Summary7 min read

Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"

Date: February 2, 2026
Host: Claire Aird (for the Risky Business team: Catalyn Kim Panu)
Format: Cybersecurity news roundup

Episode Overview

This episode of Risky Bulletin delivers a packed roundup of recent cybersecurity incidents and policy shifts: StopICE’s hack traced to a Customs agent, Microsoft’s move to disable NTLM, significant attacks on infrastructure and cryptocurrency, global policy reactions, legal cases, and new zero-day vulnerabilities. The tone remains brisk, informative, and impartial, anchored by Claire's clear delivery.

Main Stories & Key Discussion Points

1. StopICE Hack Traced to a CBP Agent (00:10)

Incident: Users of the StopICE app received alarming SMS alerts, claiming their personal data had been compromised and shared with law enforcement.
Admin Response: StopICE denies ever holding such personal data.
Attribution: The breach was reportedly traced to a U.S. Customs and Border Protection agent in Southern California.
Quote:

"A recent breach of the Stop Ice app has been tracked to a U.S. customs and Border Protection agent, according to the app's administrator." (A, 00:10)

2. Microsoft to Disable NTLM by Default (00:39)

Action: Microsoft will deprecate NTLM in the next Windows release; no further updates to the protocol.
Replacement: Improvements to Kerberos slated for release, targeting network topology compatibility where NTLM was required.
Quote:

"Microsoft will disable NTLM by default in the next version of Windows. The company deprecated the protocol last week and has stopped updating it." (A, 00:39)

3. Poland Bans Chinese Cars on Military Bases (01:09)

Reason: National security concerns.
Context: China previously banned Tesla cars from its military bases.
Chinese Response: Accused Poland of “abusing the concept of national security.”
Quote:

"Warsaw cited national security concerns. Chinese officials have allegedly called on Poland to stop abusing the concept of national security." (A, 01:15)

4. France Boosts Cyber Talent (01:29)

Plan: France aims to build the largest cybersecurity workforce in Europe.
Goal: Compete with the U.S. and support European digital sovereignty.
Quote:

"The French government wants the country to have the largest pool of cyber talent in Europe." (A, 01:29)

5. Nobel Peace Prize Leak and Crypto Gambling (01:50)

Allegation: Hackers accessed the name of Nobel laureate Maria Corinna Machado before the official announcement.
Consequence: Surge in crypto gambling bets on the winner ahead of time.
Investigation: Norwegian intelligence examining source of possible breach.
Quote:

"The Nobel Committee believes hackers obtained the name of the Nobel Peace Prize winner Maria Corinna Machado ahead of time." (A, 01:50)

6. US Commerce Department Investigates WhatsApp (02:19)

Whistleblower Complaint: Claims Meta staff have “unfettered access” to WhatsApp messages.
Action: Investigation underway, led by the US Commerce Department.
Quote:

"Former contractors have filed whistleblower complaints against the company, claiming that some Meta staff have unfettered access to WhatsApp messages." (A, 02:23)

7. Russian Hackers Attack Polish Power Grid (02:40)

Attribution: Attack linked to Dragonfly (FSB-associated) and possibly Sandworm (GRU).
Failures: Polish CERT notes inadequate network security at targeted energy providers.
Quote:

"Polish officials have attributed the data wiping attack on its national power grid to a Russian hacking group known as Dragonfly." (A, 02:40)

8. Chat and Ask AI Database Exposure (03:25)

Impact: 300 million messages leaked due to Google Firebase misconfiguration.
User Base: Over 50 million users affected.
Quote:

"The Chat and Ask AI app has leaked more than 300 million messages due to a misconfiguration of its Google Firebase backend." (A, 03:25)

9. Seoul Public Bike Share Breach (03:43)

Victims: Data from 4.5 million users affected.
Distraction: DDoS attack possibly used as a cover.
Quote:

"Hackers are believed to have stolen the personal data of 4.5 million...users." (A, 03:43)

10. Comcast Settles for $117.5M After Security Breach (04:06)

Breach: 31 million customer records stolen via the Citrix Bleed vulnerability.
Terms: Customers can claim up to $10,000 for proven losses or up to $50 without proof.
Quote:

"Hackers stole the personal details of more than 31 million customers after exploiting the Citrix Bleed vulnerability." (A, 04:11)

11. Cryptocurrency Thefts from Aperture Finance & Swapnet (04:39)

Amount: $17 million stolen via smart contract vulnerabilities.
Breakdown: $3.6M (Aperture), $13.4M (Swapnet).
Quote:

"Hackers have stolen more than $17 million worth of assets from cryptocurrency platforms Aperture Finance and Swapnet." (A, 04:39)

12. Cambodia Raids A7 Cyberscam Compound (05:03)

Action: Over 100 suspects detained; compound housed 2,000 workers.

13. Jeffrey Epstein Allegedly Hired Hacker (05:21)

Details: Italian hacker developed zero-day exploits for foreign governments, including Hezbollah, per newly released files.

14. Italian IPTV Piracy Ring Busted (05:40)

Impact: Millions of users.
Action: 31 suspects arrested; coalition with anti-piracy group tracked sites and Telegram channels.

15. Ex-Google Engineer Convicted of AI Trade Secret Theft (06:00)

Individual: Lin Wei Ding arrested for taking >500 confidential files.
Intent: Planned to share with two Chinese startups.

16. Cloudflare Thwarts Record-Breaking DDoS Attack (06:22)

Magnitude: 31.4 Tbps, from “Isuru” or “Kimwoof” botnet (up to 4 million devices infected).
Targets: Gaming and hosting sectors.

17. Dallas County Pen Testers Vindicated (06:42)

Background: Two pen testers arrested during a state-sanctioned security evaluation.
Outcome: Charges dropped; awarded $600,000.

18. Avanti Patches Two New Zero Days (07:00)

Nature: Allow unauthenticated code execution.
Recon Origins: Romania and Moldova networks.

19. Tails Operating System Issues Security Update (07:24)

Patch: Incorporates OpenSSL fixes for remote code execution.
Quote:

"The Tails operating system has released an emergency security update. The patch incorporates fixes from the OpenSSL project." (A, 07:24)

20. ComfyUI Vulnerability Discovered (07:44)

Bug: Unauthenticated file upload in core extension manager enables remote code execution.
Attribution: Tencent security researchers.
Threat: Previous use of ComfyUI zero-days to deploy sophisticated backdoors.

Notable Quotes & Moments

On the StopICE breach:

"StopICE has denied having such data in the first place." (A, 00:19)
On digital sovereignty:

"...part of a larger goal of increasing European digital sovereignty." (A, 01:36)
On Polish grid attack:

"A report published by Poland's Certified found that the affected energy providers failed to adequately secure their networks, which aided the attack." (A, 02:54)
On US pen tester arrests:

"...two pen testers that were unjustly arrested...They were charged despite being hired by the state...The charges were later dropped." (A, 06:44-06:54)
On the record DDoS:

"Cloudflare has mitigated a new record DDoS attack of 31.4 terabits per second." (A, 06:22)

Episode Flow & Tone

The episode is tightly structured, each story delivered in a concise, factual, and neutral tone. Claire maintains brisk pacing, covering global developments without editorializing. The language is direct, aiming for clarity for infosec professionals and interested lay listeners alike.

Useful Timestamps

| Segment | Timestamp | |-------------------------------------------------------|-----------| | StopICE app hack traced to CBP agent | 00:10 | | Microsoft disables NTLM | 00:39 | | Poland bans Chinese cars from military sites | 01:09 | | France's cybersecurity workforce plan | 01:29 | | Nobel Peace Prize breach investigation | 01:50 | | WhatsApp whistleblower-led investigation | 02:19 | | Russian groups attack Polish power grid | 02:40 | | Chat and Ask AI database leak | 03:25 | | Seoul bike share service breach | 03:43 | | Comcast data breach settlement | 04:06 | | Crypto platforms hacked | 04:39 | | Cambodia A7 Cyberscam compound raid | 05:03 | | Jeffrey Epstein's hacker connection | 05:21 | | Italy’s IPTV piracy ring busted | 05:40 | | Ex-Google engineer convicted | 06:00 | | Cloudflare mitigates record DDoS attack | 06:22 | | Dallas County pen testers compensated | 06:42 | | Avanti zero-days patched | 07:00 | | Tails OS emergency security update | 07:24 | | ComfyUI vulnerability (GenAI model manager app) | 07:44 |

Conclusion

This episode offers a rapid, information-rich rundown of recent cybersecurity events, mixing regulatory, technical, and criminal cases with global impact. Notable is the breadth, from app hacks and protocol deprecation to geopolitical policy changes and the continued challenge of software vulnerabilities.

Loading summary

Transcript1 lines

[00:04]
A
An ICE tracking app blames a recent hack on a government agent Microsoft will disable NTLM in the next release of Windows Poland bans Chinese cars from military bases and Avanti patches 2 new 0 days this is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 2nd of February and and this podcast episode is brought to you by Dropzone AI. In today's top story, a recent breach of the Stop Ice app has been tracked to a U.S. customs and Border Protection agent, according to the app's administrator. Last week, the app's users received SMS alerts claiming their personal data had been compromised and shared with law enforcement. StopICE has denied having such data in the first place. In other news, Microsoft will disable NTLM by default in the next version of Windows. The company deprecated the protocol last week and has stopped updating it. Microsoft will also improve Kerberos this year to allow it to work in network topologies where previously NTLM was required. The Polish government has banned Chinese made cars from entering its military bases. Warsaw cited national security concerns Chinese officials have allegedly called on Poland to stop abusing the concept of national security. China itself banned Tesla cars from its military bases for five years ago. The French government wants the country to have the largest pool of cyber talent in Europe. According to the updated National Cybersecurity Strategy, France will prioritise training and investment in the sector to compete with the us. The move is part of a larger goal of increasing European digital sovereignty. The Nobel Committee believes hackers obtained the name of the Nobel Peace Prize winner Maria Corinna Machado ahead of time. One of Norway's intelligence services is investigating a possible breach. Hours before the prize announcement, significant cryptocurrency wages were placed on Machado's win. The possibility of an internal leak has not been excluded. The US government has launched an investigation into WhatsApp. Former contractors have filed whistleblower complaints against the company, claiming that some Meta staff have unfettered access to WhatsApp messages. The investigation is being led by the US Commerce Department. Polish officials have attributed the data wiping attack on its national power grid to a Russian hacking group known as Dragonfly. It's a group widely considered to be associated with Russia's FSB intelligence service. Initially, ESET reports linked the attack to Sandworm, a cyber unit inside Russia's military threat. Intel researcher Joe Slowik believes multiple Russian groups may have collaborated on the attack. A report published by Poland's Certified found that the affected energy providers failed to adequately secure their networks, which aided the attack. The developers of a popular AI chatbot left their backend database exposed on the Internet. The Chat and Ask AI app has leaked more than 300 million messages due to a misconfiguration of its Google Firebase backend. The app claims to have more than 50 million users. South Korean police are investigating a breach of Seoul's public bike sharing service. Hackers are believed to have stolen the personal data of 4.5 million to Tehrangi users in April 2024. Officials say a DDoS attack at the time might have distracted IT staff during the breach. Comcast has agreed to pay $117.5 million to settle a lawsuit over its 2023 security breach. Hackers stole the personal details of more than 31 million customers after exploiting the Citrix Bleed vulnerability. Customers who can prove out of pocket losses related to the breach may receive up to 10,000 do. Those who can't can receive up to $50. Hackers have stolen more than $17 million worth of assets from cryptocurrency platforms Aperture Finance and Swapnet. The attackers allegedly exploited similar vulnerabilities in their smart contracts. They stole $3.6 million from Aperture and $13.4 million from Swapnet. Cambodian authorities have raided the A7 Cyberscam compound in the city of Bavet. More than 100 suspects were detained a Cambodia's newest scam compounds and was housing around 2,000 workers. Convicted sex offender Jeffrey Epstein had allegedly hired a personal hacker, according to a new batch of the Epstein files released last week. The hacker was an Italian national born in Calabria. He allegedly developed and sold zero day exploits to foreign governments, including the Hezbollah paramilitary group. Italian Authorities have arrested 31 suspects that ran four illegal IPTV services. The operated via websites and telegram channels that sold access to pirated TV streams. The sites had millions of registered users. The suspects were tracked by the alliance for Creativity and Entertainment, an anti piracy coalition that formed in 2017. A jury has convicted a former Google engineer of stealing AI trade secrets. Lin Wei ding was arrested two years ago after he was caught transferring more than 500 confidential Google files to his personal account. The files contain data on chip architecture, software designs and performance metrics. He allegedly planned to share the information with two Chinese startups where he'd been promised executive positions. Cloudflare has mitigated a new record DDoS attack of 31.4 terabits per second. The attacks originated from a DDoS for hire botnet known as Isuru or Kimwoof. The botnet has infected up to 4 million devices globally and is regularly used to attack gaming and web hosting. Dallas county in Iowa was ordered to pay $600,000 to two pen testers that were unjustly arrested. In 2019, Gary DiMicurio and Justin Wynn were arrested after they broke into the Dallas county courthouse. They were charged despite being hired by the state to assess the courthouse's security. The charges were later dropped. Avanti has released security updates to Patch two actively exploited zero Days. Both vulnerabilities allow unauthenticated code. Avanti says it's aware of attacks against a limited number of customers. According to Greynoys, reconnaissance for this campaign appeared to originate from networks in Romania and Moldova. The Tales operating system has released an emergency security update. The patch incorporates fixes from the OpenSSL project. One of the bugs allowed remote code execution attacks against systems running the library. And finally, a major vulnerability has been found in Comfyui, an app for managing Genai models. The bug was discovered by Tencent's security team. It's an unauthenticated file upload vulnerability that can lead to remote code execution. It impacts the Official Extension Manager, the component used for the installation and maintenance of custom nodes, models and dependencies. ComfyUI zero days have previously been used to deploy the PIK AI backdoor, and that is all for this podcast edition. Today's show is brought to you by our sponsor, DropZone AI. Find them at DropZone AI thanks to your company.