Wim Vandebroeck

Chinese government super computer (allegedly) compromised and (allegedly) 10PB exfiltrated. The source is CNN. Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time. I'm usually on top of most cybersecurity incidents, whether I discuss it publicly or not, yet I have not heard of this story and I have not seen the moniker "FlamingChina" before. Furthermore, none of my colleagues have mentioned this compromise to me. I'm very curious who these cybersecurity experts are who they cite in the article. I'm also very curious on the 10 PETABYTES of data exfiltrated because they is an unfathomable number. 10PB is 10,000 TB. Even in cold storage that's roughly $43,000/month. If it's "hot storage" you're looking at something like, $150,000/month, that doesn't even include the fees for moving the data which would be ASTRONOMICAL. Very very strange

🚨‼️ An angry researcher just dropped a Windows Defender 0day exploit, he has a message to Microsoft: "I'm not explaining how this works, yall geniuses can figure it out." The exploit targets Defender's internal signature update mechanism to achieve local privilege escalation.

‼️🇺🇸 Lockheed Martin has allegedly been breached and 375TB of data is being offered for sale on what appears to be a Russian 'Threat Market'. They've priced the highly confidential data at $598 million...

The sovereign AI cookbook: building a private multi-model platform from scratch with @apple mac ultra. #blog/sovereign-ai-infrastructure" target="_blank" rel="nofollow noopener">techevangelist.eu/#blog/sovereig…

The DarkSword iPhone exploit code just leaked on GitHub. This changes the threat model for everyone, not just Apple users. Here's what most coverage is missing. DarkSword was originally a nation-state grade tool — tracked by Google's Threat Intelligence Group since November 2025, used by Russian espionage groups and customers of a Turkish commercial surveillance vendor. This was elite capability reserved for high-value targets. Now it's on GitHub. Anyone can download it, study it, modify it, and redeploy it. That's the moment a spyware-grade exploit chain goes from "targeted espionage" to "commodity attack tool." Google themselves warned this is exactly what happens - leaked code gives threat actors a starting point to test, tweak, and iterate. Three malware families deploy after compromise: GhostBlade, GhostKnife, and GhostSaber. Together they steal data, establish a backdoor for re-entry, and execute code - compressing the entire kill chain into a single click. But here's the enterprise angle nobody is connecting. SecurityScorecard's CISO Steve Cobb put it perfectly: once attackers gain credentials on a compromised phone, they're no longer limited to that device. They move into SaaS platforms, cloud environments, and partner systems without needing another exploit. Now think about how many people use the same iPhone for: → Corporate email and Slack → AI agent control channels (Telegram, WhatsApp, Discord) → Two-factor authentication → Cloud storage with synced credentials A compromised iPhone isn't a phone incident anymore. It's an enterprise access incident. If your CISO is running an OpenClaw agent through Telegram on their Mac and their iPhone connects to the same Telegram account - the phone becomes a lateral entry point to the agent. This is the second iOS exploit kit disclosure this month. Coruna gave attackers 23 exploits across iOS 13 through 17.2.1. DarkSword covers iOS 18.4 through 18.7. Between them, nearly every iPhone version in the wild has been targeted. What to do right now: → Update to iOS 26.3 immediately - this patches the DarkSword chain → Enable Lockdown Mode on any device you can't update → If your org allows BYOD, assume unpatched personal devices are compromised → Review what enterprise services are accessible from mobile - email, cloud, SSO tokens, AI agent channels → Test whether your mobile security controls can actually detect and block these exploit chains, not just in theory The pattern is clear: nation-state exploit tools are leaking faster than organisations can patch. DarkSword is public now. The window between "elite capability" and "commodity attack" just collapsed. Patch today. Not tomorrow. More Info: cybernews.com/security/anger…

I've been comparing two setups running Qwen3.5-397B-A17B at full 262K context: 🖥 Mac Studio M3 Ultra (512GB) — €14,500 ⚙️ Custom workstation, 4× RTX PRO 6000 (384GB VRAM) — €45,000 Results: • Workstation: 46.9 tok/s, 1,100W, 51 dBA • Mac Studio: 35 tok/s, 120W, ~15 dBA The Mac is 6.7× more energy-efficient per token. Over 3 years, the TCO gap is nearly €40K. I have never been a Mac guy, but I have to admit that the Mac Studio is currently the most attractive hardware for running local AI agents.

🚀 I just hosted MiniMax-M2.5 UNCOMPRESSED (full BF16, 230B total / 10B active MoE, 457 GB weights) on a single Mac Ultra 512 GB! Fits with ~50 GB left for OS + modest KV cache (perfect for 4k-16k ctx). Using native MLX — zero swapping, max quality local inference. 16K context window @ 30 tps. Frontier model at home, no API. 📊 Latest AI Coding Benchmarks 🏆 SWE-Bench Verified • MiniMax M2.5: 80.2 • MiniMax M2.1: 74 • Claude Opus 4.5: 80.9 • Claude Opus 4.6: 80.8 • Gemini 3 Pro: 78 • GPT-5.2: 80 ⚙️ SWE-Bench Pro • MiniMax M2.5: 55.4 • MiniMax M2.1: 49.7 • Claude Opus 4.5: 56.9 • Claude Opus 4.6: 55.4 • Gemini 3 Pro: 54.1 • GPT-5.2: 55.6 🖥️ Terminal Bench 2 • MiniMax M2.5: 51.7 • MiniMax M2.1: 47.9 • Claude Opus 4.5: 53.4 • Claude Opus 4.6: 55.1 • Gemini 3 Pro: 54 • GPT-5.2: 54 🌍 Multi-SWE-Bench • MiniMax M2.5: 51.3 • MiniMax M2.1: 47.2 • Claude Opus 4.5: 50 • Claude Opus 4.6: 50.3 • Gemini 3 Pro: 42.7 🌐 SWE-Bench Multilingual • MiniMax M2.5: 74.1 • MiniMax M2.1: 71.9 • Claude Opus 4.5: 77.5 • Claude Opus 4.6: 77.8 • Gemini 3 Pro: 65 • GPT-5.2: 72 ✨ VIBE-Pro (AVG) • MiniMax M2.5: 54.2 • MiniMax M2.1: 42.4 • Claude Opus 4.5: 55.2 • Claude Opus 4.6: 55.6 • Gemini 3 Pro: 36.9 #MiniMaxM25 #LocalLLM #AppleSilicon

🚨Cyber Alert‼️ 🇪🇺European Commission The European Commission disclosed a data breach affecting its mobile device management system, detected on January 30, 2026. The incident may have exposed staff names and mobile phone numbers, with no evidence of device compromise. The breach was contained within nine hours and is likely linked to exploitation of Ivanti Endpoint Manager Mobile vulnerabilities. Source: bleepingcomputer.com/news/security/…

EDR killer tool uses signed kernel driver from forensic software - @billtoulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

❗️A black-hat hacker named Davy de Valk, who studied computer science but was officially on welfare, installed a remote access tool on Port of Antwerp systems to facilitate undetected drug smuggling. He was selling intelligence to narcos. He has been sentenced in Amsterdam to 7 years in prison.

French Interior Ministry confirms cyberattack on email servers - @serghei bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

This story is wild Chinese state-backed hackers hijacked Claude Code to run one of the first AI-orchestrated cyber-espionage Using autonomous agents to infiltrate ~30 global companies, banks, manufacturers and government networks🤯 How the attack was carried out in 5 phases

‼️ China's largest cybersecurity firm, Knownsec, was breached, exposing details of China's state cyber operations. The data includes cyberweapon documentation, internal hacking tool source code, and global target lists covering over 20 countries, including Japan, Vietnam, and India. A spreadsheet lists 80 hacked foreign organizations, plus evidence of 95 GB of stolen Indian immigration data and 3 TB of call records from South Korean mobile operator LG U Plus. One of the documents mention a malicious power bank, disguised as a charging device. Knownsec is key to China's cybersecurity, providing advanced defense and offensive capabilities, including espionage tools. A thread with their tools 🧵

🚨Cyber Alert‼️ Windows Zero-Day Exploit Actively Abused in Diplomatic Attacks. No Patch Available Yet Chinese group UNC6384 exploited an unpatched Windows zero-day (CVE-2025-9491) to target EU diplomats via spearphishing in September–October 2025. Victims downloaded fake EU/NATO docs that deployed PlugX through Canon DLL side-loading, allowing data exfiltration. The flaw, also used by Evil Corp and Mustang Panda, remains unpatched by Microsoft. Source: cybernews.com/cybercrime/eur…

Russian FSB-controlled state messenger MAX likely hacked, 46.2 million data rows stolen, hacker posted sample rows from database on dark web.

Over 266,000 F5 BIG-IP instances exposed to remote attacks - @serghei bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

How do criminals hack in? They log in? How do they do that? with valid credentials... Commonly obtained via Phishing and malware (info stealers) and data breaches (e.g. third party sites where creds have been re-used etc.)