Summary5 min read

Risky Bulletin Podcast Summary: Meta Disrupts Mexican Cartels

Host: Claire Aird, Risky Business Media
Date: March 16, 2026

Episode Overview

This episode brings a concise, information-rich roundup of the latest cybersecurity news. The major focus is Meta’s efforts to combat Latin American cartels by suspending criminal accounts, with additional stories including supply chain attacks, government breaches, and critical vulnerabilities. The tone is brisk and informative, reflecting the urgency and breadth of current cybersecurity threats.

Key Discussion Points & Insights

1. Meta Shuts Down Mexican Cartel Operations (00:04)

Main Story:
Meta has suspended thousands of accounts linked to Latin American drug cartels, predominantly in Mexico but also in the US.
Purpose of Accounts:
Used for mule recruitment, coordination of violence/extortion, and drug sales.
Detection Tools:
Meta deployed AI to detect coded language and drug-related photos on its platforms.
- Memorable Quote:
  “The company says it used AI to detect coded language and photos of drugs advertised on its platforms.” — Claire Aird (00:28)

2. Swedish E-Government Portal Breached (01:10)

Leak:
Threat actor “Byte to Breach” claims responsibility for stealing source code from CGI Group (Swedish IT contractor).
Evidence:
Hacker released code to prove access and is also selling citizen data and electronic signing documents.
Breach Confirmation:
CGI Group confirmed on Thursday.

3. High-Profile Spear Phishing on Signal (02:09)

Victims:
Ex-German intelligence official Arndt Freitag von Loringhoven and other politicians targeted for Signal PINs.
Attribution:
Possibly linked to a broader Russian campaign (per Dutch intelligence) targeting Signal and WhatsApp accounts globally.
- Quote:
  “Arndt Freitag von Loringhoven told reporters he was the target of a mid attack that coaxed his signal pin out of him…” (02:25)

4. Russia’s Mobile Internet Blackout (03:08)

Details:
Moscow’s mobile internet cut since March 6, unexplained by officials.
Context:
FSB recently gained authority to cut internet; limited restoration to government-approved sites.

5. Supply Chain Attack Hits AppsFlyer (03:42)

Incident:
Attackers compromised AppsFlyer’s analytics SDKs to launch “cryptocurrency address hijacker” malware.
Impact:
Malware intercepts copy-pasted crypto addresses (Bitcoin, Ethereum, Solana, Ripple, Tron), replacing them with attacker addresses.

6. Malicious Code in Python Projects on GitHub (04:20)

Campaign Details:
Hundreds of GitHub accounts breached to inject crypto wallet stealing code into Python projects.
Attribution:
Credentials stolen by “Glass Worm” malware, previously active in VS Code ecosystem, with reused infrastructure.
- Note:
  “Step Security says the attackers are using GitHub credentials stolen by Glass Worm, which hit the VS code ecosystem last year.” (04:39)

7. Instagram Disables E2EE Messaging (05:00)

Action:
Instagram will discontinue end-to-end encrypted private messaging in May.
Advice:
Users should download sensitive chat media before support ends.
Reason:
No explanation provided; context includes similar moves by TikTok.
Quote:
“Instagram did not give a reason for its decision.” (05:21)

8. Interpol’s Global Cybercrime Crackdown (05:33)

Operation Synergia 3:
94 suspects arrested (notably 50 in Bangladesh/Togo) for phishing, ransomware, and online scams.
Seizures:
33,000 phishing sites and 45,000 related IPs taken down.

9. Dubai Charges Briton Under Cybercrime Law (06:00)

Incident:
British tourist charged for sharing Iranian missile strike videos on social media, violating content laws.
Penalties:
Faces at least two years in prison and up to $54,000 in fines.

10. AI Misidentification Leads to U.S. Jail Time (06:36)

Case:
Angela Lips, Tennessee grandmother, jailed after facial recognition system falsely linked her to ND bank fraud.

11. FBI Warns About Steam Malware (07:00)

Advisory:
FBI seeks victims of information-stealing malware in Steam games. Threat growing in prevalence.

12. Kazakhstani APT Targets Regional Water Infrastructure (07:19)

Details:
Espionage campaign hit hydroelectric and water authorities in Kyrgyzstan, Tajikistan, Uzbekistan.
Context:
Attacks possibly linked to recent drought/water shortages in the region.

13. Google Patches Chrome Zero Days (07:44)

Update:
Active zero day patched; mention of a second zero day (since removed from notes), fix pending.

14. Nine Vulnerabilities in Linux AppArmor (08:08)

Technical Details:
Newly dubbed “Crack Armor” flaws impact all AppArmor versions since 2017.
Risks:
Enable attackers to bypass kernel protections, escalate privileges, and compromise container isolation.
- Quote:
  “The app is a popular kernel security module used with Ubuntu, Debian, Kubernetes and other Linux based products.” (08:29)

Notable Quotes

“Meta has suspended thousands of accounts used by Latin American drug cartels.” — Claire Aird (00:06)
“The company says it used AI to detect coded language and photos of drugs advertised on its platforms.” (00:28)
“A former high ranking official in Germany's intelligence service fell victim to a signal spear phishing attack.” (02:17)
“Instagram will disable support for end to end encrypted private messaging in May.” (05:02)

Timeline of Major Segments

00:04 — Meta disrupts Mexican cartel social media operations
01:10 — Swedish government portal source code leak
02:09 — High-profile Signal spear phishing, Russian hacking campaign
03:08 — Moscow mobile internet blackout
03:42 — AppsFlyer supply chain crypto malware attack
04:20 — Malicious code introduced to Python GitHub repos via Glass Worm credentials
05:00 — Instagram to end encrypted messaging
05:33 — Interpol’s global cybercrime arrests and takedowns
06:00 — Dubai charges Briton under cybercrime law
06:36 — AI facial recognition leads to wrongful jail in Tennessee
07:00 — FBI warning on Steam gaming malware
07:19 — Kazakhstani APT targets Central Asian water systems
07:44 — Google Chrome zero day(s) update
08:08 — Nine critical CVEs in Linux AppArmor uncovered

Overall Tone & Takeaways

The episode is rapid-fire, balanced between standout incidents (Meta vs Cartels, AI misidentification case, supply chain vulnerabilities) and succinct summaries of ongoing global threats. Listeners are left with a clear sense of the scale, variety, and international complexity of the current cybersecurity landscape.

Loading summary

Transcript1 lines

[00:04]
A
Meta suspends Mexican cartel accounts Multiple vulnerabilities have been found in Linux app Armour. Instagram will disable support for end to end encrypted messaging and a supply chain attack hits AppsFlyer this is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 16th of March and this podcast episode is brought to you by Sublime Security. In today's top story, Meta has suspended thousands of accounts used by Latin American drug cartels. The accounts were used to recruit mules, coordinate violence or extortion operations and sell drugs. The company says it used AI to detect coded language and photos of drugs advertised on its platforms. Most of the suspended accounts were from Mexico. Some were also located in the U.S. in other news, the threat actor has leaked the source code of Sweden's E government portal. A hacker going by the name Byte to Breach claims to have stolen the code from a government IT contractor. The contractor is the Swedish division of global IT giant CGI Group. IT confirmed the breach on Thursday. The hacker published the code to prove they had gained access. They're selling citizen data and what they describe as electronic signing documents. A former high ranking official in Germany's intelligence service fell victim to a signal spear phishing attack. Arndt Freitag von Loringhoven told reporters he was the target amid attack that coaxed his signal pin out of him, according to Der Spiegel. Other high ranking German politicians also fell for the same attack Last week. Dutch intelligence agencies said that Russia was behind a global campaign to hack signal and WhatsApp accounts. Moscow residents are in their second week without mobile Internet access was cut off on March 6 without any explanation from officials. The outage began two weeks after the FSB was given the power to cut Internet access at will. Russian news outlets are reporting that some mobile operators have restored access to a small number of government approved sites. A threat actor has compromised the app's flyer analytics service to deliver a cryptocurrency address. Hijacker the the code was deployed in the company's mobile and web based SDKs. The malware waits for copy paste operations, intercepts cryptocurrency addresses and replaces them with one controlled by attackers. The malware has targeted Bitcoin, Ethereum, Solana Ripple and Tron currencies. A threat actor has breached hundreds of GitHub accounts to add malicious code to Python projects. The hacks began on March 8 and added a crypto wallet stealer. Step Security says the attackers are using GitHub credentials stolen by Glass Worm, which hit the VS code ecosystem last year. The campaign also reuses the Glass worm infrastructure. Instagram will disable support for end to end encrypted private messaging in May. The social network has advised users to download any sensitive media from their chats before support is disabled. Instagram did not give a reason for its decision. Earlier this month, TikTok said it would not support encrypted direct messaging because it would not be able to scan for abusive content. 94 individuals have been detained as part of an Interpol operation against cybercrime organisations. 50 of those arrests were in Bangladesh and Togo. The suspects are accused of being involved in phishing, ransomware and online scam operations. Law enforcement also seized 30 33,000 phishing sites and 45,000 IP addresses used to host them. The arrests were part of Interpol's Operation Synergia 3. A British man has been charged in Dubai for publishing Iranian missile strike videos on social media. Local cybercrime laws prohibit the publishing of content that may cause panic or is related to national security. The suspect was identified as a 60 year old tourist. He he faces at least two years in prison and a fine of up to $54,000. A Tennessee grandmother spent six months in jail after being misidentified by AI. Angela Lips says she was jailed for bank fraud despite having never been to North Dakota where the crime was committed. She was charged solely based on a facial recognition match. The FBI is seeking information from victims of malware on the Steam gaming platform that the bureau has asked anyone who downloaded malicious games to make contact. In recent years, there's been an increase in malicious games on Steam. Most are infected with infostealers. A suspected Kazakhstani APT group is targeting water infrastructure in neighbouring countries. Espionage campaigns have targeted hydroelectric power plants in Kyrgyzstan and the water ministries of Tajikistan and Uzbekistan. The campaign ran from September 2024 until March last year. This year Kazakhstan announced it's facing a severe drought and water shortages. Water levels have dropped in the Syedaria river, which flows through all four countries. Google has patched an actively exploited zero day in Chrome. The company's patch notes initially mentioned a second zero day. This was later removed. A fix for that second bug is expected later this week. And finally, nine vulnerabilities in the AppArmor Linux kernel security module can allow attackers to bypass kernel protections, escalate to root and break container isolation. Codenamed Crack Armor, the bugs impact all App Armor versions released since 2017. The app is a popular kernel security module used with Ubuntu, Debian Kubernetes and other Linux based products. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Sublime Security. Find them at Sublime Security. Thanks to your company.