What I’ve Been Up To…

First Wedding Anniversary 🥂

If you were wondering why there was no newsletter last week, this is why — had to take a few days to celebrate with my wife, including Sunday, which is when I would usually crank out 90% of this email.

We stayed in a nice nature and spa hotel near Vila Nova de Milfontes and enjoyed lots of time offline. It was truly great.

Portugal & Spain Blackout

Speaking of offline—though not strictly related to cybersecurity (as far as we know)—this week kicked off with a full-blown, countrywide blackout that lasted around 10 hours.

My wife and I spent most of the day out in the countryside and at the beach, so we barely felt it until we returned to our suburban town near Lisbon and tried to find an open grocery store. One had a huge line with security managing the crowd, and two others were shut, entrances blocked by shopping carts. It felt oddly apocalyptic for just a few hours without electricity.

We ended up going home, eating tuna cans and cereal for dinner, and hoping for the best. (It turned out fine.)

Nearly a week later, there’s still no official government explanation for the blackout. Experts, however, point to an overreliance on renewable energy—currently unable to handle sudden demand or production swings in the grid—as the likely cause.

I know next to nothing about the energy sector, but if that’s true, it’s easy to see why the Portuguese and Spanish governments aren’t eager to confirm it (Spain outright denied it): it undermines the idea that we can lean on renewables as heavily as we’d like.

Still, ignorance isn’t bliss (in this case.) If true, I’d really like to see our governments—and the EU—level with us, update their renewable plans accordingly, and start seriously incentivizing the innovation needed to make full reliance on clean energy a reality.

WIRED ARTICLE CNN ARTICLE (PT)

Health

I signed up for a general evaluation and workout plan at the gym. Technically, a personal trainer approached me while I was butchering the leg curl machine, showed me how to use it properly, then asked if I’d be up for an evaluation and plan—which I was, since it was already on my mind.

The evaluation is on Tuesday. I’ll share my current biometrics in the next letter.

Mobile Security & AI

Zimperium’s 2025 Global Mobile Threat Report

Not sure why Zimperium released their yearly threat report when we’re not even in the middle of 2025, but it contains a lot of useful information and I recommend giving it a read.

Some of my big highlights from the report:

• Mishing (mobile phishing) represents roughly one-third of threats

  identified by Zimperium.

• Smishing (SMS phishing) comprises over two-thirds of mishing threats (I’ve definitely felt this on my personal phone number).

• A roughly 160% growth in the use of AI services within apps has been observed, which opens interesting attack vectors to keep an eye on.

LINK

Airborne: Zero-Click RCE & More in AirPlay Protocol

Oligo Security reports that they’ve discovered a new set of vulnerabilities in Apple’s AirPlay Protocol and the AirPlay SDK, which they’ve coined “Airborne“.

The list of types of attack vectors and outcomes enabled by these findings is kind of insane: Zero Click RCE, One-Click RCE, ACL and user interaction bypass, Local Arbitrary File Read, Sensitive information disclosure, MITM attacks, DoS.

There are 17 CVEs associated with Airborne, and the report includes several PoC demo videos. Go check it out.

LINK

Triada strikes back (by being pre-installed on counterfeit devices)

Kaspersky published a highly detailed report on the behavior and functionality of the latest Triada variants, which were found pre-installed on knockoffs of popular smartphone brands. (On the last AF Letter I reported on a DrWeb investigation into this same issue.)

The report outlines Triada’s infection chain, the malicious payloads it drops—mostly financial trojans and spyware—how some of them work, and includes a large list of IoCs.

It’s an excellent contribution to malware research.

LINK

Book Recommendation

The Beginning of Infinity by David Deutsch

Earlier today, I was scrolling through X when I came across this tweet by Mat (one of my favorite AI news content creators). I decided to build on it—not because I disagree entirely, but because, thanks to David Deutsch’s book, I realized it wasn’t quite accurate.

Sure, knowledge that can’t be applied isn’t very useful. But all animals apply knowledge—most of it hardwired through DNA. What makes humans special is our ability to store and transfer knowledge across generations through various means. From that perspective, AI is the ultimate reflection of what makes humans not just valuable, but truly special.

The idea about what makes humans special is introduced early in the book (which I’m still reading), and I found it very insightful. The reasoning—more complex than what I’ve described—was the first time someone made me feel that humans truly are special, with a rational explanation.

The book covers several other topics, and I’m obviously still reading it, but even just based on the first 100 pages, I highly recommend it.

LINK

Thanks for Reading

That’s all for this week. If you enjoyed this issue, please share it with someone you think would too.

See you next week.