TL;DR:

  • China behind FBI wiretap hack. US investigators now point to Chinese government hackers as responsible for the breach of FBI systems containing wiretap data and surveillance targets. The attack exploited a commercial ISP vendor.
  • LeakBase taken down. FBI and Europol seized the massive stolen data marketplace in a coordinated global operation. 142,000 users, 13 arrests, 32 searches across 8 countries.
  • AI agents are a security nightmare. CVE-2026-2256 in the MS-Agent framework lets attackers hijack AI agents to execute arbitrary commands. CVSS score: 9.8 (critical). One company lost $3.2 million to a compromised AI procurement agent.
  • Samsung settles smart TV spying lawsuit. Texas forced Samsung to stop collecting ACR data without explicit consent. Four more TV makers still in court.
  • FISA 702: 43 days until sunset.

US Points to China in FBI Wiretap System Breach

US investigators now suspect Chinese government-affiliated hackers are responsible for the intrusion into FBI networks that contain wiretap data and surveillance orders [1].

We covered the breach on March 6 when the FBI confirmed "suspicious activities" on systems handling pen register returns, trap-and-trace data, and personally identifiable information about investigation subjects. Now we have attribution.

What's new:

  • The FBI discovered abnormal log activity on February 17
  • Chinese government-affiliated hackers are the leading suspects
  • The White House, NSA, FBI, and CISA are all involved in the investigation
  • The breach targeted FISA warrant management systems
  • Attackers exploited a commercial ISP vendor's infrastructure

The scope and severity remain unknown. The FBI is calling it "sophisticated," their standard euphemism for "we're still figuring out how bad this is."

This follows the Salt Typhoon telecom attacks where Chinese hackers breached at least nine US telecommunications companies and accessed surveillance request systems. Same playbook: use third-party infrastructure to penetrate systems designed to surveil Americans.

The irony: The surveillance apparatus built to spy on targets abroad keeps getting turned against itself. FBI wiretap systems. Telecom lawful intercept systems. At what point do we admit these centralized surveillance databases are more liability than asset?

Sources: [1] US News/WSJ, [2] CNN, [3] TechCrunch

Related: Full Coverage: FBI Surveillance System Breach | Salt Typhoon Telecom Hack

Global Police Operation Takes Down LeakBase

FBI and Europol seized LeakBase, one of the world's largest marketplaces for stolen data, in a coordinated global operation on March 3-4 [4].

By the numbers:

  • 142,000 registered users
  • 32,000 posts
  • 215,000+ private messages
  • 13 arrests
  • 32 searches
  • 33 suspects interviewed
  • 8 countries involved: US, Australia, Belgium, Poland, Portugal, Romania, Spain, UK

Operation Leak targeted 37 of the forum's most active users. The seizure banner now reads: "All forum content, including users' accounts, posts, credit details, private messages, and IP logs, has been secured and preserved for evidentiary purposes."

LeakBase had been active since 2021, specializing in trading leaked databases and "stealer logs": credentials stolen by infostealer malware. The forum became a key hub in the cybercrime ecosystem where breach data gets monetized.

Why it matters: This is where your data ends up after a breach. The Conduent breach that exposed 25+ million Americans? Those records get traded on forums like LeakBase. One down, many more to go.

Sources: [4] Europol, [5] DOJ, [6] The Hacker News

Critical AI Agent Vulnerability: From Prompt to System Takeover

Security researchers disclosed CVE-2026-2256, a critical vulnerability in the MS-Agent AI framework that lets attackers hijack AI agents and execute arbitrary commands on host systems [7].

The technical breakdown:

  • CVSS score: 9.8 (Critical)
  • Vulnerability type: Command injection via prompt injection
  • Impact: Full system compromise with agent process privileges
  • Affected: MS-Agent framework by ModelScope (used for building autonomous AI agents)

MS-Agent's Shell tool lets AI agents execute operating system commands. The vulnerability exists because the framework's check_safe() denylist can be bypassed through command obfuscation or alternative syntax. Malicious commands embedded in documents or code pass unsanitized to the OS.

If exploited, attackers can: exfiltrate data, modify or delete system files, install backdoors, and move laterally across enterprise networks.

The real-world cost: Palo Alto Networks reported that a manufacturing company lost $3.2 million after attackers compromised an AI procurement agent and manipulated transactions [8]. This isn't theoretical.

Gartner estimates 40% of enterprise applications will integrate AI agents by end of 2026. The attack surface is exploding while security practices lag behind.

Mitigation: Sandbox AI agents in isolated environments. Run agents with minimum necessary privileges. The industry-standard advice is "don't trust AI agents with system access," which defeats the purpose of most agent deployments.

Sources: [7] Cybersecurity News, [8] SecurityWeek, [9] Cyberpress

Related: AI Agent Security: Red Team Findings | Vercel Got Hacked Through an AI Tool

Samsung Settles Texas Smart TV Surveillance Lawsuit

Samsung reached a settlement with Texas over its ACR (Automatic Content Recognition) surveillance practices [10].

We covered the December 2025 lawsuit: Texas AG Ken Paxton sued Samsung and four other TV makers for capturing screenshots every 500 milliseconds and selling viewing data to advertisers. One click to enroll. 200+ clicks to find the opt-out.

What Samsung agreed to:

  • Stop collecting ACR data from Texans without explicit, informed consent
  • Rewrite on-screen privacy prompts
  • Replace "dark patterns" that required 200+ clicks to access privacy settings
  • Provide clear, conspicuous disclosure and consent screens

Still in court: Sony, LG, Hisense, and TCL are still fighting their lawsuits. Same allegations, same surveillance tech.

Paxton's office called it a "win for Texas consumers," but let's be clear: Samsung isn't stopping ACR globally. They're just adding better consent dialogs in Texas. The business model (turning your TV into an advertising surveillance device) remains intact.

Sources: [10] The Record, [11] Malwarebytes

Related: Full Coverage: Texas Smart TV Lawsuits | Smart TV Surveillance Guide

Quick Hits

  • Anthropic back at Pentagon negotiating table. After being designated a "supply chain risk" and losing its $200M contract, Anthropic CEO Dario Amodei is reportedly back in talks with DOD. The company refused to let its AI be used for mass surveillance or autonomous weapons. OpenAI has no such restrictions [12]. CNBC | Full Coverage: Anthropic's Pentagon Ban Over AI Ethics
  • Lacoste hit by Lapsus$ ransomware. The French apparel company joins the March breach parade. Customer data compromised [13]. SharkStriker
  • Malaysia Airlines breach confirmed. Another major carrier compromised. Details still emerging [14]. SharkStriker
  • RSA Conference 2026 next week. March 23-26 in San Francisco. AI agent security expected to dominate discussions given the MS-Agent CVE. Privacy Summit follows March 30-31 in DC.

FISA 702: 43 Days

Section 702 expires April 20. Senate Intel Chair Tom Cotton wants a "clean" 18-month extension attached to must-pass legislation. No warrant requirement. No reforms.

The classified FISA briefing this week reportedly "erupted in frustration" as officials refused to state the administration's position [15]. Meanwhile, the same government demanding warrantless access to Americans' communications just had its wiretap systems breached by Chinese hackers.

Privacy advocates are regrouping around the SAFE Act's warrant requirement. The House tied 212-212 on a warrant amendment in 2024. One vote could change everything.

Related: FISA 702 Warrant Fight | Cotton's Extension Plan

What to Watch

This week: More FBI breach details. Anthropic-Pentagon negotiations. Maine House privacy bill reconsideration.

March 10: "Privacy's Defender" book launch (Cindy Cohn/EFF).

March 23-26: RSA Conference 2026. AI agent security in spotlight.

March 30-31: Privacy Summit, Washington DC.

March 31: Conduent breach credit monitoring enrollment deadline.

April 1: California "Delete My Data" requests open.

April 20: FISA Section 702 sunset. 43 days.

Last updated: March 8, 2026