TechLetters ☕️ JLR hack as economic coercion. CVEs turn into exploits. Europol kills malware infrastructure. GLM 5.2 near to cyber frontier? Old iPhones get unpatchable exploit. Five Eyes warn of AI
Security
Russian-linked cybercriminals, converted a JLR breach into systemic industrial damage. £260m in disclosed costs, a £244m FY26 net loss, £2.2bn free-cash outflow, and £1.9bn UK losses across 5,000+ organisations. UK GDP impacted. Not an ordinary extortion. THIS is an act of economic coercion. https://www.nytimes.com/2026/06/26/world/europe/jaguar-russia-hack.html
AI that hacks for you. CVE-Genie automatically turns any known security vulnerability into a working exploit, end-to-end, no expertise required. Security engineering, management and governance has long relied on the gap between "a CVE exists" and "someone capable enough to weaponize it." That gap is now being closed via few API calls. https://github.com/BUseclab/cve-genie
Public CVEs are becoming raw material for reproducible vulnerability infrastructure. Agentic systems can now generate proof of concepts and exploits from security advisories, diffs, reports, and vulnerable code locations. Stale security management gets harder each day, especially for banks and enterprises. https://arxiv.org/pdf/2602.07287
https://arxiv.org/pdf/2602.14345
https://arxiv.org/pdf/2602.03012
Europol and partners disrupted three malware ecosystems - SocGholish, Amadey, and StealC - in a coordinated strike involving law enforcement from six countries and private-sector. 326 servers and 142 domains killed, 27 million stolen credentials recovered, $47 million in criminal crypto assets identified and restricted, 18,000 infected computers freed from criminal control, and 14,971 compromised websites remediated. AI-assisted analysis found that Amadey and StealC, two separately developed tools linked to 140,000 infected machines in the first two weeks of May, relied on the same backend infrastructure. That let lawyers treat them as one criminal conspiracy. Microsoft also observed Russian-affiliated actor Secret Blizzard using Amadey infections to deploy custom malware against targets in Ukraine. So the same dropper you get from a fake browser update on a restaurant’s website can end up in a military context. The supply chain is universal.
https://www.europol.europa.eu/media-press/newsroom/news/global-cyber-strike-disrupts-socgholish-amadey-and-stealc-malware-networks
GLM 5.2 looks like the first Chinese open-weight model to have entered the frontier tier in agentic cybersecurity tasks. Or to have copied it very effectively. The mistakes are interesting. GLM 5.2 gets things wrong in similar ways to Opus and GPT-5.5. That could mean a breakthrough. It could also mean someone trained it on answers from frontier models (distillation). In practice, the difference may be irrelevant to the user. An open-weight model reaches the level of the best closed models, at roughly half the cost of Opus. https://www.graphistry.com/blog/glm-5-2-cybersecurity-open-model
Every iPhone with an A12 or A13 chip - XS/XR, 11, 2020 SE - has an unpatchable SecureROM exploit. The root bug is in Synopsys’s USB controller, and is exploitable. Requires physical access. Solution: buy a new iPhone https://ps.tc/pages/blog-usbliter8.html
Technology Policy
Over 60 American cybersecurity experts & executives have signed an open letter asking the Commerce Secretary and National Cyber Director to lift export controls on Anthropic’s Fable and Mythos AI models. Yes, Mythos finds software flaws and writes exploits well, but so do others like GPT-5.5, Claude Opus, Sonnet, and Chinese models like Kimi 2.7. Fable’s protections were so aggressive the security community laughed at them on launch day. The controls pulled capable tools from defenders while adversaries keep advancing. China’s open-weight models are months behind at most, and that’s only what’s been published.
The letter asks for scientific evaluation criteria developed with industry input, proper rulemaking, transparent enforcement, and proportionality. One of the more telling lines: the original research that triggered the ban was about identifying insecure code. That’s not an offensive capability but how you write secure software. https://freefable.org/
Five Eyes cyber chiefs issued a joint warning that AI-powered cyber threats could outpace current government and corporate defences within months. They name no adversaries. Their advice to companies: reduce attack surfaces, patch faster, fix legacy systems, tighten access controls, and adopt AI for defence https://www.ncsc.gov.uk/sites/default/files/2026-06/Five-Eyes-cyber-security-agencies-statement-ai-shift.pdf
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share:

