futurism.com
Joe Wilkins
Correspondent
A hacker found a way into the backend of AI startup Doublespeed, which offers customers access to a massive phone farm network.
Back in October, word started making the rounds of an AI startup called Doublespeed. Backed by venture capital firm Andreessen Horowitz, Doublespeed offers customers a unique service: access to a massive phone farm that could be used to operate hundreds of AI-generated social media accounts.
Now, 404 Media reports in an explosive scoop that Doublespeed has been hacked. This wasn’t just one account associated with the startup, but the entire backend used to manage its phone farm — so it provides an extraordinary glimpse at how the service is actually being used to manipulate social media at scale.
Speaking to 404 on condition of anonymity, the hacker said they can “see the phones in use, which manager [computers controlling the phones] they had, which TikTok accounts they were assigned, proxies in use (and their passwords), and pending tasks. As well as the link to control devices for each manager.”
The hacker also shared a list of over 400 TikTok accounts operated by Doublespeed’s phone farm, about half of which were actively promoting products. Most of them, the publication reports, did so without disclosing that the posts were ads — a direct violation of TikTok’s terms of use, not to mention the Federal Trade Commission’s digital advertising regulations.
While undisclosed ads might seem like small potatoes in the grand scheme of things, the speak to a bleak trend. Not only is Doublespeed a possible breeding ground for disinformation campaigns or financial scams, but they seem to be getting away with their phone farm operation without any pushback from TikTok.
Doublespeed’s TikTok accounts ran a gamut of different cons, promoting language learning apps, supplements, massage products, dating apps and more. One account, operating under the unambiguously human-sounding name of Chloe Davis, had uploaded some 200 posts featuring an AI-generated woman hawking a massage roller for a company called Vibit, 404 reported.
Though the hacker says he reported the vulnerability to Doublespeed on October 31, he notes that he still had access to the company’s back end as recently as today.
So far, Doublespeed is only active on TikTok, though it has plans to expand to Instagram, Reddit, and X-formerly-Twitter. When it does, it seems all bets are off — with social media engagement, and all the influence it entails, being relegated to the highest bidder.
The Chinese Ministry of State Security intelligence service disclosed in October that the U.S. National Security Agency has been engaged in a three-year cyber campaign to break into the official National Time Service Center.
The center is located in the north-central city of Xian. It provides precision time services that state media say are vital for military systems, communications, finance, electricity, transportation and mapping.
The NSA had no comment on the report, but defense analysts say the Chinese report is a significant clue to one of the most secret programs in support of an advanced form of strategic missile defense called “left of launch.”
Left of launch refers to a timeline for using various military tools, such as cyberattacks that could cause missiles to blow up in silos when launch buttons are pushed, special operations commandos and on-the-ground sabotage after a missile is detected being readied for firing.
The project to conduct prelaunch attacks and sabotage of missile systems has been underway for at least a decade, and its elements are among the U.S. military’s most closely guarded secrets.
Asked recently how left of launch will be used in President Trump’s forthcoming Golden Dome defense system to prevent a missile from being fired, Space Force Gen. Michael A. Guetlein, vice chief of space operations, said cryptically: “Can’t talk about it.”
PNT satellite system
Gaining access to China’s central time system would provide a major advantage to the U.S. military and military intelligence services during a conflict by allowing hackers to disrupt missile strikes before launch or shortly after launch, known as the boost phase.
The time center is a key element of China’s BeiDou satellite navigation system, a copy of the U.S. GPS, which uses more than 35 satellites to provide the People’s Liberation Army with vital PNT — positioning, navigation and timing — for its missile systems.
The satellite system is said to provide “centimeter-level” precision and is linked to the National Time Service Center.
Theoretically, NSA cyber sleuths, by breaching the time center, could have planted malicious software inside the PNT data chain that could then be used for intelligence gathering on missile targets and providing false navigation parameters for missile strikes.
U.S. advanced artificial intelligence technology also could fashion prelaunch disruptions that could retarget Chinese missiles against Beijing.
A Chinese state media report on the NSA cyberattacks stated that control over timing is equivalent to “controlling the heartbeat of modern society.”
“Once the timing system is interfered with or hijacked, the consequences are unimaginable,” the online Chinese communications outlet C114 reported. It noted potential disruptions of financial markets, power grids, rail lines and military systems.
For missile systems, PNT is an essential element for real-time location, direction and precise time data used for accurate targeting, trajectory control and command and control.
“There’s no doubt that the best time to defeat a missile is before it’s launched,” said Todd Harrison, a defense expert with the American Enterprise Institute. “The most obvious way is to track and destroy the launchers and the command and control infrastructure and sensors that enable them.”
Conducting the attacks is difficult because of the distances involved and the risks of escalation.
Various non-kinetic tools can be used to defeat a missile “kill chain” before launch, including jamming sensors and communications, and cyberattacks on command and control systems, Mr. Harrison said.
Electronic disruptions before launch can produce uncertain effectiveness during combat, even if they initially produce impacts, because thinking adversaries will adapt and overcome the disruptions.
“The question for Golden Dome is how much relative effort the architecture puts toward left of launch versus other phases of flight,” Mr. Harrison said. “Left of launch will surely be part of the approach, but we still don’t know how much emphasis it will garner.”
Sensors and capabilities
Mr. Trump’s executive order on missile defense, signed in January, specifically calls for developing and deploying left-of-launch capabilities for Golden Dome.
The order states that in addition to deploying defenses targeting missiles in midflight and terminal phases, the new system must “defeat missile attacks prior to launch and in the boost phase.”
Gen. Stephen Whiting, commander of U.S. Space Command, said in September that left-of-launch defenses will provide a next-generation missile defense capability.
Prelaunch defenses are needed because enemy missiles are becoming more precise and more lethal, he said at a defense conference.
“We are seeing both the capacity and the capability of the threat missiles we’re now facing rapidly increase,” Gen. Whiting said at the annual Air, Space & Cyber Conference. “Just look over the last 18 months in the Israel-Iran conflict … multiple salvos of missiles, not single-digit missiles, not double-digit missiles. We’re talking triple-digit missile salvos paired with one-way attack drones.”
Gen. Whiting said current missile defenses are capable of providing warning and tracking of traditional ballistic missiles, but newer high-speed hypersonic maneuvering missiles and space-based hypersonic missiles are “incredibly destabilizing.”
“Our missile defenses have done broadly a good job during the most recent conflicts, but most of those are focused on terminal engagement,” the general said.
“We want to be able to push that engagement to the left, and eventually left of launch,” he said.
To conduct such prelaunch strikes, greater sensor integration is needed, and more sophisticated cyberattacks will be used to “drive capabilities that allow us to affect targets before they even begin to launch,” Gen. Whiting said.
Robert Peters, senior research fellow for strategic deterrence and The Heritage Foundation, said one of the more promising elements of the Golden Dome will be deploying better overhead sensors and coupling them with theater defense sensors. The advanced sensors will enhance homeland missile defenses by providing significantly greater awareness of when enemy missiles are being readied for launch, and then provide more accurate data once a missile is fired.
“This better integration of data and sensors greatly increases a state’s ability to intercept missiles before they hit their targets,” Mr. Peters said.
Launch preparations for solid-fuel missiles in silos, such as China’s new fields of more than 350 intercontinental ballistic missiles in western China, will be more difficult to detect before launch.
Mobile ICBMs moved out of garrison in preparation for launch have signatures that can be tracked more easily as part of left-of-launch defenses, Mr. Peters said.
“Golden Dome, if done properly, will invest heavily in these types of sensor architectures, not simply on more and more modern interceptors, as critical as those are,” Mr. Peters said.
Israel’s military conducted a series of left-of-launch strikes on Iranian missiles before the joint U.S.-Israeli bombing raid on Iran’s key nuclear facilities.
The Israel Defense Forces released videos of airstrikes on several Iranian mobile missiles that were blown up before they could be fired in retaliatory attacks.
Israeli forces also conducted sabotage operations inside Iran. They neutralized some key missile technicians in the days before the June raid on three nuclear facilities, according to an Israeli think tank report.
In addition to better sensors and increased cyberattack capabilities, special operations forces also will be developed for prelaunch strikes on targets.
Left-of-launch options
Lt. Gen. Sean Farrell, deputy commander of U.S. Special Operations Command, said special operations commandos are working on left-of-launch missile defense capabilities for missiles and drones.
“We have been working left of launch on behalf of the [Defense] Department to try to understand how we can get after the threats before they become a threat,” Gen. Farrell said at the conference with Gen. Whiting. “I think a lot of that will translate as well if we’re able to synchronize and plan together at the strategic level on where we can bring left-of-launch attention to a layered approach to homeland defense.”
The ultimate goal of the layered and integrated missile defense is to deploy an array of forces across all military domains that can detect, disrupt and potentially stop missile threats before they emerge.
Left-of-launch capabilities have been a topic within the Pentagon since at least 2014, when a memorandum was disclosed from Chief of Naval Operations Adm. Jonathan Greenert and Army Chief of Staff Gen. Ray Odierno to the secretary of defense warning that missile defense spending was “unsustainable” because of sharp defense cuts.
The two military leaders called for building more cost-effective left-of-launch capabilities.
Defense officials at the time said the research for left of launch included non-kinetic weapons, such as cyberattacks and electronic warfare, including electromagnetic pulse attacks against missile command and control systems.
These weapons would be used after missile launch preparations are detected. They would disrupt or disable launch controls or send malicious commands to cause the missiles to explode on their launchers.
In 2016, Adm. William Gortney, then commander of U.S. Northern Command, stated in prepared congressional testimony that most missile defenses are designed to intercept missiles after launch, using ground-based interceptors, mobile regional defenses and ship-based anti-missile systems.
“We need to augment our defensive posture with one that is designed to defeat ballistic missile threats in the boost phase as well as before they are launched, known as ‘left of launch,’” Adm. Gortney said.
Other potential boost-phase defenses could include high-powered lasers deployed on drones or aircraft that can strike missiles just after launch.
All current missile defense systems use kinetic kill interceptors that require precision targeting data to knock out high-speed warheads. They include Patriot, Terminal High Altitude Area Defense, or THAAD, and large Ground-Based Interceptors in Alaska and California, an Aegis missile defense based mostly on ships and in several ground locations.
The Golden Dome will deploy space-based interceptors for the first time, providing greater coverage against missile threats.
Kenneth Todorov, former deputy director of the Missile Defense Agency and now vice president at Northrop Grumman Missile Defense Solutions, said the company is working on left-of-launch capabilities and counter-hypersonic missile efforts.
“With decades of experience supporting mission-critical defense programs across the entire kill chain, the company is bringing to bear a portfolio of advanced, innovative capabilities from left of launch, through detection and tracking, all the way to assessment of kill, delivering mission agility in addressing the evolving hypersonic threat,” Mr. Todorov said on the Northrop website.
Patrycja Bazylczyk, associate director of the Missile Defense Project at the Center for Strategic and International Studies, said left-of-launch defenses include a broad category of kinetic and non-kinetic efforts to counter enemy launches. They can include strikes on missile launchers, jamming enemy communications or infiltrating a missile factory.
“Left-of-launch efforts are not alternatives to active missile defenses; they work in tandem, allowing U.S. forces to more effectively counter enemy action rather than merely respond to it,” Ms. Bazylczyk said.
bleepingcomputer.com
By Bill Toulas
December 19, 2025
The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service.
The attacks led to business email compromise, data breaches, and financial losses affecting organizations worldwide.
The law enforcement operation was possible thanks to intelligence from Microsoft, shared with the Nigeria Police Force National Cybercrime Centre (NPF–NCCC) via the FBI.
The authorities identified individuals who administered the phishing toolkit ‘Raccoon0365,’ which automated the creation of fake Microsoft login pages for credential theft.
The service, which was responsible for at least 5,000 Microsoft 365 account compromises across 94 countries, was disrupted by Microsoft and Cloudflare last September.
It is unclear if the disruption operation helped identify those behind Raccoon0365 in Nigeria.
BleepingComputer contacted Microsoft for clarifications but a comment wasn't immediately available.
“Acting on precise and actionable intelligence, NPF–NCCC operatives were deployed to Lagos and Edo States, leading to the arrest of three suspects,” reads the police’s announcement.
“Search operations conducted at their residences resulted in the recovery of laptops, mobile devices, and other digital equipment, which have been linked to the fraudulent scheme after forensic analysis.”
One of the arrested suspects is an individual named Okitipi Samuel, also known online as “RaccoonO365” and “Moses Felix,” whom the police believe is the developer of the phishing platform.
Samuel operated a Telegram channel where he sold phishing kits to other cybercriminals in exchange for cryptocurrency, while he also hosted the phishing pages on Cloudflare using accounts registered with compromised credentials.
The Telegram channel counted over 800 members around the time of the disruption, and the reported access fees ranged from $355/month to $999/3 months.
Cloudflare estimates that the service is used primarily by Russia-based cybercriminals.
Regarding the other two arrested individuals, the police stated they have no evidence linking them to the Raccoon0365 operation or creation.
The person that Microsoft previously identified as the leader of the phishing service, Joshua Ogundipe, is not mentioned in the police’s announcement.
techcrunch.com
Lorenzo Franceschi-Bicchierai
12:15 PM PST · December 19, 2025
On Wednesday, Cisco revealed that a group of Chinese government-backed hackers is exploiting a vulnerability to target its enterprise customers who use some of the company’s most popular products.
Cisco has not said how many of its customers have already been hacked, or may be running vulnerable systems. Now, security researchers say there are hundreds of Cisco customers who could potentially be hacked.
Piotr Kijewski, the chief executive of the nonprofit Shadowserver Foundation that scans and monitors the internet for hacking campaigns, told TechCrunch that the scale of exposure “seems more in the hundreds rather than thousands or tens of thousands.”
Kijewski said the foundation was not seeing widespread activity, presumably because “current attacks are targeted.”
Shadowserver has a page where it’s tracking the number of systems that are exposed and vulnerable to the flaw disclosed by Cisco, named officially as CVE-2025-20393. The vulnerability is known as a zero-day, because the flaw was discovered before the company had time to make patches available. As of press time, India, Thailand, and the United States collectively have dozens of affected systems within their borders.
Censys, a cybersecurity firm that monitors hacking activities across the internet, is also seeing a limited number of affected Cisco customers. According to a blog post, Censys has observed 220 internet-exposed Cisco email gateways, one of the products known to be vulnerable.
In its security advisory published earlier this week, Cisco said that the vulnerability is present in software found in several products, including its Secure Email Gateway and its Secure Email and Web Manager.
Cisco said these systems are only vulnerable if they are reachable from the internet, and have its “spam quarantine” feature enabled. Neither of those two conditions are enabled by default, per Cisco, which would explain why there appears to be, relatively speaking, not that many vulnerable systems on the internet.
Cisco did not respond to a request for comment, asking if the company could corroborate the numbers seen by Shadowserver and Censys.
The bigger problem with this hacking campaign is that there are no patches available. Cisco recommends that customers wipe and “restore an affected appliance to a secure state,” as a way to remediate any breach.
“In case of confirmed compromise, rebuilding the appliances is, currently, the only viable option to eradicate the threat actors persistence mechanism from the appliance,” the company wrote in its advisory.
According to Cisco’s threat intelligence arm Talos, the hacking campaign has been ongoing since “at least late November 2025.”
