Steve Puluka

A new era for choice and openness News and insights on the Android platform, developer tools, and events.

Good news for software developers, looks like Google is reducing developer fees on the App Store over time.

android-developers.googleblog.com/2026/03/a-ne...

All Mexico Cellphone Users Must Register by June 30, 2026 From 2026, Mexico's law requires that all Mexican cellphone numbers, whether on contract or prepay phone plans, are associated to a verified and registered user

No more burner phones. Mexico is looking to remove any possible anonymous use of cell service. By June this year all SIM must be connected to a government ID.

www.mexperience.com/all-mexico-c...

Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East - Check Point Research Key Findings Introduction As highlighted in the Cyber Security Report 2026, cyber operations have increasingly become an additional tool in interstate conflicts, used both to support military operatio...

Interesting report from Checkpoint that Iran threat actors seem to be after internet connected cameras throughout the Middle East to support the war effort.

research.checkpoint.com/2026/interpl...

Disrupting the GRIDTIDE Global Cyber Espionage Campaign | Google Cloud Blog GTIG, Mandiant, and partners took action to disrupt a global espionage campaign from a suspected PRC-nexus cyber espionage group.

Interesting report from Google on how they disrupted the infrastructure of the threat group UNC2814 that was targeting telecom and government agencies.

cloud.google.com/blog/topics/...

Crypto Ransomware: 2026 Crypto Crime Report In 2025, total on-chain ransomware payments fell by approximately 8% to $820 million in 2025, even as claimed attacks rose 50%.

Good news in the latest Ransomware report from ChainAlysis finds that payments have stopped growing and hold steady at $820 last year. Hopefully this is the beginning of the end.

www.chainalysis.com/blog/crypto-...

Government cuts cyber-attack fix times by 84% and launches new profession to protect public services The government has launched a new vulnerability monitoring service (VMS) to reduce cyber risks and speed up fixes, and a new Cyber Profession to build long-term resilience across public services.

Latest report from the UK NCSC shows that we are getting better at patching. The average time to patch is six times faster since last year.

www.gov.uk/government/n...

Mountain View CA has canceled their Flock contract after learning the company is sharing data with out of state agencies.

www.mountainview.gov/Home/Compone...

FTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children Online The Federal Trade Commission issued a policy statement today announcing that the Commission will not bring an enforcement action under the Children’s Online Privacy Protection Rule (COPPA Rule) aga

Apparently the us FTC thinks that asking nicely will bet us social media companies to start applying age verification for youth protection since we cannot pass any laws.

www.ftc.gov/news-events/...

I guess the network engineers bag of console serial adapters would freak them out.

Age requirements for apps distributed in Brazil, Australia, Singapore, Utah, and Louisiana - Latest News - Apple Developer Today we’re providing an update on the tools available for developers to meet their age assurance obligations under upcoming U.S. and regional laws, including in Brazil, Australia, Singapore, Utah, an...

More countries are implementing age verification requirements. Apple is outlining how they will apply these rules in various jurisdictions.

developer.apple.com/news/?id=f5z...

Good news that Spanish authorities have arrested four more members of the Fénix hacktivist group behind DDoS attacks.

web.guardiacivil.es/eu/destacado...

Reddit issued with £14.47m fine for children’s privacy failures Our investigation found Reddit, Inc. (Reddit) used children’s personal information unlawfully.

The UK is continuing to hold social media to their privacy regulations fining Reddit £14 million for collecting data on children under 13.

ico.org.uk/about-the-ic...

Our Search Party: Finding a Ring Bounty Winner People who own doorbell cameras bought them, in part, to keep people out of their homes. As long as their video footage is stored on corporate servers, consumers could inadvertently be letting others ...

More fallout from our corporate surveillance systems. Fulu Foundation is offering a $10k bounty to hack Ring cameras and cut off AWS data sharing feature to insure privacy for owner users.

fulu-foundation.ghost.io/our-search-p...

Fraudsters arrested in Nigeria following NCA intelligence sharing Seven men have been arrested in Nigeria after intelligence identified a scam compound targeting UK victims.

Good news that the UK @nca-uk.bsky.social in cooperation with Nigerian authorities have arrested 7 suspects and taken down a crypto scam center.

www.nationalcrimeagency.gov.uk/news/fraudst...

AI-augmented threat actor accesses FortiGate devices at scale | Amazon Web Services Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates...

Interesting report from AWS on how a Russian threat actor successfully used #AI tools to compromise over 600 Fortinet firewalls.

aws.amazon.com/blogs/securi...

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager | Adnan Khan - Security Research Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager - Security research by adnanthekhan

Another supply chain attack detected on Github on the Cline AI coding agent where the attacker pushed malicious updates. Review by Adnan Khan

adnanthekhan.com/posts/clinej...

Crack in the Armor: Underlying Infrastructure Threats to RPKI Publication Point Reachability - NDSS Symposium

Interesting research on the vulnerabilities in the BGP RPKI system via communications with the publishing point servers to allow prefix highjacks.

www.ndss-symposium.org/ndss-paper/c...

Businesses urged to “lock the door” on cyber criminals as new government campaign launches A new campaign to provide practical ways for organisations to protect themselves from common online threats.

The UK NCSC collects the playbook for cyber defense for small and medium business.

www.gov.uk/government/n...

47-latek związany z grupą Phobos zatrzymany przez policjantów CBZC Funkcjonariusze Centralnego Biura Zwalczania Cyberprzestępczości zatrzymali 47-letniego mężczyznę podejrzanego o wytwarzania, pozyskiwanie oraz udostępnianie programów komputerowych służących do bezpr...

Good news that Polish authorities have arrested the person responsible for attacks using Phobos ransomware.

cbzc.policja.gov.pl/bzc/aktualno...

Keenadu the tablet conqueror and the links between major Android botnets Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the world's most p...

Latest supply chain attack outlined by Kaspersky is the Keenadu backdoor added to Android OS and cannot be removed without a full flash and reinstall.

securelist.com/keenadu-andr...

Mass Data Exfiltration Campaigns Lose Their Edge in Q4 2025 Are we seeing the extinction of mass data exfiltration campaigns? The stats demonstrate these attacks are losing their efficacy.

Good news from this report from Coveware that companies are continue the drop in paying the Ransomware extortions.

www.coveware.com/blog/2026/2/...

FTC Reminds Data Brokers of Their Obligations to Comply with PADFAA The Federal Trade Commission sent letters to 13 data brokers warning them of their responsibility to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFAA).

Warning letters to 13 data brokers from the US Federal Trade commission point out they are not allowed to sell sensitive data of Americans to foreign adversaries like North Korea, China, Russia or Iran.

www.ftc.gov/news-events/...

Once again a simple question to both Microsoft copilot and Google Gemini give very different answers. The ChatGPT agent has seriously fallen into errors lately. Being off by one year for the Tsar gives the wrong answer.

Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure Internal files describe a training platform as part of a large integrated system designed to allow attackers to practice hacking replicas of “the real network environments” of China’s “main operationa...

Leaked Documents show that China has created a training environment for their continued hacking attempts into power grids of foreign adversaries.

therecord.media/leaked-china...

Verdachte aangehouden in cyberonderzoek De politie hield op 10 februari een 21-jarige man uit Dordrecht aan in een cybercrime-onderzoek van Team Cybercrime Oost-Brabant. We verdenken de man ervan dat hij een systeem verspreidde waarmee eenm...

Good news that Dutch police have arrested the suspect selling the phishing kit JokerOTP that could intercept one time passwords.

www.politie.nl/nieuws/2026/...

Beyond the Hype: Moltbot's Real Risk Is Exposed Infrastructure, Not AI Superintelligence While the world debates Moltbook's role in the AI ecosystem, it is just the tip of the iceberg of Titanic risk. SecurityScorecard's STRIKE team uncovered what lurks beneath: Thousands of exposed OpenC...

Let’s be careful out there, SecurityScorecard found over 42k internet exposed OpenClaw instances with full system access enabled.

securityscorecard.com/blog/beyond-...

Palo Alto Networks Security Advisories Palo Alto Networks Security Advisories - Latest information and remediations available for vulnerabilities concerning Palo Alto Networks products and services.

That time again to review the Palo Alto Network security advisories and get patching the affected gear.

security.paloaltonetworks.com

News sites are locking out the Internet Archive to stop AI crawling. Is the ‘open web’ closing? News outlets want readers – and big tech – to pay for their content. But blocking the Internet Archive will leave major holes in the public record of the web.

Unfortunate fallout from the #AI scraping blockers is that the Way Back machine from the internet archive is also being denied access in many cases.

theconversation.com/news-sites-a...

Android 16 is on 7.5% of devices in latest distribution numbers update Google has updated Android’s distribution numbers again, this time revealing that Android 16 is already on 7.5% of devices, with...

Ouch, looks like 42% of all Android devices are running a version that is outdated and no longer receives patches. And only 7.5% are on the current release.

9to5google.com/2026/01/30/a...

FE søger landets skarpeste hoveder til hackerakademi For første gang i seks år er der mulighed for at søge ind på FE’s Hackerakademi. Slipper man igennem nåleøjet, bliver man tilbudt en unik mulighed for at arbejde som hacker i FE.

Interesting that Denmark is going full Red Team for their cyber operations and plans on actively hacking and infiltrating foreign enemy networks.

www.fe-ddis.dk/da/nyheder/2...