A dense week of cybersecurity developments spans botnet takedowns, iPhone vulnerabilities, AI-powered scams, and Meta quietly killing Instagram's end-to-end encryption.
US law enforcement dismantled four major botnets (Aisuru, Kimwolf, JackSkid, Mossad) infecting 3 million+ devices. Russian hackers deployed DarkSword to compromise hundreds of millions of iPhones. Meta announced it will eliminate Instagram DM end-to-end encryption on May 8, reversing a long-standing promise. Separately, the FBI confirmed it purchases commercial location data from brokers to fuel intelligence operations.
DarkSword targeting hundreds of millions of iPhones is the immediate technical threat — if your app stores sensitive user data locally or relies on iOS security assumptions, that attack surface just expanded materially. The Sears/Samantha AI bot leak is a concrete example of AI session data being publicly exposed, a risk pattern that emerges when AI conversation logs aren't properly scoped and access-controlled. Meta's encryption rollback on May 8 means any integration built on Instagram DM APIs should be treated as unencrypted infrastructure from that date forward.
Audit your AI chatbot or customer service integration this week: verify that session recordings, transcripts, and audio blobs are scoped behind authenticated endpoints — the Sears leak shows unauthenticated public access is a live production risk, not a theoretical one.
Open your app's API docs or Postman collection and make an unauthenticated GET request to your session/conversation log endpoint. If you get a 200 with real data, you have the same exposure Sears had. Fix it before someone else finds it.
Tags
Signals by role
Also today
Tools mentioned