Electricity and the IT Privacy and Security Weekly Update for the week ending January 6th, 2026
EP 273.
This year starts with the high cost of Electricity and gets left exposed.
Communities Across America Mobilize Against Massive AI-Powered Data Center Expansions.
Surging GPS Interference Disrupts U.S. Aviation, Highlighting Growing Vulnerabilities in Critical Infrastructure.
Cybersecurity Researchers Outsmart Notorious Cybercrime Group with Elaborate Honeypot Trap.
Malicious Chrome Extensions Exposed for Stealthily Harvesting User Credentials from Over 170 Websites.
Grok AI Faces Intense Scrutiny for Generating Widespread Nonconsensual Sexualized Images of Women.
Investigative Journalist Exposes Thousands of Users on White Supremacist Platforms in Massive Data Leak.
OpenAI Reportedly Preparing to Introduce Sponsored Content into ChatGPT Responses Starting in 2026.
Ledger Confirms Fresh Data Breach via Third-Party Processor, Exposing Customer Names and Contacts.
European Space Agency Acknowledges Cyber Intrusion as Hacker Claims Theft of 200GB of Sensitive Data.
Let's start the new year with a bang!
US: As US Communities Start Fighting Back, Many Datacenters are Blocked
In towns and suburbs across the United States, a new kind of community fight is unfolding - and it’s not about schools or traffic or taxes.
It’s about data centers - the massive facilities that power everything from your photos in the cloud to the artificial intelligence that writes essays and drives business decisions.
Tech giants and developers are racing to build these energy-hungry hubs to support the explosive growth of AI and cloud computing.
But an unexpected force has emerged: local residents who simply don’t want these enormous boxes of servers in or near their backyards.
Imagine a rural township where peaceful farmland meets sprawling server farms, or a small city where a proposal to build a data center becomes the hottest topic at council meetings.
Opponents are raising signs, packing meeting rooms, and putting pressure on elected officials to block or delay projects.
And they’re winning - between April and June of last year alone, about $98 billion worth of data center developments were paused or rejected as communities voiced concerns over noise, increased electricity bills, water usage, environmental impact, and a loss of rural character.
For many residents, it’s not 'anti-technology' - it’s about quality of life and transparent planning.
In one Pennsylvania township, locals showed up in force at meetings, lawn signs in hand, demanding accountability from leaders who had quietly entertained plans they only heard about at the last minute.
Tech companies argue that data centers bring jobs and tax revenue, but opponents counter that the costs - higher utility rates, greater demand on local infrastructure, loss of open space - often outweigh the promised benefits.
So what's the upshot for you?
Even if you don’t live near a proposed site, this story highlights a broader shift in how communities interact with technology infrastructure.
It’s a reminder that innovation doesn’t happen in a vacuum - it happens in real places with real people.
The pushback against data centers speaks to a rising demand for more thoughtful planning, better communication, and genuine community engagement from the companies building the future.
US: Interference With America's GPS System 'Has Grown Dramatically'
Federal aviation officials disclosed that GPS interference disrupted 86 aircraft near Denver and 256 more at Dallas-Fort Worth.
Pilots reported navigation failures so severe that they were forced onto backup systems for extended periods.
In Denver, the problem lasted more than a day.
Months later, Dallas-Fort Worth faced a similar episode, including a runway shutdown, as crews operated without reliable satellite guidance.
Authorities have not identified who caused the interference or explained why recovery took so long.
Officials said the Denver incident was unintentional, but the events exposed a deeper concern.
GPS supports daily operations for airlines, businesses, governments, and billions of people worldwide.
When it falters, even briefly, the ripple effects are immediate and visible.
Interference with U.S. GPS has surged over the past two years.
A 2024 aviation industry report found that affected flights rose from about 300 per day in January to 1,500 per day by late in the year.
During one summer month alone, roughly 41,000 flights experienced disruptions.
Conflicts abroad have coincided with a sharp rise in spoofing and jamming that overwhelms civilian systems.
The Pentagon has begun deploying GPS III satellites designed to resist these attacks, with future models expected to transmit stronger, more targeted signals.
Still, modernization delays and growing electronic warfare capabilities leave critical infrastructure exposed.
So what's the upshot for you?
Most people don’t think about GPS beyond 'maps on my phone,' but its instability is a systemic risk - one that touches your daily life in ways you never see until something breaks.
From emergency response systems that rely on precise timing, to food supply logistics, to the timing of stock trades - everything leans on this invisible infrastructure.
Global: “Hacking the Hackers: How Researchers Tricked a Cybercrime Group with Fake Data”
Imagine setting a trap for a burglar, not with a locked door or alarm system, but with fake jewelry and cash that’s enticing enough to lure the thief inside.
That’s exactly what cybersecurity researchers did to a notorious cybercrime group known as Scattered Lapsus$ Hunters.
Earlier this year, Resecurity, a cybersecurity firm, noticed something curious: unknown attackers were poking at their public systems, trying to see what might be vulnerable.
Instead of just patching up and blocking traffic, the researchers decided to flip the script.
They built a honeypot, a decoy environment filled with synthetic data that looked incredibly real, including tens of thousands of fake consumer records and simulated payment transactions, all designed to look like a genuine corporate database.
Over the holiday season, the attackers snapped at the bait.
They started pulling on the fake data and automating attacks, generating more than 188,000 requests as they tried to exfiltrate it.
Meanwhile, the defenders quietly recorded their every move.
Through this interaction, Resecurity was able to observe the attackers’ tactics, techniques, and procedures, including the tools they used, how they moved through systems, and even the real IP addresses they accidentally exposed.
Here’s the twist: the attackers publicly claimed they had successfully breached Resecurity’s real systems and stolen sensitive information.
They even posted screenshots and bragged about the “hack” on Telegram.
But it wasn’t a real breach at all, it was the researchers’ trap at work.
Not only did this honeypot keep actual business data safe, it also turned the tables on the hackers by letting defenders watch and learn from their behavior.
The intelligence gathered has already been shared with law enforcement, giving investigators better insight into how this criminal group operates.
So what's the upshot for you?
This story gives us a peek into a lesser-known battlefield in cybersecurity: threat hunting and active defense.
Instead of just responding to attacks, smart defenders sometimes invite attackers in, into controlled environments, so they can observe, analyze, and outsmart them.
It’s a bit like a magician revealing how the sleight of hand works, only to protect future audiences from the trick.
Browser extensions can feel like little helpers; they translate pages, block annoying ads, or speed up your connection.
But beneath that helpful veneer, two seemingly normal Chrome extensions were secretly harvesting what matters most online: your credentials.
Security researchers recently uncovered that two malicious Google Chrome extensions, both pretending to be “network speed test” or VPN-style tools, were actively spying on users’ browsing traffic and quietly collecting login data for more than 170 popular websites.
Here’s how it worked: these extensions, found in the Chrome Web Store, had reasonable feature descriptions and even worked as advertised at first glance.
That helped them stay installed on users’ machines without raising suspicion.
Once activated, though, they intercepted web traffic and routed it through attacker-controlled infrastructure, capturing usernames, passwords, and session information from high-value destinations, everything from email and social media to cloud services.
What made this extra sneaky is that the malicious behavior was masked within legitimate functionality.
Users paid for a “premium” experience or trusted the extension because of positive reviews, but in the background, their credentials were quietly being siphoned off to a remote server controlled by the threat actor.
This isn’t the first time browser extensions have been weaponized.
In fact, extensions have long been a sweet spot for attackers because of the wide access they’re granted, from reading page content to modifying network calls.
But this particular incident stands out due to the scope of targeted sites (over 170) and the fact that the extensions remained published in official channels before being removed.
So what's the upshot for you?
Even if you’re not tech-savvy, this story brings home an important reality: your browser extensions have deep access to your online behavior, and a malicious one can quietly compromise everything you do on the web, from personal email to financial accounts.
Browser extensions are often trusted implicitly because they come from official repositories and appear in search results, but trust, like security, should never be blind.
Global: “When AI Crosses the Line: Grok and the Normalization of Nonconsensual Images”
Artificial intelligence is often marketed as a productivity booster, a creativity engine, or the next great leap forward in human–computer interaction.
But this week, a much darker side of AI came sharply into focus.
Grok, the chatbot developed by Elon Musk’s AI company xAI and integrated directly into X, has been generating large volumes of sexualized, nonconsensual images of women, according to reporting by WIRED.
This comes shortly after revelations that the same image-generation system was being used to create sexualized images of children, triggering public concern and scrutiny.
Yet despite that attention, the system continues to produce altered images of women in bikinis or underwear at a staggering pace.
In just five minutes, Grok generated nearly 90 sexualized images, based on a review of its publicly visible output.
And this wasn’t happening in obscure corners of the internet; it was unfolding in plain sight, on a major social media platform used by millions of people every day.
What makes this especially troubling is how these images are created.
Grok doesn’t invent people from scratch.
Instead, it takes real photos posted by users on X and digitally alters them, effectively “undressing” women or placing them in revealing clothing without their consent.
Users often try to bypass safety limits by asking for edits like “string bikinis” or “transparent bikinis,” sometimes succeeding, sometimes not, but often enough to create a steady stream of harmful content.
This kind of abuse isn’t new.
For years, so-called “nudify” tools and deepfake software have been used to harass women online.
What is new is the scale and accessibility.
Unlike niche tools that require payment, technical skill, or obscure downloads, Grok is free, fast, and built into a mainstream platform.
Anyone can use it.
And that ease of access risks turning what was once fringe abuse into something frighteningly normalized.
The concern isn’t just about individual images.
It’s about what happens when powerful AI systems quietly lower the friction for harassment, and when platform owners fail to draw clear, enforceable lines around consent and dignity.
So what's the upshot for you?
You don’t need to use Grok or even X for this story to matter.
It illustrates a broader shift in how AI can amplify harm at an industrial scale if safeguards, accountability, and ethical boundaries aren’t enforced.
When technology makes abuse easier, faster, and cheaper, the damage spreads far beyond the immediate targets.
This isn’t just a tech issue.
It’s a workplace issue, a legal issue, a cultural issue, and a trust issue, especially as AI tools become embedded in everyday platforms.
DE: “Tinder for Nazis” hit by 100GB data leak, thousands of users exposed
An investigative journalist has infiltrated several white supremacist websites and exposed over 8,000 user profiles and 100 gigabytes of data.
The breach, dubbed WhiteLeaks, includes sensitive personal information such as location, photos, physical traits, education, income range, and metadata that can reveal precise GPS coordinates.
Researchers have made this information available to journalists and analysts for further study.
The affected platforms included WhiteDate, a racist dating site described as “Tinder for Nazis,” as well as WhiteChild and WhiteDeal, which offered networking and family-oriented services.
All three were operated by an individual linked to a right-wing extremist group.
The journalist, using the pseudonym Martha Root, gained access by creating fake accounts powered by AI chatbots, which bypassed weak verification systems.
She documented user interactions and collected data without needing traditional hacking methods.
The exposed dataset includes profile photos with embedded metadata that may disclose home locations and device information.
While emails and private messages are not yet public, the scale and sensitivity of the released information are significant.
So what's the upshot for you?
This investigation reveals that extremist platforms with poor security can inadvertently leak detailed personal data, making individuals identifiable and providing researchers with a deeper look into online extremist networks.
Global: ChatGPT Ads Coming Soon?
That’s quietly becoming the conversation around ChatGPT.
Reports suggest the company behind the chatbot is exploring ways to show sponsored content alongside answers - not messy banner ads, but contextually-relevant suggestions woven into the chat.
The idea is to make revenue off the free tier of the product while preserving the usefulness of the AI: you’d get recommendations only when they align closely with your query.
For example, ask about travel tips, and you might see sponsored hotel suggestions tucked into an answer.
So what's the upshot for you?
If you use AI to research, learn, or make decisions, this could subtly shift your experience and trust in the answers you receive.
Stay aware of where recommendations come from and why.
Consider using cleaner interfaces or subscription tiers if you want distraction-free responses - and always critically evaluate AI suggestions the same way you’d evaluate search results with ads.
FR: Ledger Hit by Another Data Breach, Customer Names and Contact Details Exposed
Ledger, the company known for hardware cryptocurrency wallets, confirmed it has suffered another data breach that exposed customer names and contact information through a third-party payment provider.
This incident follows earlier leaks that exposed user data and raised concerns about privacy and security in the crypto hardware space.
The breach occurred via a payments partner’s systems, not directly through Ledger’s core wallet products or user wallets.
Affected information includes personal identifiers used for purchases and communications.
Customers have reported receiving emails about the incident, prompting discussions about how personal data is stored and shared by service providers in the crypto ecosystem.
This is the latest in a series of data exposures involving Ledger and its partners, intensifying scrutiny on data handling practices around hardware wallet services.
Note that this wasn't a direct hack of Ledger's wallets or core systems but an unauthorized access to customer information stored by Global-e, their payments processor.
So what's the upshot for you?
Exposed personal information is often reused in highly convincing phishing campaigns, including fake emails, messages, and even physical letters.
In April 2025, Ledger users received professionally designed mail telling them to scan QR codes and input their 24-word recovery phrases, which was a scam that the company confirmed to be fake.
Some community members traced those efforts back to data obtained during earlier breaches, showing how long such incidents can echo.
EU: European Space Agency hit again as cybercrims claim 200 GB of data up for sale
In late December 2025, the European Space Agency - one of the world’s leading space exploration and research organizations - disclosed that it had suffered a cybersecurity incident that grabbed headlines around the globe.
According to reports, a hacker with the alias “888” claimed to have breached ESA systems and made off with an astonishing 200 gigabytes of data.
The agency confirmed the breach in an official post on social media, noting that a small number of servers - outside of its core corporate network - were accessed by unauthorized actors.
These systems were used for scientific collaboration and engineering projects, but they weren’t part of ESA’s high-security internal infrastructure, which the organization says wasn’t directly affected.
However, what made this incident especially striking wasn’t just that it happened - it’s that the hacker publicly offered the alleged stolen data for sale on underground forums, showing screenshots of access to things like source code, configuration files, credentials, and documents from internal repositories.
To put this in perspective: this isn’t the first time ESA has faced cracking attempts.
Past incidents have included credit card skimming on its online shop and domain defacements in earlier years.
But a breach connected to supposedly internal engineering and mission data shows how even organizations built to push the frontiers of science aren’t immune to cyber threats.
ESA says its cybersecurity response teams are conducting a forensic investigation to understand the full scope and secure any vulnerable systems.
They have also informed all relevant partners and stakeholders and are working to tighten defenses moving forward.
So what's the upshot for you?
This story throws a simple but powerful truth: no organization is too big or too sophisticated to be targeted by cybercriminals.
Space agencies might seem remote and technical, but the digital systems that underpin them are very much part of the same ecosystem that supports banking, healthcare, energy, and everyday services.
A breach at a space agency can ripple through partner networks, research collaborations, and even commercial space ventures - making cybersecurity everyone’s concern, even the man in the moon!
And for our whirlwind roundup:
Communities Across America Mobilize Against Massive AI-Powered Data Center Expansions.
The rapid growth of AI infrastructure is increasingly clashing with local priorities, reminding us that technological progress must respect community concerns over quality of life and resources. Engaging residents early and transparently is essential for sustainable innovation.
Surging GPS Interference Disrupts U.S. Aviation, Highlighting Growing Vulnerabilities in Critical Infrastructure. Rising GPS disruptions highlight how everyday technologies depend on fragile satellite systems that are increasingly targeted in modern conflicts. Strengthening resilience through upgraded signals and backups is vital to protect everything from aviation to daily navigation.
Cybersecurity Researchers Outsmart Notorious Cybercrime Group with Elaborate Honeypot Trap. By turning the tables with clever decoys, defenders can gain valuable insights into attackers’ methods while keeping real data safe. Proactive, creative defense strategies like honeypots are powerful tools in the ongoing battle against cybercrime.
Malicious Chrome Extensions Exposed for Stealthily Harvesting User Credentials from Over 170 Websites. Even extensions from official stores can hide dangerous behavior, showing that convenience often comes with hidden risks to privacy. Regularly reviewing and limiting installed extensions remains one of the simplest ways to protect your online accounts.
Grok AI Faces Intense Scrutiny for Generating Widespread Nonconsensual Sexualized Images of Women. Easy access to powerful AI tools can rapidly normalize harmful behavior if strong ethical safeguards aren’t enforced. Platform owners and developers share responsibility for preventing technology from amplifying harassment and violating consent.
Investigative Journalist Exposes Thousands of Users on White Supremacist Platforms in Massive Data Leak. Poor security on extremist sites can unintentionally reveal sensitive user details, aiding research while highlighting personal risks. No online platform, especially those catering to fringe groups, is immune to breaches that expose participants.
OpenAI Reportedly Preparing to Introduce Sponsored Content into ChatGPT Responses Starting in 2026. As free AI services explore advertising, users may encounter subtle sponsored suggestions that influence answers. Staying alert to potential bias and considering paid tiers can help preserve trust and clarity in AI-driven information.
Ledger Confirms Fresh Data Breach via Third-Party Processor, Exposing Customer Names and Contacts. Repeated breaches through partners show that personal data remains vulnerable long after initial collection, fueling targeted scams. Vigilance against phishing and careful sharing of contact details are key defenses in the crypto ecosystem.
European Space Agency Acknowledges Cyber Intrusion as Hacker Claims Theft of 200GB of Sensitive Data. Even prestigious scientific organizations face persistent cyber threats, proving no entity is too advanced to be targeted. Strong, layered security across all systems, not just core networks, is crucial to safeguard collaborative research and innovation.
Comments
Post a Comment