Discord Is Asking For Your ID. The Backlash Is About More Than Privacy

Discord has decided that if you want to keep hanging out on its digital turf, you’ll need to show your papers. Starting next month, users will have to upload government ID or submit to a face scan to prove they’re old enough to be there. The official line is “protect the children,” complete with a default teen-filtered experience. But if you want the unfiltered internet you signed up for, you now have to biometrically authenticate yourself to a chat app that recently leaked 70,000 user IDs. What could possibly go wrong?

The backlash isn’t just about privacy—it’s about trajectory. Once age verification becomes normalized on a platform like Discord, it sets the tone for the rest of the web. The Electronic Frontier Foundation calls it what it is: a ratchet toward routine identity checks and ambient surveillance. The internet’s long-standing culture of pseudonymity—especially vital for dissidents, whistleblowers, and LGBTQ+ youth—gets quietly reframed as a liability. “Safety” becomes the rhetorical wedge that pries open the door to a papers-please internet.

And here’s the kicker: even supporters of age checks get skittish when you mention uploading ID or facial video. Polling shows enthusiasm collapses when theory becomes practice. Critics argue this is policy theater—regulators and platforms reaching for the most technically convenient “solution,” even though it’s trivially bypassed and shifts the compliance burden onto users. After years of data breaches and broken trust, people understand the trade they’re being offered: your biometric identity in exchange for access to a meme server. Increasingly, they’re not buying it.

More via Fast Company 

Hackers Hijack Physician’s Paycheck in Social Engineering Payroll Scam

In December 2025, Binary Defense’s ARC Labs, led by deputy CTO John Dwyer, uncovered a payroll fraud attack at a healthcare organization that redirected a physician’s salary using social engineering and process manipulation, not technical hacking. Attackers exploited compromised shared-mailbox credentials, likely from an earlier breach, to gather internal details, then impersonated the physician in a help-desk call, triggering a reset of the password and multi-factor authentication. They logged in through the organization’s virtual desktop infrastructure, appearing as a trusted internal user, and accessed Workday to change direct-deposit banking details, diverting pay to their own account. The breach went undetected until the physician reported missing pay.

Dwyer warned that “identity is the new perimeter,” as attackers increasingly exploit legitimate credentials, trusted systems, and internal workflows. The case mirrors Microsoft-documented business email compromise attacks targeting universities, where phishing and MFA interception enabled similar payroll diversions via Microsoft Exchange Online and Workday. The incident highlights shared mailboxes, HR platforms, and payroll systems as prime targets, underscoring the need for stronger verification, fraud detection, and safeguards around direct-deposit changes.

More via The Register 

Substack Confirms Data Breach Exposing User Contact Information

Substack confirmed a data breach after an “unauthorized third party” accessed its internal systems in October, exposing users’ email addresses, phone numbers, and unspecified internal metadata. The company said that passwords, credit card numbers, and other financial data were not compromised. CEO Chris Best stated that Substack identified the vulnerability in February, fixed the issue, and launched an internal investigation, apologizing to users and acknowledging shortcomings in protecting their privacy.

Substack did not disclose the technical cause of the breach, the full scope of the exposed data, how many users were affected, or whether hackers demanded a ransom. The company said it has no evidence that the stolen data is being misused but did not detail the technical methods used to reach that conclusion, advising users to remain cautious of suspicious emails and texts. TechCrunch reported the incident and said it would update coverage if further details emerge.

The breach comes as Substack reports more than 50 million active subscriptions, including 5 million paid, and after the company raised $100 million in Series C funding in July 2025 led by BOND and The Chernin Group, with participation from Andreessen Horowitz, Klutch Sports Group CEO Rich Paul, and Skims co-founder Jens Grede.

More via Tech Crunch 

Congress Targets Kids’ Social Media Use with New Federal Rules

The Kids Off Social Media Act, introduced by Rep. Anna Paulina Luna, co-led in the House by Rep. Kim Schrier and sponsored in the Senate by Ted Cruz and Brian Schatz, would bar accounts for children under 13, require deletion of their data, and limit algorithmic recommendations for users under 17.

The bill applies to public-facing platforms, spares email and educational tools, and mandates schools receiving E-Rate funds to block social media and enforce safety policies. Enforcement would fall to the FTC and state attorneys general. Sponsors cite rising rates of anxiety, depression, and addiction among minors. While it does not require national age verification, platforms may adopt ID checks or biometrics, creating persistent digital identities and enhancing nationwide child protection and corporate accountability.

More via Reclaim the Net

dYdX npm and PyPI Packages Compromised in Third Major Attack

Security researchers from Socket have revealed that npm and PyPI packages for dYdX, a decentralized derivatives exchange with $1.5 trillion in lifetime trading volume, were compromised to steal wallet credentials and backdoor devices. Infected packages include npm (@dydxprotocol/v4-client-js) versions 3.4.1, 1.22.1, 1.15.2, 1.0.31 and PyPI (dydx-v4-client) 1.1.5post1. The malware exfiltrated wallet seed phrases and device fingerprints to the typosquatted domain dydx[.]priceoracle[.]site.

PyPI packages added a remote access Trojan (RAT) enabling code execution, data theft, persistent backdoors, and lateral movement. Packages were published via compromised official accounts. This incident marks the third attack on dYdX, following a September 2022 npm compromise and a 2024 v3 DNS hijacking. Users and developers are urged to audit all dependencies to prevent full wallet compromise and irreversible cryptocurrency loss.

More via Arstechnica

ZeroDayRAT: New Commercial Spyware Threatens Android and iOS Devices

ZeroDayRAT, first spotted on February 2, 2026, and analyzed by iVerify, is a commercial spyware toolkit targeting Android and iOS devices. Distributed via Telegram, it gives operators a self-hosted panel and payload builder, with infection through phishing, smishing, trojanized apps, or social engineering. Once installed, it collects device and user data—including SIM info, app activity, SMS previews, and GPS history—while monitoring accounts on WhatsApp, Instagram, Telegram, Google, Amazon, and YouTube.

The toolkit enables live camera, microphone, and screen feeds, logs keystrokes and biometrics, and supports cryptocurrency and bank credential theft. Multilingual promotion, decentralized deployment, and deliberate obfuscation make attribution and takedown difficult, marking ZeroDayRAT as a persistent, high-risk mobile threat for users and security teams alike.

More via Security Week

Elsewhere Online:

Warlock Ransomware Group Exploits SmarterMail Flaws to Breach SmarterTools
Read: https://www.darkreading.com/threat-intelligence/zerodayrat-brings-commercial-spyware-to-mass-market

Microsoft Patches Fifty Nine Flaws Including Six Active Zero Day Exploits
Read: https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html

New Cybercrime Group 0APT Accused of Fabricating Massive Ransomware Claims
Read: https://hackread.com/cybercrime-group-0apt-faking-breach-claims/

Volvo Group Reports Data Breach Affecting 17,000 Employees via Conduent Vendor
Read: https://www.securityweek.com/conduent-breach-hits-volvo-group-nearly-17000-employees-data-exposed/

New SSHStalker Botnet Targets Legacy Linux Systems via IRC
Read: https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html

Previously on #AxisOfEasy