Good morning everybody! Happy Tuesday!
The FBI's criminal surveillance network was breached, and a security flaw in Chrome enabled eavesdropping. Let's dive in!
Top Stories:
This week's biggest headlines. Analysis section below.
FBI Surveillance Network Breached by Suspected Chinese Hackers: The FBI confirmed that suspected Chinese hackers breached an unclassified computer network containing data on the phone calls and internet activity of criminal suspects.
Iranian-Linked Hacking Group Targets U.S. Organizations: The Symantec Threat Hunter Team reported that MuddyWater, an Iranian-linked hacking group, has been observed targeting U.S. organizations with a new type of malware.
University of Hawaii Cancer Center Suffers Data Breach: Names, Social Security numbers, and health information were stolen in a breach of the University of Hawaii Cancer Center, affecting 1.2 million people.
ClawJacked Attack Enabled Data Theft from OpenClaw Agents: The ClawJacked vulnerability allowed malicious websites to take control of OpenClaw AI agents, enabling attackers to brute-force passwords and steal sensitive data without user awareness.
U.S. Government iPhone Hacking Kit Stolen by Hackers: A hacking tool believed to have been developed by the U.S. government to compromise older-generation iPhones appears to have fallen into the hands of hackers and is now being used in a new cyber campaign.
Anthropic's Claude Opus 4.6 Finds 22 Vulnerabilities in Firefox: In a partnership with Mozilla, Anthropic used its Claude Opus 4.6 model to analyze the Firefox browser, uncovering 22 previously unknown vulnerabilities, including 14 rated as high severity.
Leaked API Key Costs Developer $82,000 in Gemini Tokens: Using a Gemini API key that was stolen from a company, attackers racked up an $82,000 bill through their use of Gemini 3 Pro Image and Gemini 3 Pro Text.
Customs and Border Patrol Used Pop-Up Ads to Track Americans: The U.S. Customs and Border Protection agency purchased location data from online advertising platforms that serve ads in mobile games, allowing the agency to track the locations of Americans.
My Takeaways
Analysis based on this week's news and my experience in the industry. More headlines below in the Lower Echelon.
Anything That Looks Like It: A phrase that my siblings and I grew up with was, "don't do it or anything that looks like it." In no uncertain terms, it was explained to us that even if we weren't technically breaking a rule, if it even looked like we could be breaking a rule, we were in trouble. Sometimes we were disciplined when we felt we didn't even do anything wrong! Much like blackjack, the house never lost and all ties went to the dealer.
When I started working in the cybersecurity industry, I was amused to learn that "don't do it or anything that looks like it" more or less summarizes a key aspect of the Sarbanes-Oxley compliance standard. Companies are required to maintain codes of ethics for their executive officers that prohibit conflicts of interest and encourage leaders to avoid "the appearance of impropriety."
As I read the story this week about the Feds buying up location information from data brokers who advertise in mobile games, I began to wish the 4th Amendment contained language to prohibit "the appearance of impropriety" with respect to search and seizure protections. Lawyers and judges smarter than me will need to decide if this process is technically legal, but even if it is, buying data on your citizens through a third-party feels like a pretty blatant circumvention of what the Founding Fathers intended when they wrote the Bill of Rights. My non-privacy conscious friends will sometimes ask me why I "make my life harder" by doing things such as browsing with Firefox instead of Chrome, using DuckDuckGo over Google, or keeping my location services off. While life would be easier if big tech and government respected privacy rights, they have repeatedly shown they cannot be trusted to do it or anything that looks like it.
The Lower Echelon:
Interesting cybersecurity news that didn't quite make the cut to be a top story.
Security Flaw in Google Chrome Enabled Eavesdropping: A security flaw in Chrome's Gemini assistant allowed malicious extensions to access users' cameras and microphones without consent, enabling potential spying and data theft. This vulnerability, tracked as CVE-2026–0628, has since been patched in recent updates.
Claude Used to Automate Theft of 150GB from Mexican Government: Hackers used Anthropic's Claude Code to write malware and automate the theft of over 150 gigabytes of data from 10 Mexican government agencies, including Mexico's tax agency.
Europol, Microsoft, Coinbase Collaborate to Seize Phishing Service: Typhoon 2FA, a phishing kit that allowed scammers to steal login credentials and bypass multi-factor authentication, was seized in a joint operation led by Europol with support from private companies including Coinbase and Microsoft.
Cisco Releases Patches for 48 Vulnerabilities in Firewall Products: In Cisco's March security release, a semiannual patch update, the company fixed 48 vulnerabilities in its firewall products, including two that received the maximum severity score.
FBI and Europol Seize Cybercrime Forum "LeakBase": LeakBase is a cybercrime forum where members buy and sell hacking tools. The FBI and Europol seized the site and obtained data on the 142,000 users who had accounts on the forum.
Advanced Phishing Attacks Using Virtual Meeting Software: Stolen security certificates are being used to trick computers into trusting fake updates for business software such as Microsoft Teams, Zoom, and Adobe Acrobat Reader.
Cato Networks Launches Adaptive Threat Prevention Tool: Cato Networks launched a new product called Cato Dynamic Prevention, which monitors networks and can automatically adapt and "self-heal" when it detects advanced attacks.
OpenAI Launches Vulnerability Detecting Assistant: OpenAI, the developer of ChatGPT, launched Codex Security, a new product designed to help developers identify and fix vulnerabilities in source code.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!