Viral social network "Moltbook" built entirely by artificial intelligence leaked authentication tokens, private messages and user emails through missing security controls in production environment.

Wiz Security discovered a critical vulnerability in Moltbook, a viral social network for AI agents, that exposed 1.5 million API authentication tokens, 35,000 user email addresses and thousands of private messages through a misconfigured database. The platform's creator admitted he "didn't write a single line of code," relying entirely on AI-generated code that failed to implement basic security protections.

The vulnerability stemmed from an exposed Supabase API key in client-side JavaScript that granted unauthenticated read and write access to Moltbook's entire production database. Researchers discovered the flaw within minutes of examining the platform's publicly accessible code bundles, demonstrating how easily attackers could compromise the system.

"When properly configured with Row Level Security, the public API key is safe to expose—it acts like a project identifier," explained Gal Nagli, Wiz's head of threat exposure. "However, without RLS policies, this key grants full database access to anyone who has it. In Moltbook's implementation, this critical line of defense was missing."

What's Moltbook

Moltbook launched January 28, as a Reddit-like platform where autonomous AI agents could post content, vote and interact with each other. The concept attracted significant attention from technology influencers, including former Tesla AI director Andrej Karpathy, who called it "the most incredible sci-fi takeoff-adjacent thing" he had seen recently. The viral attention drove massive traffic within hours of launch.

However, the platform's backend relied on Supabase, a popular open-source Firebase alternative providing hosted PostgreSQL databases with REST APIs. Supabase became especially popular with "vibe-coded" applications—projects built rapidly using AI code generation tools—due to its ease of setup. The service requires developers to enable Row Level Security policies to prevent unauthorized database access, but Moltbook's AI-generated code omitted this critical configuration.

Wiz researchers examined the client-side JavaScript bundles loaded automatically when users visited Moltbook's website. Modern web applications bundle configuration values into static JavaScript files, which can inadvertently expose sensitive credentials when developers fail to implement proper security practices.

What and How Data was Leaking

The exposed data included approximately 4.75 million database records. Beyond the 1.5 million API authentication tokens that would allow complete agent impersonation, researchers discovered 35,000 email addresses of platform users and an additional 29,631 early access signup emails. The platform claimed 1.5 million registered agents, but the database revealed only 17,000 human owners—an 88:1 ratio.

More concerning, 4,060 private direct message conversations between agents were fully accessible without encryption or access controls. Some conversations contained plaintext OpenAI API keys and other third-party credentials that users shared under the assumption of privacy. This demonstrated how a single platform misconfiguration can expose credentials for entirely unrelated services.

The vulnerability extended beyond read access. Even after Moltbook deployed an initial fix blocking read access to sensitive tables, write access to public tables remained open. Wiz researchers confirmed they could successfully modify existing posts on the platform, introducing risks of content manipulation and prompt injection attacks.

Wiz used GraphQL introspection—a method for exploring server data schemas—to map the complete database structure. Unlike properly secured implementations that would return errors or empty arrays for unauthorized queries, Moltbook's database responded as if researchers were authenticated administrators, immediately providing sensitive authentication tokens including API keys of the platform's top AI agents.

Matt Schlicht, CEO of Octane AI and Moltbook's creator, publicly stated his development approach: "I didn't write a single line of code for Moltbook. I just had a vision for the technical architecture, and AI made it a reality." This "vibe coding" practice prioritizes speed and intent over engineering rigor, but the Moltbook breach demonstrates the dangerous security oversights that can result.

Wiz followed responsible disclosure practices after discovering the vulnerability January 31. The company contacted Moltbook's maintainer and the platform deployed its first fix securing sensitive tables within a couple of hours. Additional fixes addressing exposed data, blocking write access and securing remaining tables followed over the next few hours, with final remediation completed by February 1.

"As AI continues to lower the barrier to building software, more builders with bold ideas but limited security experience will ship applications that handle real users and real data," Nagli concluded. "That's a powerful shift."

The breach revealed that anyone could register unlimited agents through simple loops with no rate limiting, and users could post content disguised as AI agents via basic POST requests. The platform lacked mechanisms to verify whether "agents" were actually autonomous AI or simply humans with scripts.

Also read: How “Unseeable Prompt Injections” Threaten AI Agents

Data accessed in October 2025 went undetected until February, affecting subscribers across the newsletter platform with no evidence of misuse yet identified.

Substack disclosed a security breach that exposed user email addresses, phone numbers and internal metadata to unauthorized third parties, revealing the incident occurred four months before the company detected the compromise. CEO Chris Best notified users Tuesday that attackers accessed the data in October 2025, though Substack only identified evidence of the breach on February 3.

"I'm incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here," Best wrote in the notification sent to affected users.

The breach allowed an unauthorized third party to access limited user data without permission through a vulnerability in Substack's systems. The company confirmed that credit card numbers, passwords and financial information were not accessed during the incident, limiting exposure to contact information and unspecified internal metadata.

Substack's Breach Detection Delay a Concern

The four-month detection gap raises questions about Substack's security monitoring capabilities and incident response procedures. Modern security frameworks typically emphasize rapid threat detection, with leading organizations aiming to identify breaches within days or hours rather than months. The extended dwell time—the period attackers maintained access before detection—gave threat actors ample opportunity to exfiltrate data undetected.

Substack claims it has fixed the vulnerability that enabled the breach but provided no technical details about the nature of the flaw or how attackers exploited it. The company stated it is conducting a full investigation and taking steps to improve systems and processes to prevent future incidents.

Best urged users to exercise caution with emails or text messages they receive, warning that exposed contact information could enable phishing attacks or social engineering campaigns. While Substack claims no evidence of data misuse exists, the four-month gap between compromise and detection means attackers had significant time to leverage stolen information.

The notification's vague language about "other internal metadata" leaves users uncertain about the full scope of exposed information. Internal metadata could include account creation dates, IP addresses, subscription lists, payment history or other details that, when combined with email addresses and phone numbers, create comprehensive user profiles valuable to attackers.

Substack Breach Impact

Newsletter platforms like Substack represent attractive targets for threat actors because they aggregate contact information for engaged audiences across diverse topics. Compromised email lists enable targeted phishing campaigns, while phone numbers facilitate smishing attacks—phishing via text message—that many users find less suspicious than email-based attempts.

The breach affects Substack's reputation as the platform competes for writers and subscribers against established players and emerging alternatives. Trust forms the foundation of newsletter platforms, where creators depend on reliable infrastructure to maintain relationships with paying subscribers.

Substack has not disclosed how many users were affected, whether the company will offer identity protection services, or if it has notified law enforcement about the breach. The company also has not confirmed whether it will face regulatory scrutiny under data protection laws in jurisdictions where affected users reside.

Users should remain vigilant for suspicious communications, enable two-factor authentication where available, and monitor accounts for unauthorized activity following the disclosure.

Also read: EU Data Breach Notifications Surge as GDPR Changes Loom

Ukraine's cyber defenders warn Russian hackers weaponized a Microsoft zero-day within 24 hours of public disclosure, targeting government agencies with malicious documents delivering Covenant framework backdoors.

Russian state-sponsored hacking group APT28 used a critical Microsoft Office zero-day vulnerability, tracked as CVE-2026-21509, in less than a day after the vendor publicly disclosed the flaw, launching targeted attacks against Ukrainian government agencies and European Union institutions.

Ukraine's Computer Emergency Response Team detected exploitation attempts that began on January 27—just one day after Microsoft published details about CVE-2026-21509.

Microsoft had acknowledged active exploitation when it disclosed the flaw on January 26, but details pertaining to the threat actors were withheld and it is still unclear if it is the same or some other exploitation campaign that the vendor meant. However, the speed at which APT28 deployed customized attacks shows the narrow window defenders have to patch critical vulnerabilities.

Also read: APT28’s Recent Campaign Combined Steganography, Cloud C2 into a Modular Infection Chain

CERT-UA discovered a malicious DOC file titled "Consultation_Topics_Ukraine(Final).doc" containing the CVE-2026-21509 exploit on January 29. Metadata revealed attackers created the document on January 27 at 07:43 UTC. The file masqueraded as materials related to Committee of Permanent Representatives to the European Union consultations on Ukraine's situation.

On the same day, attackers impersonated Ukraine's Ukrhydrometeorological Center, distributing emails with an attached DOC file named "BULLETEN_H.doc" to more than 60 email addresses. Recipients primarily included Ukrainian central executive government agencies, representing a coordinated campaign against critical government infrastructure.

The attack chain begins when victims open malicious documents using Microsoft Office. The exploit establishes network connections to external resources using the WebDAV protocol—a file sharing protocol that extends HTTP to enable collaborative editing. The connection downloads a shortcut file containing program code designed to retrieve and execute additional malicious payloads.

Successful execution creates a DLL file "EhStoreShell.dll" disguised as a legitimate "Enhanced Storage Shell Extension" library, along with an image file "SplashScreen.png" containing shellcode. Attackers implement COM hijacking by modifying Windows registry values for a specific CLSID identifier, a technique that allows malicious code to execute when legitimate Windows components load.

The malware creates a scheduled task named "OneDriveHealth" that executes periodically. When triggered, the task terminates and relaunches the Windows Explorer process. Because of the COM hijacking modification, Explorer automatically loads the malicious EhStoreShell.dll file, which then executes shellcode from the image file to deploy the Covenant framework on compromised systems.

Covenant is a post-exploitation framework similar to Cobalt Strike that provides attackers persistent command-and-control access. In this campaign, APT28 configured Covenant to use Filen.io, a legitimate cloud storage service, as command-and-control infrastructure. This technique, called living-off-the-land, makes malicious traffic appear legitimate and harder to detect.

CERT-UA discovered three additional malicious documents using similar exploits in late January 2026. Analysis of embedded URL structures and other technical indicators revealed these documents targeted organizations in EU countries. In one case, attackers registered a domain name on January 30, 2026—the same day they deployed it in attacks—demonstrating the operation's speed and agility.

"It is obvious that in the near future, including due to the inertia of the process or impossibility of users updating the Microsoft Office suite and/or using recommended protection mechanisms, the number of cyberattacks using the described vulnerability will begin to increase," CERT-UA warned in its advisory.

Microsoft released an emergency fix for CVE-2026-21509, but many organizations struggle to rapidly deploy patches across enterprise environments. The vulnerability affects multiple Microsoft Office products, creating a broad attack surface that threat actors will continue exploiting as long as unpatched systems remain accessible.

Read: Microsoft Releases Emergency Fix for Exploited Office Zero-Day

CERT-UA attributes the campaign to UAC-0001, the agency's designation for APT28, also known as Fancy Bear or Forest Blizzard. The group operates on behalf of Russia's GRU military intelligence agency and has conducted extensive operations targeting Ukraine since Russia's 2022 invasion. APT28 previously exploited Microsoft vulnerabilities within hours of disclosure, demonstrating consistent capability to rapidly weaponize newly discovered flaws.

CERT-UA recommends organizations immediately implement mitigation measures outlined in Microsoft's advisory, particularly Windows registry modifications that prevent exploitation. The agency specifically urges blocking or monitoring network connections to Filen cloud storage infrastructure, providing lists of domain names and IP addresses in its indicators of compromise section.

Two code injection vulnerabilities allowed unauthenticated attackers to execute arbitrary code and access sensitive device information across compromised networks.

Ivanti released emergency patches for two critical zero-day vulnerabilities in Endpoint Manager Mobile after discovering attackers exploited the flaws to compromise customer systems. The company confirmed a limited number of organizations fell victim to attacks leveraging CVE-2026-1281, which CISA added to its Known Exploited Vulnerabilities catalog with a February 1 remediation deadline for federal agencies.

The Code Injection Zero-Days

Both CVE-2026-1281 and CVE-2026-1340 are code injection flaws affecting EPMM's In-House Application Distribution and Android File Transfer Configuration features. Rated critical with CVSS scores of 9.8, the vulnerabilities allow unauthenticated remote attackers to execute arbitrary code on vulnerable on-premises EPMM installations without any prior authentication.

"We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure," Ivanti stated in its security advisory released Thursday. The company acknowledged it lacks sufficient information about the threat actors or comprehensive indicators of compromise due to the sophistication of the attacks.

The vulnerabilities affect only on-premises EPMM deployments and do not impact cloud-hosted Ivanti Neurons for Mobile Device Management, Ivanti Endpoint Manager, the Ivanti Sentry secure mobile gateway or any other Ivanti products. However, the company recommends organizations review Sentry logs alongside EPMM systems for potential lateral movement.

What Attackers Can Siphon

Successful exploitation grants attackers access to mobile device management infrastructure. Compromised EPMM appliances expose administrator and user credentials, including usernames and email addresses. Attackers gain visibility into managed mobile devices, accessing phone numbers, IP addresses, installed applications and device identifiers like IMEI and MAC addresses.

Organizations with location tracking enabled face additional exposure. Attackers accessing compromised systems can retrieve device location data including GPS coordinates and cellular tower information. More critically, attackers can leverage EPMM's API or web console to modify device configurations, including authentication settings.

Urgent Remediation Called For

Ivanti released RPM scripts providing temporary mitigation for affected EPMM versions. Organizations running versions 12.5.0.x, 12.6.0.x and 12.7.0.x should deploy RPM 12.x.0.x, while those operating versions 12.5.1.0 and 12.6.1.0 require RPM 12.x.1.x. The company emphasized that applying patches requires no downtime and causes no functional impact.

"If after applying the RPM script to your appliance, you upgrade to a new version you will need to reinstall the RPM," Ivanti warned. The permanent fix for this vulnerability will be included in the next product release: 12.8.0.0," scheduled for release later in Q1 2026.

Also read: Ivanti Bugs Exploited Even After Three Months of Patch Availability

Organizations suspecting compromise should not attempt to clean affected systems. Ivanti recommends either restoring EPMM from known-good backups taken before exploitation occurred or rebuilding the appliance and migrating data to replacement systems. After restoration, administrators must reset passwords for local EPMM accounts, LDAP and KDC service accounts, revoke and replace public certificates, and reset passwords for all internal and external service accounts configured with EPMM.

The company's analysis guidance shows particular risks around Sentry integration. While EPMM can be restricted to demilitarized zones with minimal corporate network access, Sentry specifically tunnels traffic from mobile devices to internal network assets. Organizations should review systems accessible through Sentry for potential reconnaissance or lateral movement.

CISA Issues a Tight Two-Day Deadline

CISA's addition of CVE-2026-1281 to the KEV catalog triggers Binding Operational Directive 22-01 requirements. Federal civilian agencies must apply vendor mitigations or discontinue using vulnerable systems by February 1, 2026. CISA strongly urges all organizations, not just federal agencies, to prioritize remediation as part of vulnerability management practices.

Notably, CISA added only CVE-2026-1281 to the KEV catalog despite Ivanti confirming exploitation of both vulnerabilities. The agency has not explained this discrepancy.

Also read: CISA Warns of New Malware Campaign Exploiting Ivanti EPMM Vulnerabilities

The disclosure continues Ivanti's troubled 2025, which saw widespread exploitation of multiple zero-day vulnerabilities across its product portfolio. Security researchers previously linked EPMM attacks to sophisticated threat actors, with some incidents attributed to China-nexus advanced persistent threat groups.

Also read: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation

These management platforms represent high-value targets because compromising them effectively transforms the system into enterprise-wide command-and-control infrastructure.

Organizations should apply patches immediately and conduct thorough security assessments of potentially compromised systems to prevent further damage from these actively exploited vulnerabilities.

Researchers discover phishing toolkits specifically engineered for voice-based social engineering attacks—often called "vishing"—that synchronize fake login pages with live phone conversations to defeat multifactor authentication. These custom kits, sold as-a-service to criminals, enable attackers to control what victims see in their browsers while simultaneously coaching them through fraudulent authentication steps over the phone.

The phishing toolkits target major identity providers including Google, Microsoft, Okta and various cryptocurrency platforms. Unlike traditional phishing that relies solely on deceptive emails, these hybrid attacks combine real-time human manipulation with dynamic web interfaces that adapt to each victim's security setup.

"Once you get into the driver's seat of one of these tools, you can immediately see why we are observing higher volumes of voice-based social engineering," Moussa Diallo, threat researcher at Okta Threat Intelligence, said. The threat actor can use this synchronization to defeat any form of MFA that is not phishing-resistant.

How the Latest Phishing Toolkits Work

The kits employ client-side scripts allowing attackers to orchestrate authentication flows in victims' browsers during live calls, researchers at Okta Threat Intelligence found. This real-time control delivers the plausibility criminals need to convince targets to approve push notifications, submit one-time passcodes or take actions that bypass multifactor authentication controls.

Attack sequences typically follow a consistent pattern. Threat actors perform reconnaissance to learn employee names, commonly used applications and IT support phone numbers. They then set customized phishing pages live and call targets while spoofing the company's actual support number.

Callers convince victims to navigate to phishing sites under pretenses like IT security requirements or account verification. When victims enter credentials, attackers receive them instantly via Telegram. The attacker simultaneously enters these credentials into the legitimate login page to see which multifactor authentication challenges appear.

Here's where the real-time orchestration becomes devastatingly effective. Attackers update phishing sites on the fly to display pages matching whatever they're telling victims over the phone. If the legitimate service sends a push notification, the caller verbally warns the victim to expect it while simultaneously commanding their control panel to display a message implying the push was sent legitimately.\

Also read: ‘Unprecedented Scale’ of Credential Stuffing Attacks Observed: Okta

This synchronization provides unprecedented control. The phishing kits Okta analyzed include command-and-control panels showing attackers exactly what victims see, with options to dynamically switch between different authentication scenarios—push notifications, one-time passcodes, backup codes or other challenges.

The toolkits even defeat push notifications with number matching or number challenge verification—security features designed specifically to combat phishing. Because attackers interact directly with victims, they simply ask targets to select or enter specific numbers displayed in the push challenge.

Push with number matching/challenge is not phishing-resistant by definition, as a social engineer interacting on the phone with a targeted user can simply request a user to choose or enter a specific number," Okta's threat advisory explained.

Only phishing-resistant authentication methods like FIDO passkeys protect users from these attacks. These technologies cryptographically verify users without transmitting credentials that attackers can intercept or manipulate.

Diallo predicts the industry sits at the beginning of a wave of voice-enabled phishing attacks augmented by real-time session orchestration tools. The expertise required to conduct these social engineering campaigns is itself sold as-a-service, lowering barriers to entry for less technically skilled criminals.

Okta researchers observed newer phishing kits copying the real-time orchestration features from earlier toolkits, with fraudsters selling access to bespoke control panels customized for specific identity providers and cryptocurrency platforms rather than generic kits targeting multiple services.

Earlier kits offered basic credential harvesting across multiple platforms. Current-generation toolkits provide specialized capabilities synchronized specifically to caller scripts, creating seamless fraudulent experiences that closely mimic legitimate authentication flows.

Defenders face no ambiguity about necessary countermeasures. Organizations must enforce phishing-resistant authentication for resource access. Organizations can also frustrate social engineering actors by implementing network zones or tenant access control lists that deny authentication from anonymizing services favored by threat actors. The strategy requires knowing where legitimate requests originate and allowlisting those networks.

Some financial institutions and cryptocurrency exchanges experiment with live caller verification, where users can sign into mobile apps during phone calls to confirm whether they're speaking with authorized representatives.

The emergence of these synchronized vishing toolkits shows how social engineering continues evolving beyond simple deception into orchestrated attacks combining human manipulation with sophisticated technical infrastructure. Organizations relying on traditional multifactor authentication without phishing resistance face mounting vulnerability to these hybrid threats.

Network administrators worldwide are scrambling this morning following credible reports that the critical Fortinet Single Sign-On (SSO) vulnerability, tracked as CVE-2025-59718, is being actively exploited on systems previously thought to be patched.

The vulnerability, originally disclosed in December 2025, allows unauthenticated attackers to bypass authentication on FortiGate firewalls by forging SAML assertions. At the time, Fortinet released FortiOS version 7.4.9 as the definitive fix for the 7.4 release branch. However, emerging data from the cybersecurity community suggests this update may have failed to close the door on attackers.

The "Zombie" FortiOS Vulnerability

Over the last 48 hours, a wave of reports has surfaced on community hubs like Reddit, where verified administrators have shared logs indicating successful breaches on devices running the supposedly secure FortiOS 7.4.9.

The attack pattern is distinct and alarming. Victims report observing unauthorized logins via the FortiCloud SSO mechanism—even when they do not actively use the feature for their own administration. Once access is gained, the attackers typically create a local administrator account, often named "helpdesk" or similar generic terms, to establish persistence independent of the SSO flaw.

"We have been on 7.4.9 since December 30th," wrote one frustrated administrator who shared redacted logs of the incident. "Our SIEM caught a local admin account being created. The attack vector looks exactly like the original CVE-2025-59718 exploit, but against the patched firmware.

Technical Confusion and Workarounds

The persistence of this flaw in version 7.4.9 has led to speculation that the initial patch was incomplete or that attackers have found a bypass to the mitigation logic. Some users report that Fortinet support has acknowledged the issue privately, hinting that the vulnerability might persist even into upcoming builds like 7.4.10, though this remains unconfirmed by official public advisories.

The exploit relies on the "Allow administrative login using FortiCloud SSO" setting, which is often enabled by default when a device is registered to FortiCloud.

Security experts are now advising a "trust no patch" approach for this specific vector. The only guaranteed mitigation currently circulating in professional circles is to manually disable the vulnerable feature via the Command Line Interface (CLI), regardless of the firmware version installed.

Administrators are urged to run the following command immediately on all FortiGate units:

config system global
    set admin-forticloud-sso-login disable
end

Indicators of Compromise

Organizations running FortiOS 7.4.x—including version 7.4.9—should immediately audit their system event logs for the following activity:

1. Unexpected SSO Logins: Filter logs for successful logins where the method is forticloud-sso, especially from unrecognized public IP addresses.

2. New User Creation: Check for the recent creation of administrator accounts with names like helpdesk, support, or fortinet-admin.

3. Configuration Exports: Look for logs indicating a full system configuration download shortly after an SSO login.

As trust in the official patch cycle wavers, the community is once again serving as the first line of defense, sharing Indicators of Compromise (IOCs) and workarounds faster than vendors can issue bulletins. For now, disable the SSO feature, or risk compromise.

Also read: Israeli Hackers Claim Responsibility for Internet Disruption in Iran

Internet Blackout for Digital Censorship

NetBlocks reported Iran’s internet connectivity at a bare minimum of 1% today, which effectively cuts-off the public not only with the outside world but also zeroes their ability to communicate with one another at a time of crisis. Over 80 million people remain affected due to this internet blackout.

One of the favored alternative - a plan B - for the Iranians was switching to Elon Musk's Starlink services, which had seen an uptick in subscriptions since the 2022 demonstrations that erupted in Iran due to the death of Mahsa Amini. A similar 12-days long internet shutdown was enforced at the time. However, media reports suggest the Iranian authorities have likely developed a "Kill Switch" that's been disrupting the services of Starlink receivers since the 12-days war with Israel, in June, last year. Starlink works on the GPS signals and Iran was likely using GPS jammers to make drone attacks ineffective.

Some experts familiar with this said they have observed nearly 80% drop in the data packets from Starlink in certain areas in the last few days, indicating Starlink access issues.

Trump Considers Cyberattacks on Tehran

Meanwhile, the UN Independent International Fact-Finding Mission has asked the Iranian government to immediately restore internet and mobile connectivity and to put an end to “violent repression.” The UN.  expressed concern over information indicating that the National Security Council had instructed security forces to carry out repression in a decisive and "unrestrained" manner.

Also read: Israel-Iran Conflict Sparks Wider Cyber Conflict, New Malware

President Donald Trump has ordered the immediate withdrawal of the United States from several premier international bodies dedicated to cybersecurity, digital human rights, and countering hybrid warfare, as part of a major restructuring of American defense and diplomatic posture. The directive is part of a memorandum issued on Monday, targeting 66 international organizations deemed "contrary to the interests of the United States."

While the memorandum’s cuts to climate and development sectors have grabbed headlines, national security experts will be worries of the targeted dismantling of U.S. participation in key security alliances in the digital realm. The President has explicitly directed withdrawal from the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE), the Global Forum on Cyber Expertise (GFCE), and the Freedom Online Coalition (FOC).

"I have considered the Secretary of State’s report... and have determined that it is contrary to the interests of the United States to remain a member," President Trump said. The U.S. Secretary of State Marco Rubio backed POTUS' move calling these coalitions "wasteful, ineffective, and harmful."

"These institutions (are found) to be redundant in their scope, mismanaged, unnecessary, wasteful, poorly run, captured by the interests of actors advancing their own agendas contrary to our own, or a threat to our nation’s sovereignty, freedoms, and general prosperity," Rubio said. "President Trump is clear: It is no longer acceptable to be sending these institutions the blood, sweat, and treasure of the American people, with little to nothing to show for it. The days of billions of dollars in taxpayer money flowing to foreign interests at the expense of our people are over."

Dismantling the Hybrid Defense Shield

Perhaps the most significant strategic loss is the U.S. exit from the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE). Based in Helsinki, the Hybrid CoE is unique as the primary operational bridge between NATO and the European Union.

The Centre was established to analyze and counter "hybrid" threats—ambiguous, non-military attacks such as election interference, disinformation campaigns, and economic coercion, tactics frequently attributed to state actors like Russia and China. By withdrawing, the U.S. is effectively blinding the shared intelligence and coordinated response mechanisms that European allies rely on to detect these sub-threshold attacks. The U.S. participation was seen as a key deterrent; without it, the trans-Atlantic unified front against hybrid warfare could be severely fractured.

Also read: Russia-Linked Hybrid Campaign Targeted 2024 Elections: Romanian Prosecutor General

Abandoning Global Cyber Capacity Building

The administration is also pulling out of the Global Forum on Cyber Expertise (GFCE). Unlike a military alliance, the GFCE is a pragmatic, multi-stakeholder platform that consists of 260+ members and partners bringing together governments, private tech companies, and NGOs to build cyber capacity in developing nations.

The GFCE’s mission is to strengthen global cyber defenses by helping nations develop their own incident response teams, cyber crime laws, and critical infrastructure protection. A U.S. exit here opens a power vacuum. As the U.S. retreats from funding and guiding the capacity-building efforts, rival powers may step in to offer their own support, potentially embedding authoritarian standards into the digital infrastructure of the Global South.

A Blow to Internet Freedom

Finally, the withdrawal from the Freedom Online Coalition (FOC) marks an ideological shift. The FOC is a partnership of 42 governments committed to advancing human rights online, specifically fighting against internet shutdowns, censorship, and digital authoritarianism.

The U.S. has historically been a leading voice in the FOC, using the coalition to pressure regimes that restrict internet access or persecute digital dissidents. Leaving the FOC suggests the Trump administration is deprioritizing the promotion of digital human rights as a foreign policy objective. This could embolden authoritarian regimes to tighten control over their domestic internets without fear of a coordinated diplomatic backlash from the West.

The "America First" Cyber Doctrine

The administration argues these withdrawals are necessary to stop funding globalist bureaucracies that constrain U.S. action. By exiting, the White House aims to reallocate resources to bilateral partnerships where the U.S. can exert more direct leverage. However, critics could argue that in the interconnected domain of cyberspace, isolation is a vulnerability. By ceding the chair at these tables, the United States may find itself writing the rules of the next digital conflict alone, while the rest of the world—friend and foe alike—organizes without it.

The article was updated to include GFCE spokesperson's response and U.S. Secretary of State Marco Rubio's statement.

Also read: Trump’s Team Removes TSA Leader Pekoske as Cyber Threats Intensify

The cybersecurity world is facing a "Heartbleed" moment for the NoSQL era. A critical vulnerability in MongoDB, the world’s most popular non-relational database, is being actively exploited in the wild, allowing unauthenticated attackers to "bleed" sensitive memory directly from server processes.

Dubbed "MongoBleed" and tracked as CVE-2025-14847, the flaw represents a catastrophic breakdown in how MongoDB handles compressed data. According to researchers at Wiz, who first sounded the alarm on the active exploitation, the vulnerability allows an attacker to remotely read fragments of the server's memory—potentially exposed credentials, session tokens, and the very data the database is meant to protect—without ever needing a password.

The Mechanics of the Leak

At the heart of MongoBleed is a classic security failure- an out-of-bounds (OOB) read. The vulnerability resides in MongoDB’s implementation of the 'zlib' compression library within its wire protocol.

When a client communicates with a MongoDB server, it can use compression to save bandwidth. Security researchers at OX Security noted that by sending a specially crafted, malformed compressed message, an attacker can trick the server into reading past the allocated buffer. Because the server fails to properly validate the length of the decompressed data against the actual buffer size, it responds by sending back whatever happens to be sitting in the adjacent memory.

This is a haunting echo of the 2014 Heartbleed bug in OpenSSL. Like its predecessor, MongoBleed doesn't require the attacker to "break in" through the front door; instead, it allows them to sit outside and repeatedly ask the server for "scraps" of its internal memory until they’ve reconstructed enough data to stage a full-scale breach.

Exploitation in the Wild

The situation escalated quickly from a theoretical risk to a live crisis. Wiz reported that their global sensor network has detected automated scanners and exploit attempts targeting the flaw almost immediately after technical details began to circulate.

Joe Desimone, a cybersecurity researcher from Elastic Security also published a proof-of-concept exploit which showed how data related to MongoDB internal logs and state, WiredTiger storage engine configuration, system /proc data (meminfo, network stats), Docker container paths, and connection UUIDs and client IPs could be leaked using the MongoBleed bug.

The threat is particularly acute because MongoDB is often the backbone of modern web applications, storing everything from user PII to sensitive financial records. MongoDB has a very large footprint with over 200k internet-facing instances.

The ease of exploitation combined with the lack of authentication makes this a perfect storm for attackers, the Wiz team noted in their analysis. In many cases, an attacker only needs a single successful "bleed" to capture an administrative session token, granting them full control over the entire database cluster.

The Australian Cyber Security Centre (ACSC) has also issued an urgent advisory, warning organizations that the vulnerability affects a vast range of versions, from legacy 4.4 installs up to the most recent 8.0 releases.

For defenders, the challenge is that these memory-leak attacks are notoriously "quiet." Because they happen at the protocol level and don’t involve traditional "login" events, they often bypass standard application-layer logs.

Security researchers like Kevin Beaumont, have also reiterated this. "Because of how simple this is now to exploit — the bar is removed — expect high likelihood of mass exploitation and related security incidents," Beaumont wrote in his personal blog. "The exploit author has provided no details on how to detect exploitation in logs via products like.. Elastic. Advice would be to keep calm and patch internet facing assets.

The Race to Patch

The MongoDB team has moved swiftly to release patches, but the sheer scale of the MongoDB install base makes global remediation a daunting task. The following versions have been identified as patched and safe:

• MongoDB 8.0.4

• MongoDB 7.0.16

• MongoDB 6.0.19

• MongoDB 5.0.31

For organizations that cannot patch immediately, experts recommend a "nuclear" temporary workaround: disabling zlib compression. While this may result in a slight performance hit and increased bandwidth usage, it effectively closes the vector used by MongoBleed.

The aviation sector, government agencies, and tech giants alike are now in a frantic race against time. With automated exploit kits already circulating on dark web forums, the window for patching is closing. For anyone running MongoDB, the time to act was yesterday.

Also read: MongoDB Cyberattack Reveals Customer Data Compromise: Incident Response in Progress

Just weeks after the devastating "Second Coming" campaign crippled thousands of development environments, the threat actor behind the Shai-Hulud worm has returned. Security researchers at Aikido have detected a new, evolved strain of the malware dubbed "The Golden Path," signaling that the most aggressive supply chain predator in the npm ecosystem is far from finished.

This latest iteration was first spotted on over the weekend, embedded within the package @vietmoney/react-big-calendar. While the initial discovery suggests the attackers may still be in a "testing" phase with limited spread, the technical refinements found in the code point to a more resilient and cross-platform threat.

Evolution of a Predator

Shai-Hulud has long utilized a Dune-inspired theatrical flair, but its latest evolution suggests a shift in branding. In this new wave, stolen data is exfiltrated to GitHub repositories featuring a cryptic new description: "Goldox-T3chs: Only Happy Girl.

Technically, "The Golden Path" is a significant upgrade. Earlier versions of the worm struggled with Windows environments when attempting to self-propagate using the bun runtime. The new strain specifically addresses this, implementing cross-platform publishing capabilities that ensure the worm can spread regardless of the victim's operating system.

Researchers also noted a shift in file nomenclature—the malware now operates via bun_installer.js and environment_source.js—and features improved error handling for TruffleHog, the secret-scanning tool the worm uses to harvest AWS, GCP, and Azure credentials. By refining its timeout logic, the malware is now less likely to crash during high-latency scans, making its "smash-and-grab" operations more reliable.

A Legacy of Disruption

This isn't Shai-Hulud’s first rodeo. The group first made headlines in September 2025 when a massive campaign hit over 500 npm packages, including those belonging to cybersecurity giant CrowdStrike.

Read: CrowdStrike Among Those Hit in NPM Attack Campaign

That initial strike was historically significant, resulting in the theft of an estimated $50 million in cryptocurrency and proving that even the most security-conscious organizations are vulnerable to upstream dependency hijacking.

In November, the "Second Coming" wave escalated the stakes by introducing a "dead man’s switch"—a destructive payload designed to wipe a user's home directory if the malware detected it had been cut off from its command-and-control (C2) servers.

Read: New Shai-Hulud Attack Hits Nearly 500 npm Packages with 100+ Million Downloads

The Supply Chain Standoff

The return of Shai-Hulud underscores a grim reality for modern DevOps: trust is a liability. By targeting the preinstall phase of npm packages, the malware executes before a developer even realizes a package is malicious.

"The differences in the code suggests that this was obfuscated again from original source, not modified in place," Aikido researchers noted. "This makes it highly unlikely to be a copy-cat, but was made by somebody who had access to the original source code for the worm."

Relying on npm’s default security is no longer sufficient. Organizations are urged to adopt "Trusted Publishing," enforce strict lockfile integrity, and utilize package-aging tools that block the installation of brand-new, unvetted releases. In the world of Shai-Hulud, the only way to survive the desert is to stop trusting the ground beneath your feet.

Romania's National Directorate for Cyber Security disclosed that on Saturday a ransomware attack compromised approximately 1,000 IT systems belonging to the nation's water authority - known as Administrația Națională Apele Române. The attack impacted 10 of the country's 11 regional water basin administrations including Oradea, Cluj, Iași, Siret, and Buzău.

The attackers exploited BitLocker—a legitimate Windows encryption mechanism—for malicious purposes to lock files across the infrastructure and deliver a ransom note demanding contact within seven days.

The incident affected multiple critical systems including Geographical Information System (GIS) application servers, database servers, Windows workstations, Windows Server systems, email and web servers, and Domain Name Servers. Despite the extensive IT compromise, operational technologies remained unaffected, allowing normal operations to continue.

Hydrotechnical Structures Remain Secure

The Romanian water authority clarified that the operation of hydrotechnical structures continues solely through dispatch centers using voice communications. Hydrotechnical constructions remain secure and are operated locally by specialized personnel coordinated through dispatch centers.

The organization stressed that despite the IT infrastructure compromise, water management operations including dam control, flood management, and water distribution systems continue functioning normally through manual oversight and voice coordination protocols developed for such contingencies.

BitLocker Weaponized for Malicious Encryption

Following an initial technical evaluation, investigators determined attackers exploited BitLocker, a legitimate encryption mechanism for Windows operating systems, using it maliciously to produce file blocking through encryption across affected systems. This technique represents an evolution in ransomware tactics where threat actors leverage built-in security tools rather than deploying custom malware.

The attackers transmitted a ransom note demanding contact within seven days. The National Directorate for Cyber Security reiterated its strict policy and recommendation that ransomware attack victims will not contact or negotiate with cyber attackers to avoid encouraging and financing this criminal ecosystem.

The Cyber Express reached out to the media center of the DNSC to understand what data was compromised and which group had claimed responsibility of the attack but authorities recommended that IT teams at the National Administration of Romanian Waters or regional water administrations should not be contacted, allowing them to concentrate on restoring IT services without distraction from media inquiries or external pressure.

Also read: Russia-Linked Hybrid Campaign Targeted 2024 Elections: Romanian Prosecutor General

Infrastructure Not Protected by National Cyber Defense System

The investigation revealed that Romanian water authority infrastructure was not currently protected through the national protection system for IT infrastructures with critical importance for national security against threats from cyberspace.

Necessary procedures have now been initiated to integrate this infrastructure into systems developed by the National Cyber Intelligence Center for ensuring cyber protection of both public IT infrastructures and private ones with critical importance for national security through use of cyber intelligence technologies.

Technical teams from the Directorate, National Administration Romanian Waters, the National Cyber Intelligence Center within the Romanian Intelligence Service, affected entities, and other state authorities with competencies in cybersecurity are actively involved in investigating and limiting the impact of the cyber incident.

Amazon Web Services (AWS) has attributed a persistent multi-year cyber espionage campaign targeting Western critical infrastructure, particularly the energy sector, to a group strongly linked with Russia’s Main Intelligence Directorate (GRU), known widely as Sandworm (or APT44).

In a report released Monday, the cloud giant’s threat intelligence teams revealed that the Russian-nexus actor has maintained a "sustained focus" on North American and European critical infrastructure, with operations spanning from 2021 through the present day.

Misconfigured Devices are the Attackers' Gateway

Crucially, the AWS investigation found that the initial successful compromises were not due to any weakness in the AWS platform itself, but rather the exploitation of customer misconfigured devices. The threat actor is exploiting a fundamental failure in network defense, that of, customers failing to properly secure their network edge devices and virtual appliances.

The operation focuses on stealing credentials and establishing long-term persistence, often by compromising third-party network appliance software running on platforms like Amazon Elastic Compute Cloud (EC2).

AWS CISO CJ Moses commented in the report, warning, "Going into 2026, organizations must prioritize securing their network edge devices and monitoring for credential replay attacks to defend against this persistent threat."

Persistence and Credential Theft, Part of the Sandworm Playbook

AWS observed the GRU-linked group employing several key tactics, techniques, and procedures (TTPs) aligned with their historical playbook:

1. Exploiting Misconfigurations: Leveraging customer-side mistakes, particularly in exposed network appliances, to gain initial access.

2. Establishing Persistence: Analyzing network connections to show the actor-controlled IP addresses establishing persistent, long-term connections to the compromised EC2 instances.

3. Credential Harvesting: The ultimate objective is credential theft, enabling the attackers to move laterally across networks and escalate privileges, often targeting the accounts of critical infrastructure operators.

AWS’s analysis of infrastructure overlaps with known Sandworm operations—a group infamous for disruptive attacks like the 2015 and 2016 power grid blackouts in Ukraine—provides high confidence in the attribution.

Recently, threat intelligence company Cyble had detected advanced backdoors targeting the defense systems and the TTPs closely resembled Russia's Sandworm playbook.

Read: Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure

Singular Focus on the Energy Supply Chain

The targeting profile analyzed by AWS' threat intelligence teams demonstrates a calculated and sustained focus on the global energy sector supply chain, including both direct operators and the technology providers that support them:

• Energy Sector: Electric utility organizations, energy providers, and managed security service providers (MSSPs) specializing in energy clients.

• Technology/Cloud Services: Collaboration platforms and source code repositories essential for critical infrastructure development.

• Telecommunications: Telecom providers across multiple regions.

The geographic scope of the targeting is global, encompassing North America, Western and Eastern Europe, and the Middle East, illustrating a strategic objective to gain footholds in the operational technology (OT) and enterprise networks that govern power distribution and energy flow across NATO countries and allies.

From Cloud Edge to Credential Theft

AWS’ telemetry exposed a methodical, five-step campaign flow that leverages customer misconfiguration on cloud-hosted devices to gain initial access:

1. Compromise Customer Network Edge Device hosted on AWS: The attack begins by exploiting customer-side vulnerabilities or misconfigurations in network edge devices (like firewalls or virtual appliances) running on platforms like Amazon EC2.

2. Leverage Native Packet Capture Capability: Once inside, the actor exploits the device's own native functionality to eavesdrop on network traffic.

3. Harvest Credentials from Intercepted Traffic: The crucial step involves stealing usernames and passwords from the intercepted traffic as they pass through the compromised device.

4. Replay Credentials Against Victim Organizations’ Online Services and Infrastructure: The harvested credentials are then "replayed" (used) to access other services, allowing the attackers to pivot from the compromised appliance into the broader victim network.

5. Establish Persistent Access for Lateral Movement: Finally, the actors establish a covert, long-term presence to facilitate lateral movement and further espionage.

Secure the Edge and Stop Credential Replay

AWS has stated that while its infrastructure remains secure, the onus is on customers to correct the foundational security flaws that enable this campaign. The report strongly advises organizations to take immediate action on two fronts:

• Secure Network Edge: Conduct thorough audits and patching of all network appliances and virtual devices exposed to the public internet, ensuring they are configured securely.

• Monitor for Credential Replay: Implement advanced monitoring for indicators of compromise (IOCs) associated with credential replay and theft attacks, which the threat actors are leveraging to move deeper into target environments.

India's Central Bureau of Investigation uncovered and disrupted a large-scale cyber fraud infrastructure, which it calls a "phishing SMS factory," that sent lakhs of smishing messages daily across the country to trick citizens into fake digital arrests, loan scams, and investment frauds.

The infrastructure that was operated by a registered company, M/s Lord Mahavira Services India Pvt. Ltd., used an online platform to control approximately 21,000 SIM cards that were obtained by violating the Department of Telecommunications rules.

The organized cyber gang operating from Northern India provided bulk SMS services to cybercriminals including foreign operators targeting Indian citizens. The CBI arrested three individuals associated to the cyber gang as part of the broader Operation Chakra-V, which is focused on breaking the backbone of cybercrime infrastructure in India.

The investigation began when CBI studied the huge volume of fake SMS messages people receive daily that often lead to serious financial fraud. Working closely with the Department of Telecommunications and using information from various sources including the highly debated Sanchar Saathi portal, investigators identified the private company allegedly running the "phishing SMS factory.

Active System Seized

CBI conducted searches at several locations of North India including Delhi, Noida, and Chandigarh, where it discovered a completely active system used for sending phishing messages. The infrastructure included servers, communication devices, USB hubs, dongles, and thousands of SIM cards operating continuously to dispatch fraud messages.

The messages offered fake loans, investment opportunities, and other financial benefits aimed at stealing personal and banking details from innocent people. The scale of operations enabled lakhs of fraud messages to be distributed every day across India.

Telecom Channel Partner Involvement

Early findings of the investigations suggested an involvement of certain channel partners of telecom companies and their employees who helped illegally arrange SIM cards for the fraudulent operations. This insider facilitation allowed the gang to obtain the massive quantity of SIM cards despite telecommunications regulations designed to prevent such accumulation.

The 21,000 SIM cards were controlled through an online platform specifically designed to send bulk messages, the CBI said.

Digital Evidence and Cryptocurrency Seized

CBI also seized important digital evidence, unaccounted cash, and cryptocurrency during the operation. The seizures provide investigators with critical data to trace financial flows, identify additional conspirators, and understand the full scope of the fraud network's operations.

The discovery that foreign cyber criminals were using this service to cheat Indian citizens highlights the transnational nature of the operation, with domestic infrastructure being leveraged by overseas fraudsters to target vulnerable Indians.

Operation Chakra-V Targets Infrastructure

The dismantling of this phishing SMS factory demonstrates CBI's strategy under Operation Chakra-V to attack the technical backbone of organized cybercrime rather than merely arresting individual fraudsters. By disrupting the infrastructure enabling mass fraud communications, authorities aim to prevent thousands of potential victims from receiving deceptive messages.

As part of Operation Chakra-V crackdown, on Sunday, CBI also filed charges against 17 individuals including four likely Chinese nationals and 58 companies for their alleged involvement in a transnational cyber fraud network operating across multiple Indian states.

Read: CBI Files Chargesheet Against 30 Including Two Chinese Nationals in ₹1,000 Cr Cyber Fraud Network

India's Central Bureau of Investigation filed a chargesheet against 30 accused including two Chinese nationals who allegedly ran a cyber fraud network that siphoned over ₹1,000 crore (approximately US$112 million) from Indian investors through fake cryptocurrency mining platforms, loan apps, and bogus online job offers during the COVID-19 lockdown period.

The HPZ Token Investment Fraud case has exposed a well-coordinated transnational criminal syndicate that exploited India's emerging payment aggregation systems to launder proceeds at unprecedented speed through multiple shell companies before converting funds to cryptocurrency and transferring them overseas.

The fraud began when Shigoo Technology Pvt. Ltd., an entity owned and controlled by Chinese nationals, launched a fake mobile application titled "HPZ Tokens" claiming investments would be used for cryptocurrency mining yielding very high returns. Within just three months, crores were collected and diverted by fraudsters targeting vulnerable investors during pandemic lockdowns.

Chinese Nationals Directed Shell Company Network

Wan Jun served as director of Jilian Consultants India Private Limited, a subsidiary of Chinese entity Jilian Consultants. With help from accomplice Dortse, Wan Jun successfully created several shell companies including Shigoo Technologies that became conduits to collect and launder proceeds from major organized cyber frauds.

The second Chinese national charged, Li Anming, played key roles directing operations alongside Wan Jun. CBI investigation revealed these frauds were connected and controlled by a single organized criminal syndicate based overseas.

Jilian Consultants hired professionals including company secretaries and chartered accountants to create shell companies that helped them run the operation with ease. Money collected was converted into cryptocurrencies before being sent out of the country.

Also read: CBI Arrests Fugitive Cybercrime Kingpin, Busts Fifth Illegal Call Center Targeting US Nationals

Exploitation of Payment Aggregators

The investigation revealed misuse of payment aggregation systems that had just taken off in India at the time of the Covid-19 pandemic. Payment aggregators were providing large collection and money disbursal services using technology to genuine companies, with systems allowing users to access large numbers of bank accounts simultaneously.

Fraudsters exploited this well-structured payment infrastructure to launder money at high speed from accounts of one shell company to another. The system also allowed them to partially disburse money back to investors to gain confidence, sustaining the fraud scheme longer.

Total money moved from bank accounts of these companies surpassed ₹1,000 crore within just a few months.

Ongoing Investigation in Cyber Fraud Network

CBI initially arrested six people named Dortse, Rajni Kohli, Sushanta Behra, Abhishek, Mohd Imdhad Husain, and Rajat Jain. The agency has now filed chargesheet against 27 accused persons and three companies, with further investigation continuing against other suspects.

The investigation revealed this was not an isolated incident but part of a large cyber crime network responsible for several scams targeting Indian citizens in the post-COVID period using loan apps, fake investment platforms, and bogus online job offers.

"The CBI remains steadfast in its unwavering commitment to dismantling these sophisticated cyber fraud networks through relentless operations like Chakra-V," the agency said. The CBI will continue to fortify India's digital economy, protect vulnerable investors, execute targeted arrests, seize assets, and forge international collaborations."

Also read: Indo-U.S. Agencies Dismantle Cybercrime Network Targeting U.S. Nationals

The cycle of vulnerability disclosure and weaponization has shattered records once again. According to a new threat intel from Amazon Web Services (AWS), state-sponsored hacking groups linked to China began actively exploiting a critical vulnerability nicknamed "React2Shell," in popular web development frameworks mere hours after its public release.

The React2Shell vulnerability, tracked as CVE-2025-55182, affects React Server Components in React 19.x and Next.js versions 15.x and 16.x when using the App Router. The flaw carries the maximum severity score of 10.0 on the CVSS scale, enabling unauthenticated remote code execution (RCE).

The Rapid Weaponization Race

The vulnerability was publicly disclosed on Wednesday, December 3. AWS threat intelligence teams, monitoring their MadPot honeypot infrastructure, detected exploitation attempts almost immediately.

The threat actors identified in the flurry of activity are linked to known China state-nexus cyber espionage groups, including:

• Earth Lamia: Known for targeting financial services, logistics, and government organizations across Latin America, the Middle East, and Southeast Asia.

• Jackpot Panda: A group typically focused on East and Southeast Asian entities, often aligned with domestic security interests.

"China continues to be the most prolific source of state-sponsored cyber threat activity, with threat actors routinely operationalizing public exploits within hours or days of disclosure," stated an AWS Security Blog post announcing the findings.

The speed of operation showcased how the window between public disclosure and active attack is now measured in minutes, not days.

Also read: China-linked RedNovember Campaign Shows Importance of Patching Edge Devices

Hacker's New Strategy of Speed Over Precision

The AWS analysis also revealed a crucial insight into modern state-nexus tactics that threat groups are prioritizing volume and speed over technical accuracy.

Investigators observed that many attackers were attempting to use readily available, but often flawed, public Proof-of-Concept (PoC) exploits pulled from the GitHub security community. These PoCs frequently demonstrated fundamental technical misunderstandings of the flaw.

Despite the technical inadequacy, threat actors are aggressively throwing these PoCs at thousands of targets in a "volume-based approach," hoping to catch the small percentage of vulnerable configurations. This generates significant noise in logs but successfully maximizes their chances of finding an exploitable weak link.

Furthermore, attackers were not limiting their focus, simultaneously attempting to exploit other recent vulnerabilities, demonstrating a systematic, multi-pronged campaign to compromise targets as quickly as possible.

Call for Patching

While AWS has deployed automated protections for its managed services and customers using AWS WAF, the company is issuing an urgent warning to any entity running React or Next.js applications in their own environments (such as Amazon EC2 or containers).

The primary mitigation remains immediate patching.

"These protections aren't substitutes for patching," AWS warned. Developers must consult the official React and Next.js security advisories and update vulnerable applications immediately to prevent state-sponsored groups from gaining RCE access to their environments.

• react-server-dom-webpack
• react-server-dom-parcel
• react-server-dom-turbopack

AWS' findings states a cautious tale that a vulnerability with a CVSS 10.0 rating in today's times becomes a national security emergency the moment it hits the public domain.

Intellexa staff members connected directly to at least 10 deployed Predator customer systems using TeamViewer commercial remote administration software, a leaked 2023 internal training session revealed. It exposed how the sanctioned mercenary spyware vendor retained privileged access to government surveillance operations including the ability to view live targeting data, infection attempts, and potentially access dashboards containing collected surveillance data from victims.

The "Intellexa Leaks" investigation published jointly by Inside Story, Haaretz, WAV Research Collective, and Amnesty International's Security Lab provides unprecedented visibility into internal operations of a commercial surveillance company whose Predator spyware has been linked to human rights abuses across countries.

The leaked materials, including internal documents, sales and marketing material, and training videos, expose how Intellexa operates despite US Treasury sanctions imposed in March 2024 and extensive public scrutiny from civil society and technology companies.

Direct Access to Ten Customer Systems

The TeamViewer control panel, briefly visible in the leaked training recording, showed at least 10 potential customers identified with code names including Dragon, Eagle, Falcon, Flamingo, Fox, Glen, Lion, Loco, Phoenix, and Rhino, plus one apparent Predator demo system. The visible customers represented only those through the letter F alphabetically, suggesting additional deployments beyond those shown.

Internal Intellexa business records show the company purchased seven TeamViewer licenses in June 2021, indicating remote management of deployed customer Predator systems began at least two years before the video was recorded. Amnesty International's infrastructure mapping in September 2021 found seven likely active Predator customers, consistent with the purchased license count.

When a staff member asked if they were connecting to a testing environment, the instructor stated they were accessing a live "customer environment." The video shows staff initiating remote connections without indication that customers or government end-users reviewed or approved specific connection requests.

Also read: Sanctioned Spyware Vendor Used iOS Zero-Day Exploit Chain Against Egyptian Targets

Visibility Into Live Targeting Operations

For 30 minutes, the video shows an Intellexa staff member browsing an Elasticsearch analytics dashboard displaying logs and analytics from various Predator system components assigned to a specific customer with codename EAGLE_2. The dashboard included logs from both on-premises backend systems and online systems on the public internet, containing both live and historical data.

The logging dashboard revealed live Predator infection attempts against real targets. Detailed information from at least one infection attempt against a target in Kazakhstan showed the infection URL, target's IP address, and software versions of the target's phone, though the attempt apparently failed.

Data visible in the log dashboard indicated that logs from other internal Predator backend system components were also accessible, including those storing targeting information and collected surveillance data.

Access to Customer Dashboard and Surveillance Data

During the training, the instructor switched windows on the remote Ubuntu desktop, revealing other open applications including a Chrome browser window displaying a login prompt for a system hosted at https://pds[.]my[.]admin:8884. The username "cyop" was prefilled, indicating the remote computer used by Intellexa staff had previously logged into the PDS system.

Amnesty International concluded the login prompt shown in the training video provides access to a customer's Predator dashboard—the main control panel used by customers to conduct surveillance operations including adding targets, creating new infection links, and viewing surveillance data collected from victims.

The customer targeting dashboard is referred to in internal Intellexa documentation by various names including Predator Delivery Studio, Helios Delivery Studio, and the Cyber Operations Platform. Both terms PDS and CyOP appear in the URL and username field from the training video.

The remote desktop system used by Intellexa support staff could connect to the Predator dashboard, raising alarming questions about compartmentalization of live surveillance data and targeting from the company and its staff. The video suggests Intellexa staff retained privileged network access to the most sensitive parts of the Predator system, including storage containing photos, messages, and all surveillance data gathered from victims.

New Predator Attack in Pakistan

Ongoing forensic investigations independent of the leaks, found new evidence that Predator spyware is being actively used in Pakistan. In summer 2025, a human rights lawyer from Pakistan's Balochistan province received a malicious link over WhatsApp from an unknown number.

Amnesty International's Security Lab attributed the link to a Predator attack attempt based on technical behavior of the infection server and specific characteristics of the one-time infection link consistent with previously observed Predator 1-click links. This represents the first reported evidence of Predator spyware being used in Pakistan.

The targeting comes amid severe restrictions on rights of human rights activists in Balochistan province, including increasingly common province-wide internet shutdowns.

Advertising-Based Zero-Click Infections

The leaked materials provide fresh insights into Predator infection vectors, including a new strategic vector called "Aladdin" that exploits the commercial mobile advertising ecosystem to enable silent zero-click infection of target devices anywhere in the world.

The Aladdin system infects target phones by forcing malicious advertisements created by attackers to be shown on target devices. Internal company materials explain that simply viewing the advertisement triggers infection without any need to click, using the target's public IP address as the unique target identifier.

Based on analysis of Predator network infrastructure, Amnesty International believes the Aladdin vector was supported in active Predator deployments in 2024.

Google delivered government-backed attack warnings to several hundred accounts across Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan associated with Intellexa customers since 2023.

Google Threat Intelligence Group discovered a full iOS zero-day exploit chain deployed in the wild against targets in Egypt, revealing how sanctioned commercial surveillance vendor Intellexa continues purchasing and deploying digital weapons despite US government restrictions and extensive public scrutiny.

The three-stage attack chain was developed by Intellexa to install its Predator spyware onto victim devices, which is known to act as a surveillance tool for its government clients worldwide.

Google researchers partnered with CitizenLab in 2023 to capture and analyze the complete exploit chain after identifying attacks targeting individuals in Egypt. According to metadata, Intellexa referred to this exploit chain internally as "smack," with compilation artifacts revealing the build directory path including the codename.

First Stage: Purchased Safari Exploit

The initial stage leveraged a Safari remote code execution zero-day that Apple patched as CVE-2023-41993. The exploit utilized a framework internally called "JSKit" to achieve arbitrary memory read and write primitives, then execute native code on modern Apple devices.

Google researchers assessed with high confidence that Intellexa acquired its iOS RCE exploits from an external entity rather than developing them internally. The identical JSKit framework has appeared in attacks by other surveillance vendors and government-backed threat actors since 2021.

In 2024, Google publicly reported that Russian government-backed attackers used this exact same iOS exploit and JSKit framework in a watering hole attack against Mongolian government websites.

Read: Russian State Hackers Using Exploits ‘Strikingly Similar’ to Spyware Vendors NSO and Intellexa

The framework also appeared in another surveillance vendor's exploitation of CVE-2022-42856 in 2022. The JSKit framework is well-maintained, supports a wide range of iOS versions, and is modular enough to support different Pointer Authentication Code bypasses and code execution techniques. The framework can parse in-memory Mach-O binaries to resolve custom symbols and manually map and execute Mach-O binaries directly from memory, with each exploitation step tested carefully.

Debug strings at the RCE exploit entry point indicated Intellexa tracked it internally as "exploit number 7," suggesting the external supplier likely possesses a substantial arsenal of iOS exploits targeting various versions.

Second Stage: Sandbox Escape and Privilege Escalation

The second stage represents the most technically sophisticated component of the chain, breaking out of the Safari sandbox and executing an untrusted third-stage payload as system by abusing kernel vulnerabilities CVE-2023-41991 and CVE-2023-41992. This stage communicates with the first stage to reuse primitives like PAC bypass and offers kernel memory read and write capabilities to the third stage.

The technical sophistication of these exploits, especially compared to the less sophisticated spyware stager, supports Google's assessment that Intellexa likely acquired the exploits from another party rather than developing them internally.

Third Stage: Spyware Deployment and Anti-Detection

The third stage, tracked by Google Threat Intelligence Group as PREYHUNTER, comprises two modules called "helper" and "watcher." The watcher module ensures the infected device does not exhibit suspicious behavior, generating notifications and terminating the exploitation process if anomalies are detected while monitoring crashes.

The module detects multiple indicators including developer mode, console attachment, US or Israeli locale settings, Cydia installation, presence of security research tools like Bash, tcpdump, frida, sshd or checkrain processes, antivirus software from McAfee, Avast or Norton, custom HTTP proxy setup, and custom root certificate installation.

The helper module communicates with other exploit components via a Unix socket and can hook various system functions using custom frameworks called DMHooker and UMHooker. These hooks enable basic spyware capabilities including recording VOIP conversations, running keyloggers, and capturing pictures from the camera. The module hooks into SpringBoard to hide user notifications caused by surveillance actions.

Google researchers believe these capabilities allow operators to verify the infected device is the correct target before deploying more sophisticated spyware like Predator.

Prolific Zero-Day Exploitation Record

Intellexa is responsible for 15 unique zero-day vulnerabilities out of approximately 70 discovered and documented by Google's Threat Analysis Group since 2021, including Remote Code Execution, Sandbox Escape, and Local Privilege Escalation vulnerabilities. All have been patched by respective vendors.

Beyond iOS exploitation, Intellexa deployed a custom Chrome framework with CVE-2021-38003, CVE-2023-4762, CVE-2023-3079, CVE-2023-2033, and most recently CVE-2025-6554 in June 2025, observed in Saudi Arabia. All these vulnerabilities in Chrome's V8 engine can leak TheHole object for code execution.

Google delivered government-backed attack warnings to several hundred accounts across Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan associated with Intellexa customers since 2023. The company added all identified websites and domains to Safe Browsing to safeguard users from further exploitation.

Australia's fragmented approach to AI oversight—with responsibilities scattered across privacy commissioners, consumer watchdogs, online safety regulators, and sector-specific agencies—required coordination to keep pace with rapidly evolving AI capabilities and their potential to amplify existing harms while creating entirely new threats.

The Australian Government announced establishment of the AI Safety Institute backed by $29.9 million in funding, to monitor emerging AI capabilities, test advanced systems, and share intelligence across government while supporting regulators to ensure AI companies comply with Australian law. The setting up of the AI safety institute is part of the larger National AI Plan that the Australian government officially released on Tuesday.

The Institute will become operational in early 2026 as the centerpiece of the government's strategy to keep Australians safe while capturing economic opportunities from AI adoption. The approach maintains existing legal frameworks as the foundation for addressing AI-related risks rather than introducing standalone AI legislation, with the Institute supporting portfolio agencies and regulators to adapt laws when necessary.

Dual Focus on Upstream Risks and Downstream Harms

The AI Safety Institute will focus on both upstream AI risks and downstream AI harms. Upstream risks involve model capabilities and the ways AI systems are built and trained that can create or amplify harm, requiring technical evaluation of frontier AI systems before deployment.

Downstream harms represent real-world effects people experience when AI systems are used, including bias in hiring algorithms, privacy breaches from data processing, discriminatory outcomes in automated decision-making, and emerging threats like AI-enabled crime and AI-facilitated abuse disproportionately impacting women and girls.

The Institute will generate and share technical insights on emerging AI capabilities, working across government and with international partners. It will develop advice, support bilateral and multilateral safety engagement, and publish safety research to inform industry and academia while engaging with unions, business, and researchers to ensure functions meet community needs.

Supporting Coordinated Regulatory Response

The Institute will support coordinated responses to downstream AI harms by engaging with portfolio agencies and regulators, monitoring and analyzing information across government to allow ministers and regulators to take informed, timely, and cohesive regulatory action.

Portfolio agencies and regulators remain best placed to assess AI uses and harms in specific sectors and adjust regulatory approaches when necessary. The Institute will support existing regulators to ensure AI companies are compliant with Australian law and uphold legal standards of fairness and transparency.

The government emphasized that Australia has strong existing, largely technology-neutral legal frameworks including sector-specific guidance and standards that can apply to AI. The approach promotes flexibility, uses regulators' existing expertise, and targets emerging threats as understanding of AI's strengths and limitations evolves.

Addressing Specific AI Harms

The government is taking targeted action against specific harms while continuing to assess suitability of existing laws. Consumer protections under Australian Consumer Law apply equally to AI-enabled goods and services, with Treasury's review finding Australians enjoy the same strong protections for AI products as traditional goods.

The government addresses AI-related risks through enforceable industry codes under the Online Safety Act 2021, criminalizing non-consensual deepfake material while considering further restrictions on "nudify" apps and reforms to tackle algorithmic bias.

The Attorney-General's Department engages stakeholders through the Copyright and AI Reference Group to consult on possible updates to copyright laws as they relate to AI, with the government ruling out a text and data mining exception to provide certainty to Australian creators and media workers.

Healthcare AI regulation is under review through the Safe and Responsible AI in Healthcare Legislation and Regulation Review, while the Therapeutic Goods Administration oversees AI used in medical device software following its review on strengthening regulation of medical device software including artificial intelligence.

Also read: CPA Australia Warns: AI Adoption Accelerates Cyber Risks for Australian Businesses

National Security and Crisis Response

The Department of Home Affairs, National Intelligence Community, and law enforcement agencies continue efforts to proactively mitigate serious risks posed by AI. Home Affairs coordinates cross-government efforts on cybersecurity and critical infrastructure protection while overseeing the Protective Security Policy Framework detailing policy requirements for authorizing AI technology systems for non-corporate Commonwealth entities.

AI is likely to exacerbate existing national security risks and create new, unknown threats. The government is preparing for potential AI-related incidents through the Australian Government Crisis Management Framework, which provides overarching policy for managing potential crises.

The government will consider how AI-related harms are managed under the framework to ensure ongoing clarity regarding roles and responsibilities across government to support coordinated and effective action.

International Engagement

The Institute will collaborate with domestic and international partners including the National AI Centre and the International Network of AI Safety Institutes to support global conversations on understanding and addressing AI risks.

Australia is a signatory to the Bletchley Declaration, Seoul Declaration, and Paris Statement emphasizing inclusive international cooperation on AI governance. Participation in the UN Global Digital Compact, Hiroshima AI Process, and Global Partnership on AI supports conversations on advancing safe, secure, and trustworthy adoption.

The government is developing an Australian Government Strategy for International Engagement and Regional Leadership on Artificial Intelligence to align foreign and domestic policy settings while establishing priorities for bilateral partnerships and engagement in international forums.

Also read: UK’s AI Safety Institute Establishes San Francisco Office for Global Expansion

The French Football Federation confirmed this week that attackers used stolen credentials to breach centralized administrative software managing club memberships nationwide, exposing personal information belonging to licensed players registered through clubs across the country.

The FFF detected the unauthorized access and immediately disabled the compromised account while resetting all user passwords across the system, though threat actors had already exfiltrated member databases before detection.

The breach exposed names, gender, dates and places of birth, nationality, postal addresses, email addresses, telephone numbers, and license numbers. The federation claimed the intrusion and exfiltration remained limited to these data categories, with no financial information or passwords compromised in the incident.

According to the federation, which has over two million members, many of whom are minors, the breached data includes personally identifiable information that could be leveraged for phishing attacks. The FFF reported a record number of over 2.3 million football license holders in the country for the 2023-2024 season, according to the latest publicly available figures.

Second Attack in Two Years

This marks the third time in two years that the French Football Federation has suffered a cyberattack, with a March 2024 incident potentially exposing 1.5 million member records according to prosecutors. The pattern demonstrates persistent targeting of French sports organizations.

Cybersecurity researchers verified 18 months ago that a sample of FFF player details had been published on a well-known data leak forum, suggesting previous successful intrusions may have gone undetected.

The federation filed a criminal complaint and notified France's National Cybersecurity Agency ANSSI and data protection authority CNIL as required under European regulations. The FFF will directly contact individuals whose email addresses appear in the compromised database.

Phishing Campaign Warnings

Federation officials warned members to exercise extreme vigilance regarding suspicious communications appearing to originate from the FFF or local clubs. Threat actors commonly leverage stolen personally identifiable information to craft convincing phishing messages requesting that recipients open attachments, provide account credentials, passwords, or banking information.

Security experts note that smaller clubs and societies sometimes consider themselves insufficiently interesting for criminals to target, but this incident demonstrates how deeply everyday life depends on centralized platforms vulnerable to credential compromise.

The federation stressed upon its commitment to protecting entrusted data while acknowledging that numerous organizations face increasing numbers and evolving forms of cyberattacks. "The FFF is committed to protecting all the data entrusted to it and continually strengthens and adapts its security measures in order to face, like many other organizations, the growing variety and new forms of cyber-attacks," the statement said.

The reliance on a single centralized administrative platform across all French football clubs created a high-value target where credential compromise granted attackers access to member records from thousands of clubs simultaneously.

Also read: Chicago Fire FC Data Breach: Exposed Fan Info? Here’s What’s at Risk!

France's data protection authority discovered that when visitors clicked the button to reject cookies on Vanity Fair (vanityfair[.]fr), the website continued placing tracking technologies on their devices and reading existing cookies without consent, a violation that now costs publisher Les Publications Condé Nast €750,000 in fines six years after privacy advocate NOYB first filed complaints against the media company.

The November 20 sanction by CNIL's restricted committee marks the latest enforcement action in France's aggressive campaign to enforce cookie consent requirements under the ePrivacy Directive.

NOYB, the European privacy advocacy organization led by Max Schrems, filed the original public complaint in December 2019 concerning cookies placed on user devices by the Vanity Fair France website. After multiple investigations and discussions with CNIL, Condé Nast received a formal compliance order in September 2021, with proceedings closed in July 2022 based on assurances of corrective action.

Repeated Violations Despite Compliance Order

CNIL conducted follow-up online investigations in July and November 2023, then again in February 2025, discovering that the publisher had failed to implement compliant cookie practices despite the earlier compliance order. The restricted committee found Les Publications Condé Nast violated obligations under Article 82 of France's Data Protection Act across multiple dimensions.

Investigators discovered cookies requiring consent were placed on visitors' devices as soon as they arrived on vanityfair.fr, even before users interacted with the information banner to express a choice. This automatic placement violated fundamental consent requirements mandating that tracking technologies only be deployed after users provide explicit permission.

The website lacked clarity in information provided to users about cookie purposes. Some cookies appeared categorized as "strictly necessary" and therefore exempt from consent obligations, but useful information about their actual purposes remained unavailable to visitors. This misclassification potentially allowed the publisher to deploy tracking technologies under false pretenses.

Most significantly, consent refusal and withdrawal mechanisms proved completely ineffective. When users clicked the "Refuse All" button in the banner or attempted to withdraw previously granted consent, new cookies subject to consent requirements were nevertheless placed on their devices while existing cookies continued being read.

Escalating French Enforcement Actions

The fine amount takes into account that Condé Nast had already been issued a formal notice in 2021 but failed to correct its practices, along with the number of people affected and various breaches of rules protecting users regarding cookies.

The CNIL fine represents another in a series of NOYB-related enforcement actions, with the French authority previously fining Criteo €40 million in 2023 and Google €325 million earlier in 2025. Spain's AEPD issued a €100,000 fine against Euskaltel in related NOYB litigation.

Also read: Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

According to reports, Condé Nast acknowledged violations in its defense but cited technical errors, blamed the Internet Advertising Bureau's Transparency and Consent Framework for misleading information, and stated the cookies in question fall under the functionality category. The company claimed good faith and cooperative efforts while arguing against public disclosure of the sanction.

The Cookie Consent Conundrum

French enforcement demonstrates the ePrivacy Directive's teeth in protecting user privacy. CNIL maintains material jurisdiction to investigate and sanction cookie operations affecting French users, with the GDPR's one-stop-shop mechanism not applying since cookie enforcement falls under separate ePrivacy rules transposed into French law.

The authority has intensified actions against dark patterns in consent mechanisms, particularly practices making cookie acceptance easier than refusal. Previous CNIL decisions against Google and Facebook established that websites offering immediate "Accept All" buttons must provide equivalent simple mechanisms for refusing cookies, with multiple clicks to refuse constituting non-compliance.

The six-year timeline from initial complaint to final sanction illustrates both the persistence required in privacy enforcement and the extended timeframes companies exploit while maintaining non-compliant practices generating advertising revenue through unauthorized user tracking.

Polish authorities arrested a 23-year-old Russian citizen on November 16, after investigators linked him to unauthorized intrusions into e-commerce platforms, gaining access to databases containing personal data and transaction histories of customers across Poland and potentially other European Union member states. The suspect, who illegally crossed Poland's border in 2022 before obtaining refugee status in 2023, now faces three months of pre-trial detention as prosecutors examine connections to broader cybercrime operations targeting European infrastructure.

Officers from the Central Bureau for Combating Cybercrime detained the Russian national after gathering evidence confirming he operated without required authorization from online shop operators, breaching security protections to access IT systems and databases before interfering with their structure.

Expanding Investigation Into European Cyberattacks

Polish Interior Minister Marcin Kierwinski announced the arrest Thursday, stating that investigators established the suspect may have connections to additional cybercriminal activities targeting companies operating across Poland and EU member states. Prosecutors are currently verifying the scope of potential damages inflicted on victims of these cyberattacks.

According to Polish news outlets, the man was detained in Wroclaw where he had been living, with investigators saying he infiltrated a major e-commerce platform's database, gaining unauthorized access to almost one million customer records including personal data and transaction histories.

The District Court in Krakow approved prosecutors' request for three-month detention, with officials indicating additional arrests are likely as the investigation widens. Authorities are analyzing whether stolen data was used, sold, or transferred to groups outside Poland, including potential connections to organized cybercrime or state-backed networks.

Pattern of Russian Hybrid Warfare

The arrest occurs amid heightened tensions as Poland reports intensifying cyberattacks and sabotage attempts that officials believe link to Russian intelligence services. Poland has arrested 55 people over suspected sabotage and espionage over the past three years, with all charged under Article 130 of the penal code pertaining to espionage and sabotage.

The case represents part of a broader pattern of hostile cyber operations. Poland and other European nations have intensified surveillance of potential Russian cyberattacks and sabotage efforts since Moscow's full-scale invasion of Ukraine in 2022, monitoring suspected arson attacks and strikes on critical infrastructure across the region.

Polish cybersecurity officials previously warned the country remains a constant target of pro-Russian hackers responding to Warsaw's support for Ukraine. Strategic, energy, and military enterprises face particular risk, with attacks intensifying through DDoS operations, ransomware, phishing campaigns, and website impersonation designed to collect personal data and spread disinformation.

The Central Bureau for Combating Cybercrime emphasized that the investigation remains active and developmental, with prosecutors continuing to gather evidence about the full extent of the suspect's activities and potential co-conspirators.

Also read: DDoS-for-Hire Empire Dismantled as Poland Arrests Four, U.S. Seizes Nine Domains

That lengthy standoff over privacy rights versus child protection ended Wednesday when EU member states finally agreed on a negotiating mandate for the Child Sexual Abuse Regulation, a controversial law requiring online platforms to detect, report, and remove child sexual abuse material while critics warn the measures could enable mass surveillance of private communications.

The Council agreement, reached despite opposition from the Czech Republic, Netherlands, and Poland, clears the way for trilogue negotiations with the European Parliament to begin in 2026 on legislation that would permanently extend voluntary scanning provisions and establish a new EU Centre on Child Sexual Abuse.

The Council introduces three risk categories of online services based on objective criteria including service type, with authorities able to oblige online service providers classified in the high-risk category to contribute to developing technologies to mitigate risks relating to their services. The framework shifts responsibility to digital companies to proactively address risks on their platforms.

Permanent Extension of Voluntary Scanning

One significant provision permanently extends voluntary scanning, a temporary measure first introduced in 2021 that allows companies to voluntarily scan for child sexual abuse material without violating EU privacy laws. That exemption was set to expire in April 2026 under current e-Privacy Directive provisions.

At present, providers of messaging services may voluntarily check content shared on their platforms for online child sexual abuse material, then report and remove it. According to the Council position, this exemption will continue to apply indefinitely under the new law.

Danish Justice Minister Peter Hummelgaard welcomed the Council's agreement, stating that the spread of child sexual abuse material is "completely unacceptable." "Every year, millions of files are shared that depict the sexual abuse of children. And behind every single image and video, there is a child who has been subjected to the most horrific and terrible abuse," Hummelgaard said.

New EU Centre on Child Sexual Abuse

The legislation provides for establishment of a new EU agency, the EU Centre on Child Sexual Abuse, to support implementation of the regulation. The Centre will act as a hub for child sexual abuse material detection, reporting, and database management, receiving reports from providers, assessing risk levels across platforms, and maintaining a database of indicators.

The EU Centre will assess and process information supplied by online providers about child sexual abuse material identified on services, creating, maintaining and operating a database for reports submitted by providers. The Centre will share information from companies with Europol and national law enforcement bodies, supporting national authorities in assessing the risk that online services could be used to spread abuse material.

Online companies must provide assistance for victims who would like child sexual abuse material depicting them removed or for access to such material disabled. Victims can ask for support from the EU Centre, which will check whether companies involved have removed or disabled access to items victims want taken down.

Privacy Concerns and Opposition

The breakthrough comes after months of stalled negotiations and a postponed October vote when Germany joined a blocking minority opposing what critics commonly call "chat control." Berlin argued the proposal risked "unwarranted monitoring of chats," comparing it to opening letters from other correspondents.

Critics from Big Tech companies and data privacy NGOs warn the measures could pave the way for mass surveillance, as private messages would be scanned by authorities to detect illegal images. The Computer and Communications Industry Association stated that EU member states made clear the regulation can only move forward if new rules strike a true balance protecting minors while maintaining confidentiality of communications, including end-to-end encryption.

Also read: EU Chat Control Proposal to Prevent Child Sexual Abuse Slammed by Critics

Former Pirate MEP Patrick Breyer, who has been advocating against the file, characterized the Council endorsement as "a Trojan Horse" that legitimizes warrantless, error-prone mass surveillance of millions of Europeans by US corporations through cementing voluntary mass scanning.

The European Parliament's study heavily critiqued the Commission's proposal, concluding there aren't currently technological solutions that can detect child sexual abuse material without resulting in high error rates affecting all messages, files and data in platforms. The study also concluded the proposal would undermine end-to-end encryption and security of digital communications.

Scope of the Crisis

Statistics underscore the urgency. 20.5 million reports and 63 million files of abuse were submitted to the National Center for Missing and Exploited Children CyberTipline last year, with online grooming increasing 300 percent since negotiations began. Every half second, an image of a child being sexually abused is reported online.

Sixty-two percent of abuse content flagged by the Internet Watch Foundation in 2024 was traced to EU servers, with at least one in five children in Europe a victim of sexual abuse.

The Council position allows trilogue negotiations with the European Parliament and Commission to start in 2026. Those negotiations need to conclude before the already postponed expiration of the current e-Privacy regulation that allows exceptions under which companies can conduct voluntary scanning. The European Parliament reached its negotiating position in November 2023.