International Cyber Digest
@IntCyberDigest • 165,227 subscribers
Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts. Got tips? Signal: IntCyberDigest.20
Shorts
Videos
‼️🚨 BREAKING: Meta's AI feature let attackers hijack Instagram accounts for days with nothing but a username. It was being A/B tested on a slice of users, and if you were in the test, you couldn't turn it off. Among the casualties: the official Obama White House account. The method: get on a VPN near the target's region, ask the Meta AI support agent to send a verification code to any email you control, relay that code back to the agent, and it hands over a password reset link. Without ID or human review. From there, the account is yours. The flaw lived in the AI's logic layer, which acted on recovery requests with no real identity checks. One researcher compared it to the Roblox AI assistant exploit from days earlier, where you needed a target's billing info. Instagram was easier: the username and a regional VPN were enough and victims reported sessions revoked and passwords changed with no email, text, or push alert at all. By the time it went public, the method was common knowledge in blackhat Telegram circles and had been used to allegedly hijack 100+ high-value accounts. Accounts hit: - obamawhitehouse (the archived official Obama White House account, ~2.4M followers. Hackers posted an AI-generated image captioned "The White House is under Shiites' control," plus cryptic anti-Trump and pro-Iranian Stories. Meta confirmed the hack and scrubbed it. - Premium short handles like hey and jowo, worth over $1M combined, stolen and flipped on Telegram. - albert (owned by Albert Renshaw), whose owner publicly reported being locked out and unable to reach Meta support. Meta has since patched it. There was no public acknowledgment.
International Cyber Digest304,919 views • 2 days ago
‼️🚨 MAJOR IMPACT: AI just found an 18-year-old NGINX critical remote code execution vulnerability. It has been disclosed on GitHub including PoC code. - Affects NGINX 0.6.27 through 1.30.0 - Triggered via the rewrite and set directives in config - Update NGINX ASAP - NGINX is a widely used HTTP web server, be sure to check its prevalence in other products
International Cyber Digest948,482 views • 20 days ago
‼️A German hacker known as "Martha Root" dressed as a pink Power Ranger and deleted a white supremacist dating website live onstage This happened during the recent CCC conference. Martha had infiltrated the site, ran her own AI chatbot to extract as much information from users as possible, and downloaded every profile. She also uncovered the owner of the site. She has published all of the data.
International Cyber Digest8,921,819 views • 5 months ago
🇩🇪 The thing about German engineering is that it's never just "good enough."
International Cyber Digest239,180 views • 16 days ago
‼️🚨 BambuLab printers are catching fire and melting due to a hardware issue. The fault lies in the NTC thermistor. Many users on Reddit have reported this issue, and now GamersNexus is offering to buy one so he can do an analysis. 1. It's specifically the Bambu Lab A1 model. 2. The NTC thermistor in question sits on the AC power board, where it limits inrush current. It is not the hotend or nozzle thermistor.
International Cyber Digest164,041 views • 15 days ago
‼️ YouTube is removing educational cybersecurity videos This is the video in question.
International Cyber Digest1,861,125 views • 6 months ago
‼️ The German hacker known as "Martha Root" who dresses as a pink Power Ranger just released a video about how she destroyed the white supremacist dating website It took her months and she had to verify she was white. Martha used deepfakes to get verified as white and even secretly attended one of their meetups to see what they were up to.
International Cyber Digest832,671 views • 4 months ago
I found this video of “Marta Root” on her YouTube channel explaining what she did.
International Cyber Digest626,851 views • 5 months ago
1:18
Sensitive content
This media may contain sensitive content.
🚨🇸🇾 In 2019, a Syrian militiaman was handed a laptop and asked to repair it. Out of curiosity he clicked on a video file. What he saw froze him in place. It was a video of Amjad Yousef committing a premeditated massacre. Yousef lied to victims at the edge of a pre-dug pit in the street. "Run from the sniper," he shouted, sending them sprinting straight into his line of fire. He personally shot dozens of them, one by one. At least 41 in the main leaked clip alone. When it was over, he helped cover the pit, poured fuel on the bodies, and set them on fire, joking with colleagues the entire time. Investigators link him to a wider operation that day that killed an estimated 288 civilians, women and children among them. He later admitted on record: "I killed a lot." "I took revenge." "I'm proud of what I did." The video existed only because the killers filmed themselves as a trophy. It sat on an intelligence laptop for years. The leaker passed 27 clips to a Syrian opposition contact in Paris. That contact rushed them to Prof. Uğur Ümit Üngör at the University of Amsterdam. Üngör and Annsar Shahhoud spent years verifying the footage. Geolocation, OSINT, survivor and perpetrator interviews. They even confronted Yousef undercover through a fake pro-regime Facebook persona named "Anna." The leaker then had to run for his life. He drove from Damascus to Aleppo, paid a $1,500 bribe to a colonel in the regime's 4th Division, and crossed no-man's land into opposition territory. The crossing was delayed a day because the same colonel's unit was moving an illegal drug shipment along the same route. He eventually reached Turkey, then Europe. In February 2022, the full evidence was handed to prosecutors in the Netherlands, Germany, and France. In April 2022, the Guardian and New Lines Magazine published the footage. The world finally saw it. Systematic, pre-planned mass murder of civilians. Direct involvement of Assad's elite military intelligence. The killing machine. Yousef went into hiding after Assad fell in December 2024. He was tracked for days across the Al-Ghab Plain of Hama before being arrested. Thirteen years late, the man in the fishing hat is finally in cuffs.
International Cyber Digest153,384 views • 1 month ago
‼️🇰🇵 Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities. He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.
International Cyber Digest650,959 views • 6 months ago
‼️🇩🇪 This is what German police actually do with their time now. Going door to door, seizing tablets and phones from pensioners over memes and tweets. The case of the Fortnite teen getting accused for cursing out Olaf Scholz is not an isolated one. Prosecutors can now open cases on their own under "special public interest." The politician doesn't need to file anything. The result is a steady drip of cases that look insane from the outside and barely register inside the system. Germany has a law problem. The §188 StGB statute, "insulting a person of political life," got beefed up by the Bundestag in 2021. This has led to the following absurd cases: - Pimmelgate (2021): Hamburg interior senator Andy Grote got called a "Pimmel" (dick) on Twitter after he was caught violating his own COVID restrictions. Police raided the user's apartment at 6 a.m. with six officers. The Hamburg regional court later ruled the raid disproportionate. The term "Pimmelgate" became national shorthand for state overreach. - The Schwachkopf-Affäre (2024): Stefan Niehoff, a 64-year-old pensioner, reposted an edited meme putting Robert Habeck on a fake "Schwachkopf Professional" shampoo bottle (roughly: "Professional Moron"). Reported via a state-linked "trusted flagger" pipeline, police raided his home at dawn in November 2024 and seized his tablet while his wife and his daughter with Down syndrome were home. Habeck filed the complaint. The main insult charge was later dropped, but Niehoff was fined €825 on related counts. He died in early 2026. The case became the single most-cited symbol of the law's reach. - The Merz "Pinocchio" probe (per Brussels Signal): a pensioner reportedly commented "Pinocchio is coming to HN" with a long-nose emoji on a police post about Chancellor Friedrich Merz visiting Heilbronn. Police flagged it during routine monitoring and opened a full §188 file, sending him a formal letter. Legal commentators have called the comment protected satirical speech. - The David Bendels case: the right-wing journalist shared a photomontage mocking then-Interior Minister Nancy Faeser. He was initially given a 7-month suspended prison sentence. On appeal in 2026, he was acquitted. The court ruled the satire was protected political expression. The pattern is the same every time. A low-engagement post or meme triggers a complaint. Prosecutors open a §188 file. Police execute a dawn raid or send a formal letter. Months or years later, a judge throws it out or dramatically narrows it. By that point the damage is already done. Devices are seized. Names are on file. Pensioners are dragged through a criminal process for posting a shampoo joke. This is what "wehrhafte Demokratie," aka militant democracy, looks like in 2026.
International Cyber Digest39,553 views • 15 days ago
