Dark Matter and the IT Privacy and Security Weekly Update for the week ending February 3rd., 2026
Episode 277
In this week’s dark matter:
Privacy-first users send a clear message to DuckDuckGo. AI-free search is here to stay for most of its community.
A cutting-edge AI from AISLE exposed deep-seated vulnerabilities in OpenSSL, exponentially speeding the pace of cybersecurity discovery.
A security breach at eScan transformed trusted antivirus software into an unexpected cyber weapon.
An internal probe suggests a cyber intrusion may have prematurely exposed last year’s Nobel Peace Prize laureate.
A U.S. jury found former Google engineer Linwei Ding guilty of funneling AI trade secrets to Chinese tech companies.
Newly surfaced records reveal U.S. investigators examined claims that WhatsApp's encryption might not be as airtight as advertised.
Apple's new location “fuzzing” feature gives users the power to stay connected, without being precisely tracked.
A privacy lapse in a talking AI toy exposed thousands of private conversations between children and their plush companions.
Google unleashes new AI to investigate DNA’s ‘dark matter’. DeepMind’s latest creation, AlphaGenome, is shining light on the 98% of DNA that science once found inscrutable.
Come on, let’s go unravel some genomes.
Global: DuckDuckGo Users Vote Overwhelmingly Against AI Features
DuckDuckGo recently asked its users how they felt about AI in search.
The answer has come back loud and clear: more than 90% of the 175,354 people who voted said they don't want it.
The privacy-focused search engine has since set up two versions of its tool: noai.duckduckgo.com for the AI-averse and yesai.duckduckgo.com for the curious.
Users can also tweak settings on the main site to disable AI summaries, AI-generated images, and the Duck.ai chatbot individually.
So what's the upshot for you?
If you're one of the brave 10% who actually likes AI in search (you monster): yesai.duckduckgo.com awaits like a neon-lit casino.
Go forth and let the bot hallucinate your grocery list into a philosophical treatise.
Global: AI's Heroic Hunt Uncovers Hidden Flaws in OpenSSL
Advanced AI (from a company called AISLE) just went full superhero on OpenSSL, the crypto library that literally keeps HTTPS, VPNs, secure emails, and most of the internet's padlocks from falling off.
In a massive January 2026 patch drop, OpenSSL fixed 12 brand-new zero-day vulnerabilities (previously unknown to anyone except the finders), and AISLE's autonomous AI system spotted every single one of them.
Add in three more from late 2025, and that's 15 total zero-days unearthed by AI in this codebase that's been audited by humans for decades (some bugs dated back to 1998, older than half the engineers reading this).
We're talking potential remote code execution (one HIGH-severity nasty), stack/heap overflows, DoS crashes, partial data leaks, memory exhaustion tricks, stuff that could've been catastrophic if bad actors got there first.
Patches rolled out fast across multiple versions, AI sped up discovery by what feels like light-years, and OpenSSL maintainers straight-up thanked AISLE for the high-quality reports.
Humans: 'We've stared at this code forever.'
AI: 'Hold my coffee, found 12 more hiding in plain sight.'
So what's the upshot for you?
If you're writing code anywhere near crypto: Update your OpenSSL deps yesterday.
One of those bugs survived longer than some millennials have been alive.
AI just proved maturity doesn't mean secure, it means 'needs better robot auditors.'
Global: When Antivirus Turns Villain, Infecting Its Own Users!
In a plot twist straight out of a cybersecurity soap opera, eScan antivirus, yes, the very software meant to be your digital shield, got turned into the weapon when hackers breached one of its regional update servers back on January 20, 2026.
For about two hours, the trusted auto-update system pushed out a trojanized version of a legitimate component called Reload.exe (complete with a fake, invalid digital signature to sneak past basic checks).
This bad boy didn't just sit there; it kicked off a multi-stage infection: blocked future eScan updates by messing with your HOSTS file and registry, established persistence so it stuck around, phoned home to attacker servers for more payloads, and opened the door for unauthorized file access, remote control, data theft, and general chaos on infected Windows machines.
Affected users (mostly in South Asia and enterprise spots relying on eScan) reported weird performance hits, update failures, and the scary realization that their 'protector' was the intruder.
eScan quickly contained it, rebuilt the server, rotated creds, issued patches, and advised manual cleanups, while researchers like Morphisec and Kaspersky jumped in to dissect the malware and provide IOCs.
No massive global meltdown like some past incidents, but a stark reminder: even AV vendors can get pwned.
So what's the upshot for you?
If you're the hacker who pulled this off: Bold move tampering with an AV's update chain to deliver malware.
But also, congrats on making every security vendor sweat a little harder about their own infra.
The industry thanks you for the free red-teaming.
NO: Nobel Committee says Peace Prize winner likely revealed early by digital spying
A hacking of the Nobel organization's computer systems is the most likely cause of last year's leak of Nobel Peace Prize laureate Maria Corina Machado's name, according to the results of an investigation.
An individual or a state actor may have illegally gained access in a cyber breach, the Norwegian Nobel Institute said on Friday after concluding an internal investigation assisted by security authorities.
The leak had triggered an unusual betting surge on Machado at the Polymarket platform hours before she was unveiled as the award recipient in October.
The Venezuelan opposition leader hadn't previously been considered a favorite for the 2025 prize.
'We still think that the digital domain is the main suspect,' said Kristian Berg Harpviken, director of the Oslo-based institute, an administrative arm of the Nobel Committee that awards the prize.
The institute has decided against filing for a police investigation given 'the absence of a clear theory,' he said in an interview in Oslo.
So what's the upshot for you?
If you're running a super-secret committee that picks global peace prizes and your winner list is basically Fort Knox-level confidential: Maybe don't keep it on a computer from 2007 with the password 'Nobel2025' or whatever.
Two-factor auth exists for a reason, even if your biggest past threat was a journalist camping outside.
US/CN: Former Google Engineer Found Guilty of Stealing AI Secrets For Chinese Firms
A former Google engineer has been convicted of stealing artificial intelligence trade secrets to benefit Chinese companies he secretly worked with, federal prosecutors said.
A jury found Linwei Ding, also known as Leon Ding, guilty of seven counts of economic espionage and seven counts of trade secret theft after an 11-day trial in California.
Ding, 38, joined Google in 2019 and lived in Newark.
Prosecutors said he stole more than 2,000 pages of confidential AI information between May 2022 and April 2023, uploading the material to his personal cloud account while still employed at the company.
At the same time, Ding quietly built ties with two Chinese technology firms.
He discussed becoming chief technology officer at one startup and later founded his own AI company in China, where he served as chief executive officer.
He told investors he could build an AI supercomputer by copying and modifying Google's technology.
In late 2023, Ding downloaded the stolen data to his personal computer, resigned from Google, and booked a one-way flight to Beijing.
Google uncovered the scheme after learning he had presented himself as a company CEO at an investor conference.
So what's the upshot for you?
If you're gonna commit economic espionage: Skip the investor-conference humblebrag.
Nothing says 'I'm definitely not a spy' like publicly announcing you're the CEO of the company you're stealing tech for.
US: US Government Also Received a Whistleblower Complaint That WhatsApp Chats Aren't Private
U.S. investigators examined allegations that WhatsApp’s end to end encryption may not fully prevent internal access to user messages, according to law enforcement records cited by Bloomberg.
The inquiry followed claims from former contractors and a whistleblower complaint filed with the Securities and Exchange Commission in 2024.
The investigation had not been previously reported.
Two former content moderators told a Commerce Department investigator that some Meta staff could view WhatsApp message content.
They said moderators, hired through Accenture, had broad access to messages that were supposed to be encrypted.
One moderator said Facebook employees could retrieve messages related to criminal cases, according to the report.
The investigation, known internally as Operation Sourced Encryption, was active into early 2026, though its current status and any potential targets remain unclear.
Many federal inquiries end without formal findings, and the report does not include technical evidence supporting the contractors’ claims.
WhatsApp says it only accesses limited message data when users report content, and that broader access is impossible.
Meta disputes the contractors’ accounts.
One former contractor also alleged weak vetting of foreign nationals with access to moderation tools, though no proof of misuse has been made public.
So what's the upshot for you?
Aw, much as we want to trust Zuck, and we really want to, here is a whistle-blower report that lines up with a recent lawsuit.
Now the question is why would the US gov't keep this quiet... oh, you don't think that they were using this information covertly do you?
That would be such a compelling reason to move to Session or Signal.
Global: Apple's Clever Trick to Blur Your Phone's Location Trail
Apple's latest iOS update is like giving your phone a pair of sunglasses, cool, discreet, and perfect for dodging unwanted attention!
In an exciting move toward better privacy, Apple is introducing 'fuzzing' for cellular locations, adding a fun layer of randomness that keeps your exact whereabouts a secret from carriers and snoopers.
It's all about empowering you to roam freely while tech giants cheer on the innovation that's making personal data protection feel effortless and empowering.
The new feature in iOS (starting with version 26.3) adds noise to location data shared with cellular networks, reducing precision from meters to kilometers.
This blocks easy tracking by law enforcement, hackers, or advertisers without user consent.
It addresses long-standing vulnerabilities in global cellular protocols that allowed mass surveillance.
Users can opt-in or adjust settings, with no impact on essential services like emergency calls or navigation apps.
So what's the upshot for you?
If you're the type who worries about carriers knowing exactly when you visit the therapist, the protest, or your ex's block: Flip this on ASAP if your phone and carrier support it.
It's like wearing a privacy hoodie over your SIM card, carriers get the vague silhouette, not the close-up selfie.
Global: An AI Toy Exposed 50K Logs of Its Chats With Kids To Anyone With a Gmail Account
A security researcher recently learned that his neighbor had bought her children AI-enabled stuffed dinosaurs that could chat like an imaginary friend.
Curious about the risks, he decided to take a closer look at the product, called Bondu.
Within minutes, he and another researcher discovered that anyone with a Gmail account could access the toy’s parent portal.
No hacking was required.
They immediately saw private conversations between children and their toys, including names, birth dates, family details, preferences, and emotional exchanges.
More than 50,000 chat transcripts were exposed.
The toy is designed to encourage personal conversation, which made the privacy breach especially concerning.
The data had been left openly accessible through Bondu’s public web console.
After being notified, Bondu shut down the portal within minutes and relaunched it the next day with proper security controls.
The company said it takes privacy seriously, informed users of the issue, and hired a security firm to review its systems.
So what's the upshot for you?
'The company said it takes privacy seriously, informed users of the issue, and hired a security firm to review its systems,' but if they really did, they would have taken this action before leaking everything your kid said.
Global: Google DeepMind unleashes new AI to investigate DNA’s ‘dark matter’
Google DeepMind has introduced a new AI called AlphaGenome designed to tackle the mystery of the human genome’s ‘dark matter,’ the 98 percent of DNA that does not code for proteins but influences gene regulation and disease.
AlphaGenome can analyze up to one million DNA base pairs at a time and predict how variants in these regions affect gene activity, which could help scientists better understand genetic functions and disease mechanisms.
The model works by integrating data and advanced algorithms to forecast the effects of mutations on gene expression and regulatory signals across long stretches of DNA.
This extends beyond protein-coding regions to include control elements that guide when and where genes turn on or off.
Researchers published AlphaGenome in the journal Nature and made a version available to other scientists for research use.
It performs as well or better than most existing specialized tools and represents a technical advancement in genomics modeling.
While AlphaGenome is not a clinical diagnostic tool, its predictions could accelerate basic research into cancers, rare genetic diseases, and gene regulation.
By narrowing down which genetic changes matter most, it could help prioritize studies that aim to explain complex biological traits.
AlphaGenome reflects a significant step in using artificial intelligence to make the vast, noncoding regions of our DNA more interpretable and meaningful to scientists.
The development pairs computational power and genomics to transform DNA’s code from static letters into functional insights about health and biology.
So what's the upshot for you?
If someone asks you in 2026 what the biggest recent AI breakthrough in biology was: Skip the usual ChatGPT jokes and drop 'DeepMind just made 98% of your DNA stop being a black box.'
Then watch their eyes glaze over while you feel smug.
So to round it all up...
DuckDuckGo Users Vote Overwhelmingly Against AI Features in a response that proves that privacy still trumps novelty for most users. Sometimes, the best innovation is giving people the choice to opt out.
AI's Heroic Hunt Uncovers Hidden Flaws in OpenSSL highlights AI’s growing role as a guardian, not just a disruptor, in cybersecurity. Machine precision may finally be closing the gaps human eyes have missed for decades.
Even digital defenders like antivirus can become the weak link in the security chain. The incident reminds us that trust in software should never be assumed.
Nobel Committee says Peace Prize winner likely revealed early by digital spying puts it out there that even prestige isn’t immune to cyber snooping. Secrecy must evolve with technology. Old systems can’t protect new stakes.
The verdict for the former Google Engineer Found Guilty of Stealing AI Secrets For Chinese Firms is another indicator of how valuable and vulnerable AI innovation has become. IP may be the new front line in the tech cold war, but loose lips still sink ships.
End-to-end encryption sounds absolute... until it isn’t. Privacy demands transparency and accountability, not just marketing slogans.
Apple’s Clever Trick to Blur Your Phone's Location Trail again shows privacy as a design principle, not an afterthought. Small layers of digital camouflage can make a big difference to us all.
This 50K of exposed Chats With Kids log data slip reminds parents that “smart”can also be very stupid. Never assume it’s safe because its for kids, in fact, assume it isn’t and do your due diligence. Trust is earned through foresight, not apologies after exposure.
Google DeepMind unleashes new AI to unravel DNA’s ‘dark matter’ decoding the very fabric of what makes us human. Science just took a major leap toward understanding life’s most elusive blueprint and may better help you understand your husband or wife.
And the Quote of the week - “The world is changed by your example, not by your opinion.” — Paulo Coelho
That's it for thi week. Stay safe, stay secure, get dark, and we'll see you in Se7en.
Comments
Post a Comment