r/CyberNews
AI in DFIR is broken and We need to rethink how we use AI in digital forensics .
The forensics community has a massive AI problem. Everyone is rushing to plug language models into their workflows to automate triage. But forensics requires absolute certainty. A language model is built to predict text, not to preserve a chain of custody. When you use a standard AI tool to analyze an endpoint, you are trusting a black box. If it hallucinates a single finding, your entire investigation is compromised.
We need to stop treating AI as an oracle that gives us the final answer. Instead, we must treat it as a heavily restricted junior analyst. It should do the heavy lifting of correlating massive datasets, but it must be mathematically forced to prove its work.
If we want to use AI responsibly in an investigation, we have to change the entire methodology:
Kill the Chat Window: A chat log is flat, unpredictable, and loses context rapidly. We need to use visual, node based workspaces where you can see exactly how a piece of evidence led to a specific conclusion.
Enforce Evidence Anchoring: The AI must be completely sandboxed. It should be programmatically blocked from generating any narrative unless that narrative maps directly back to the raw artifact row, like a specific registry key or Master File Table entry.
Immutable Auditing: Every time the AI touches the evidence, it needs to be cryptographically hashed. We need a permanent paper trail of exactly what the model saw and what it suggested, ensuring the whole process is court defensible.
This philosophy is exactly why we built the Narrative Map in the new 0.12.0 update for Crow Eye. We stepped back from just adding basic AI features and built a shared workspace. The AI is physically unable to mark a claim as proven without citing the exact underlying artifact. Every action is logged in a tamper evident chain. It shifts the power entirely back to the human investigator. The AI accelerates the deep parsing and correlation, but you hold the evidence and make the final call.
I want to know how the rest of the community is handling this. Are you trusting the output of commercial AI tools, or are you demanding to see the raw data behind their conclusions?
You can check out our approach and grab the open source release here: Website:https://croweye.com/
Code:https://github.com/GhassanElsman/CrowEye
Good hunting.
BREAKING: Google Says It Disrupted A Botnet Called “Popa”, That Secretly Turned Millions Of Consumer TV Streaming Devices Into Proxy Infrastructure For Hackers And Spies Working With An Israeli Company Called NetNut 🤯💥
Google has taken down key infrastructure behind a botnet called Popa that quietly hijacked millions of consumer TV streaming devices and turned them into hidden relay points for cybercriminals and state-linked espionage groups. Working alongside the FBI and Lumen Technologies, Google traced the operation to NetNut, an Israeli company that sells residential proxy services allowing customers to route their internet traffic through IP addresses in different countries, and found that NetNut’s network spanned at least 2 million devices scattered across the globe.
What makes this case especially serious is the scale of who was using it. Google’s investigation identified 316 distinct threat clusters relying on suspected NetNut proxy exit nodes, a group that included both financially motivated cybercriminals and espionage operations, all of whom were reportedly using the service to mask their real IP addresses while breaking into victim networks, accessing their own attack infrastructure, and running password spray attacks designed to guess their way into accounts. According to Google, NetNut built this network by embedding software development kits into devices commonly found in ordinary homes, especially smart TVs and streaming boxes, giving the company a hidden foothold to relay traffic through those devices without the owners ever knowing their hardware was being used this way.
In response, Google shut down the Google accounts and services that NetNut depended on to control the botnet, cutting off a key piece of the infrastructure keeping the operation running. This is not an isolated incident either; Google disrupted a similar residential proxy network called IPIDEA back in January, which it described at the time as the world’s largest, and it has been waging a broader legal and technical campaign against these networks since at least mid-2025, when it filed suit against the operators behind the BadBox 2.0 botnet affecting more than 10 million Android-based devices. Together, these actions point to a growing, largely invisible market where ordinary consumer electronics are quietly repurposed as cover for global hacking and espionage campaigns.
Days after Anthropic accused Alibaba-linked operators of a huge Claude distillation campaign, Alibaba reportedly told staff to drop Claude Code.
Iran Just Bombed Amazon Data Centers Hosting Pentagon AI — And Nobody Told You It Happened
**The War Nobody Knew Was Happening: Data Centers Are Now Military Targets — And American Civilians Have No Idea**
On March 1, 2026, for the first time in military history, private sector data centers came under deliberate attack. The Islamic Revolutionary Guard Corps launched kamikaze drone strikes against Amazon-owned data centers in the United Arab Emirates and Bahrain that provide cloud computing services throughout the Middle East.
This wasn’t a military base. This wasn’t a weapons depot. This was a civilian data center. And it was hosting Pentagon AI.
Those buildings weren’t just running civilian applications. They were running the Pentagon’s AI too, on the same servers, in the same physical facilities, and nobody had been told: not the governments hosting those buildings, not the customers whose data lived inside them, not the communities surrounding them.
What happened next is the real story.
In July 2025, Anthropic, the company that makes Claude, an AI system explicitly designed with safety guardrails, received a $200 million contract to run on classified military networks. Seven months later, on February 24, 2026, Defense Secretary Hegseth sent Anthropic a document demanding full, unrestricted access to Claude for any lawful military purpose — including lethal targeting and autonomous weapons. Anthropic said no. They wanted to maintain guardrails specifically against autonomous weapons and domestic surveillance. On February 27th, Hegseth’s deadline passed without agreement, and the Pentagon designated Anthropic a “supply chain risk to national security.”
Three days later, Iran bombed the data centers.
An AI company tried to draw a line around autonomous killing. The Pentagon called them a national security threat for drawing it. Days later, the building hosting that argument got bombed. That is the timeline.
This is what warfare looks like in 2026: the Pentagon is using commercial AI to generate targeting recommendations for strikes. The Pentagon is using AI to generate hundreds of recommendations for targets in Iran, pinpoint their location, prioritize their importance, and even evaluate whether the targeting is legal. One of the AI systems it is using, the Maven Smart System, is the culmination of a decade of collaboration between the Defense Department and the tech industry to enhance intelligence analysis, surveillance, and targeting. The system integrates Anthropic’s Claude, which the military is using not just to speed up target analysis but also to generate other types of intelligence and to simulate battlefield scenarios.
But here’s what should terrify you: The Pentagon insisted on using the technology for “any lawful purpose” — which includes autonomous weapons without human oversight. Defense Secretary Pete Hegseth told senators that Anthropic’s refusal was like “Boeing giving us airplanes and telling us who we can shoot.”
Translation: The Pentagon wants AI to make kill decisions without restrictions. Without safeguards. Without human judgment.
And because one company refused, the Pentagon is now forcing that company out and bringing in eight others — all willing to do whatever the military asks.
SpaceX, OpenAI, Google, NVIDIA, Reflection, Microsoft, Oracle and Amazon Web Services have all been selected to deploy their AI products in the Department of Defense’s classified military networks. The Pentagon subsequently designated Anthropic a supply chain risk and the Trump administration ordered federal agencies to begin offloading use of its products.
The military spending is staggering. The Pentagon requested $13.4 billion for autonomous weapons systems for 2026 alone. The military’s spending also includes as much as $9 billion on data centers and computing capabilities customized for its security needs. The Defense Department has allocated at least some $75 billion to AI-driven programs since 2016.
And now data centers ARE military targets. Scholars of international law and the laws of armed conflict say that when a military runs on the cloud, the cloud becomes a legal military target. “A data center that is used solely or primarily for military applications is targetable,” said Ioannis Kalpouzos, an international law scholar and visiting professor at Harvard Law, “and a center that supports the Pentagon’s JWCC falls in that category.”
Which means: Every data center in America could be a target.
Retired Air Force Lt. Gen. David Deptula argues that data infrastructure will be key to connect the Pentagon’s myriad weapons, such as long-range munitions, advanced combat aircraft, space systems, missile defenses, and drones. “Nearly every function in the military depends on the ability to store, move, process, secure and exploit vast quantities of data at speed and scale. The nation with the best data infrastructure will possess a decisive advantage in the next era of warfare.”
But here’s the catch: Most people saw the headline about the drone strikes and kept scrolling. Here’s what they missed: those buildings weren’t just military bases. They were also hosting civilian applications — bank transactions, ride-hailing apps, hospital records. Financial systems across the Gulf went dark. AWS told customers to migrate immediately because the situation was “unpredictable.”
Your bank. Your hospital. Your medical records. All potentially vulnerable if data centers become military targets.
And nobody in government told you this was happening.
India investigating Tata data leak that exposed Apple iPhone secrets
India is investigating a data breach at Tata Electronics that exposed documents linked to Apple's unreleased iPhone 18 Pro, the country's IT secretary said on Thursday in the government's first public comments on the incident.
Sensitive lists of components and suppliers as well as photos of iPhone 18 Pro models are among files that were posted on the dark web by a ransomware group that stole data from Tata Electronics, Apple's Indian supplier, Reuters reported.
Not at all concerning
The pope said AI shouldn’t be concentrated in the hands of the few
The project shows many users still value lightweight, focused tools over feature-heavy AI integrations
Brave now allows users to completely isolate tabs from one another in containers, with separate cookies and storage
His committee mainly focused mainly on the use of Israel's Pegasus and similar tools
Intelligence agencies warn AI models could launch crippling cyberattacks in months
thehill.comThe reform is a response to what Berlin sees as increased risks linked to Russia
data.world has been bought out by ServiceNow. ServiceNow is planning on deleting everything on the 11th of July. We need to hurry!!
We need to hurry and save all this data, but I am currently moving and can't myself. We all need to hurry.
https://data.world/_all/w/datasets?sort=-created
How I was informed (wasn't exactly active for a little while, but thankfully social media exists):
https://www.tumblr.com/phoenixcatch7/821097380811358208?source=share