Doomscrolling Sora 2, Discord Hack, Palo Alto Scans, & InfoSec Burnout

LITS bits: 

This week, Matt and Griff dive into OpenAI’s launch of Sora 2, a new AI video platform that’s already topping the App Store charts and blurring the line between content creation and social media. Continuing National Cybersecurity Awareness Month, they also unpack public trust issues with AI-generated search results, growing InfoSec burnout across the industry, and a potential zero-day threat brewing for Palo Alto Networks. Plus, they cover Discord’s first major age-verification data breach and what it means for third-party security. Tune in for the latest mix of AI innovation, cybersecurity red flags, and digital trends shaping the tech landscape. 

Have a listen and find details about each topic below:

OpenAI's Sora 2: Because Regular Doom-Scrolling Wasn't Awful Enough

OpenAI has launched Sora 2, an upgraded version of its AI video generator — and this time, it’s blurring the line between content creation and social media.

Sora 2’s standout feature? Users can now insert themselves into AI-generated videos. Through a one-time video and audio capture for identity verification, users can create realistic “cameos” of themselves and others.

But the real headline is the new Sora app, a built-in social platform where users can share, remix, and discover AI-generated videos. The app uses an algorithmic feed personalized to user interests — think TikTok meets Hollywood CGI.

📎 Read more via NBC News

Sora App Soars to #1 on Apple’s App Store

Despite being invite-only and currently available only for iOS, OpenAI’s Sora app has shot to the #1 spot on the App Store.

The platform allows users to generate short-form AI videos, remix content from others, and share creations in a communal feed. While OpenAI claims users have control over how their likeness is used, concerns are growing around identity misuse, deepfake potential, and legal ambiguity in AI-generated media.

Experts are calling for clear content-use policies and robust verification systems before Sora reaches widespread release — or risk a repeat of social media’s growing pains, now powered by generative AI.

📎 Full story from CNBC

Americans Still Don’t Fully Trust AI in Search Results

According to a recent Pew Research study, 65% of U.S. adults now encounter AI-generated summaries in their search results at least occasionally — and nearly half say they see them frequently.

But users remain cautious:

• 20% find them very useful
• 52% say they’re somewhat useful
• 28% find them not useful at all

Trust is equally shaky. Only 6% say they trust AI summaries “a lot,” while 53% express partial trust.

The takeaway? Even as AI becomes integrated into everyday search, public skepticism is still a major hurdle.

📎 Read Pew Research’s findings

InfoSec Burnout: A Growing Industry Crisis

Layoffs, AI integration, budget reductions, and dwindling staff buy-in are all fueling what many in cybersecurity are calling “InfoSec burnout.”

As security demands continue to rise — and teams shrink — burnout risks becoming a systemic threat to enterprise resilience.

More organizations are expected to revisit workforce retention and mental health strategies in 2025 to counter the toll of constant cyber vigilance.

Threat Watch: Is a Big One Coming for Palo Alto Networks?

A recent massive surge in scans targeting Palo Alto Network devices is raising red flags among cybersecurity researchers.

Data from Grey Noise showed 1,285 unique IPs engaged in scanning activity earlier this month — a staggering increase from the typical 200 per day.

Of these, 91% were flagged as suspicious and 7% as known malicious.

Most of the traffic was aimed at emulated Palo Alto profiles, suggesting attackers could be probing for a new zero-day vulnerability in PAN-OS or Global Protect systems.

Palo Alto has denied awareness of any active exploits and emphasized that its Cortex system should mitigate unknown threats. Still, researchers warn that similar patterns preceded previous major zero-days — like the ASA exploit that hit just two weeks after similar scanning spikes.

📎 Read the full report on BleepingComputer

Discord Hit by First Major Age-Verification Hack

Discord has confirmed a security incident stemming from a third-party customer service provider breach — marking the platform’s first major age-verification-related hack.

While Discord itself wasn’t directly compromised, the attacker accessed sensitive user support data, potentially including:

• Names, usernames, and emails
• Partial billing data (last four digits of cards, purchase history)
• IP addresses and support message history
• Some internal corporate materials

Discord has revoked access for the affected provider and is working with law enforcement. Impacted users are being notified via email.

This breach highlights the ongoing risk of third-party data exposure — a reminder that security chains are only as strong as their weakest vendor.

📎 Discord’s official statement

📎 Coverage via Tom’s Guide