TechLetters ☕️ PSYOP 2026. AI finds kernel bugs for $4? US sanctions Russian exploit broker. 15.8M French patient records leaked. Google Sheets used as C2. North Korea bridges air-gaps via USB.
Security
$4 per bug discovered by AI. AI agentic code audits are already operational in cybersecurity. $600 let discovering 100+ working privilege escalation exploits hiding in Windows kernel drivers shipped by AMD, Intel, NVIDIA, Lenovo, Dell, and IBM. Only Fujitsu patched. Everyone else’s drivers remain Microsoft-signed and vulnerable. ydinkin.substack.com/p/200-kernel-bugs-in-30-days
US Treasury just sanctioned Russian exploit broker Sergey Zelenyuk, alias "MORTENOIR", along with his St. Petersburg firm Operation Zero, his 22-year-old assistant, a Dubai shell company, a suspected Trickbot gang member, and an Uzbek associate who runs a rival exploit brokerage out of the UAE. It's the first time the U.S. has used a law specifically designed to punish theft of American trade secrets that threaten national security. Zelenyuk buys exploits for American software (cyberattack tools) and sells them to intelligence agencies outside NATO. Among his acquisitions were at least eight cyber tools stolen from a U.S. company by its own employee, Australian Peter Williams, who got millions in crypto and pleaded guilty. Sanctions include asset freezes, banking bans, investment prohibitions, and a $10 million annual credit cap. Australian steals American cyber weapons, sells to a Russian, who sells onward. Global supply chains at work? https://home.treasury.gov/news/press-releases/sb0404
A French medical software company already #GDPR fined €800,000 by the data regulator in 2024 for mishandling health data, got hacked in late 2025. Cybercriminal group breached its software used by 3,800 doctors, hitting 1,500 of them. 15.8 million administrative patient records (sometimes spanning 15 years) leaked, now freely accessible online. For 165,000 patients, that data includes free-text notes doctors typed into a "comments" field such as: HIV status, sexual orientation, religious practice, family members in prison, history of sexual violence ... The Hippocratic oath promises discretion. The software promised security. Neither delivered. https://www.franceinfo.fr/internet/securite-sur-internet/cyberattaques/quinze-millions-de-patients-concernes-1-500-medecins-vises-une-enquete-ouverte-ce-que-l-on-sait-de-la-cyberattaque-qui-a-cible-un-logiciel-medical_7833611.html
Google Sheets as a cyber intelligence weapon? Google dismantled a global cyber espionage campaign run by Chinese group UNC2814, active since 2017. 53 organizations across 42 countries. Primary targets: telecoms and government institutions. The tool: a backdoor written in C that turns Google Sheets into a command channel. Cell A1 serves as the command box, the A2:An range handles file transfers and command output, and it all runs through standard Google APIs, so to detection systems it looks like ordinary spreadsheet editing... Traffic encrypted, disguised as legitimate requests - indistinguishable from everyday network activity. On infected machines: full names, national ID numbers, dates of birth, and voter registry numbers - everything you need to track and surveil specific individuals. The Chinese Embassy responded as usual: "we firmly oppose attempts to smear China." https://cloud.google.com/blog/topics/threat-intelligence/disrupting-gridtide-global-espionage-campaign
APT37, a hacking group backed by North Korea, runs campaigns targeting computers deliberately cut off from the internet (air-gapped systems, standard practice in government and military institutions). The attack starts simply: the victim opens a shortcut file that looks like a document about the Israeli-Palestinian conflict. In the background, a chain of malicious programs installs itself, one of which disguises itself as a USB speed monitoring utility. The core of the operation: two tools turn ordinary USB drives into an espionage mailbox. One replaces files on the drive with infected copies to spread to other computers. The other uses the same drive as a two-way drop box - operators send commands in, and the drive comes back with stolen data. At the end of the chain, spyware is installed that takes screenshots, records audio from the microphone, captures video from the webcam, and logs every keystroke. The system communicates through popular cloud services (Zoho WorkDrive, Google Drive, OneDrive, and others) so that network traffic doesn't raise suspicion. https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks
Privacy
WebMCP proposal compares technology struggles of disabled people to the perception struggles of AI agents? As in: making the web easier to use by AI bots/agents is supposed to also help people with disabilities. Well, functionally, sure. https://github.com/webmachinelearning/webmcp/blob/main/README.md
Technology Policy
Other
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: