Feb 03, 2026

Subject: Risky Bulletin: StopICE Blames Hack on “a CBP Agent Here in SoCal”

Summary:

– StopICE, an app used to track US ICE raids, suffered a security breach linked to a CBP agent in Southern California.

– The hack involved spamming users with SMS messages and was attributed to a compromised downstream carrier API.

– There were accusations that user data (names, logins, passwords, location) were shared with law enforcement, which StopICE denied.

– Only users enrolled in the optional “location assist” feature, which collected geolocation data for neighborhood alerts, were affected.

– A similar hack reportedly targeted Eyes Up, another app for documenting ICE raids.

– Additional cybersecurity news includes leaks from Chat & Ask AI, Microsoft disabling NTLM in next Windows version, Polish ban on Chinese cars in military bases, and Ivanti patching two zero-days.

– FBI launched Operation Winter SHIELD, a cybersecurity awareness campaign.

– Nations like France and Russia are emphasizing cybersecurity training and infrastructure.

– New malware strains and exploits including DynoWiper and Pulsar RAT have been analyzed.

– AI infrastructure exposures and malicious VS Code extensions and container images identified.

– Multiple cybercrime arrests and cyber-insider reports on groups like StopLamers and Scattered Lapsus$ Hunters.

– Podcasts and interviews on related threat intelligence and cybersecurity topics available.

Subject: StopICE platform reportedly hit by a breach, 100k users’ data exposed to US feds

Summary:

– StopICE, an anti-ICE activism app, experienced a major breach exposing sensitive data (names, credentials, phone numbers, GPS locations) of 100,000+ users to US federal agencies including FBI, ICE, and HSI.

– Breach details shared on Reddit and social media; breach possibly linked to Sherman Martin Austin, an online activist.

– Civil liberties groups warn of disproportionate impacts on activist communities due to data insecurity.

– StopICE users advised to change passwords and exercise caution.

– Moltbook, a social media site for AI agents, had API misconfigurations exposing agent control to outsiders; fixed after disclosure by hacker Jameson O’Reilly.

– Over 230 malicious skills targeting Claude Code and Moltbot users were found on ClawHub and GitHub, masquerading as crypto trading tools but delivering info-stealing malware.

– Russian hacker alliance “Russian Legion” warned Denmark of a large-scale cyberattack (OpDenmark), targeting energy sector with DDoS threats.

– Notepad++ investigated a hijacking vulnerability sustained via hosting provider compromise, possibly by Chinese actors, redirecting update traffic to malicious servers.

– US DOJ seized multiple pirated content domains from Bulgaria operated illegally.

– Cyberattack disrupted digital systems at Vladimir Bread Factory in Russia causing supply chain and delivery complications.

– FBI document revealed Jeffrey Epstein had a “personal hacker” who developed zero-days and sold exploits to multiple governments and Hezbollah.

– SentinelOne and Censys identified 175,000 AI infrastructure hosts exposed on the internet, many able to execute code.

– Coupang interim CEO Harold Rogers underwent police questioning over data breach possibly impacting 33 million users.

– DHS used Palantir AI tools utilizing public LLMs to process tips for ICE investigations.

– DeFi platforms Step Finance and CrossCurve suffered major breaches causing tens of millions in assets stolen.

– Bangladesh’s Jamaat-e-Islami party’s official social media accounts hacked with offensive content.

– Google accused in a whistleblower lawsuit of violating its own AI use policies by assisting Israeli military contractor’s drone footage analysis.

– Additional reports on honey pot experiments attracting few hackers and xAI’s controversial embrace of adult content to increase engagement.

Subject: Poland’s energy infrastructure lacked basic security measures | The CyberWire 2.2.26s

Summary:

– CERT Polska published a report on a Russian cyberattack targeting Poland’s energy infrastructure in December 2025.

– Attack affected wind and solar farms and a heat-and-power plant but caused no power outages.

– CERT Polska found poor security practices including default passwords, unpatched devices, and lack of MFA.

– Attribution is made to Russian group “Berserk Bear” also known as “Dragonfly,” distinct from Sandworm linked by ESET and Dragos.

– Notepad++ faced update hijacking by suspected Chinese state-sponsored group via hosting provider compromise lasting June-Dec 2025.

– Former Google engineer Linwei Ding convicted for stealing AI trade secrets related to Google’s TPU chips, GPUs, and AI supercomputers for Chinese government benefit.

– Ding faces decades in prison for multiple economic espionage and theft charges.

– Sponsored content about securing enterprise AI at upcoming conferences included.

Subject: Default ICS Credentials Exploited in Attack on Polish Energy

Summary:

– Destructive cyberattack on Polish energy infrastructures exploited default credentials in industrial control systems (ICS).

– Attack linked to Russian state-affiliated threat groups causing bricking of some devices following intrusion.

– SecurityWeek highlights supply chain attacks including Notepad++ hack linked to Chinese actors through compromised hosting provider.

– Discussions on social engineering trends, AI cybersecurity challenges, and various emerging threats.

– Articles discuss the need to move beyond traditional MFA for identity security and stresses overreliance on AI automation.

– Additional intelligence on recent malware campaigns, blockchain vulnerabilities, and AI exposure.

– Event announcements and reports including Doppel’s 2026 social engineering predictions and RSAC 2026 conference information included.

Stay Well!