Authorities have named Tyler Robinson as a suspect in the murder of right-wing influencer Charlie Kirk, citing Discord messages as evidence of his alleged role.

The manhunt for the shooter who killed conservative activist Charlie Kirk ended Friday with a suspect taken into custody, authorities said.

Utah’s Department of Public Safety and the FBI confirmed the arrest during a morning briefing, capping a two-day search that began after the 31-year-old podcaster and Turning Point USA cofounder was fatally shot at Utah Valley University in Orem, Utah, on Wednesday.

Authorities identified the suspect as 22-year-old Tyler Robinson of Washington, Utah, after receiving a tip from a friend of Robinson’s family. Officials said the tip came late Thursday night, prompting agents to move quickly to locate and arrest him. A $100,000 reward for information leading to the identification and arrest of the shooter was announced Thursday.

President Donald Trump first announced the arrest in a live interview on Fox News, claiming, “With a high degree of certainty, we have him.”

At a press briefing Friday, Utah governor Spencer Cox announced Robinson had been arrested in the early hours of September 12 after a family member reached out to a family friend, who contacted authorities. The friend told investigators that Robinson had hinted at his involvement in the shooting. The tip was relayed through local law enforcement to the FBI and Utah county investigators, who matched Robinson’s gray Dodge Challenger and clothing to campus surveillance footage from the day of the shooting. A family member also told investigators that Robinson spoke critically of Kirk.

Cox said Robinson’s roommate also cooperated, showing investigators Discord messages in which Robinson discussed retrieving and hiding a rifle, leaving it wrapped in a towel, monitoring the drop site, and engraving bullets.

Later on Friday, Discord told NBC News in a statement that the company “identified a Discord account associated with the suspect,” which Discord has now removed. However, the company said the discussion Cox cited did not involve that account.

“The messages referenced in recent reporting about planning details do not appear to be Discord messages,” a Discord spokesperson told NBC News. “These were communications between the suspect’s roommate and a friend after the shooting, where the roommate was recounting the contents of a note the suspect had left elsewhere.”

FBI director Kash Patel outlined the bureau’s role in the investigation, stressing the speed of the response and coordination with Utah authorities. He said agents arrived on scene within 16 minutes of the shooting, secured the area alongside local police, and quickly began moving evidence to FBI labs in Quantico for analysis. “The FBI and our partners are proud to stand here today together to bring justice to the family of Charlie Kirk and honor his memory,” he said.

Patel closed his remarks with a brief eulogy for Kirk, saying, “I’ll see you in Valhalla.”

Beyond the Discord account mentioned by Cox, Robinson appears to have had virtually no online footprint that could be immediately identified in public or private databases. Internet users produced images they claimed came from family photo albums posted online, but the accounts of his immediate family members were shut down quickly, and these images couldn't be verified; none pointed to any obvious motive or ideology.

In a statement, Utah State University confirmed that Robinson briefly attended the school for one semester in 2021.

Investigators recovered a Mauser .30-caliber hunting rifle near the scene of the shooting, allegedly abandoned by the gunman as he fled into a wooded area. A spent round was found in the chamber, with three live cartridges in the magazine. Cox said Friday that the casings bore engraved inscriptions. They reportedly include memes to crude jokes, such as “if you read this, you are gay. LMAO.”

Authorities say the shooter fired from a rooftop overlooking a courtyard where Kirk was hosting one of his trademark “prove me wrong” campus debates. Widely shared footage online shows Kirk addressing a question on mass shootings when a bullet suddenly strikes him in the neck.

Roughly 3,000 people are estimated to have been in attendance. Millions more were confronted by gruesome footage of the incident online, in some cases autoplaying across major platforms like TikTok, Instagram, and X, where researchers say efforts to combat the spread of violent content have broadly declined.

The investigation unfolded at a moment when the FBI was already under fire. In recent weeks, the bureau has endured sweeping dismissals of senior and mid-level agents, moves alleged in a lawsuit this week to be politically motivated purges. The shake-ups are said to have sapped institutional knowledge and morale, signaling to agents that defying political directives could cost them their careers.

The days after the shooting were marked by confusion. Within hours, state and federal officials issued conflicting accounts of whether anyone had been detained. The FBI’s Patel briefly announced that a “subject” was in custody, only to later announce that the person had been released. Scrapped press conferences and uneven briefings fueled further uncertainty, with rampant speculation on TV news and social media rushing to fill the gaps in credible information.

Far-right influencers and extremist groups took to posting the personal details of people they accused of celebrating Kirk’s death, triggering harassment campaigns and death threats. Within hours of the shooting, a website began compiling names, social media handles, and employers of accused offenders.

That atmosphere grew even darker on Thursday, when the Democratic National Committee’s headquarters in Washington, DC, was briefly locked down over a bomb threat, which Capitol Police later deemed not credible. More than a dozen historically Black colleges and universities received hoax threats that forced lockdowns and class cancellations across several campuses.

Patel defended the FBI’s investigation during Friday’s press conference, saying it took “less than 36 hours—33 hours, in fact” for authorities to arrest Robinson. “This is what happens when you let good cops be cops,” Patel said.

FBI communications reviewed by WIRED show that agents had previously flagged Kirk’s events as potential flash points. In an April 2021 email, first obtained by the nonprofit Property of the People via public records request, a member of a Seattle-based FBI intelligence group is shown alerting other agents to Kirk’s appearances in Washington state. The events are listed among others flagged for having the potential to “lead to political violence.”

_Updated 3 pm ET, September 12, 2025: Added comment from Discord regarding messages related to the shooting._

Charlie Kirk Shooting Suspect Identified as 22-Year-Old Utah Man

Scattered Lapsus$ Hunters, linked to the Jaguar Land Rover cyberattack, claims to shut down as experts suggest the…

Scattered Lapsus$ Hunters, linked to the Jaguar Land Rover cyberattack, claims to shut down as experts suggest the group is fracturing under pressure.

For days, there had been silence from Scattered Lapsus$ Hunters, the group suspected of carrying out the recent cyber attack on Jaguar Land Rover (JLR). Now the hackers have resurfaced with a statement, not to announce another breach, but to declare they are walking away.

The announcement appeared first on the group’s Telegram channel and then on BreachForums.hn, a domain owned by the group. The post described the last 72 hours as a period spent with family and a time to activate “contingency plans.” It portrayed the pause as strategic, claiming that while attention was on headline-grabbing attacks against Google, Salesforce, and CrowdStrike, the group was quietly preparing its exit.

The message read more like a manifesto than a farewell. It listed corporations such as Air France, American Airlines, British Airways, and luxury group Kering as firms that “know” they have suffered breaches but have yet to receive ransom demands.

It also warned that forthcoming reports of data leaks at multinational companies and government agencies would not signal continued activity, only the delayed fallout of earlier campaigns.

At the same time, the group addressed arrests connected to affiliated operations like. It expressed sympathy for individuals facing prosecution, framing them as scapegoats and collateral damage in what it described as a war against powerful institutions. The statement closed with a farewell signed by a long roster of aliases, from IntelBroker (arrested in June 2025) to Trihash, and declared that the collective would now “go dark.”

Message from the Scattered Lapsus$ Hunters Hacker Group (Image credit: Hackread.com)

While the post suggests careful planning, experts remain sceptical. Cian Heasley, principal consultant at Acumen Cyber, described the move as a transparent attempt to buy breathing space. “This is a group that thrives on volatility. The idea that they have calmly activated contingency plans seems farfetched,” he said. “It’s more likely they are panicking about prison time, debating how much attention they want, and lying low until the dust settles.”

Heasley noted that the reference to undisclosed breaches is significant, as it indicates victims may still be unaware of compromises. At the same time, he suggested the post could simply be the hackers throwing one last punch, pointing to how far they managed to get. “They say they hold the power, but the real message is that Scattered Lapsus$ Hunters is running scared,” he added.

Whether this is a genuine shutdown or a temporary pause, more breach disclosures are expected in the coming weeks as investigations catch up with their campaigns. History suggests that even if Scattered Lapsus$ Hunters does not return in its current form, some of its members will. The money and thrill of high-profile hacking are rarely abandoned for long.

Scattered Lapsus$ Hunters Hacker Group Announces Shutdown

A new report from Cofense reveals that cybercriminals are blending phishing and malware, including Muck Stealer, Info Stealer,…

A new report from Cofense reveals that cybercriminals are blending phishing and malware, including Muck Stealer, Info Stealer, ConnectWise RAT, and SimpleHelp RAT in dual-threat attacks, making them harder to defend against.

According to cybersecurity researchers at Cofense, a cyber threat intelligence firm, threat actors have begun combining credential phishing and malware. This dual-threat approach makes it much harder for companies to defend themselves against a single attack.

An email, for instance, was once assumed to be either a credential phishing attempt or malicious software. Now, however, criminals are using a new strategy. By combining both methods, they can succeed even if a company has invested heavily in one area of protection over the other.

****A Mix of Tactics****

The report revealed that attackers are using several different methods to launch these combined attacks. In one campaign from December 2024, attackers first used a malicious downloader that installed Muck Stealer malware on a victim’s computer. The malware then launched a fake login page to collect additional information. According to the researchers, this HTML file also served as a “method of disguising Muck Stealer’s activities.”

In another campaign from January 2025, the approach was reversed. Victims were first directed to a credential phishing page where they were asked to enter their login details. As soon as they entered their information, a customised Information Stealer was downloaded and installed on their computer. Researchers noted that criminals were deliberately “doubling up and very specifically targeting the Microsoft Office credentials of victims.”

A campaign delivering Muck Stealer and a credential phishing HTML file, and a campaign delivering credential phishing and customised Information Stealer (Source: Cofense Intelligence)

****More Adaptable and Dangerous****

In another notable campaign, threat actors were seen spoofing the American Social Security Agency. These benefits-themed emails contained an embedded link that, when clicked, first downloaded ConnectWise RAT and then led the victim to an extensive credential phishing page. This page then collected specific personal details that the malware couldn’t, including the victim’s Social Security Number, mother’s maiden name, and phone carrier PIN.

The report also detailed an interesting campaign from July 2025, where the malware payload was changed depending on the victim’s device. For example, a link from a Windows computer would lead to a fake Microsoft Store page that downloaded SimpleHelp RAT (a type of software that lets an attacker control the computer), while the same link on an Android phone would deliver a different kind of malware designed specifically for that system.

A common link in many of these campaigns is the delivery of ConnectWise RAT. The report, which was shared with Hackread.com, concludes that having multiple attack methods allows criminals to gather more information and bypass security designed to catch only one type of threat, marking a noteworthy shift in how cybercriminals are operating.

Muck Stealer Malware Used Alongside Phishing in New Attack Waves

The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with.
As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid

The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can't keep up with.

As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid environments, sift through thousands of alerts, and protect dynamic applications that evolve multiple times per day. The question isn't just how to detect risks earlier — it's how to prioritize and respond to what really matters in real time.

That's where cloud-native application protection platforms (CNAPPs) come into play. These platforms consolidate visibility, compliance, detection, and response into a unified system. But in 2025, one capability is proving indispensable: **runtime visibility.**

****The New Center of Gravity: Runtime****

For years, cloud security has leaned heavily on preventative controls like code scanning, configuration checks, and compliance enforcement. While essential, these measures provide only part of the picture. They identify theoretical risks, but not whether those risks are **active and exploitable in production.**

Runtime visibility fills that gap. By observing what workloads are actually running — and how they behave — security teams gain the highest fidelity signal for prioritizing threats. Runtime context answers critical questions:

*   Is this vulnerability reachable in a live workload?
*   Is this misconfiguration creating a real attack path?
*   Is this workload being exploited right now?

Without runtime, organizations risk chasing false positives while attackers exploit real weaknesses. With runtime, teams can focus on fixing the issues that matter most, reducing both noise and exposure.

****From Prevention to Prioritization****

Modern enterprises face an avalanche of alerts across vulnerability scanners, cloud posture tools, and application security platforms. The volume isn't just overwhelming — it's unsustainable. Analysts often spend more time triaging alerts than actually fixing problems. To be effective, organizations must map vulnerabilities and misconfigurations to:

*   The workloads that are actively running.
*   The business applications they support.
*   The teams responsible for fixing them.

This alignment is critical for bridging the gap between security and development. Developers often see security findings as disruptive, low-context interruptions. Security teams, meanwhile, lack the visibility into ownership and accountability that's needed to drive remediation.

By grounding prioritization in runtime insights, enterprises can ensure that the **right teams fix the right problems at the right time.**

****The Role of AI in Cloud Security****

Even with better prioritization, the sheer scale and complexity of cloud environments challenge human teams. This is where artificial intelligence is beginning to reshape the CNAPP landscape.

AI can help by:

*   **Correlating signals across domains.** Seemingly unrelated events in logs, network traffic, and workload behavior can reveal emerging attack campaigns.
*   **Reducing false positives.** Pattern recognition and large language models can identify which alerts are truly actionable.
*   **Accelerating response.** Automated reasoning can suggest remediation steps or even take action in low-risk scenarios.

At Sysdig, we've seen how AI can serve as a force multiplier for security teams. Our own AI security analyst, Sysdig Sage™, uses multi-step reasoning to analyze complex attack patterns and surface insights that traditional tools miss. For overburdened security operations centers (SOCs), this means faster detection and shorter mean time to resolution (MTTR).

The takeaway: AI isn't replacing security teams, but it is reshaping how they operate — by filtering noise, enriching context, and enabling smarter, faster decisions.

****Accountability and Collaboration****

Another challenge enterprises face is accountability. Security findings are only valuable if they reach the right owner with the right context. Yet in many organizations, vulnerabilities are reported without clarity about which team should fix them.

This is why mapping findings back to code artifacts, ownership, and deployment context is critical. It ensures that vulnerabilities discovered in production can be traced back to the team that introduced them. Security becomes a shared responsibility, not a siloed burden.

Partnerships and integrations play a key role here. For example, Sysdig's collaboration with Semgrep enables organizations to connect runtime vulnerabilities to their originating source code, reducing the back-and-forth between teams and streamlining remediation.

****Why Consolidation Is Inevitable****

Enterprises have long relied on best-of-breed security tools. But in the cloud, fragmentation becomes a liability. Multiple point products generate duplicate findings, lack shared context, and increase operational overhead.

CNAPP represents the next stage of consolidation. By unifying vulnerability management, posture assessment, threat detection, and incident response into a single platform, organizations can:

*   Eliminate silos.
*   Reduce tool sprawl.
*   Gain a single source of truth for cloud risk.

And most importantly, they can tie everything back to runtime, ensuring that real-world threats are never lost in the noise.

****Preparing for What's Next****

The rise of containers and cloud-native applications shows no sign of slowing. In fact, by the end of the decade, containers are expected to power half of all enterprise applications. With this growth comes pressure for security teams to adopt strategies that scale, simplify, and automate.

The future of cloud security will be defined by three priorities:

1.  **Runtime-powered visibility** to cut through noise and focus on real risk.
2.  **AI-driven assistance** to help teams triage, prioritize, and respond at machine speed.
3.  **Unified platforms** that consolidate fragmented tools into a single, contextual view of cloud risk.

Enterprises that embrace this model will be positioned to move faster, reduce exposure, and stay ahead of attackers. Those who cling to disconnected tools and reactive processes will find themselves increasingly outpaced.

****Secure What Matters, When It Matters****

The cloud has redefined how businesses build and run applications. It's now redefining how they must secure them. Runtime visibility, AI-driven prioritization, and unified platforms are no longer optional — they're essential.

At Sysdig, we believe the future of cloud security is rooted in real-time context and collaboration. By focusing on what's actively happening in production, organizations can align security and development, reduce false positives, and respond to threats with confidence.

The message is clear: **stop chasing every alert and start focusing on what matters most.**

To explore these trends in greater depth, download the full 2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.
The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges.
"

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.

The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges.

"Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: 'folderOpen' auto-execute the moment a developer browses a project," Oasis Security said in an analysis. "A malicious .vscode/tasks.json turns a casual 'open folder' into silent code execution in the user's context."

Cursor is an AI-powered fork of Visual Studio Code, which supports a feature called Workspace Trust to allow developers to safely browse and edit code regardless of where it came from or who wrote it.

With this option disabled, an attacker can make available a project in GitHub (or any platform) and include a hidden "autorun" instruction that instructs the IDE to execute a task as soon as a folder is opened, causing malicious code to be executed when the victim attempts to browse the booby-trapped repository in Cursor.

"This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply chain attacks," Oasis Security researcher Erez Schwartz said.

To counter this threat, users are advised to enable Workplace Trust in Cursor, open untrusted repositories in a different code editor, and audit them before opening them in the tool.

The development comes as prompt injections and jailbreaks have emerged as a stealthy and systemic threat plaguing AI-powered coding and reasoning agents like Claude Code, Cline, K2 Think, and Windsurf, allowing threat actors to embed malicious instructions in sneaky ways to trick the systems into performing malicious actions or leaking data from software development environments.

Software supply chain security outfit Checkmarx, in a report last week, revealed how Anthropic's newly introduced automated security reviews in Claude Code could inadvertently expose projects to security risks, including instructing it to ignore vulnerable code through prompt injections, causing developers to push malicious or insecure code past security reviews.

"In this case, a carefully written comment can convince Claude that even plainly dangerous code is completely safe," the company said. "The end result: a developer – whether malicious or just trying to shut Claude up – can easily trick Claude into thinking a vulnerability is safe."

Another problem is that the AI inspection process also generates and executes test cases, which could lead to a scenario where malicious code is run against production databases if Claude Code isn't properly sandboxed.

The AI company, which also recently launched a new file creation and editing feature in Claude, has warned that the feature carries prompt injection risks due to it running in a "sandboxed computing environment with limited internet access."

Specifically, it's possible for a bad actor to "inconspicuously" add instructions via external files or websites – aka indirect prompt injection – that trick the chatbot into downloading and running untrusted code or reading sensitive data from a knowledge source connected via the Model Context Protocol (MCP).

"This means Claude can be tricked into sending information from its context (e.g., prompts, projects, data via MCP, Google integrations) to malicious third parties," Anthropic said. "To mitigate these risks, we recommend you monitor Claude while using the feature and stop it if you see it using or accessing data unexpectedly."

That's not all. Late last month, the company also revealed browser-using AI models like Claude for Chrome can face prompt injection attacks, and that it has implemented several defenses to address the threat and reduce the attack success rate of 23.6% to 11.2%.

"New forms of prompt injection attacks are also constantly being developed by malicious actors," it added. "By uncovering real-world examples of unsafe behavior and new attack patterns that aren't present in controlled tests, we'll teach our models to recognize the attacks and account for the related behaviors, and ensure that safety classifiers will pick up anything that the model itself misses."

At the same time, these tools have also been found susceptible to traditional security vulnerabilities, broadening the attack surface with potential real-world impact -

*   A WebSocket authentication bypass in Claude Code IDE extensions (CVE-2025-52882, CVSS score: 8.8) that could have allowed an attacker to connect to a victim's unauthenticated local WebSocket server simply by luring them to visit a website under their control, enabling remote command execution
*   An SQL injection vulnerability in the Postgres MCP server that could have allowed an attacker to bypass the read-only restriction and execute arbitrary SQL statements
*   A path traversal vulnerability in Microsoft NLWeb that could have allowed a remote attacker to read sensitive files, including system configurations ("/etc/passwd") and cloud credentials (.env files), using a specially crafted URL
*   An incorrect authorization vulnerability in Lovable (CVE-2025-48757, CVSS score: 9.3) that could have allowed remote unauthenticated attackers to read or write to arbitrary database tables of generated sites
*   Open redirect, stored cross-site scripting (XSS), and sensitive data leakage vulnerabilities in Base44 that could have allowed attackers to access the victim's apps and development workspace, harvest API keys, inject malicious logic into user-generated applications, and exfiltrate data
*   A vulnerability in Ollama Desktop arising as a result of incomplete cross-origin controls that could have allowed an attacker to stage a drive-by attack, where visiting a malicious website can reconfigure the application's settings to intercept chats and even alter responses using poisoned models

"As AI-driven development accelerates, the most pressing threats are often not exotic AI attacks but failures in classical security controls," Imperva said. "To protect the growing ecosystem of 'vibe coding' platforms, security must be treated as a foundation, not an afterthought."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

A series of corporate leaks show that Chinese technology companies function far more like their Western peers than one might imagine.

A trove of internal documents leaked from a little-known Chinese company has pulled back the curtain on how digital censorship tools are being marketed and exported globally. Geedge Networks sells what amounts to a commercialized “Great Firewall” to at least four countries, including Kazakhstan, Pakistan, Ethiopia, and Myanmar. The groundbreaking leak shows in granular detail the capabilities this company has to monitor, intercept, and hack internet traffic. Researchers who examined the files described it as “digital authoritarianism as a service.”

But I want to focus on another thing the documents demonstrate: While people often look at China’s Great Firewall as a single, all-powerful government system unique to China, the actual process of developing and maintaining it works the same way as surveillance technology in the West. Geedge collaborates with academic institutions on research and development, adapts its business strategy to fit different clients’ needs, and even repurposes leftover infrastructure from its competitors. In Pakistan, for example, Geedge landed a contract to work with and later replace gear made by the Canadian company Sandvine, the leaked files show.

Coincidentally, another leak from a different Chinese company published this week reinforces the same point. On Monday, researchers at Vanderbilt University made public a 399-page document from GoLaxy, a Chinese company that uses AI to analyze social media and generate propaganda materials. The leaked documents, which include internal pitch decks, business goals, and meeting notes, may have come from a disgruntled former employee—the last two pages accuse GoLaxy of mistreating workers by underpaying them and mandating long hours. The document had been sitting on the open internet for months before another researcher flagged it to Brett Goldstein, a research professor in the School of Engineering at Vanderbilt.

GoLaxy’s main business is different from Geedge’s: It collects open source information from social media, maps relationships among political figures and news organizations, and pushes targeted narratives online through synthetic social media profiles. In the leaked document, GoLaxy claims to be the “number one brand in intelligence big data analysis” in China, servicing three main customers: the Chinese Communist Party, the Chinese government, and the Chinese military. The included technology demos focus heavily on geopolitical issues like Taiwan, Hong Kong, and US elections. And unlike Geedge, GoLaxy seems to be targeting only domestic government entities as clients.

But there are also quite a few things that make the two companies comparable, particularly in terms of how their businesses function. Both Geedge and GoLaxy maintain close relationships with the Chinese Academy of Sciences (CAS), the top government-affiliated research institution in the world, according to the Nature Index. And they both market their services to Chinese provincial-level government agencies, who have localized issues they want to monitor and budgets to spend on surveillance and propaganda tools.

GoLaxy didn’t immediately respond to a request for comment from WIRED. In a previous response to The New York Times, the company denied collecting data targeting US officials and called the outlet’s reporting misinformation. Vanderbilt researchers say they witnessed the company remove pages from its website after the initial reporting.

****Closer Than They Seem****

In the West, when academic scholars see opportunities to commercialize their cutting-edge research, they often become startup founders or start side businesses. GoLaxy seems to be no exception. Many key researchers at the company, according to the leaked document, still occupy spots at CAS.

But there’s no guarantee that CAS researchers will get government grants—just like a public university professor in the US can’t bet on their startup winning federal contracts. Instead, they need to go after government agencies like any private company would go after clients. One document in the leak shows that GoLaxy assigned sales targets to five employees and was aiming to secure 42 million RMB (about $5.9 million) in contracts with Chinese government agencies in 2020. Another spreadsheet from around 2021 lists the company’s current clients, which include branches of the Chinese military, state security, and provincial police departments, as well as other potential customers it was targeting.

Together, these two leaks show how the surveillance and propaganda industry in China is driven as much by economic forces as political ideology. “This echoes what I saw in researching emotion recognition AI and other surveillance tech, whose sales often appeared to be more motivated by market logic than by a grand plan to make the world more authoritarian,” says Shazeda Ahmed, a DataX postdoctoral scholar at UCLA.

****A Striking Detail****

The parallels with the West are hard to miss. A number of American surveillance and propaganda firms also started as academic projects before they were spun out into startups and grew by chasing government contracts. The difference is that in China, these companies operate with far less transparency. Their work comes to light only when a trove of documents slips onto the internet.

One of the aha moments I had reading the GoLaxy leak was when it explained the importance of its work by comparing it to Cambridge Analytica, a political consulting firm that harvested Facebook data from millions of users to target ads and influence elections.

“Internationally, besides helping Donald Trump win the 2016 US presidential election, the British company Cambridge Analytica had actually participated in more than 40 American political campaigns, and played an important behind-the-scenes role in events such as Ukraine’s Orange Revolution and the Brexit movement in the UK,” the document boasted.

An Associated Press investigation this week reveals that US companies have also allegedly participated in China’s surveillance market themselves. Over the course of decades, American firms sold software and hardware to Chinese police entities, some with features explicitly marketed for monitoring minority populations.

It is tempting to think of the Great Firewall or Chinese propaganda as the outcome of a top-down master plan that only the Chinese Communist Party could pull off. But these leaks suggest a more complicated reality. Censorship and propaganda efforts must be marketed, financed, and maintained. They are shaped by the logic of corporate quarterly financial targets and competitive bids as much as by ideology—except the customers are governments, and the products can control or shape entire societies.

_This is an edition of_ _**Zeyi Yang**_ _and_ _**Louise Matsakis’**_ _**Made in China newsletter**_. _Read previous newsletters_ _**here.**_

How China’s Propaganda and Surveillance Systems Really Operate

Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware.

Thursday, September 11, 2025 14:00

Welcome to this week’s edition of the Threat Source newsletter. 

I took a two-week vacation (thanks to Bill for covering my author shift last week) and made the deliberate choice to leave my laptop behind. No emails, IMs, no IT at all. Thank you, European work culture! It was a complete break. 

Well, almost. 

The weather didn’t always cooperate, so instead of freezing on a beach, I found myself catching up on TV — mostly news and a few series. But wherever I clicked, I just couldn’t escape the daily dose of AI. What can we do about invasive mosquitos? Ask AI. Government doesn’t move the needle? Ask AI. Want the weather forecast? AI, obviously. There are countless ads with people asking AI whether or not to wear a jacket “because it might rain.” Even with your favorite TV shows, gone are the days when the hoodied hacker sits in front of a black terminal with green text running a dangerous (haha) ping or nmap. Now, they're writing lines like, “Did you try breaking the firewall with our latest AI algorithm, bro?” 

Coming back to work and catching up on our industry news, I almost expected AI to be dominating the headlines. But it wasn't, and neither was ransomware. Instead, they were all about breaches. Many — but not all — reports referenced compromised OAuth tokens linked to Salesloft’s Drift integration, with a notable number of high-profile victims. Sure, this isn’t a scientific or qualitative analysis (ransomware isn’t disappearing anytime soon), but the reporting and the headlines have definitely shifted from one to the other. 

Looking past the buzzwords and catchphrases, the headlines really boiled down to two main themes: supply chain and identity attacks. In a SaaS world, I think it’s time to rethink their definitions and priority levels. 

Why? First, supply chain attacks aren’t limited to hardware or software anymore. We need to consider the datapath (or where data possibly is processed) as a key part of the supply chain. 

Second, identity attacks don’t just target users; interconnected applications are increasingly at risk, too. I’m not saying we can ignore the users, especially with current reporting that it started with access through a GitHub account or software vulnerabilities in our “classic” applications, but we absolutely need to broaden our focus. Last week’s headlines made that clear. 

**The one big thing **

Cisco Talos’ latest blog post details the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), a framework that helps organizations assess and enhance their cyber threat intelligence programs across 11 key domains. By outlining clear maturity levels and improvement cycles, CTI-CMM can help your team benchmark your current capabilities and develop a strategy for continuous (and practical) growth. 

**Why do I care? **

Understanding and improving your CTI program’s maturity can help your organization better anticipate, detect, and respond to cyber threats, no matter your budget or staffing level. It also makes the security investments you do have more effective, and ensure your team’s efforts are aligned with business priorities.  

**So now what? **

Check out the CTI-CMM framework to assess where your organization stands, identify gaps and opportunities, and create a roadmap to practical improvements for your organization.

**Top security headlines of the week **

**Huge NPM supply chain attack goes out with whimper**   
A supply chain attack involving multiple NPM packages had the potential to be one of the most impactful security incidents in recent memory, but such fears seemingly have proved unrealized. (Dark Reading) 

**Swiss Re warns of rate deterioration in cyber insurance**   
Increased competition among insurers has led to a third consecutive year of reduced rates, according to the report, as the available supply of cyber coverage has exceeded current demand. (Cybersecurity Dive) 

**Critical SAP vulnerability actively exploited by hackers**   
A critical security flaw has been found in several SAP products, and could allow a malicious actor to gain administrator-level control. (HackRead)

**No gains, just pains: 1.6M fitness phone call recordings exposed**   
Sensitive info from hundreds of thousands of gym customers and staff was left sitting in an unencrypted, non-password protected database. Audio recordings spanned from 2020 to 2025. (The Register)

**US offers $10M reward for Ukrainian ransomware operator**   
Volodymyr Tymoshchuk allegedly hit hundreds of organizations with the LockerGoga, MegaCortex, and Nefilim ransomware families. According to an indictment, the intrusions caused hundreds of millions of dollars in losses. (Security Week)

**China accuses Dior's Shanghai branch of illegal data transfer**   
China's public security authority alleges that Dior's Shanghai branch has transferred customers' personal data to its headquarters in France illegally, leading to a data leak in May. (Reuters)

**Can’t get enough Talos? **

*   **Beers with Talos: How to ruin an APT's day**  
    The B-Team is joined by Sara McBroom from Talos’ nation-state threat intelligence and interdiction team. Sara shares her journey from a liberal arts major to tracking some of the world’s most advanced adversaries.
*   **Who would sign up to secure a network full of hackers?**   
    Our latest video takes you behind-the-scenes at the Black Hat Network Operations Center (NOC) to see how Cisco and SnortML contain the chaos. 
*   **Patch Tuesday for Sept 2025**   
    In this month’s release, Microsoft observed none of the included vulnerabilities being exploited in the wild. However, there are eight vulnerabilities where exploitation may be likely. 
*   **Cisco: 10 years protecting Black Hat**   
    Cisco works with other official providers to bring the hardware, software and engineers to build and secure the Black Hat USA network: Arista, Corelight, Lumen, and Palo Alto Networks.

**Upcoming events where you can find Talos **

*   LABScon (Sept. 17 – 20) Scottsdale, AZ 
*   VB2025 (Sept. 24 – 26) Berlin, Germany 
*   Wild West Hackin' Fest (Oct. 8 – 10) Deadwood, SD

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256: 41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610**     
MD5: 85bbddc502f7b10871621fd460243fbc      
VirusTotal: https://www.virustotal.com/gui/file/41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610/details  
Typical Filename: N/A     
Claimed Product: Self-extracting archive     
Detection Name: Win.Worm.Bitmin-9847045-0 

**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**    
MD5: 2915b3f8b703eb744fc54c81f4a9c67f    
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507     
Typical Filename: VID001.exe    
Claimed Product: N/A    
Detection Name: Win.Worm.Coinminer::1201 

**SHA 256: c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0**    
MD5: 8c69830a50fb85d8a794fa46643493b2     
VirusTotal: https://www.virustotal.com/gui/file/c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0    
Typical Filename: AAct.exe     
Claimed Product: N/A     
Detection Name: PUA.Win.Dropper.Generic::1201

Beaches and breaches

In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.

In May 2025, the European Union levied financial sanctions on the owners of **Stark Industries Solutions Ltd.**, a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.

Image: Shutterstock.

Materializing just two weeks before Russia invaded Ukraine in 2022, Stark Industries Solutions became a frequent source of massive DDoS attacks, Russian-language proxy and VPN services, malware tied to Russia-backed hacking groups, and fake news. ISPs like Stark are called “bulletproof” providers when they cultivate a reputation for ignoring any abuse complaints or police inquiries about activity on their networks.

In May 2025, the European Union sanctioned one of Stark’s two main conduits to the larger Internet — Moldova-based **PQ Hosting** — as well as the company’s Moldovan owners **Yuri** and **Ivan Neculiti**. The EU Commission said the Neculiti brothers and PQ Hosting were linked to Russia’s hybrid warfare efforts.

But a new report from **Recorded Future** finds that just prior to the sanctions being announced, Stark rebranded to **the\[.\]hosting**, under control of the Dutch entity **WorkTitans BV** (AS209847) on June 24, 2025. The Neculiti brothers reportedly got a heads up roughly 12 days before the sanctions were announced, when Moldovan and EU media reported on the forthcoming inclusion of the Neculiti brothers in the sanctions package.

In response, the Neculiti brothers moved much of Stark’s considerable address space and other resources over to a new company in Moldova called **PQ Hosting Plus S.R.L**., an entity reportedly connected to the Neculiti brothers thanks to the re-use of a phone number from the original PQ Hosting.

“Although the majority of associated infrastructure remains attributable to Stark Industries, these changes likely reflect an attempt to obfuscate ownership and sustain hosting services under new legal and network entities,” Recorded Future observed.

Neither the Recorded Future report nor the May 2025 sanctions from the EU mentioned a second critical pillar of Stark’s network that KrebsOnSecurity identified in a May 2024 profile on the notorious bulletproof hoster: The Netherlands-based hosting provider **MIRhosting**.

MIRhosting is operated by 38-year old **Andrey Nesterenko**, whose personal website says he is an accomplished concert pianist who began performing publicly at a young age. **DomainTools** says mirhosting\[.\]com is registered to Mr. Nesterenko and to **Innovation IT Solutions Corp**, which lists addresses in London and in Nesterenko’s stated hometown of Nizhny Novgorod, Russia.

Image credit: correctiv.org.

According to the book _Inside Cyber Warfare_ by Jeffrey Carr, Innovation IT Solutions Corp. was responsible for hosting **StopGeorgia\[.\]ru**, a hacktivist website for organizing cyberattacks against Georgia that appeared at the same time Russian forces invaded the former Soviet nation in 2008. That conflict was thought to be the first war ever fought in which a notable cyberattack and an actual military engagement happened simultaneously.

Mr. Nesterenko did not respond to requests for comment. In May 2024, Mr. Nesterenko said he couldn’t verify whether StopGeorgia was ever a customer because they didn’t keep records going back that far. But he maintained that Stark Industries Solutions was merely one client of many, and claimed MIRhosting had not received any actionable complaints about abuse on Stark.

However, it appears that MIRhosting is once again the new home of Stark Industries, and that MIRhosting employees are managing both the\[.\]hosting and WorkTitans — the primary beneficiaries of Stark’s assets.

A copy of the incorporation documents for WorkTitans BV obtained from the Dutch Chamber of Commerce shows WorkTitans also does business under the names **Misfits Media** and and **WT Hosting** (considering Stark’s historical connection to Russian disinformation websites, “Misfits Media” is a bit on the nose).

An incorporation document for WorkTitans B.V. from the Netherlands Chamber of Commerce.

The incorporation document says the company was formed in 2019 by a **y.zinad@worktitans.nl**. That email address corresponds to a LinkedIn account for a **Youssef Zinad**, who says their personal websites are worktitans\[.\]nl and custom-solution\[.\]nl. The profile also links to a website (etripleasims dot nl) that LinkedIn currently blocks as malicious. All of these websites are or were hosted at MIRhosting.

Although Mr. Zinad’s LinkedIn profile does not mention any employment at MIRhosting, virtually all of his LinkedIn posts over the past year have been reposts of advertisements for MIRhosting’s services.

Mr. Zinad’s LinkedIn profile is full of posts for MIRhosting’s services.

A Google search for Youssef Zinad reveals multiple startup-tracking websites that list him as the founder of the\[.\]hosting, which **censys.io** finds is hosted by **PQ Hosting Plus S.R.L**.

The Dutch Chamber of Commerce document says WorkTitans’ sole shareholder is a company in Almere, Netherlands called **Fezzy B.V.** Who runs Fezzy? The phone number listed in a Google search for Fezzy B.V. — **31651079755** — also was used to register a **Facebook** profile for a Youssef Zinad from the same town, according to the breach tracking service **Constella Intelligence**.

In a series of email exchanges leading up to KrebsOnSecurity’s May 2024 deep dive on Stark, Mr. Nesterenko included Mr. Zinad in the message thread (youssef@mirhosting.com), referring to him as part of the company’s legal team. The Dutch website stagemarkt\[.\]nl lists Youssef Zinad as an official contact for MIRhosting’s offices in Almere. Mr. Zinad did not respond to requests for comment.

Given the above, it is difficult to argue with the Recorded Future report on Stark’s rebranding, which concluded that “the EU’s sanctioning of Stark Industries was largely ineffective, as affiliated infrastructure remained operational and services were rapidly re-established under new branding, with no significant or lasting disruption.”

Bulletproof Host Stark Industries Evades EU Sanctions

Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content.
To that end, support for C2PA's Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media

Artificial Intelligence / Mobile Security

Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content.

To that end, support for C2PA's Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media transparency.

C2PA's Content Credentials are a tamper-evident, cryptographically signed digital manifest providing verifiable provenance for digital content such as images, videos, or audio files. The metadata type, according to Adobe, serves as a "digital nutrition label," giving information about the creator, how it was made, and if it was generated using artificial intelligence (AI).

"The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program," Google's Android Security and C2PA Core teams said. "Assurance Level 2 for a mobile app is currently only possible on the Android platform."

"Pixel 10 phones support on-device trusted time-stamps, which ensures images captured with your native camera app can be trusted after the certificate expires, even if they were captured when your device was offline."

The capability is made possible using a combination of Google Tensor G5, Titan M2 security chip, and hardware-backed security features built into the Android operating system.

Google said it has implemented C2PA to be secure, verifiable, and usable offline, thereby ensuring that provenance data is trustworthy, the process is not personally identifiable, and works even when the device is not connected to the internet.

This is achieved using -

*   Android Key Attestation to allow Google C2PA Certification Authorities (CAs) to verify that they are communicating with a genuine physical device
*   Hardware-backed Android Key Attestation certificates that include the package name and signing certificates associated with the app that requested the generation of the C2PA signing key to verify the request originated from a trusted, registered app
*   Generating and storing C2PA claim signing keys using Android StrongBox in the Titan M2 security chip for tamper-resistance
*   Anonymous, hardware-backed attestation to certify new cryptographic keys generated on-device without knowing who is using it
*   Unique certificates to sign each image, making it "cryptographically impossible" to deanonymize the creator
*   On-device, offline Time-Stamping Authority (TSA) component within the Tensor chip to generate cryptographically-signed time-stamps when the camera's shutter is pressed

"C2PA Content Credentials are not the sole solution for identifying the provenance of digital media," Google said. "They are, however, a tangible step toward more media transparency and trust as we continue to unlock more human creativity with AI."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity

Several AI chatbot apps are leaking user data for several reasons, but mostly because security is an afterthought.

In a recent article on Cybernews there were two clear signs of how fast the world of AI chatbots is growing. A company I had never even heard of had over 150 million app downloads across its portfolio, and it also had an exposed unprotected Elasticsearch instance.

This needs a bit of an explanation. I had never heard of Vyro AI, a company that probably still doesn’t ring many bells, but its app ImagineArt has over 10 million downloads on Google Play. Vyro AI also markets Chatly, which has over 100,000 downloads, and Chatbotx, a web-based chatbot with about 50,000 monthly visits.

An Elasticsearch instance is a database server running a tool used to quickly store and search lots of data. If it’s unsecured because it lacks passwords, authentication, or network restrictions, it is unprotected against unauthorized visitors. This means it’s freely accessible to access by anyone with internet access that happens to find it. And without any protection like a password or a firewall, anyone who finds the database online can read, copy, change, or even delete all its data.

The researcher that found the database says it covered both production and development environments and stored about 2–7 days’ worth of logs, including 116GB of user logs in real time from the company’s three popular apps.

The information that was accessible included:

*   AI prompts that users typed into the apps. AI prompts are the questions and instructions that users submit to the AI.
*   Bearer authentication tokens, which function similarly to cookies so the user does not have to log in before every session, and allows the user to view their history and enter prompts. An attacker could even hijack an account using these tokens.
*   User agents which are strings of text sent with requests to a server to identify the application, its version, and the device’s operating system. For native mobile apps, developers might include a custom user agent string within the HTTP headers of their requests. This allows developers to identify specific app users, and tailor content and experiences for different app versions or platforms.

The researcher found that the database was first indexed by IoT search engines in mid-February. IoT search engines actively find and list devices or servers that anyone can access on the internet. They help users discover vulnerable devices (such as cameras, printers, and smart home gadgets) and also locate open databases.

This means that attackers have had a chance to “stumble” over this open database for months. And with the information there they could have taken over user accounts, accessed chat histories and generated images, and made fraudulent AI credit purchases.

**How does this happen all the time?**

Generative AI has found a place in many homes and even more companies, which means there is a lot of money to be made.

But the companies delivering these AI chatbots feel they can only be relevant when they push out new products. So, their engineering efforts are put there where they can control the cash flow. Security and privacy concerns are secondary at best.

Just looking at the last few months, we have reported about:

*   Prompt injection vulnerabilities, where someone inserts carefully crafted input in the form of an ordinary conversation or data, to nudge or outright force an AI into doing something it wasn’t meant to do.
*   An AI chatbot used to launch a cybercrime spree where cybercriminals were found to be using a chatbot to help them defraud people and breach organizations.
*   AI chats showing up in Google search results. These findings concerned Grok, ChatGPT, and Meta AI (twice).
*   An insecure backend application that exposed data about chatbot interactions of job applicants at McDonalds.

As diverse as the causes of the data breaches are—they stem from a combination of human error, platform weaknesses, and architectural flaws—the call to do something about them is starting to get heard.

Hopefully, 2025 will be remembered as a starting point for compliance regulations in the AI chatbots landscape.

The AI Act is a European regulation on artificial intelligence (AI). The Act entered into force on August 1, 2024, and is the first comprehensive regulation on AI by a major regulator anywhere.

The Act assigns applications of AI to three risk categories. First, applications and systems that create an unacceptable risk, such as government-run social scoring of the type used in China, are banned. Second, high-risk applications, such as a CV-scanning tool that ranks job applicants, are subject to specific legal requirements. But lastly, applications not explicitly banned or listed as high-risk are largely left unregulated.

Although not completely ironed out, the NIS2 Directive is destined to have significant implications for AI providers, especially those operating in the EU or serving EU customers. Among others, AI model endpoints, APIs, and data pipelines must be protected to prevent breaches and attacks, ensuring secure deployment and operation.

And, although not cybersecurity related, the California State Assembly took a big step toward regulating AI on September 10, 2025, passing SB 243: a bill that aims to regulate AI companion chatbots in order to protect minors and vulnerable users. One of the major requirements is repeated warnings that the user is “talking to” an AI chatbot and not a real person, and that they should take a break.

**We don’t just report on data privacy—we help you remove your personal information**

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

Tag

#intel