In partnership with
⏱️ ≈ 7-minute read
Editor’s Note: This week’s breach report reads like a sci-fi plot. Genetic data leaks, “white-hat” hackers gone rogue, and AI models secretly hosting command-and-control traffic—if there’s a boundary left between science, crime, and comedy, attackers are crossing it in style.
📬 This Week’s Clickables
📌 Big News: 23andMe’s genetic fiasco | Cyber “experts” moonlight for BlackCat
🚨 Can’t Miss: SK Telecom profit crash | Windows zero-day | FCC rollback | Flock Safety probe
🤖 AI in Cyber: SesameOp malware | Claude API leak | Zscaler AI grab | AI phishing hits schools
🧪 Strange Cyber Story: Cargo hijack via remote monitoring tools
🚨 Big Stories
🧬 23andMe Breach Proves DNA Can Be Weaponized
Intro: When “personal data” literally means you, cybersecurity takes on a new flavor. 23andMe’s latest breach turned genetic code into the newest kind of exploit.
What Happened: Hackers swiped genetic and ancestry data from millions of users, and the company responded with a five-year “genetic monitoring” program—because apparently you can’t just rotate your chromosomes every 90 days.
Why It’s Important: DNA is immutable, and once stolen it opens long-tail risks in identity, healthcare, and insurance domains.
The Other Side: 23andMe claims stronger authentication and data segregation are in place, but the trust damage may outlast any control measure.
👉 Takeaway: DNA is forever — and so is its breach.
TL;DR: Your genes got pwned. Still feel good about that “share with researchers” box?
Further Reading: Reuters coverage | EFF on genetic privacy
In 2018, researchers encoded malware into synthetic DNA to exploit genome-sequencing software. (University of Washington)⚖️ Two “Cybersecurity Experts” Indicted for BlackCat Ransomware Ops
Intro: Turns out some of the good guys weren’t. The DOJ charged two consultants who allegedly used their day jobs to fuel night-time ransomware operations.
What Happened: Investigators say the duo took insider intel from clients to target networks for the BlackCat/ALPHV crew and laundered proceeds through crypto mixers.
Why It’s Important: It’s a rare peek at the “dual-hat” phenomenon where trusted defenders flip sides for profit — and a wake-up call on how poor vetting can become a breach vector.
The Other Side: Defense lawyers claim “research overlap,” but the DOJ calls it straight extortion.
👉 Takeaway: When the SOC analyst becomes the threat actor, “trust but verify” feels quaint.
TL;DR: Insiders gone evil. Audit your own heroes.
Further Reading: BleepingComputer report
Tech moves fast, but you're still playing catch-up?
That's exactly why 100K+ engineers working at Google, Meta, and Apple read The Code twice a week.
Here's what you get:
Curated tech news that shapes your career - Filtered from thousands of sources so you know what's coming 6 months early.
Practical resources you can use immediately - Real tutorials and tools that solve actual engineering problems.
Research papers and insights decoded - We break down complex tech so you understand what matters.
All delivered twice a week in just 2 short emails.
🔥 Can’t Miss
📉 SK Telecom Breach Crashes Profit by ~90% in Q3 — A massive data breach drove SK Telecom’s operating profit into freefall, erasing nearly all quarterly earnings and spooking investors across Asia’s telecom sector. The incident highlights how cyber resilience is now a financial metric, not just a security one. 👉 Takeaway: Cyber risk translates directly to shareholder value — and this one hurt.
🖥️ Windows Zero-Day Exploited Against European Diplomats — China-linked actors weaponized a fresh Windows vulnerability to breach European embassies and policy networks. The exploit bypasses common defensive tools and was in use weeks before disclosure. 👉 Takeaway: Patch speed is national security speed.
📡 FCC Plans Rollback of Post-Breach Telecom Cyber Rules — Despite a spike in telecom intrusions, the FCC wants to ease reporting and resilience requirements put in place last year. Critics argue the move prioritizes industry comfort over consumer protection. 👉 Takeaway: Rolling back cyber regulation in 2025 feels a lot like removing seatbelts during rush hour.
🔍 Lawmakers Press FTC to Probe Flock Safety Over License-Plate Data — A bipartisan letter urged the FTC to investigate Flock Safety’s security of billions of plate and location records collected from neighborhood cameras. Privacy groups warn a breach could map entire cities in minutes. 👉 Takeaway: Data at this scale is basically surveillance infrastructure — and attackers know it.
Master ChatGPT for Work Success
ChatGPT is revolutionizing how we work, but most people barely scratch the surface. Subscribe to Mindstream for free and unlock 5 essential resources including templates, workflows, and expert strategies for 2025. Whether you're writing emails, analyzing data, or streamlining tasks, this bundle shows you exactly how to save hours every week.
🤖 AI in Cyber
🧠 “SesameOp” Malware Abuses OpenAI Assistants API for C2 — Microsoft researchers found a backdoor that routes commands through legitimate OpenAI traffic, making malicious activity blend into normal API noise. It’s the latest proof that attackers don’t just exploit apps — they abuse trust in AI services themselves. 👉 Takeaway: Your firewall can’t spot evil if it’s wearing an AI badge.
🧩 Claude AI API Abuse Lets Attackers Exfil Data via Prompt Injection — A new study shows malicious prompts can force AI assistants to leak sensitive information from connected files and systems. This turns the AI interface into a quiet data tunnel for intruders. 👉 Takeaway: Every new AI endpoint is another port to defend.
🤝 Zscaler Buys SPLX to Supercharge AI Security — The Zero-Trust leader snapped up SPLX, an AI red-teaming startup specializing in adversarial testing. Analysts say it’s a signal that AI threat simulation is going mainstream in defensive strategy. 👉 Takeaway: You can now buy AI resilience — if you can afford the valuation.
👩🎓 AI-Generated Phishing Hits K-12 Schools via Deepfakes and Impersonation — Hackers are targeting schools with AI-crafted emails and voice clones impersonating administrators and teachers. Weaker IT budgets and user awareness make education the perfect training ground for AI social engineering. 👉 Takeaway: If you think your organization is too small to be phished, AI just proved you wrong.
🧟♂️ Strange Cyber
🚚 Hackers Hijack Freight Using Remote-Monitoring Tools
Intro: In a cross-over of heist movie and cybercrime, attackers commandeered real trucks through legit telematics platforms.
What Happened: Proofpoint found criminals using stolen RMA credentials to reroute cargo mid-transit, turning fleet dashboards into digital getaway cars.
Why It’s Important: It demonstrates how industrial IoT blurs the line between virtual and physical loss — cyber risk now comes with engine oil.
The Other Side: Vendors patched fast, but experts warn the attack blueprint is now out there.
👉 Takeaway: Your “connected supply chain” might also be a connected getaway vehicle.
TL;DR: Hackers stole trucks with Wi-Fi. When’s your last OT pen test?
Further Reading: Proofpoint report
Thanks for reading this week’s edition. Like what you see? Forward it!
Hate everything you see or have other feedback? Reply back to this email!