a neutral choice.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2026-shinyhunters-week-off-they-didn-t-take-one

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🐛 Faster Bugs, Same Backlog — #Mythos Preview found thousands of zero-days across every major OS and browser in a matter of weeks. Anthropic was nervous enough about it to not release it publicly. That's notable. What's also notable is that "thousands of critical vulnerabilities" describes a perfectly ordinary patch Tuesday for most security teams — the backlog isn't new, the speed is.

The uncomfortable truth Project #Glasswing surfaces isn't that attackers are about to get a superpower (they are), it's that defenders have been relying on a fundamentally broken triage model for years. CVSS 10 gets the fire drill. The exploitable CVSS 6 sitting on an internet-facing legacy box gets the backlog. That gap is the actual attack surface. AI-accelerated discovery doesn't fix it — it just makes it more expensive to ignore.

→ Week #16/2026 also covers: AI vishing platforms hit the cybercrime market, NIST quietly caps CVE coverage, and Russia goes after a Swedish power grid.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-16-2026-faster-bugs-same-backlog

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

When bombs fall, keyboards follow. The #Handala attack on #Stryker — 200,000 systems claimed wiped, 50TB stolen, timed explicitly to the US-Israeli assault on Iran — is textbook retaliation hacktivist logic. But here's the thing nobody wants to say out loud: it barely matters whether the group is genuinely aggrieved civilians or a state front wearing a keffiyeh. The effect is identical. The deniability is the point.

Governments have learned that a "spontaneous" hacktivist campaign does more reputational work than an official cyberunit ever could — and when the targeting is this clean, "spontaneous" deserves serious scare quotes. We saw it with pro-Russian groups after #Ukraine. We saw it with pro-Palestinian groups after #Gaza. We're seeing it again now with #Iran. The pattern is consistent enough to be a doctrine at this point.

What makes it strategically interesting — and analytically treacherous — is the deliberate ambiguity it manufactures. A group claiming to represent bombed civilians carries far more narrative weight than one that's transparently state-linked. Attribution becomes a second-order problem: even if the group is genuinely independent, states benefit from the chaos and quietly let it run. Sometimes they seed it. Sometimes they just watch. The outcome for the victim is the same either way.

The targeting logic follows a reliable playbook too. Not purely military or intelligence targets — those carry too much legal and escalatory risk. Instead: corporations with visible ties to the aggressor country, ideally ones with symbolic weight or defense adjacency. #Stryker, with its $450M U.S. military contract and the same name as an Army armored carrier, checked every box. The selection wasn't random. It was a message dressed as an attack.

For defenders, none of this is new — but the tempo is accelerating. Geopolitical flashpoints are now predictable threat amplifiers with a measurable lag between event and campaign. Your company's government contracts, your country of incorporation, your defense-adjacent partnerships — these are part of your attack surface whether you've modelled them that way or not. The groups carrying the flag may be real, fake, or somewhere in the uncomfortable middle. It doesn't matter. The wiper doesn't care about the ideology behind it.

→ Week #11/2026 also covers:

🇺🇸 FBI hacked,

🇨🇳 Salt Typhoon goes global,

🤯 🔓️ 💬 #Instagram dropping E2E encryption

🤖 ⏱️ An #AI agent hacked McKinsey's #chatbot in two hours.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-11-2026-when-bombs-fall-keyboards-follow

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

This week's signal: Predator #spyware bypasses #iOS camera/mic indicators — that green dot means nothing if you're compromised;

→ Week #09/2026 also covers:

🔓 Conduent #breach: 25M people's data exposed;

🇰🇵 #Lazarus goes #ransomware with Medusa;

⏱️ #CrowdStrike: avg attacker breakout time now 29 minutes;

🤖 #Anthropic drops core #AI safety pledge & stands firm against Pentagon;

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-09-2026-your-iphone-has-a-green-dot-predator-doesn-t-care

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #07/2026 is out!

As #AI tools become the fastest, cheapest way to get medical advice, a quiet gap is opening in how our most sensitive data is protected. Many AI-powered health assistants — built by companies like #OpenAI, #Anthropic, and #Google — operate outside traditional healthcare regulations such as HIPAA. The result: deeply personal health data may be handled under consumer-tech #privacy standards, not medical ones.

This isn’t just a #healthcare story. It’s a pattern we’re seeing across industries and geographies: AI systems moving faster than the regulations designed for the roles they’re now playing. From #finance to #education, from #HR to legal advice, AI increasingly acts like a regulated professional — without always being treated like one under the law.

As convenience wins and guardrails lag, this week’s news raises a familiar infosec question: when technology changes the function, but regulation still defines the form, where does accountability really sit?

→ Let’s now dive into this week’s top insights! It includes the following and much more:

🇪🇺 👀 European Commission Investigating Cyberattack;

🇷🇴 🛢️ Romania's oil pipeline operator Conpet confirmed it was hit by a Qilin ransomware attack;

🦞 🦠 #OpenClaw Integrates #VirusTotal Scanning to Detect Malicious #ClawHub Skills;

🛑 💬 🇷🇺 #Russia is trying to fully block #WhatsApp;

🇰🇷 💍 Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches;

🇪🇺 🤝 The EU gave unconditional approval for Google’s $32 billion buyout of cloud security firm #Wiz

--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-07-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2026 is out!

→ It includes the following and much more:

🎣 📩 LastPass warns of a #phishing campaign pretending to be #LastPass;

🇺🇸 🎽 Under Armour investing #breach;

🇯🇴 📲 Jordanian authorities used #Cellebrite phone-cracking tools to extract data from activists’ phones without consent;

🇮🇪 👀 #Ireland plans a new law to let police use #spyware;

💬 🔐 @moxie launched #Confer, a #ChatGPT-like service built to protect user #privacy;

💥 Attackers exploiting critical Fortinet #FortiCloud flaw;

🇷🇺 🇵🇱 Russian government hackers likely tried to knock out parts of Poland’s power grid;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-04-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2026 is out!

→ It includes the following and much more:

🎣 📩 LastPass warns of a #phishing campaign pretending to be #LastPass;

🇺🇸 🎽 Under Armour investing #breach;

🇯🇴 📲 Jordanian authorities used #Cellebrite phone-cracking tools to extract data from activists’ phones without consent;

🇮🇪 👀 #Ireland plans a new law to let police use #spyware;

💬 🔐 @moxie launched #Confer, a #ChatGPT-like service built to protect user #privacy;

💥 Attackers exploiting critical Fortinet #FortiCloud flaw;

🇷🇺 🇵🇱 Russian government hackers likely tried to knock out parts of Poland’s power grid;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-04-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #03/2026 is out!

→ It includes the following and much more:

🔓️ #BreachForums had its user database leaked;

❌ #RedVDS Infrastructure seized by #Microsoft and Law Enforcement;

🇪🇸 🇪🇺 #Europol and Spanish police arrested 34 people linked to the Black Axe;

🇮🇷 🔌 #Iran has cut off internet and phone access nationwide for more than a week

🐧 New modular #Linux malware framework called #VoidLink;

🩸 #MongoBleed, a critical, unauthenticated #MongoDB memory-leak vulnerability;

📆 🩹 Microsoft #PatchTuesday addresses 112 defects, including one actively exploited zero-day;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-03-2026

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #49/2025 is out!

→ It includes the following and much more:

🇫🇷 French DIY retailer Leroy Merlin says a #cyberattack exposed some customers' personal data;

🇪🇺 🤑 European authorities shut down #Cryptomixer and seized about $28 million in #Bitcoin;

🇮🇳 📱 #India plans to verify and record every smartphone in circulation... and rolls back;

🔓️ 🤖 Vulnerability in #OpenAI’s Codex CLI;

🩹 🤫 #Microsoft Silently Mitigated Exploited LNK Vulnerability;

🇷🇺 🛑 Russia blocks #FaceTime and #Snapchat over use in terrorist attacks;

🇨🇳 💥 Chinese Hackers Started Exploiting #React2Shell Vulnerability;

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-49-2025

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #48/2025 is out!

→ It includes the following and much more:

🤖 #OpenAI says some user data was exposed in a #Mixpanel breach;

📄 #Gainsight says more customers were affected by suspicious activity tied to its #Salesforce apps;

🇪🇸 ✈️ Spanish airline #Iberia says a supplier was hacked and customers' names, emails, and frequent flyer numbers were stolen;

🇺🇸 👀 🇨🇳 The House Homeland Security Committee asked #Anthropic CEO Dario Amodei to testify about a likely Chinese #espionage campaign;

🪱 The self-replicating #worm called Shai-Hulud is back;

🇫🇷 ⚽️ French Soccer Federation Hit by #cyberattack, member data stolen;

--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-48-2025

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #47/2025 is out!

→ It includes the following and much more:

🇬🇧 💸 Jaguar Land Rover Hack Cost $260 Million;

🇮🇹 A hacker says they stole 2.3 TB of data from Italian IT firm Almaviva;

🔓️ 🗓️ Fortinet warns of new FortiWeb zero-day exploited in attacks;

🔐 Dozens of groups call for governments to protect #encryption;

🇷🇺 ❌ Five Eyes nations and the Netherlands sanctioned two bulletproof hosting providers;

🇬🇧 🇨🇳 #MI5 warned MPs that Chinese spies are using LinkedIn and fake #recruiters to target lawmakers and officials

🔓️ ☁️ Hundreds of #Salesforce customers hit by yet another third-party vendor #breach;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-47-2025