Tag: cyber
-
Chinese National Extradited Over Silk Typhoon Cyber Campaign
Extradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionage First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-national-extradited-silk/
-
Chinese National Extradited Over Silk Typhoon Cyber Campaign
Extradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionage First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-national-extradited-silk/
-
Fake Tax Audits and Updates Fuel Silver Fox Malware Campaign
A China-linked threat group known as Silver Fox is running a new wave of cyber campaigns using fake tax audit notifications and software update lures to deliver malware across Asia. Active since at least 2022, the group initially focused on financially motivated attacks but, since 2024, has evolved into a dual-purpose operation combining cybercrime and…
-
Microsoft Expands Copilot Agent Mode for Outlook Inbox and Calendar Tasks
Microsoft announced a major evolution for Copilot in Outlook, shifting the tool from a passive assistant to an autonomous agent. Instead of simply drafting emails or summarizing threads on command, the AI now actively manages ongoing daily tasks. This agentic update enables the system to handle routine triage, resolve rescheduling conflicts, and prioritize communications in…
-
Chinese-Backed Smishing Rings Scale Credential Theft via SMS and OTT Apps
Chinese-language phishing-as-a-service (PhaaS) platforms are rapidly expanding their global reach by leveraging SMS and over-the-top (OTT) messaging channels such as iMessage and Rich Communication Services (RCS). Over the past several months, researchers have conducted large-scale analysis to identify and track some of the most active Chinese-backed phishing ecosystems. Their findings reveal highly organized operations that…
-
Beyond the perimeter: Why identity and cyber security are one single story
By James Odom, Director of Cyber, and Jim Small, Director of Identity at Hippo Digital For years, identity and cyber security have been treated as separate disciplines, with identity focusing on authentication, onboarding and access and cyber security focusing on networks, monitoring and threat response. That separation made sense when systems had clearer boundaries. The…
-
Sandworm Uses SSH-over-Tor Tunnel for Stealthy Long-Term Persistence
A significant evolution in Sandworm (APT-C-13) tradecraft, revealing the group’s use of SSH-over-Tor tunneling to achieve long-term, covert persistence inside targeted networks. Sandworm, also known as FROZENBARENTS, is a state-sponsored threat group active since 2014. It has consistently targeted government bodies, energy firms, and research institutions, focusing on intelligence collection. The attack begins with spear-phishing…
-
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between…
-
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/no-metrics-better-bad-metrics-soc/
-
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/no-metrics-better-bad-metrics-soc/
-
WhatsApp Tests Encrypted Cloud Backup Service for Safer Message Storage
WhatsApp is actively developing an independent, first-party cloud backup service featuring mandatory end-to-end encryption. This upcoming feature aims to reduce users’ reliance on third-party storage providers such as Google Drive and Apple’s iCloud. By bringing backup storage in-house, WhatsApp gives users greater control over their data privacy and device storage limits. All chat histories hosted…
-
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links
NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device…
-
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links
NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device…
-
Critical LiteLLM Flaw Enables Database Attacks Through SQL Injection
Tags: access, api, attack, authentication, cve, cyber, cybercrime, exploit, flaw, injection, sql, vulnerabilityA critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploiting this flaw to target high-value secrets such as API keys and provider credentials. Overview of the Vulnerability CVE-2026-42208 is a critical flaw in LiteLLM, an…
-
OilRig Hides C2 Config in Google Drive Image via LSB Steganography
APT-C-49 (OilRig), an Iranian state-sponsored advanced persistent threat group also known as APT34 and Helix Kitten, has deployed a sophisticated new attack campaign that conceals command-and-control configurations inside Google Drive images using LSB steganography. The group, which has been active since at least 2014, primarily targets government, energy, telecommunications, and financial sectors across the Middle…
-
ClickUp Security Flaw Exposes 959 Emails Linked to Major Fortune 500 Firms
A major security flaw in the popular productivity platform ClickUp has exposed sensitive data, including 959 email addresses tied to Fortune 500 companies and government agencies. The primary vulnerability stems from a hardcoded Split.io SDK token left inside ClickUp’s production JavaScript bundle. This script loads automatically whenever a user visits the platform’s content delivery network.…
-
Fake KYC Android Malware Spreads via WhatsApp to Hijack Bank Accounts
A new Android malware campaign is masquerading as a “Banking KYC” verification app and spreading via WhatsApp messages to target banking users in India. The malware is delivered as an APK shared over WhatsApp, posing as an urgent bank KYC or account verification update similar to previously reported Indian banking fraud campaigns. Victims are told…
-
Notepad++ Vulnerability Lets Attackers Crash App and Expose Memory Data
A new string injection vulnerability, tracked as CVE-2026-3008, has been discovered in Notepad++ version 8.9.3. This critical flaw allows attackers to crash the application or to instantly and secretly extract sensitive memory information. The Cybersecurity Agency of Singapore (CSA) has issued an urgent advisory urging all users to immediately upgrade to version 8.9.4 to secure…
-
Claude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 Seconds
A Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access controls. The Nine-Second Data Breach Jer Crane, founder of automotive software platform PocketOS, reported that the…
-
Fake Document Reader App Hits 10K Downloads, Spreads Anatsa Malware
A newly discovered malicious Android application masquerading as a document reader was found on the Google Play Store, infecting users with the notorious Anatsa banking trojan. The app, which had already surpassed 10,000 downloads before its removal, highlights the ongoing threat of malware slipping through official app marketplaces. The malicious app was hosted on the…
-
How CISOs Need To Prepare For The Claude Mythos Era Of Cyberattacks: Experts
As CISOs rethink their approaches to exposure management and cyber defense following revelations about Anthropic’s Claude Mythos and AI-powered vulnerability discovery, gaining improved visibility and implementing compensating controls are the most important steps for many organizations alongside shifting to accelerated patching cycles, cybersecurity experts tell CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/how-cisos-need-to-prepare-for-the-claude-mythos-era-of-cyberattacks-experts
-
Cyber crooks got Robinhood to send phishing emails to its own users
An email phishing campaign is currently targeting a subset of users of the Robinhood brokerage / investment platform and, judging by the comments on Reddit, some have fallen … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/robinhood-phishing-email-campaign/
-
New Malware Hides Behind Obfuscation and Staged Payloads
A newly identified malware campaign is leveraging advanced obfuscation techniques and multi-stage payload delivery to bypass traditional security defenses, according to recent analysis from Joe Sandbox. The attack begins with a highly targeted spear-phishing email sent to employees of the Punjab Safe Cities Authority (PSCA) and PPIC3 in Pakistan. The email impersonates an internal consultant…
-
EU Proposes Forcing Google to Share Search Data With Rivals Under DMA
The European Commission has proposed new measures that could force Google to share key search engine data with rival platforms under the Digital Markets Act, or DMA. The move is part of the EU’s wider push to reduce the market power of major technology companies and create fairer competition in the digital sector. In a…
-
EU Proposes Forcing Google to Share Search Data With Rivals Under DMA
The European Commission has proposed new measures that could force Google to share key search engine data with rival platforms under the Digital Markets Act, or DMA. The move is part of the EU’s wider push to reduce the market power of major technology companies and create fairer competition in the digital sector. In a…
-
20-Year-Old Malware Rewrites History of Cyber Sabotage
Researchers have uncovered a malware framework dubbed fast16 that predates Stuxnet by 5 years. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/20-year-old-malware-rewrites-history-of-cyber-sabotage
-
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Itron confirmed a cyber incident but does not believe it is likely to have a material impact on the company First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/utilities-tech-supplier-itron/
-
China-Backed Groups are Using Massive Botnets in Espionage, Intrusion Campaigns
China-sponsored threat groups like Salt Typhoon and Flax Typhoon are increasingly relying on multiple massive botnets comprising edge and IoT devices to run their cyber espionage and network intrusion campaigns, CISA and other security agencies say. The use of such “covert networks” makes it more difficult to detect and mitigate their campaigns. First seen on…
-
Fake YouTube Downloads Spread Vidar Malware to Steal Corporate Logins
A new Vidar infostealer campaign is abusing fake software download links on YouTube to compromise corporate employees and sell their stolen credentials on Russian cybercrime marketplaces. In the investigated case, the victim was searching for software on YouTube and likely followed a link in the video description that led to a third”‘party file”‘sharing service. From…
-
Microsoft Releases Enterprise Policy Option to Disable Windows 11 Copilot
Microsoft has introduced a new enterprise policy setting that allows IT administrators to silently uninstall the Microsoft Copilot app from managed Windows 11 devices, marking a significant shift in how organizations can control AI tool deployment across their fleets. The new RemoveMicrosoftCopilotApp policy setting became broadly available following the April 2026 Patch Tuesday security updates. It is…