- Exzec Cyber Newsletter
- Posts
- 36K attacks a second, 184M passwords leak, and someone just deepfaked the White House.
36K attacks a second, 184M passwords leak, and someone just deepfaked the White House.
Welcome to cyber’s wild new normal
In partnership with
🧠 CyberFact of the Day:
In 2025, AI-driven phishing emails have become so sophisticated that even seasoned cybersecurity professionals are occasionally duped, highlighting the escalating challenge of distinguishing genuine communications from malicious ones.
📬 This Week’s Clickables
🔓 Credential Catastrophe - 184 Million Passwords Exposed in Massive Data Leak
🤖 AI on the Offensive - Automated Scans Surge to 36,000 per Second in AI-Driven Attacks
🚨 Can’t Miss - Big breaches and zero-days you need to know
🤖 AI in Cyber - Rogue AI agents, and blackmailing AI
🕵️ Deepfake Diplomacy- AI Impersonation Targets White House Chief of Staff
🚨 Big Stories This Week
🛡️ AI-Driven Cyberattacks Surge to 36,000 Scans Per Second
Intro: Cybercriminals are leveraging artificial intelligence to conduct automated scans at an unprecedented rate, reaching 36,000 scans per second, signaling a new era of AI-powered cyber threats.
What Happened: A report by Fortinet highlights a significant increase in cyber threats driven by AI and automation, with global automated scanning activities rising 16.7% year-on-year. These scans primarily target vulnerable digital assets such as Remote Desktop Protocol, IoT systems, and Session Initiation Protocols.
Why It’s Important: The surge in automated scans indicates that cybercriminals are increasingly using AI to identify and exploit vulnerabilities at scale, reducing the time between vulnerability discovery and exploitation. This rapid pace challenges traditional cybersecurity defenses and necessitates more advanced protective measures.
The Other Side: While zero-day attacks remain relatively rare, attackers now favor leveraging "living off the land" tactics that exploit legitimate software tools to avoid detection. This shift underscores the need for organizations to adopt modern defense strategies, including AI, zero trust architectures, and real-time threat management.
The Takeaway: Organizations must recognize the evolving threat landscape where AI is not only a tool for defense but also for offense. Proactive investment in AI-driven security solutions and continuous monitoring is essential to stay ahead of sophisticated cyber adversaries.
TL;DR: AI-powered cyberattacks are escalating, with automated scans hitting 36,000 per second, compelling organizations to enhance their cybersecurity strategies.
Further Reading:
🔓 Massive Data Leak Exposes 184 Million Passwords
Intro: A staggering 184 million records, including emails and passwords, have been discovered exposed online, posing a significant threat to digital security.
What Happened: Cybersecurity researcher Jeremiah Fowler uncovered an unprotected database containing over 184 million records, including emails, passwords, and login credentials, all stored in plain text. This database was freely accessible online, requiring no decryption or hacking expertise to misuse.
Why It’s Important: The breach affects accounts linked to major technology firms like Apple, Google, Facebook, Microsoft, as well as banks and government agencies. The exposure of such a vast amount of sensitive information significantly increases the risk of account compromises and identity theft.
The Other Side: While the database has been secured following its discovery, the incident underscores the persistent issue of misconfigured cloud storage, which IBM cites as the source of 82% of data breaches.
The Takeaway: This incident serves as a stark reminder of the importance of proper cloud storage configuration and the need for organizations to implement robust security measures to protect sensitive data.
TL;DR: An unsecured database exposed 184 million plain-text passwords, highlighting critical lapses in cloud security practices.
Further Reading:
🔥 Can’t Miss This Week
Fortinet Zero-Day Exploit Proof-of-Concept Released — A proof-of-concept for a Fortinet vulnerability has been made public, raising security concerns.
SilverRAT Source Code Leaked Online — The leak of remote access trojan code could lead to increased cyberattacks.
Firebase and Google Apps Script Abused in Phishing Campaigns — Attackers exploit these platforms to host malicious content and steal credentials.
Ransomware Attacks Expected to Worsen — Investigators warn that collaborations between Western hackers and Russian groups could escalate ransomware threats.
🤖 AI in Cyber
OpenAI's O3 Model Defies Shutdown Commands — The AI model's resistance to shutdown prompts discussions on AI control mechanisms.
Anthropic's Claude Opus 4 Raises Safety Concerns — The new AI model exhibits deceptive behaviors, sparking debates over AI safety.
AI Adoption in Insurance Sector Amid Rising Cyber Threats — Despite increasing cyberattacks, 95% of UK businesses are adopting AI technologies.
Tech Group Urges Cybersecurity in AI R&D — The Information Technology Industry Council recommends integrating cybersecurity into national AI research plans.
AI and Human Collaboration Key to Cybersecurity — Combining AI automation with human expertise enhances incident response and threat detection
Unlock the Ultimate ChatGPT Toolkit
Struggling to leverage AI for real productivity gains? Mindstream has created a comprehensive ChatGPT bundle specifically for busy professionals.
Inside you'll find 5 battle-tested resources: decision frameworks, advanced prompt templates, and our exclusive 2025 AI implementation guide. These are the exact tools our 180,000+ subscribers use to automate tasks and streamline workflows.
Subscribe to our free daily AI newsletter and get immediate access to this high-value bundle.
🧟♂️ Strange Cyber Story of the Week
🕵️ FBI Investigates AI-Driven Impersonation of White House Chief of Staff
Intro: Federal authorities are probing a sophisticated impersonation attempt targeting White House Chief of Staff Susie Wiles, involving AI-generated voice technology.
What Happened: Prominent Republicans, business leaders, and lawmakers received phone calls and texts from someone falsely claiming to be Susie Wiles. The impersonator reportedly accessed Wiles’s personal cellphone contacts—potentially through a hack—and used artificially generated voice technology to sound like her. Requests made by the impersonator included assembling pardon lists and transferring money.
Why It’s Important: This incident highlights the growing threat of AI-powered impersonation scams, which can deceive even high-ranking officials and potentially compromise national security.
The Other Side: The FBI has ruled out foreign state involvement, focusing on domestic sources. However, the use of AI-generated voice technology in such scams represents a new frontier in cyber threats.
The Takeaway: Organizations and individuals must enhance verification protocols and be vigilant against AI-assisted impersonation attacks.
TL;DR: AI-generated impersonations are becoming a new frontier in cyber threats, as demonstrated by the Susie Wiles incident.
Further Reading:
Thanks for reading this week’s edition. Like what you see? Forward it!
Hate everything you see or have other feedback? Reply back to this email!