Tag: government
-
CISA chief uploaded sensitive government files to public ChatGPT
Tags: access, chatgpt, cisa, compliance, control, cybersecurity, government, infrastructure, office, toolLeadership credibility questioned: The uploads triggered an internal DHS assessment involving the department’s then-acting general counsel Joseph Mazzara and chief information officer Antoine McCord, along with CISA’s chief information officer Robert Costello and chief counsel Spencer Fisher, the report said. The outcome has not been disclosed.According to the report, CISA spokesperson Marci McCarthy confirmed that…
-
QA: Why Cybersecurity Is Now a Core Business Risk, Not Just a Technical Problem
Tags: attack, business, cyber, cybersecurity, data, government, infrastructure, resilience, risk, supply-chain, threatCybersecurity threats are escalating in scale and sophistication, and organisations around the world are scrambling to keep pace with the evolving digital risk landscape. Governments and corporations alike face increasing pressure to strengthen cyber resilience as attacks extend across critical infrastructure, supply chains and data systems with growing frequency. At the forefront of national and…
-
Acting CISA Chief Flagged for Uploading Sensitive Government Files Into ChatGPT
The acting head of the federal government’s top cyber defense agency triggered an internal cybersecurity warning last summer after uploading sensitive government documents into a public version of ChatGPT, according to four Department of Homeland Security officials familiar with the incident. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-chief-internal-cybersecurity-warning/
-
Keir Starmer holds talks with Xi to bolster economic ties with China
PM is first UK leader to visit China in eight years and hopes to strengthen bond with superpower amid uncertainty over US allianceKeir Starmer has met the Chinese leader Xi Jinping on Thursday for historic talks he hopes will deepen economic ties at a time when some inside government fear the US is no longer…
-
Keir Starmer to hold talks with Xi to bolster economic ties with China
PM is first UK leader to visit China in eight years and hopes to strengthen bond with superpower amid uncertainty over US allianceKeir Starmer will meet the Chinese president Xi Jinping on Thursday for historic talks he hopes will deepen economic ties at a time when some inside government fear the US is no longer…
-
Government’s new approach to software security oversight could complicate things for vendors
Software companies cheered the elimination of a government-wide attestation mandate. What comes next could be messy. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/white-house-software-security-attestation-elimination/810765/
-
China-Backed ‘PeckBirdy’ Takes Flight for Cross-Platform Attacks
In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government entities with new backdoors. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-backed-peckbirdy-cross-platform-attacks
-
Trump’s acting cybersecurity chief uploaded sensitive government docs to ChatGPT
A report cited officials as saying that Homeland Security sought to determine if there was any harm to government security as a result of the lapse. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/28/trumps-acting-cybersecurity-chief-uploaded-sensitive-government-docs-to-chatgpt/
-
Cybercriminals Exploit Canadians’ Dependence on Digital Services in Widespread Attacks
Canadian citizens are facing a coordinated phishing campaign that leverages government impersonation and brand spoofing to harvest personal and financial data at scale. The campaign is heavily aligned with PayTool, a known phishing-as-a-service ecosystem specializing in traffic violation scams targeting Canadians via SMS. Beyond traffic fines, threat actors are impersonating Canada Revenue Agency (CRA), Air…
-
UK leaders warned country risks ‘absorbing’ cyber and hybrid attacks without offensive deterrence
The government must do more to actively disrupt and deter foreign cyber and hybrid threats, U.K. ministers were told at at a parliamentary hearing. First seen on therecord.media Jump to article: therecord.media/uk-government-warned-cyber-hybrid-threats-offensive-operations
-
Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks
Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints.The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, Polaris, and Twill Typhoon) with the intrusions primarily directed against government…
-
Slovakian man pleads guilty to operating darknet marketplace
A Slovakian national admitted on Tuesday to helping operate a darknet marketplace that sold narcotics, cybercrime tools and services, fake government IDs, and stolen personal information for more than two years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/slovakian-man-pleads-guilty-to-operating-kingdown-market-cybercrime-marketplace/
-
French government abandons Zoom and Microsoft Teams over security concerns
France intends to phase out non-European videoconferencing platforms such as Zoom and Microsoft Teams from its public administration, opting instead for a nationally developed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/28/france-zoom-teams-visio-public-administration/
-
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads.”Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated First…
-
>>Gopher Strike<<: New Pakistan-Linked Cyber Campaigns Target Indian Government
The post >>Gopher Strike<<: New Pakistan-Linked Cyber Campaigns Target Indian Government appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/gopher-strike-new-pakistan-linked-cyber-campaigns-target-indian-government/
-
Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect
Nation-state groups are consistently exploiting the defect to target victims in military, government and technology for espionage. First seen on cyberscoop.com Jump to article: cyberscoop.com/winrar-defect-active-exploits-google-threat-intel/
-
Amid Trump attacks and weaponized sanctions, Europeans look to rely less on US tech
European governments are looking to move away from U.S. tech and reclaim their digital sovereignty at a time of unpredictability and volatility in the United States. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/27/amid-trump-attacks-and-weaponized-sanctions-europeans-look-to-rely-less-on-us-tech/
-
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft.The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025.”While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) First seen on…
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
PeckBirdy Framework Tied to China-Aligned Cyber Campaigns
PeckBirdy command-and-control framework targeting gambling, government sectors in Asia since 2023 has been linked to China-aligned APTs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/peckbirdy-framework-tied-china/
-
China-linked group accused of spying on phones of UK prime ministers’ aides for years
Reports say Salt Typhoon attackers accessed handsets of senior govt folk First seen on theregister.com Jump to article: www.theregister.com/2026/01/27/chinalinked_hackers_accused_of_yearslong/
-
France to replace US videoconferencing wares with unfortunately named sovereign alternative
French govt says state-run service ‘Visio’ will be more secure. Now where have we heard that name before? First seen on theregister.com Jump to article: www.theregister.com/2026/01/27/france_videoconferencing_visio/
-
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments.The flexible framework has been put to use against Chinese gambling industries and malicious activities targeting Asian government entities and private organizations, according to Trend Micro First seen on…
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
Saudi satirist hacked with Pegasus spyware wins damages in court battle
The London High Court awarded the London-based satirist and human rights activist Ghanem Al-Masarir more than £3 million, after finding the Saudi government hacked his phone and was likely behind a physical attack targeting him in London. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/26/saudi-satirist-hacked-with-pegasus-spyware-wins-damages-in-court-battle/
-
Federal agencies abruptly pull out of RSAC after organizer hires Easterly
The decision fits a pattern of government withdrawal from the cybersecurity community under the Trump administration. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-nsa-fbi-rsac-conference-jen-easterly/810482/
-
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns
Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technologyWhere most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
-
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns
Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technologyWhere most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
-
Industry, government, nonprofits weigh voluntary rules for commercial hacking tools
The weekend discussion about the next step of the Pall Mall Process revealed some of the topics rules-writers will have to weigh. First seen on cyberscoop.com Jump to article: cyberscoop.com/industry-government-nonprofits-weigh-voluntary-rules-for-commercial-hacking-tools/
-
UK digital ID goes in-house, government swears it isn’t an ID card
Minister dodges cost questions while promising smartphone-free access and ‘robust’ verification First seen on theregister.com Jump to article: www.theregister.com/2026/01/26/digital_id_costs/