Notices by BrianKrebs (briankrebs@infosec.exchange), page 2

So one of the guys I wrote about in this story -- Matt Schlicht, the creator of Moltbook, a bizarre Reddit-like platform for AI agents that Schlicht said he vibe coded with OpenClaw -- has just had his bot social network acquired by Meta (for undisclosed terms).

Interestingly, Schlicht said he didn't write a single line of code for the project. From the story:

"AI assistants like OpenClaw have gained a large following because they make it simple for users to “vibe code,” or build fairly complex applications and code projects just by telling it what they want to construct."

"Less than a week after its creation, Moltbook had more than 1.5 million registered agents that posted more than 100,000 messages to each other. AI agents on the platform soon built their own porn site for robots, and launched a new religion called Crustafarian with a figurehead modeled after a giant lobster. One bot on the forum reportedly found a bug in Moltbook's code and posted it to an AI agent discussion forum, while other agents came up with and implemented a patch to fix the flaw."

"“I just had a vision for the technical architecture and AI made it a reality,” Schlicht said. “We’re in the golden ages. How can we not give AI a place to hang out.”

Axios story on acquisition: https://www.axios.com/2026/03/10/meta-facebook-moltbook-agent-social-network

Good YouTube vid on Moltbook: https://www.youtube.com/watch?v=1Y_u0fY-AbA

We've been weaning ourselves off ordering things from Amazon, so my wife went and ordered something big from a different retailer, who was actually advertising it at a lower price than Amazon. Well, after a week of waiting for the item to ship, it suddenly just arrived. Turns out the order was fulfilled through Amazon anyway.

Saw a few videos this morning of Iranian drones targeting US military bases and blowing shit up. I was struck by how loud and slow these things are. It's as if the loudest leafblower on the planet had wings and a propeller.

This AP News story has some good detail on Iran's response to its neighbors, which indicates the majority of the many, many missiles and drones Iran sent at or near the UAE were intercepted, but that some less defended places were still hit due to the volume of the missile/drone volley.

"Officials in Dubai in the United Arab Emirates said Sunday that air defenses had dealt with 165 ballistic missiles, two cruise missiles and more than 540 Iranian drones over two days. While officials said they intercepted all air attacks Saturday, debris from the knocked-down weapons sparked blazes at some of Dubai’s most iconic locations."

"Some Iranian drones flew as far as a U.K. military base in Cyprus. The runway at the Royal Air Force base in Akrotiri was struck by an Iranian drone Sunday, according to U.K. officials, and sirens blared there again Monday when two more drones heading toward the base were intercepted."

"State-of-the-art U.S. and Israeli air defense assets have proven efficient in intercepting most of Iran’s ballistic missiles launched at Israel. But the attacks using large numbers of cheap drones hit some softer targets lacking the same level of protection."

https://apnews.com/article/iran-us-israel-gulf-war-drone-49c8ea76358e579447ff839485f394ac

New, by me: Who Is the Kimwolf Botmaster, "Dort"?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher’s home. This post examines what is knowable about Dort based on public information.

https://krebsonsecurity.com/2026/02/who-is-the-kimwolf-botmaster-dort/

Agentic AI-based services are the new Shadow IT. Change my mind.

I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.

Meanwhile, for the past week, LinkedIn has been showing me some other company's dashboard in my profile.

Lol, most of these impressions were on a post I made about why you maybe shouldn't verify your LinkedIn account.

https://infosec.exchange/@briankrebs/116103192779110422

Favorite headline today (via HackerNews): Pope tells priests to use their brains, not AI, to write homilies

https://www.ewtnnews.com/vatican/pope-leo-xiv-tells-priests-to-use-their-brains-not-ai-to-write-homilies

Really enjoyed this scoop from the Financial Times, where a team of reporters identified 48 seemingly independent companies working from different physical addresses that appear to be operating together to disguise the origin of Russian oil, particularly from Kremlin-controlled Rosneft. The kicker: The network was discovered because they all share a single private email server.

From the (paywalled) story:

"The FT was able to identify 442 web domains whose public registrations show they all use a single private server for their email, “mx.phoenixtrading.ltd”, showing that they share back-office functions."

"The FT was then able to identify companies by comparing the names in the domain to those of entities that appear in Russian and Indian customs records as involved in carrying Russian oil."

"For example, Foxton FZCO, a Dubai-based entity listed as the buyer of $5.6bn of oil in Russian export filings, matches “foxton-fzco.com”. Similarly, Advan Alliance, an entity listed in Indian filings as having sold $1.5bn of Russian oil into the country, can be linked to “advanalliance.ltd”. "

"Filings linked by the FT to the domain list show oil exports from Russia amounting to more than $90bn."

https://www.ft.com/content/4310f010-2b3c-493e-ba0a-26dc6d156b2e

A slick new phishing-as-a-service offering demonstrates just how easily a username+password and a one-time token can be phished. Dubbed "Starkiller," the service uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the victim and the legitimate site -- forwarding the victim's username, password and multi-factor authentication code to the legitimate site and returning its responses.

https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-real-login-pages-mfa/

#phishing #MFA #starkiller

The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:

"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake

All biometric personal data is deleted immediately after processing.

All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.

No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.

The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."

If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.

https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/

Thank god Microsoft is shoving Copilot AI crap into everything. One gets the sense this isn't going to be an isolated occurrence. From Bleeping Computer:

"Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information."

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/

Yes, Windows (ab)users it's your favorite time of the month once again (ducks). Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.

https://krebsonsecurity.com/2026/02/patch-tuesday-february-2026-edition/

Thank goodness the Federal Aviation Administration is still able to do its job and be the adult in the room. For now, anyway. How long until the Cheetoh in Chief starts grounding planes in blue states for the rebuke?

From CBS News:

"The unexpected but brief airspace closure in the Texas border city of El Paso stemmed from disagreements between the Federal Aviation Administration and Pentagon officials over drone-related tests, multiple sources close to the matter told CBS News. "

"The Pentagon had undertaken extensive planning on the use of military technology near Fort Bliss, a military base that abuts the El Paso International Airport, to practice taking down drones."

"Two sources identified the technology as a high-energy laser."

"Meetings were scheduled over safety impacts, but Pentagon officials wanted to test the technology sooner, stating that U.S. Code 130i requirements governing the protection of certain facilities from unmanned aircraft had been met."

"FAA Administrator Bryan Bedford on Tuesday night decided to close the airspace — without alerting White House, Pentagon or Homeland Security officials, sources said."

https://www.cbsnews.com/news/airspace-closure-followed-spat-over-drone-related-tests-and-party-balloon-shoot-down-sources-say/

New, by me: Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers.

https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/

RE: https://infosec.exchange/@briankrebs/115962508398912420

Last day to submit public comments, officially:

The Extorter in Chief is at it again. Per the NYT:

"The Trump administration has sought to pressure Senator Chuck Schumer, Democrat of New York and the minority leader, to help name New York’s Penn Station and Washington Dulles International Airport after President Trump in exchange for releasing billions of dollars he has frozen for a rail tunnel under the Hudson River."

Top administration officials have told Mr. Schumer in recent weeks that the money would be released if he agreed to name the facilities in Mr. Trump’s honor, according to four people familiar with the private conversations. The people spoke on the condition of anonymity because they were not authorized to reveal the private discussions."

https://www.nytimes.com/live/2026/02/06/us/trump-news#section-918963069

This makes me sad (been there). From Joe Menn at WaPo: "Most of the Washington Post’s tech reporters were laid off today, including me. I have loved my time at the paper, which is where I wanted to work from age 15. I take some consolation in not being among the survivors who will have to work harder with less for fewer readers. On to better things."