News of the Cyber World

[kyonides]

Meta disrupts influence ops targeting Romania, Azerbaijan, and Taiwan

“We detected and removed these campaigns before they were able to build authentic audiences on our apps,” the social media giant said.

A network originating in China targeted Myanmar, Taiwan, and Japan, for instance. Fake accounts – many of which detected quickly by Meta’s automated systems – were used to post content, manage Pages, and reach out to others.

The operation included three separate clusters of accounts where each targeted a particular country while posing as locals. Some of these accounts used profile photos likely created using AI.

Spreading a specific message on social media seems to have been the aim of the campaign. In Myanmar, for instance, the posts criticized the civil resistance movements and shared supportive commentary about the ruling junta.

In Japan, the campaign criticized Japan’s government and its military ties with the US, and in Taiwan, it posted claims that Taiwanese politicians and military leaders are corrupt, and ran Pages claiming to display posts submitted anonymously – in a likely attempt to create the impression of an authentic discourse.

According to Meta, people behind the campaign attempted to conceal their identity but the firm’s investigation found (PDF) links to two past China-based influence operations they had removed and reported back in 2022 and 2024.

Another campaign, originating in Iran, was aimed at Azeri-speaking audiences in Azerbaijan and Turkey across Meta platforms, X, and YouTube.

The counterfeit accounts created by the operation were used to post content, including in Groups, manage Pages, and comment on the network's own content so as to artificially inflate its popularity. Many of these accounts posed as female journalists and pro-Palestine activists.

AI cracks your 4-digit PIN in less than a second – so why are we still using them?

If you use a PIN made of repeated digits, classic patterns like “1234”, or your birthday date – be cautious. Attackers might get access to your data in less than a second.

A 4-digit PIN code is so familiar that it's basically muscle memory at this point. It has been guarding bank accounts, phones, and private data for decades.

But in the age of artificial intelligence (AI), trusting your data to be protected by PIN might be as naive as scribbling your passwords on sticky notes. The combination of simple digit patterns in your PIN code creates an easy target for AI hacking tools.

Recent research by Mesente, a business messaging platform, shows that AI can now crack weak PINs in less than a second. That’s faster than most of us can even unlock our phones.

According to the research, PINs with repeated digits are the easiest for AI to crack, taking just 0.44 seconds on average.

How does AI outsmart humans by searching for patterns?

The team analyzed real-world breach datasets and trained a supervised machine learning model. The model was designed to learn patterns in PIN selection behavior and predict the most probable PIN codes.

Researchers broke PINs into categories and scored them by how easy they were to crack:

Same Digits: Digits that repeat four times, like “1111” or “0000.”
Consecutive: Numbers that increase or decrease sequentially, like “1234” or “4321.”
Grouped: Digits that repeat in pairs or patterns, such as “1122” or “5566.”
Year-like: PINs that resemble years, especially from the 1900s or 2000s.
Random: PINs that don’t follow any obvious pattern.

The top 10 most easily-cracked PIN codes all share the same feature: repeated digits. AI can crack PINs made up of the same digit in just 0.37 seconds. Not far behind are consecutive sequences like “1234” or “4321”, which fold in 0.69 seconds.

The hardest PINs for AI to crack are random ones that do not follow any pattern. But even those hold out for only about 1.03 seconds.

How the CIA used a Star Wars fan site to run a spy network

A cartoon Yoda, Lego ads, and Xbox game links were just a surface. Behind them, the CIA was secretly communicating with spies around the world.

Key takeaways:

Starwarsweb.net, a seemingly ordinary fan site, was revealed to be a covert CIA communication tool with spies around the globe.
Brazilian researcher Ciro Santilli uncovered the site while investigating a broader network of CIA-run domains. Many of these domains appeared tailored to specific regions, such as Europe, Brazil, and the Middle East, and disguised as fan pages for comedians, extreme sports, or Brazilian music.
The case highlights how intelligence agencies repurpose everyday web infrastructure, including pop culture fan sites, for espionage.
A website that looked like an early 2010s Star Wars fan page with images of Yoda, C-3PO, and links to video games and Lego sets was actually a covert communications tool run by the Central Intelligence Agency (CIA).

The site, starwarsweb.net, appeared unremarkable on the surface.

“Like these games you will,” reads a caption beside a cartoon Yoda, promoting Star Wars Battlefront II and The Force Unleashed II. Another section advertises a Lego Star Wars kit.

But according to the findings by amateur researcher Ciro Santilli, reported by 404 Media, the website was part of a now-defunct network of CIA-operated sites used to covertly communicate with US intelligence sources overseas.

Santilli, a Brazilian software developer and self-described open web enthusiast, uncovered starwarsweb.net while investigating digital remnants of the CIA’s hidden communication systems.

The tool itself worked by hiding a secure login mechanism inside what looked like an ordinary search bar. Informants would enter a prearranged password, which would trigger the covert access system.

What he found, he says, was a broader network than previously reported – one that included fan pages for comedians, extreme sports, Brazilian music, and other innocuous interests, many of them tailored to different languages and countries.

Much of the content and language on the pages indicated target regions such as Germany, France, Spain, and Brazil. Many sites were focused on the Middle East.

Google to appeal online search antitrust decision

Google is set to challenge an antitrust ruling over alleged anti-competitive practices in online search.

Key takeaways:

Google called the Court's original decision "wrong"

Antitrust enforcers worry that Google’s search dominance gives it an advantage in developing AI products

"We will wait for the Court's opinion. And we still strongly believe the Court's original decision was wrong, and look forward to our eventual appeal," Google said in a post on X.

The original ruling states that Google illegally monopolized online search and related advertising markets. The US Department of Justice said the company should at least sell off its Google Ad Manager platform.

The DOJ wants Google to share search data and end multibillion-dollar payments to smartphone makers like Apple to be the default search engine on new devices. In 2022, Google paid Apple approximately $20 billion for the privilege - which significantly contributes to the company’s revenue.

Antitrust enforcers are wary about Google’s search dominance giving it a strategic advantage in developing artificial intelligence (AI) products like its Gemini platform.

At the hearing, John Schmidtlein, an attorney for Google, said that the company has already addressed the concerns about competition in AI by no longer entering exclusive agreements with wireless carriers and smartphone makers. This allows them to load rival search and AI applications, potentially lowering the barrier to entering the market.

And yet, the enforcers remain concerned that Google’s vast search data reserves put it in an unfair position to solidify its market dominance by swiftly training its AI models.

On Friday, a federal judge in Washington said he is considering making Google take less aggressive measures to restore competition in online search than the 10-year regime proposed by antitrust enforcers.

"Ten years may seem like a short period, but in this space, a lot can change in weeks," said US District Judge Amit Mehta.

According to him, it is unlikely that an alternate default search engine in Apple's Safari browser will come from rival search engines like DuckDuckGo or Bing.

"If anything it's going to be one of these AI companies that can do more than just search. And why? Because maybe people don't want 10 blue links anymore,” he said.

Nick Turley, OpenAI's product head for ChatGPT, said the company would be interested in buying Chrome if Google is forced to sell it.

Massive security blunder: Russian nuclear site blueprints exposed in public procurement database

Russia is modernizing its nuclear weapon sites, including underground missile silos and support infrastructure. Data, including building plans, diagrams, equipment, and other schematics, is accessible to anyone in the public procurement database.

Journalists from Danwatch and Der Spiegel scraped and analyzed over two million documents from the public procurement database, which exposed Russian nuclear facilities, including their layout, in great detail. The investigation unveils that European companies participate in modernizing them.

According to the exclusive Der Spiegel report, Russian procurement documents expose some of the world’s most secret construction sites.

“It even contains floor plans and infrastructure details for nuclear weapons silos,” the report reads.

German building materials and construction system giant Knauf and numerous other European companies were found to be indirectly supplying the modernization through small local companies and subsidiaries.

Knauf condemned the Russian invasion of Ukraine and announced its intention to withdraw from its Russian business in 2024. Knauf told Der Spiegel that it only trades with independent dealers and cannot control who ultimately uses its materials in Russia.

Danwatch jointly reports that “hundreds of detailed blueprints” of Russian nuclear facilities, exposed in procurement databases, make them vulnerable to attacks.

“An enormous Russian security breach has exposed the innermost parts of Russia’s nuclear modernization,” the article reads.

“It’s completely unprecedented.”

The journalists used proxy servers in Russia, Kazakhstan, and Belarus to circumvent network restrictions and access the documents. The rich multimedia in the report details the inner structure of bunkers and missile silos.

Vladimir Putin, Russia’s president, announced an extensive modernization of the country’s nuclear arsenal on March 1st, 2018.

The leaked documents, as recent as the summer of 2024, reveal numerous new facilities built across all of Russia.

Major data leak exposes 1.6M Etsy, TikTok Shop customer emails

Hundreds of thousands of customer files have been discovered leaking from an unprotected instance. Researchers believe the data exposed mostly American customers of Etsy, Poshmark, and TikTok shops.

While online shopping has long ceased to be a perilous activity, some dangers still lurk in the digital shadows. For example, the Cybernews research team recently found two unprotected Azure Blob Storage containers containing over 1.6 million files.

According to the team, both exposed instances contained shipping email confirmations in HTML format. While the vast majority of the exposed data comes from users in the United States, some affected individuals seem to be from Canada and Australia.

“Given Etsy’s global prominence as a marketplace for millions of small businesses, the exposure of its shipping email confirmation data has serious implications for the privacy and safety of its customers,” researchers said.

Most of the exposed shipping details come from the global e-commerce company Etsy, although researchers noted that some entries come from TikTok shops, Poshmark, and Embroly.

Most of the files are email versions of shipping confirmations, meaning the exposed include:

Full names
Home addresses
Email addresses
Shipping order details

Why is an Etsy shipping email leak dangerous?

Skilled attackers may utilize leaked details for various nefarious purposes. For example, they could impersonate Etsy or associated shipping services to launch convincing phishing campaigns.

Specific order details could be utilized to trick recipients into revealing sensitive personal or financial information. The emails would appear legitimate due to the inclusion of order data, increasing the likelihood of successful exploitation.

Microsoft’s Russian subsidiary to file for bankruptcy

One of Microsoft’s subsidiaries in Russia is planning to file for bankruptcy, according to a note posted on the official Fedresurs registry.

Key takeaways:
Microsoft Rus LLC plans to file for bankruptcy
The move follows Putin saying that foreign service providers should be "throttled"
The note detailed that Microsoft Rus LLC was intending to declare bankruptcy, according to Reuters.

According to the filing, the unit’s revenue dropped from RUB 6.9 billion ($89 million) in 2021 to RUB 161.6 million ($2 million) in 2024. Despite that, the company still managed to turn a profit of RUB 174.1 million ($2.2 million).

Reportedly, Microsoft has three other Russian units - Microsoft Development Centre Rus, Microsoft Mobile Rus, and Microsoft Payments Rus, although it’s not certain whether they will remain operational.

Microsoft had already removed the mobile apps of the Russian state-owned media outlet RT from the Windows App Store and banned advertisements on Russian state-sponsored media.

Although the company began scaling down its operations in the country after Russia’s full-scale invasion of Ukraine, Microsoft remained present there until the end of 2024. In 2025, 13 of its branches in major cities such as Moscow, St Petersburg, Yekaterinburg, and Vladivostok were officially closed.

Earlier this week, Putin said that foreign service providers like Microsoft and Zoom should be "throttled", allowing Russia to develop its own software solutions.

Google's Russian subsidiary was also recognised as bankrupt by a Moscow court in 2023 - a year after authorities seized its bank account, making it impossible to pay employees and vendors.

China’s tech giants switch to domestic chips amid US trade pressure

Chinese technological companies have been forced to shift their development of artificial intelligence (AI) to homegrown chips amid worsening US-China trade tensions.

Key takeaways:

Chinese companies search for alternatives to Nvidia chips
While there are a few options available, the most popular one is Huawei chips
The Washington, however, has warned companies against using them "anywhere in the world"
Donald Trump’s administration moved to restrict sales of a popular chip, Nvidia’s H20, forcing companies like Alibaba, Tencent, and Baidu to test alternative options to meet growing AI demand at home.

The existing stockpile of Nvidia’s H20 will only last Chinese companies until roughly early next year, according to the Financial Times. In turn, new chip orders can take up to six months to be shipped - and that’s only if Nvidia can present a processor that’s compliant with Trump’s strict export rules.

Nvidia is expected to start producing compliant chips for Chinese export in early July, although they will likely not have high-bandwidth memory (HBM), which is critical for processing large volumes of data. Details about the potential processors also remain unclear.

Nvidia chief Jensen Huang commented on the situation during an analyst earnings call on Wednesday, saying: “We don’t have anything at the moment.”

And yet, it seems like Chinese tech magnates are feeling confident in their ability to deal with the issue on their own.

“We believe that over time, domestically developed self-sufficient chips, along with increasingly efficient homegrown software stacks, will jointly form a strong foundation for long-term innovation in China’s AI ecosystem,” Shen Dou, head of Baidu’s AI cloud group, said, adding that the company has a variety of chip options to consider.

Alibaba chief Eddie Wu also said that the company is exploring “diversified solutions to meet rising customer demand.”