Record fine, zero-day, FBI domain seizures, AI phishing, and OpenAI bans

South Korea fines Coupang record $409 million over massive data breach affecting 37 million customers

South Korea’s Personal Information Protection Commission (PIPC) has imposed a record fine of 624.6 billion won (approximately $409 million) on e-commerce giant Coupang following a data breach that exposed personal information of roughly 37.55 million people. Subsidiary Coupang Fulfillment Service also received a separate fine of 248 million won for unlawfully collecting, using, and handling customer data. The PIPC found that inadequate security practices, including failures in authentication key management and access controls, led to the leak, and also cited violations of data destruction and leak-notification requirements, interference with the data protection officer, and obstruction of the investigation. The breach occurred in late June but was only discovered in mid-November, when Coupang warned that 33.7 million accounts had been compromised. South Korean authorities identified the primary suspect as a 43-year-old Chinese national who worked in Coupang’s IT department from 2022 to 2024. Coupang later recovered multiple hard drives containing sensitive data from the former employee, who also attempted to destroy a MacBook Air laptop by throwing it in a river. Coupang announced plans to pay 1.685 trillion won (approximately $1.17 billion) and distribute single-use purchase vouchers of 50,000 won each to over 33 million affected customers starting in January 2026.

Coupang hit with record $409 million data breach fine in Korea →

Researcher publishes seventh Windows zero-day exploit hours after Microsoft’s record Patch Tuesday

Security researcher Chaotic Eclipse has released a proof-of-concept exploit for a seventh Windows zero-day, dubbed RoguePlanet, which grants SYSTEM privileges on fully patched Windows 10 and 11 machines. The disclosure came hours after Microsoft shipped its June Patch Tuesday update, which fixed a record 200 vulnerabilities. RoguePlanet exploits a Time-of-Check to Time-of-Use (TOCTOU) race condition in Windows Defender’s internal processing logic, allowing an unprivileged user to redirect a file operation performed by Defender to execute attacker-controlled code at the highest privilege level. Security firm ThreatLocker confirmed the exploit works and published a video demonstration. This is part of an escalating dispute with Microsoft, which invoked its Digital Crimes Unit against the researcher and revoked access to their Microsoft Security Response Center account. Chaotic Eclipse has now disclosed seven zero-days in recent months: BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, MiniPlasma, and RoguePlanet. Microsoft’s June Patch Tuesday fixed GreenPlasma and YellowKey, but the remaining five remain unpatched. The researcher said the disclosures are retaliation for how Microsoft handled the process, stating that the company “mopped the floor with me and pulled every childish game they could.”

The researcher Microsoft threatened just dropped a seventh Windows zero-day hours after Patch Tuesday →

FBI seizes 13 websites linked to Chinese covert operation recruiting US government officials

The FBI has seized 13 websites allegedly used by Chinese intelligence services to secretly hire current and former US government employees and military members to obtain classified and sensitive information. The Justice Department obtained court-issued warrants for the domain seizures as part of a crackdown on state-sponsored spying. The sites were disguised as fake consultancy companies and even a nonprofit, using names such as Centrik Global Consulting, Pulse Wave Global, and the Gulf Peace Foundation, and were registered between November 2023 and October 2025. According to a 78-page FBI affidavit, foreign subjects “Subject A” and “Subject B” used the domains to create credibility for online job postings. Subject A, who lived in South Africa, recruited at least seven current and former US government employees between September and November 2024, asking for reports on Chinese-related issues. Subject B is believed to be a real person from a Caribbean country living in China. The investigation linked the activity to China through IP addresses and other evidence. The FBI previously warned that Chinese agents were using fake personas on LinkedIn, Indeed, and Upwork to recruit Western government officials.

FBI Seizes 13 Sites Tied to China’s Covert Effort to Hire US Officials →

Researchers phish an OpenClaw AI agent into leaking AWS keys and customer data

Security researchers at Varonis built an OpenClaw email agent connected to a Gmail inbox seeded with fake company data and then successfully phished it using a single impersonation email. The agent, named Pinchy, handed over AWS IAM keys, database connection strings, and a CRM export containing names, contact details, and $1.28 million in monthly recurring revenue for 247 enterprise customers without verifying the requester’s identity. The experiment tested two configurations: a generic setup and a strict mode designed to detect phishing, both running on Gemini 3.1 Pro and GPT-5.4. Both configurations failed when an attacker impersonated a team lead and claimed a production issue, causing the agent to search for and forward staging credentials in plaintext. Similarly, a request for a customer export under the guise of a remote presentation resulted in the agent sending the CRM file. However, the agent performed well against traditional technical phishing: it identified a fake gift card link as malicious and blocked a malicious Google OAuth application disguised as a timesheet platform by inspecting the redirect URL. Varonis noted that Gemini 3.1 Pro showed greater willingness to interact before raising suspicion, while GPT-5.4 was more cautious. The pattern indicates AI agents are effective against attacks with technical signatures but fail on identity verification and contextual judgment.

Researchers tricked an OpenClaw AI agent into leaking AWS keys and customer data with a phishing email →

OpenAI bans Chinese accounts used in anti-AI influence campaigns ahead of IPO

OpenAI has shut down two clusters of China-based ChatGPT accounts that were using its models to spread false narratives about US data centers and tariffs, the company disclosed hours after submitting its S-1 for an IPO. The first campaign, named “Data Center Bandwagon,” used ChatGPT to generate comments and images linking AI data centers to higher electricity bills for families. The second, called “Tech and Tariffs,” generated content criticizing President Trump’s tariffs as attempts to dominate technological competition and also falsely claimed that ChatGPT user data had been compromised. OpenAI stated that these operations show Chinese influence operators testing narratives against AI infrastructure, which is a foundation of US technological leadership. The development comes amid growing public concerns about AI infrastructure downsides such as noise and water usage, which OpenAI and other tech CEOs have tried to dismiss. The company said it published these actions to expose and counter foreign campaigns that use AI to shift public opinion about AI. Last week, three Republican House members urged the FBI and White House to investigate foreign influence campaigns aimed at slowing US AI development.

OpenAI Bans Chinese Accounts for Anti-AI Influence Campaigns →