Pete Recommends – Weekly highlights on cyber security issues, February 7, 2026

Subject: Amazon Responds After CSAM Appears in External AI Training Data
Source: Android Headlines
https://www.androidheadlines.com/2026/01/amazon-responds-after-csam-appears-in-external-ai-training-data.html

Amazon recently reported child sexual abuse material (CSAM) while reviewing AI training data to the National Center for Missing and Exploited Children. The official authority received more than a million reports related to the CSAM, and a huge chunk of them were reported by Amazon alone. However, some critics have raised questions about the lack of clear details in the company’s official report.

Amazon reports CSAM in AI training data to the child safety authority. An investigation reported by Bloomberg reveals that the National Center for Missing and Exploited Children received more than one million AI-related CSAM reports in 2025. Most of those reports came from Amazon. The tech giant said it detected the material while scanning data from outside sources used to train its AI systems. The company further stated it could not identify the source of the content.

The officials at NCMEC says number of reports from Amazon stood out. The Executive Director, Fallaon McNuty, adds that other companies usually provide enough detail for law enforcement to act. However, Amazon failed to attach the source information, which made the reports difficult to use. She further says that this raises serious questions about how AI training data is gathered. The report also emphasizes the need for proper safety checks and how they can be used across platforms.

Amazon says it remains committed to the responsive use and development of AI and child safety protections. Moreover, this is not the first time that the moral values of AI firms and developers have questioned. Several lawsuits have been filed against companies, including OpenAI, Character.AI, and Meta, for related offenses.

Subject: Panera, Krispy Kreme contend with security breach lawsuits
Source: Informa Connect Limited
https://www.nrn.com/restaurant-technology/panera-krispy-kreme-contend-with-security-breach-lawsuits-as-data-breaches-are-on-the-rise

This week, Panera Bread confirmed its second data security breach in less than two years. The first incident, reported in March 2024, affected the company’s online ordering, POS systems, and in-store kiosks. The company agreed to pay $2.5 million in a settlement agreement last August to affected employes. <
Now, the company is facing another breach, allegedly involving 14 million records of leaked personal information, including names, email and home addresses, and phone numbers, according to The Register. The publication spoke with ShinyHunters, a hacker group that claimed responsibility for the incident. The group stated that Panera was one of several companies targeted in a series of attacks in January, which also affected used car shopping platform CarMax, dating websites Bumble and Match Group, and AI platform Crunchbase.

Subject: Cloud storage payment scam floods inboxes with fake renewals
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/cloud-storage-payment-scam-floods-inboxes-with-fake-renewals/

Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. Based on numerous emails seen by BleepingComputer, the campaign has escalated over the past few months, with people receiving multiple versions of the scam each day, all appearing to be sent by the same scammers.While the email text, the messages all attempt to create a sense of urgency by claiming a payment problem or storage issue must be resolved immediately, or people’s files will be deleted or blocked.

The emails themselves use a wide variety of subject lines, all designed to scare a recipient into opening the email.

Example subject lines seen by BleepingComputer include:

  • Immediate Action Required. Payment Declined
  • Cloud Storage 1TB: Payment overdue
  • [personal name]¸Your Account Has been Blocked! Your Photos and Videos will be Removed Fri,30 Jan-2026. take action!!
  • We’ve blocked your account!  Your photos and videos will be deleted . Renew your subscription for free now!
  • [personal name] – Your store is full , click to check and save 80% , ID#88839
  • [personal name], Your Cloud Account has been locked on Mon,26 Jan-2026. Your photos and videos will be removed!
  • Sorry [<personal email address>], We Have To Suspend Your Account Today ! Sat,24 Jan-2026
  • [name] – Your store is full , click to check and save 80%
  • Cloud Storage 1TB: Payment overdue

[…] Many of the subject lines are personalized with the recipient’s name or email address and include specific dates or identifiers to increase urgency and make the messages appear legitimate.

The email seen by BleepingComputer claim that a cloud subscription renewal failed or that a payment method has expired, with recipients warned that backups may stop syncing and that photos, videos, documents, and device backups could be lost if the issue is not resolved.

All spam emails in this campaign contained a link to https://storage.googleapis.com/, which is part of Google Cloud Storage, where threat actors hosted static redirector HTML files. When a visitor clicks this, the URL redirects them to a scam/phishing site hosted on random domains.

Subject: A community organizer’s guide to Signal group chats
Source: The Verge
https://www.bespacific.com/a-community-organizers-guide-to-signal-group-chats/

The Verge – Key privacy settings and best practices. “With ICE and CBP roaming the streets, united community action is more important than ever right now — from local mutual aid groups to school safety patrols. Known for its privacy features and end-to-end encryption, the Signal messaging app has become a popular platform for organizing these community groups.Signal can be a great tool for private messaging, but it’s at its best if you know how to use all the privacy options. Not all of these options are automatic or even immediately obvious; there are also some best practices that are helpful for participating in and leading group chats…”
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.
Subject: Italy says it has foiled Russian Olympic cyberattacks
Source: DW [Deutsche Welle]
https://www.dw.com/en/italy-says-it-has-foiled-russian-olympic-cyberattacks/a-75809776

Officials say they have foiled attempted cyberattacks on Italian embassies and Olympic hotels. Police are on high alert; navigating protests, crowd control, event security and viral attacks.

Italian Foreign Minister Antonio Tajani, speaking in Washington on Wednesday, announced that his nation’s security agencies had “foiled a series of cyberattacks” of “Russian origin.”

Tajani said the attempted attacks targeted numerous “Foreign Ministry offices, starting with Washington, and also some Winter Olympics sites, including hotels in Cortina.”

Past Olympic-related cyberattacks came in Paris in 2024, and Pyeongchang in 2018. It is widely thought that Russian actors were behind them.

Russian bans from games — both for doping infractions as well as its war of aggression in Ukraine — are seen as motivation for such acts of aggression.

British intelligence services say Russian hackers were also eyeballing attacks on Tokyo in 2021.

Russia has been excluded from this year’s event over Ukraine. However, 13 Russian and 7 Belarus athletes have been allowed to compete as neutrals alongside 3,500 global Olympians.

[…]

Subject: Gartner: Tighten Up AI Governance or Face the Consequences
Source: tech.co
https://tech.co/news/tighten-up-ai-governance-gartner-warns

Key Takeaways

  • Gartner has outlined its top cybersecurity predictions for 2026, with AI agents set to provide a new “attack surface” for hackers.
  • The firm is calling for heightened governance and oversight of AI tools to reduce the potential risk.

As it’s becoming increasingly difficult to keep track of employee AI usage, cybersecurity professionals face an unprecedented problem.

According to the firm, the uptake of AI agents and recent proliferation of vibe coding platforms will create new attack surfaces for cybercriminals to exploit. Gartner believes a higher level of governance and oversight is required to prevent a potential cybersecurity catastrophe.

The rapid ascent of AI has given rise to innumerable opportunities, but it has not been without its risks. As the technology is relatively new, development has not been able to keep pace with deployment. Consequently, existing safeguards are not fit for purpose, with mounting evidence that AI agents are vulnerable to exploitation.

AI Agents Open New Attack Vectors for Cybercriminals – Scale of Problem Likely Much Worse Than Feared – Cybersecurity Pros Face Uphill Struggle

Subject: Why You Should Stop Using Face ID Right Now
Source: PCMag
https://www.bespacific.com/why-you-should-stop-using-face-id-right-now/

PCMag – “Biometric locks like face recognition are easy to set up—but thanks to a legal loophole, they’re easier for law enforcement to bypass than a passcode: “Using a face scan to unlock your phone and log in to accounts is easy to set up, but it’s not the best option for everyone. That’s because, thanks to a 5th Amendment loophole, law enforcement agents can use your biometric data to unlock your phone. We saw this last month, when a Washington Post reporter’s home was raided by the FBI. According to court records obtained by 404 Media, agents were unable to access the reporter’s iPhone because it was in Lockdown Mode, but they got a warrant from a federal judge to compel the reporter to unlock their computer via a fingerprint scan. So are biometric scans a safe way to lock down your devices? After all, face and fingerprint scans can be used against you, while passwords and passcodes cannot. Let’s talk about why you may want to stop using biometrics to unlock your phone, sooner rather than later…”

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

Subject: EU Orders TikTok to Fix “Addictive Design” or Face Billions in Fines
Source: Android Headlines
https://www.androidheadlines.com/2026/02/tiktok-eu-addictive-design-dsa-compliance-fines.html

The European Commission has accused TikTok of breaking the Digital Services Act (DSA) due to the app’s “addictive design.” Regulators say that features like infinite scroll, autoplay, and personalized algorithms are harmful for users’ mental health and put their brains into “autopilot mode.” TikTok calls the results “meritless,” but the EU says the platform needs to change its core design in Europe or risk huge ends [sic] of up to 6% of its global annual turnover.


The Commission’s early findings say that these things use behavioral science to make a never-ending cycle of dopamine rewards. Giving users a never-ending stream of personalized content may encourage compulsive behavior. It could also make it harder for them to control themselves. Regulators are especially worried about how these “addictive loops” will affect kids, who may not have the mental tools to resist them.

EU’s allegations are “categorically false,” TikTok claims – TikTok has not taken these accusations lightly. A spokesperson for the company labeled the findings “categorically false and entirely meritless,” vowing to challenge the depiction of their platform through every available legal means. TikTok argues that its existing tools, such as parental controls and time management features, are sufficient to protect its community.

Filed: https://www.androidheadlines.com/category/apps

LinkedIn
Posted in: AI, Cybercrime, Cybersecurity, E-Commerce, Email Security, Social Media, Technology Trends