The post Breach of Confidence: 24 April 2026 appeared first on Javvad Malik.

I spent an hour this week explaining to someone that no, ChatGPT cannot reliably fact-check itself, and yes, that’s a problem when your entire business strategy depends on it being right. They looked at me like I’d just told them Father Christmas works part-time at Argos.

The Swing That Crosses Borders 40 Times a Minute

There’s a swing somewhere between the Netherlands and Belgium that crosses an international border every time it moves. A Belarusian father watched his kids play on it and said he hoped borders would one day be unnecessary. I can’t stop thinking about that whilst watching governments panic about encrypted messaging apps and data sovereignty. We built the internet to ignore borders, then spent thirty years trying to put them back.

https://europeancorrespondent.com/en/r/borders-are-a-construct-but-this-swing-isnt

Open Source Leaders Are Better Managers Than Your Actual Manager

Open source maintainers have no authority, no budget, and no ability to fire anyone. All they can do is articulate a vision clearly enough that strangers volunteer their evenings to make it real. Meanwhile, business schools charge £30,000 to teach leadership models that boil down to “threaten people until they comply.” If you want to learn how to actually lead, stop reading Harvard Business Review and start watching how Linus Torvalds (ok maybe not the best example) gets people to care about kernel patches… but you git what I mean (see what I did there)

https://allthingsopen.org/articles/power-vs-influence-open-source-leadership

Meta’s Watching Every Keystroke Whilst Sacking Thousands

Meta’s now logging every single keystroke and mouse click from employees to train AI models. They’re also laying off thousands of people. These two things are definitely unrelated, they insist. Just a normal Tuesday at the office. The surveillance is to improve productivity. The redundancies are to improve margins. The fact that they’re happening simultaneously is merely a coincidence wrapped in a dystopia dressed as innovation.

https://www.bbc.co.uk/news/articles/cvglyklz49jo

Your IT Helpdesk Is Probably a Bloke in Lagos

Microsoft Teams is being used to impersonate your actual IT helpdesk, and tools like Quick Assist are doing exactly what they’re designed to do: let someone remote into your machine. The attack works because it’s not an attack. It’s legitimate software doing legitimate things for illegitimate people. You can’t patch trust.

https://www.bleepingcomputer.com/news/security/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/

A 24-Year-Old from Dundee Stole $8 Million via Text Message

A lad from Dundee (I assume he’s a good wee lad, never got into any trouble) just pleaded guilty to stealing $8 million through SMS phishing. He’s facing twenty years in prison. He didn’t exploit a zero-day. He didn’t write custom malware. He just sent convincing text messages and people believed him. The entire security industry exists to prevent this exact thing, and yet here we are, watching someone barely old enough to rent a car retire early on the proceeds of typos and urgency.

https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/

North Korea’s Using AI to Steal Crypto at Industrial Scale

North Korea’s moved on from banks. Now they’re targeting developers with fake job offers, using AI to make the scam scalable. They’re not hacking systems. They’re hacking hope. You apply for a role, go through interviews, get sent a test project, and boom. Your wallet’s empty. It’s social engineering industrialised, and it’s working because developers are tired, underpaid, and desperate for remote work that doesn’t involve legacy PHP codebases.

https://expel.com/blog/inside-lazarus-how-north-korea-uses-ai-to-industrialize-attacks-on-developers/

Your Network Access Is Worth £15

Initial access brokers are selling your corporate network credentials for about fifteen quid on dark web forums. Not because you’re unimportant. Because stealing credentials at scale is now so efficient that the market treats them like Tesco Value burgers (Aldi ones maybe?). The entire business model of cybercrime has shifted from precision heists to bulk commodity trading. Your breach isn’t personal. It’s just inventory.

https://www.computing.co.uk/feature/2026/cybercrime-who-are-the-initial-access-brokers

AI Broke the Internet’s Business Model

We spent a decade assuming compute was basically free. Turns out it’s not. AI just exposed that lie. Every search query, every chatbot response, every generated image costs real money in real datacentres burning real electricity. The entire internet ran on ads subsidising free services. Now those services cost actual money to run, and nobody’s quite sure who’s supposed to pay for it. Spoiler: it’s you. It’s always you.

https://stratechery.com/2026/mythos-muse-and-the-opportunity-cost-of-compute

___

That’s it for this week. If any of this made you laugh, wince, or forward it to someone who needs to hear it, reply and tell me. Or find me on Bluesky where I’m usually complaining about vendor pitches or tea temperatures.

Stay cynical.

*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: https://javvadmalik.com/2026/04/24/breach-of-confidence-24-april-2026/