██████╗██╗   ██╗██████╗ ██████╗     ██████╗██╗  ██╗
 ██╔════╝╚██╗ ██╔╝██╔══██╗██╔══██╗   ██╔════╝╚██╗██╔╝
 ██║      ╚████╔╝ ██████╔╝██████╔╝ ● ██║      ╚███╔╝ 
 ██║       ╚██╔╝  ██╔══██╗██╔══██╗   ██║      ██╔██╗ 
 ╚██████╗   ██║   ██████╔╝██║  ██║   ╚██████╗██╔╝ ██╗
  ╚═════╝   ╚═╝   ╚═════╝ ╚═╝  ╚═╝    ╚═════╝╚═╝  ╚═╝
────────────────────────────────── STAY SHARP ───

Dutch Police Seize 800 Servers in Bulletproof Hosting Bust

Today's cybersecurity digest — CVEs, headline news, quantum computing, and something weird. May 25, 2026

Share

cybr.cx | Daily Digest — May 25, 2026


Critical Vulnerabilities

No CVE data was available for today's digest. Check back tomorrow, or consult NVD and CISA KEV directly for the latest disclosures.


Headline News

Netherlands Dismantles Bulletproof Hosting Operation in 800-Server Seizure

Dutch authorities have seized approximately 800 servers from a hosting provider operating as infrastructure-for-hire for cybercriminal activity. The operation targeted a bulletproof hosting firm that enabled a wide range of attacks by providing anonymised, abuse-resistant infrastructure to threat actors. Bulletproof hosts are a persistent enabler of ransomware, phishing, and DDoS operations — they accept cryptocurrency, ignore abuse complaints, and rotate IP blocks to stay ahead of blocklists. The scale of this seizure is significant: 800 servers represents a meaningful disruption to whatever campaigns were routing through this infrastructure, and law enforcement will likely be mining the seized hardware for attribution data on downstream operators. For defenders, this is a reminder to track newly orphaned C2 infrastructure in the days following a takedown — threat actors often scramble to re-establish footholds and briefly expose themselves in the process.

Laravel Lang Supply Chain Attack Targets PHP Developers via Composer

A supply chain attack has compromised the widely-used Laravel Lang localisation packages, weaponising GitHub version tags to push credential-stealing malware through the Composer PHP package manager. Attackers abused the trust developers place in established, well-maintained packages — Laravel Lang has millions of downloads — by injecting malicious code that harvests credentials from affected development environments. This campaign follows a now-familiar playbook: rather than attacking hardened production systems directly, adversaries target the developer toolchain where security controls are historically weaker. Any PHP developer or team using these packages should audit their Composer lock files, rotate credentials that may have been present in affected environments, and verify the integrity of installed package versions against known-good hashes. The broader lesson for security teams is that dependency review needs to include version tag verification, not just package name checks — tags are mutable in ways that many developers don't fully appreciate.

Inaudible Audio Attacks Can Hijack AI Voice Assistants via Podcast Content

Researchers have demonstrated that ultrasonic commands embedded in podcast audio — completely inaudible to human listeners — can be used to hijack AI voice assistants on devices that play back the content. The attack vector is particularly insidious because it weaponises passive media consumption: a user simply listening to a compromised podcast could have their voice assistant silently manipulated into performing actions, exfiltrating data, or enabling further access. As AI assistants become more deeply integrated into enterprise workflows, smart home systems, and mobile devices, the attack surface for this class of manipulation expands considerably. The technique isn't new in principle — ultrasonic adversarial audio has been a research concern for several years — but its practical application through mainstream podcast distribution raises the stakes significantly. Security teams managing environments with always-on voice interfaces should treat this as an active threat model, not a theoretical one.


Schrödinger's Feed

France Doubles Down on Quantum with Fresh €1 Billion Commitment

French President Emmanuel Macron has announced an additional €1 billion (~$1.16B USD) injection into France's national Quantum Plan, bringing total committed funding well past €3 billion since the programme launched in 2021. This level of sustained sovereign investment — mirrored by similar programmes in the US, China, and now increasingly across the EU — signals that governments are treating quantum capability as a strategic asset in roughly the same category as nuclear or space programmes. From a cryptography standpoint, the urgency is clear: post-quantum algorithm standardisation is underway, but the transition of legacy PKI infrastructure, TLS, and long-lived encrypted data is slow and incomplete. Practitioners should note that state-level quantum investment at this scale compresses the timeline assumptions baked into most "harvest now, decrypt later" threat models — if you're still treating PQC migration as a 2030 problem, it may be time to revisit that calculus.


/dev/random

Memory Is Now Two-Thirds of What Your AI Chip Actually Costs

New analysis from Epoch AI finds that memory has ballooned to account for nearly two-thirds of total AI chip component costs — a quiet reversal from the era when compute logic was the expensive part. This is largely driven by the insatiable appetite of large language models for high-bandwidth memory (HBM), where demand has dramatically outpaced supply. The security implication no one is talking about yet: as memory becomes the dominant cost and constraint in AI infrastructure, it also becomes the dominant target for hardware-level attacks and supply chain pressure. Also, if your threat model didn't previously include "adversary nation manipulates HBM supply to degrade AI inference capability," perhaps now is a good time to add that tab to the spreadsheet.


cybr.cx | Concise. Credible. Daily. — Next edition: May 26, 2026