This week’s primary focus centers on a sophisticated shift in the cybersecurity landscape where attackers are increasingly weaponizing the trust users place in official platforms and everyday productivity tools. A major highlight is the hijacking of "AgreeTo," a previously legitimate Microsoft Outlook add-in that was abandoned by its developers. By seizing the project's associated domain, threat actors transformed the tool into a credential-stealing machine, serving malicious phishing kits directly within the Outlook interface. This supply chain attack successfully compromised over 4,000 Microsoft accounts, leveraging the add-in’s extensive read and write permissions to bypass traditional security skepticism. The conversation shifts from desktop vulnerabilities to the mobile sector with the emergence of ZeroDayRAT, a powerful new "mass-market" spyware toolkit discovered by researchers at iVerify. Sold openly on Telegram, this malware provides low-level criminals with nation-state levels of surveillance capability across both Android and iOS devices. Once a device is infected, the attacker gains a comprehensive dashboard providing real-time access to GPS locations, live camera and microphone feeds, and screen recording. The spyware even includes a clipboard injection module designed to intercept and redirect cryptocurrency transactions by silently swapping wallet addresses during the transfer process. Rounding out the lead report is an analysis of how emerging technologies and infrastructure gaps are being exploited at scale. We examine how threat clusters like TeamPCP are systematically hijacking cloud-native environments for cryptomining and extortion, alongside new data from Google regarding the use of generative AI by nation-state actors to accelerate their attack cycles. This coordinated pressure on the digital ecosystem is further evidenced by a massive Patch Tuesday from Microsoft, which addressed sixty vulnerabilities, including six actively exploited zero-days. Collectively, these developments underscore a period of heightened risk where the baseline for security must evolve to meet the rapid democratization of advanced surveillance and exploitation tools. Welcome to the Crystal Carrier Wave, on today's show I discuss a massive shift in the digital landscape as YouTube deploys server-side ad injection that effectively breaks current ad-blocking tools. This technical escalation is forcing a choice between a premium subscription or a heavily advertised viewing experience. While some platforms are tightening their grip, others are feeling the weight of their own popularity, as seen with the core developers of Linux Mint who are currently navigating the high stress and potential burnout that comes with maintaining a globally successful open-source project. The legal world is also clashing with artificial intelligence following a lawsuit from a prominent radio host who alleges Google’s NotebookLM stole his vocal identity to power its audio features. This conversation about digital ethics continues as the FTC issues a stern warning to Apple CEO Tim Cook regarding allegations of political bias within their content curation algorithms. Even the biggest platforms aren't immune to technical failure, as evidenced by a major X outage that left millions of users posting into a void with empty timelines. The global shift in AI usage is becoming clearer with India reaching a staggering milestone of one hundred million weekly ChatGPT users, positioning the nation as OpenAI's second-largest market. However, this rapid growth brings significant risks. A recent study has exposed twenty-five critical vulnerabilities in the recovery mechanisms of major cloud password managers, while Windows users are being targeted by a clever new scam that uses fake CAPTCHA tests to trick people into manually installing malware. Data security remains a critical headline this week with Eurail reporting a dark web breach affecting traveler data, and the Washington Hotel group in Japan confirming a disruptive ransomware infection. On a more positive note for preservationists, the Dolphin Emulator team has achieved a massive breakthrough in supporting TriForce arcade hardware, ensuring classic titles remain playable for the future. Yet, the broader AI landscape remains precarious, with nearly one and a half million AI agents currently at risk due to corporate deployments that are moving much faster than security protocols can handle. Microsoft has also identified a new threat where "summarize with AI" prompts are being manipulated to hijack chatbot recommendations. This trend toward corporate AI overreach has led the Gentoo Linux project to officially dump GitHub in favor of Codeberg to escape what they call "AI nagware." Meanwhile, Apple is doubling down on its own media ecosystem by introducing a refined video podcast experience, and the Document Foundation celebrates its fourteenth anniversary of keeping LibreOffice a free, community-driven staple. The technical briefing concludes with a warning about the Keenadu firmware backdoor infecting Android tablets via signed updates, and a report on a significant Microsoft Teams outage that hit the US and Europe. We also look at how Notepad++ is bolstering security with a new double-lock update mechanism and how Windows 11 is finally providing a much-needed performance boost for musicians using MIDI. In the world of electronics and makers, Adafruit has announced a month-long sale event that kicks off next week, offering a great window for project planning. We also look at a LEGO-built alarm clock that mimics the deafening roar of a rocket launch and a new Raspberry Pi initiative focused on leveling up Python skills for data-driven creations. We explore the complicated legacy of mind-controlled toys and a futuristic smart backpack that can automatically deploy an umbrella the moment it senses rain. Finally, for the amateur radio community, we cover the upcoming equipment sale at the Whangarei Amateur Radio Club and a critical recruitment drive for volunteer operators by the Honolulu Department of Emergency Management. We wrap things up with the announcement of the 2026 Zero Retries Digital Conference, which promises to push the boundaries of modern data modes and high-speed radio networking. Become a supporter of the podcast and help me grow the podcast and studio by becoming an Insider, every little bit helps and is greatly appreciated. If you have anything you’d like to share or comment on, email podcast .at. zl4kj .dot. nz, I would love to hear from you. Alternatively you can Send a Voice Message Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft YouTube adds new hurdles for ad blockers, and there's currently no way around it Linux Mint's success also means maintainer stress NotebookLM under fire: Popular radio host says Google stole his voice FTC Warns Apple’s Tim Cook Over Alleged Left-Leaning Political Bias X users howl into the void as timelines fail to load India Hits 100M Weekly ChatGPT Users, Becoming OpenAI’s Second-Largest Market Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware Eurail says stolen traveler data now up for sale on dark web Washington Hotel in Japan discloses ransomware infection incident Dolphin Emulator hits a breakthrough with TriForce arcade support 1.5 Million AI Agents At Risk As Firms Deploy Faster Than Security Can Keep Up Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations Gentoo dumps GitHub over Copilot nagware Apple introduces a new video podcast experience on Apple Podcasts The 14th Anniversary of Our Foundation Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates Microsoft Teams outage affects users in United States, Europe Notepad++ boosts update security with ‘double-lock’ mechanism Making music with MIDI just got a real boost in Windows 11 Month-Long Sale Event Starts Next Week! This LEGO alarm clock is as loud as a rocket launch Levelling up with Python: Create with data The Complicated Legacy Of Mind Controlled Toys Watch This Backpack Automatically Deploy an Umbrella in the Rain Used Equipment Sale – Whangarei Amateur Radio Club Honolulu Department of Emergency Management is Recruiting: Volunteer Amateur Radio Operators Zero Retries Digital Conference 2026 Announced
