TechLetters ☕️ AI wins elections, soon! Predator leaks. React RCE, patch it. ICC: cyber can be genocide. EU court shakes the web?
I look at the impact of AI on future election campaigns. We’re in for a wild run. Who deploys it first, WINS.
Security
Intellexa Predator cyber tool (spyware hacking user devices) operates across multiple countries, recent targets identified in Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan. Among the users are at least 25 countries including Germany, Austria, Switzerland, Qatar, Congo. Once a device is hacked and infected, Predator provides complete access to encrypted messaging apps like Signal and WhatsApp, email, photos, location data. It can remotely activate cameras and microphones. The system had at least 15 zero-day exploits in use since 2021.
A very interesting revelation indicates Intellexa’s operational access to client systems. Training videos show company staff remotely connecting to live government systems, observing real-time infection attempts, viewing logs of targets, and accessing backend interfaces normally reserved for government operators. The company uses an infection method called Aladdin that can silently infect phones through malicious digital advertisements without any user interaction, exploiting the global online advertising ecosystem. The system uses public IP addresses to target specific devices, instructing ad platforms to deliver exploit code disguised as normal advertisements on legitimate websites and apps.
Intellexa has adapted its infrastructure to evade detection, hiding behind services like Cloudflare and establishing front companies in Dubai’s free trade zones to handle logistics and facilitate the advertising-based infection operations.
https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/ https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue https://www.recordedfuture.com/research/intellexas-global-corporate-web https://www.haaretz.com/israel-news/security-aviation/2025-12-04/ty-article-magazine/.premium/israeli-spyware-firm-intellexa-owned-by-ex-intel-officer-still-active-amid-us-sanctions/0000019a-e3e8-db35-afbf-ebfcb8bb0000
Critical security vulnerability in a really popular web framework React server. Maximum severity (CVSS: 10.0). Unauthenticated remote code execution, may be wormable. All responsible users should patch immediately. This could get very nasty. Patch this, and all that depends on it (like Next.js) https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Serious security vulnerability in React is already being exploited to hack systems, including by China state-linked cyber threat groups. Clumsily, sometimes: “many threat actors are attempting to use public PoCs that don’t actually work” https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/ https://github.com/assetnote/react2shell-scanner/blob/master/scanner.py
International Criminal Court considers genocide can be committed through cyber attacks on critical infrastructure like power grids, water supply, and hospitals. For example, by killing members of a group or causing serious bodily harm can be done through cyber attacks against water, electricity, heating, medical facilities, or food production. Posting on social media may also amount to genocide incitement. The ICC states direct and public incitement to genocide can be committed when made with intent, even without actual genocide occurring or causal contribution to it. “an armed conflict can, in principle, commence and be fought exclusively by cyber means.”
War crimes can also be committed via cyberattacks or cyber-enabled (which is also a direct conclusion of the report on humanitarian consequences of cyberoperation that I authored while at the International Committee of the Red Cross - ICRC). This does not mean that ping flood, or merely hacking civilian. https://www.icc-cpi.int/sites/default/files/2025-12/2025-cyber-eng.pdf targets amount to war crimes.
Privacy
Did the EU top court prohibit websites with user-generated content and anonymous users? I analyse the recent ruling that brings dramatic consequences for websites and technology in Europe. An EU Court of Justice judgment (C-492/23) turns platform architecture into a huge compliance question.
https://blog.lukaszolejnik.com/did-the-eu-top-court-prohibit-websites-with-user-generated-content-and-anonymous-users/
Technology Policy
Other
Luxembourg issues war bonds scheme. It is to be used to fund defence, but not cyberdefence (good!). https://gouvernement.lu/dam-assets/images-documents/actualites/2025/10/08-defence-bond-framework/defence-bond-framework.pdf
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: