Last Week’s Quote was: “Good judgement comes from experience, which comes from bad judgement,” was by Bill Gurley.  No winner.  

This Week’s Quote:  “Mind is the cause, and what we term matter, or the visible, is effect.” By ???

THE RULES:  No searching up the answer, must be posted at the bottom of the blog post, in the comments section.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.

Leaked Shopify Memo: Use AI Or Else

Shopify CEO Tobi Lutke “preemptively” leaked his own internal memo to staff “because it was in the process of being leaked and (presumably) shown in bad faith.”

It basically tells the entire company that from now on, the use of AI is part of the businesses baseline operations:

“Reflexive AI usage is now a baseline expectation at Shopify.
Maybe you are already there and find this memo puzzling. In that case you already use AI as a thought partner, deep researcher, critic, tutor, or pair programmer. I use it all the time, but even I feel I’m only scratching the surface. It’s the most rapid shift to how work is done that I’ve seen in my career and I’ve been pretty clear about my enthusiasm for it.”

By “reflexive AI” he means the habitual, instinctive, and seamless integration of AI tools into employees’ daily workflows as a fundamental part of their work process. It’s not just about using AI occasionally or as an add-on, but making it a core, almost automatic practice across all levels and roles within the company.

In my mind there are two types of companies today: those who are making this transition and the rest, who will be in one form or another, put out of business by the ones who do.

You are not going to lose your job, your livelihood or your business to AI. You will lose it to somebody who is using AI. That’s practically a cliche now. But it’s the truth.

As daunting as this might be – perhaps even more so to small and medium businesses, SOHO and family-run companies – this is also the single greatest playing field leveler since the advent of the internet itself.

(If you’re looking for ways to imbue clueful AI into your business – hit “reply” and let me know your situation.)

Read the entire memo: https://x.com/tobi/status/1909251946235437514

AI-Powered ‘AkiraBot’ Spams 80,000+ Small Business Sites with Fake SEO Offers

AkiraBot, an AI-powered spam framework active since September 2024, has targeted over 400,000 websites and successfully spammed at least 80,000, primarily small and medium-sized businesses (SMBs) using Shopify, GoDaddy, Wix, and Squarespace. Identified by SentinelLabs, part of SentinelOne, AkiraBot uses OpenAI’s GPT-4o-mini to craft tailored messages promoting fraudulent SEO services under the rotating brand names “Akira” and “ServiceWrap.” It dynamically analyzes site content, replaces variables like business names and keywords, and generates messages that evade spam filters by mimicking legitimate inquiries.

AkiraBot bypasses CAPTCHA systems using FastCaptcha, NextCaptcha, and browser manipulation, routes traffic through SmartProxy, and maintains anonymity via rotating IPs. It embeds hardcoded OpenAI API keys, reuses proxy credentials, and hits consistent test sites, suggesting centralized development. File timestamps across versions—codenamed “Shopbot,” “GoDaddy,” and “Wixbot”—indicate iterative updates. Newer variants target not only contact forms but also live chat widgets such as those from Reamaze.

Researchers linked the operation to a Telegram user who logs spam submission metrics. Over 80,000 successful messages were recorded by January 2025. Fake SEO reviews on TrustPilot, uncovered through DNS data and linked to past malicious infrastructure, reinforce the scam’s legitimacy façade. AkiraBot clogs communication channels, threatens SMB reputations, and exemplifies rising AI-enabled cybercrime sophistication.

Read: https://hackread.com/akirabot-abuses-openai-api-spam-website-contact-forms/

WK Kellogg Breach Exposes Employee Data via Cleo Software Vulnerabilities, Linked to Clop Ransomware

On December 7, 2024, attackers exploited vulnerabilities in Cleo’s file transfer products—Harmony, VLTrader, and LexiCom—to breach WK Kellogg Co., the Michigan-based cereal maker. The intrusion, involving unauthorized access to personnel files, was discovered on February 27, 2025, and disclosed via a filing with the Maine Attorney General’s Office on April 4. At least one employee in Maine had their name and Social Security number compromised. The breach exploited two flaws: CVE-2024-50623, which allowed unrestricted uploads and downloads and was insufficiently patched by Cleo in October 2024, and CVE-2024-55956, disclosed in December, which allowed unauthenticated users to execute arbitrary bash or PowerShell commands.

Cybersecurity firms Arctic Wolf and Mandiant linked the incident to a broader campaign targeting Cleo software, attributing the attack to the Clop ransomware group, which listed WK Kellogg on its dark web leak site in February to pressure compliance. The exposed data involved HR files, raising identity theft risks. Erich Kron of KnowBe4 emphasized the difficulty of defending against such zero-day exploits. Though Kellogg notified affected individuals by mail, the full scope remains unclear. The breach highlights ongoing enterprise vulnerability to third-party software flaws and the persistent, creative threat posed by ransomware groups like Clop.

Read: https://www.infosecurity-magazine.com/news/wk-kellogg-confirms-data-breach/

Global Spyware Campaign Exposed: Over 100 Apps Used to Target China’s Critics

A coalition of cybersecurity and intelligence agencies from the U.K., U.S., Australia, Canada, Germany, and New Zealand published advisories exposing two Android spyware families—BadBazaar and Moonshine—used to target individuals viewed as threats to China’s state interests. Disguised as legitimate apps, these Trojan-style malware tools granted attackers access to cameras, microphones, chats, photos, and location data. The campaigns targeted Uyghurs, Tibetans, Taiwanese communities, democracy advocates (including those linked to Hong Kong), Falun Gong practitioners, and other ethnic minorities from China’s Xinjiang region. The spyware was embedded in over 100 apps posing as Muslim and Buddhist prayer apps, chat platforms (e.g., Signal, Telegram, WhatsApp), utility tools, and even Adobe Acrobat. One iOS app, TibetOne, appeared on Apple’s App Store in 2021.

The U.K.’s National Cyber Security Centre (NCSC), part of intelligence agency GCHQ, led the release, joined by cybersecurity firms Lookout, Trend Micro, and Volexity, and digital rights group Citizen Lab, all of whom previously analyzed the malware. Victims were often lured via apps tailored to their cultural or political affiliations. The spyware’s distribution channels remain unspecified, but its global reach underscores the strategic sophistication of China-linked digital repression. Google and Apple, whose platforms hosted these apps, declined or failed to comment when contacted.

Read: https://techcrunch.com/2025/04/09/governments-identify-dozens-of-android-apps-bundled-with-spyware/

Whistleblower Alleges Meta Colluded with China to Undermine U.S. Security

Sarah Wynn-Williams, Facebook’s former Director of Global Public Policy (2011–2017), will testify before the Senate subcommittee on crime and counterterrorism that Meta “repeatedly” sought to “undermine US national security” through a secret partnership with the Chinese Communist Party. She alleges Meta executives built censorship tools for the CCP, gave it access to user data (including Americans’), and briefed Chinese officials on emerging tech like AI to help China outcompete U.S. firms. These efforts, beginning as early as 2014, were part of an $18 billion push to access the Chinese market, pitching Meta as an enabler of the “China Dream.” Wynn-Williams claims to possess internal documents substantiating these activities and asserts Meta lied to employees, shareholders, Congress, and the public.

Meta, via spokesperson Andy Stone, dismissed her claims as “false,” “out-of-date,” and “divorced from reality,” reiterating that the company does not operate in China. Zuckerberg previously acknowledged China interest but said no deal was reached. Wynn-Williams, defying a gag order sought by Meta to suppress her book *Careless People* (currently No. 2 on the *New York Times* nonfiction list), says Congress blocked Meta’s plan for a US-China tech pipeline. Senator Josh Hawley chairs the subcommittee. *NBC News* and *Reuters* are also named as reporting sources.

Read: https://arstechnica.com/tech-policy/2025/04/congress-to-question-whistleblower-who-accused-meta-of-helping-china-in-ai-race/

Elsewhere online: