Cybersecurity

Five Eyes issues unusual warning on China's online recruitment tactics

Meta AI's chatbot hacking seems to have continued, OpenAI asks for mandatory models' evaluations, CISA to release AI directive tomorrow, Mullin wants CISA to hire 600 more personnel, Hackers accessed Ultrahuman's customer data, Peptide promoters seek to poison chatbots by Reddit postings, much more

Photo by engin akyurt / Unsplash

a close up of the flag of china — Photo by engin akyurt / Unsplash

Security agencies from the Five Eyes alliance of English-speaking countries issued a warning about Chinese spies aggressively using online job platforms to recruit people ‌with access to sensitive information.

The "Safeguarding Our Secrets" bulletin says China's military intelligence services were using a wide array of professional networking sites and online recruitment services to target those in government, the military or anyone who could access classified information.

"Chinese military intelligence services ultimately seek to acquire privileged military, political and economic ⁠intelligence that can provide China with a strategic and tactical advantage over the Five Eyes," the domestic security agencies from the U.S., Britain, Canada, Australia and New Zealand said.

Although there have been similar warnings from individual countries in the past, the joint bulletin was described as unprecedented. Beijing has repeatedly rejected such espionage claims, calling them "pure fabrication and malicious slander."

In ⁠the bulletin, the Five Eyes agencies said Chinese spies were particularly targeting those who specialized in defense, foreign affairs and intelligence, and military personnel, including those stationed in the Indo-Pacific region.

Also at risk were journalists, think tank employees or those with peripheral access to government data.

It ⁠said the spies used "an aggressive online recruitment strategy" with successful candidates then pressured to provide confidential information "for unspecified clients who are associated with the Chinese government".Those who were recruited could be paid ⁠anywhere from a few hundred to several thousand dollars per report and offered more for increasingly sensitive information, the bulletin said. (Michael Holden / Reuters)

The widespread hacking campaign that relied on simply asking Meta AI’s chatbot to take over a victim’s Instagram account appears to have continued even after the company said the issue had been resolved.

Meanwhile, the company has been scrambling to secure the targeted accounts and alert victims.

Over the weekend, hackers claimed to be exploiting Meta’s AI support chatbot to take over several high-profile Instagram accounts. At the same time, a large number of people complained on social media that their Instagram accounts had been hacked, some of them with unique short user-profile handles.

Hackers told Meta’s AI chatbot that they were the owners of the target’s account and asked the bot to link that person’s account to an email they controlled. The chatbot complied with the request, allowing the hacker to reset the target account’s password and take control of the account — in some cases locking out the victims. At no point were Meta employees or contractors involved in the chat.

On Monday, Meta spokesperson Andy Stone said that “the issue that did happen has already been fixed.” On Tuesday, however, more Instagram users claimed to have had their accounts hacked.

Several people have reported that Meta has begun notifying users that they were being targeted. Victims publicly reported receiving emails from Instagram warning them that the company had “detected some suspicious activity that suggests your Instagram may have been compromised.” The message also said that the company took measures to secure the account and asked the user to reset their password. (Lorenzo Franceschi-Bicchierai / TechCrunch)

An example of an email sent to a victim of the hacking campaign, which was shared with TechCrunch Image Credits:TechCrunch/Screenshot /

A new OpenAI proposal for regulating advanced artificial intelligence systems splits from President Donald Trump’s recent executive order on at least two key points, with the tech giant now working to nudge the White House and Congress toward its preferred approach to governing AI.

In a new policy paper, OpenAI calls on the federal government to require mandatory evaluations of advanced AI models for potential risks, but places the responsibility for overseeing that process on civilian agencies.

It represents a significant split from the new White House order, which on Tuesday created a voluntary framework for the evaluation of advanced AI systems for cybersecurity risks that would be led by the National Security Agency. Under OpenAI’s plan, such efforts would be led by the Center for AI Standards and Innovation, an office of the Commerce Department’s National Institute of Standards and Technology. (Brendan Bordelo / Politico)

The Cybersecurity and Infrastructure Security Agency (CISA) plans to release a directive to federal agencies detailing actions required to carry out the president’s artificial intelligence executive order by the end of the week, CISA Acting Director Nick Andersen said.

The binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore.

CISA also will be rolling out “specific artificial intelligence access” to partners in the coming days, Andersen said.

The artificial intelligence executive order released Tuesday is a scaled-back version of an earlier iteration that was spiked amid internal conflict within the administration and concerns raised by former artificial intelligence and crypto czar David Sacks.

The latest version of the order asks companies to voluntarily submit models to the government for testing 30 days before they are released publicly. Originally, the administration had asked for 90 days.

The potential risks posed by some models are important to consider, Andersen said, but he also focused on how AI can bolster cybersecurity protections. (Suzanne Smalley / The Record)

Related: The Cyber Edge

Department of Homeland Security Secretary Markwayne Mullin told Congress Wednesday that the Cybersecurity and Infrastructure Security Agency would ideally have 2,800 personnel, up from approximately 2,200 now and down from 3,400 before the second Trump administration began.

Donald Trump has pushed to dramatically reduce personnel numbers at the agency, something that has drawn criticism from both Democrats and Republicans on the Hill. Trump has proposed hundreds of millions more in cuts for fiscal 2027.

House Homeland Security Committee Chairman Andrew Garbarino (R-NY) asked Mullin at a hearing about further proposed CISA budget cuts, saying he was “concerned” about personnel numbers and funding for education programs and whether the fiscal 2027 blueprint would “negatively impact those efforts.”

Mullin said DHS funding lapses have made the department rethink CISA, although the deep CISA personnel reductions predate the recent spate of government shutdowns.

“We had to readjust the way we’re looking at CISA and better lean on public partnerships,” he said. The agency can work well with 2,800 people “If we can actually have the partnerships we need with states and be able to use the grants, the monies that [we] saved with CISA to be able to invest with local and state municipalities. … We’re not going to fail on the mission we have in front of us.” (Tim Starks / CyberScoop)

Wearable health tech startup Ultrahuman said hackers gained unauthorized access to customers’ wellness data after stealing an employee’s credentials through malware.

The India-based startup informed affected customers of the incident via email, stating that the breach occurred on March 27 and involved a system used for internal analytics. The company said it detected the intrusion promptly, took the affected system offline, and revoked all access.

Founded in 2019, Ultrahuman sells smart rings and metabolic health-tracking devices that enable users to monitor metrics such as sleep, activity, and recovery. The startup is best known for its Ring Air, which competes with the Oura Ring, and recently introduced the Ring Pro with upgraded sensors and battery life.

Confirming the incident, Ultrahuman told TechCrunch that the attackers gained access using credentials stolen from an employee’s malware-infected laptop, resulting in wellness data belonging to about 0.1% of users being accessed.

Based on the company’s previously reported figure of roughly 700,000 monthly active users, that would equate to at least 700 customers whose health data was accessed. Ultrahuman did not dispute this figure but declined to disclose the exact number of customers affected. The company said no passwords, payment information, production systems, or Ultrahuman Ring devices were compromised. (Jagmeet Singh / TechCrunch)

The moderators of the biohacking subreddit say that peptide and hormone replacement therapy companies have been surreptitiously spamming Reddit in an attempt to get their posts scraped by AI chatbots.

The strategy is an effort to systematically manipulate the answers provided by chatbots by manipulating the underlying source material that those chatbots will scrape—in this case, a popular Reddit community.

In a post last week, the moderators of r/biohackers said they would be banning new posts about peptides and hormone replacement therapy (HRT) because of attempted manipulation by the companies that make, market, and sell them. (Jason Koebler / 404 Media)

In a year-long study of 832 banned accounts, Anthropic found that artificial intelligence (AI) now performs advanced attack tasks on behalf of unsophisticated hackers, work that once required great technical skill, weakening the long-standing link between an attacker’s expertise and the danger they pose.

The data covers accounts banned between March 2025 and March 2026.

Among the 832 banned accounts analyzed, 67.3% used AI to assist in malware development, while 6.5% used it for lateral movement within compromised systems.

The report noted that security teams long judged threat levels by how many techniques or what tools an attacker used. Anthropic says that the signal no longer holds.

According to Anthropic, the least-skilled actors averaged about 16 techniques. The most skilled averaged about 20. The platform used, whether Claude Code, an API, or a chat tool, also showed no link to risk. (Kamina Bashir and Harsh Notariya / BeInCrypto)

Related: Anthropic, Anthropic Red Team

The United States announced sanctions on Iran’s biggest cryptocurrency exchange, Nobitex, accusing ‌it of enabling the Iranian government and denylisted state institutions to circumvent Western sanctions.

The new sanctions follow a Reuters investigation published on May 1, which showed how Nobitex had become a central node in a parallel financial system used to process hundreds of millions of dollars for Iran’s central bank and the Islamic Revolutionary Guard Corps.

The report also revealed how Nobitex continued operating even after the government-imposed internet shutdown, processing millions of dollars of transactions.

The Reuters investigation showed how Nobitex is controlled by two brothers from one of Iran’s most powerful families, with close ties to the new supreme leader. The two are members of the Kharrazi family, one of the most influential dynasties in the Islamic Republic. Corporate records show that when the exchange started, the brothers were listed under a surname rarely used by members of the family.

The US Treasury announced Tuesday that the two brothers, Seyed Mohammad Ali Aghamir Mohammad Ali and Seyed Mohammad Aghamir Mohammad ‌Ali, had ⁠also been individually sanctioned, along with the exchange’s chief executive officer, Amir Hossein Rad. (Gavin Finch / Reuters)

Researchers at Calif report that a new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds.

The technique works on default HTTP/2 configurations of major web servers, including NGINX, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora.

HTTP/2 Bomb combines two previously known HTTP/2 DoS methods: the HPACK compression amplification and Slowloris-style resource retention via HTTP/2 flow-control stalling.

When combined, a single client on a 100 Mbps connection can exhaust tens of gigabytes of RAM within seconds, forcing the server to allocate it and then preventing its release.

“A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds. Against Apache httpd and Envoy, a single client can consume and hold 32GB of server memory in roughly 20 seconds,” the researchers say.

The full technical details for the HTTP/2 Bomb DoS attack will be disclosed at the Real World AI Security conference later this month in a presentation from researcher Quang Luong.

However, proof-of-concept (PoC) exploits have already been published for the new attack method. (Bill Toulas / Bleeping Computer)

Researchers at Proofpoint report that a Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor.

Tracked as TA4922, the threat actor is associated with financially motivated attacks aimed at breaching target networks for fraud, data theft, and the sale of access.

TA4922 has previously targeted organizations in East Asia, but recent campaigns have focused on entities in Germany, Italy, the United Kingdom, and South Africa.

The researchers note that TA4922 shares overlaps with activity previously reported as ‘Silver Fox’ and ‘Void Arachne '. However, the activity cluster is tracked separately as it is more consistent with cybercrime than espionage.

Since March, TA4922’s activity has increased sharply, and since April, it has shown unprecedented operational diversity and high tempo. (Bill Toulas / Bleeping Computer)

Related: Proofpoint

Targeted country assessment. Source: Proofpoint.

Elon Musk’s artificial intelligence firm, xAI, is requesting the public identification of four people who allegedly had deepfake sexualized images created of them using Grok—including one apparently targeted with sexualized deepfake images of them as a child, according to recently filed court documents.

On May 29, the four main claimants in a federal class-action lawsuit—currently identified as South Carolina Doe, South Carolina Roe, New Jersey Doe, and Ohio Doe—described in affidavits the emotional distress they had suffered after the alleged deepfakes were created earlier this year. The four fear further online harassment and doxing if they are forced to use their real names in the lawsuit against xAI, the documents allege.

“Having stripped them of their clothes, xAI now seeks to strip Plaintiffs of their pseudonyms in an obvious effort to intimidate Plaintiffs into dropping the litigation by compounding the same harms that they seek to remedy,” Sophia Rios, a lawyer representing the individuals for legal firm Berger Montague, wrote in a recent filing. “Asking this Court to reverse itself, xAI suggests that the abuse it has perpetuated is no big deal.”

The class-action lawsuit against xAI was initially filed in January with one pseudonymous lead claimant. A judge in the US District Court for the Northern District of California approved an order allowing them to be a Jane Doe in the case. The case was later refiled with the four main pseudonymous plaintiffs at the start of May, with the Jane Doe becoming South Carolina Doe. (Matt Burgess / Wired

Related: Court Listener

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors.

The cybersecurity agency says that ATG systems are commonly used in the Energy, Chemical, Food and Agriculture, and Transportation Systems sectors to remotely monitor storage tank levels, temperatures, and potential leaks.

The US government says threat actors are targeting exposed devices and modifying system settings through command execution.

"The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution," the advisory states.

According to the agencies, attackers are gaining access through authentication bypass vulnerabilities, hardcoded credentials, operating system command-execution flaws, SQL injection vulnerabilities, and privilege-escalation weaknesses. (Lawrence Abrams / Bleeping Computer)

Related: CISA, Industrial Cyber

Korea is joining Anthropic’s cybersecurity initiative Project Glasswing, which will give the country access to the company’s advanced artificial intelligence (AI) model Claude Mythos as part of a broader expansion aimed at strengthening global cyber defenses.

Anthropic announced Tuesday (local time) that it is expanding the project, a collaborative cybersecurity program built around its Mythos model, to around 150 organizations across 15 countries, significantly widening access beyond its initial cohort of roughly 50 institutions. Mythos, unveiled in April, is a security-focused AI model designed to identify software vulnerabilities at an expert level.

Under the latest expansion, the Ministry of Science and ICT will participate in the program through the Korea Internet & Security Agency (KISA), the state-run agency for cyber incident response and digital security. (Lee Gyu-lee / The Korea Times)

Industrial control security company Dragos announced it acquired Phosphorus, the Internet of Things security and management player, a move analysts said was designed to catch Dragos up with its competitors and expand its offerings to cover the quickly growing IoT sector.

The firm called the acquisition part of "a deliberate strategy to protect the full operational environment as it exists and operates today."

Dragos historically focused on traditional OT, rather than IoT, its more mechanized counterpart, the Industrial IoT, or the world of medical device cybersecurity, said Hollie Hennessy, lead OT/IoT cybersecurity market analyst with technology research and advisory group Omdia. (Shaun Waterman / OT Today)

Related: Dragos, Rob M. Lee on LinkedIn

CrowdStrike narrowly beat Wall Street’s fiscal first-quarter estimates after the bell on Wednesday, but shares slid 10% following the report.

The company said revenue grew 26% from a year ago. Net income totaled about $27.8 million, or 11 cents per share. That’s up from a net loss of $104.3 million, a loss of 42 cents per share, last year.

CrowdStrike also announced a four-for-one stock split effective in July. Shares closed at $747.61 on Wednesday.

Best Thing of the Day: Synthetic DNA and RNA Are No Jokes

Top artificial-intelligence executives are joining security experts in calling for Congress to protect against biological threats posed by AI.

Worst Thing of the Day: Let's Add Insecure Elections to the Heap of Badness

Ahead of crucial midterm elections, the US government has stopped sharing key information about election threats with state officials and halted some cybersecurity services.

Worst Thing of the Day: The Price of Being an OSINT Pioneer

Eliot Higgins, founder of open-source intelligence firm Bellingcat, is so worried that bad actors are out to get him that he flushed a box of cookies that someone gave him down the toilet while staying at a DoubleTree Hotel in Amsterdam.