Tag: government
-
CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers
A bug in a popular line of video conferencing software is being exploited by hackers, prompting the U.S. government to order all agencies to patch the vulnerability within two weeks. First seen on therecord.media Jump to article: therecord.media/trueconf-cyberattack-cisa-hackers
-
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region.The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda.”This TA416 activity included multiple First seen on…
-
Blocking children from social media is a badly executed good idea
Tags: governmentGovernments are each inventing their own flavor of an age based ban for social media. Is the cure worse than the disease? First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/blocking-children-from-social-media-is-a-badly-executed-good-idea/
-
Government agencies see cyber threats as major barrier to tech improvements
Federal leaders also see opportunities to accelerate cyber defense with AI, but most agencies are still only testing AI tools, ;a new survey found. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cybersecurity-modernization-ai-ey-survey/816590/
-
FedRAMP Ready, Class A Certification, and Breaking Into the Federal Market
The updates and expansion of FedRAMP make a few things clear, the most significant of which is that government agencies are counting on cloud tools to help them do their work. But they also want certainty. The FedRAMP Ready designation was meant to bridge the gap between agencies seeking audited platforms and SaaS providers seeking”¦…
-
RSAC 2026: AI Dominates, But Community Remains Key to Security
As AI took center stage at this year’s conference, experts debated automation, oversight and the evolving role of human intelligence in cybersecurity, despite the US government’s notable absence. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/rsac-2026-ai-dominates-community
-
Possible US Government iPhone Hacking Tool Leaked
Tags: data-breach, defense, exploit, google, government, group, hacking, iphone, malware, tool, vulnerabilityWired writes (alternate source): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code.…
-
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign
Hackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security tool, according to a new alert from the national cyber response team. Targets included government agencies, financial institutions, educational bodies, medical centers, and IT companies. The emails urged recipients to download a password-protected archive…
-
TrueConf zero-day vulnerability exploited to target government networks
Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/trueconf-zero-day-vulnerability-cyber-espionage/
-
TA416 Broadens Europe Spy Campaign With Web Bugs and Malware
China-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, combining web bug reconnaissance with constantly evolving malware delivery chains that culminate in a customized PlugX backdoor. From mid-2025, TA416 restarted regular targeting of European government and diplomatic entities after a two”‘year lull, with a…
-
WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker
The Meta-owned company said it identified around 200 users who were tricked into installing a fake version of WhatsApp that was actually Italian-made spyware. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/01/whatsapp-notifies-hundreds-of-users-who-installed-a-fake-app-that-was-actually-government-spyware/
-
Iran-linked actors target Middle Eastern city governments to undermine missile-strike responses
The password-spraying campaign is the latest evidence that Iran is hitting back in cyberspace. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-cyberattack-missile-strikes-password-spraying/816333/
-
WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware
The Meta-owned company said it identified around 200 users who were tricked into installing a fake version of WhatsApp that was actually Italian-made spyware. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/01/whatsapp-notifies-hundreds-of-users-who-installed-a-fake-app-that-was-actually-government-spyware/
-
Cyberattacks Intensify Pressure on Latin American Governments
Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cyberattacks-latin-american-governments
-
Iran-linked actors targeting Middle Eastern city governments to undermine missile-strike responses
The password-spraying campaign is the latest evidence that Iran is hitting back in cyberspace. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-cyberattack-missile-strikes-password-spraying/816333/
-
Iran Calls U.S. Tech Companies ‘Legitimate Targets,’ Threatens to Attack
The Iranian government is threatening to attack the Middle East operations of more than a dozen U.S. tech companies, including Microsoft, Nvidia, and Google, calling them “legitimate targets.” Meanwhile, pro-Iranian threat groups expand their operations as the U.S. and Israel continues their bombing campaign against Iran. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/iran-calls-u-s-tech-companies-legitimate-targets-threatens-to-attack/
-
Romania under daily barrage of cyberattacks, defense minister says
Romanian government institutions are facing thousands of cyberattack attempts every day targeting a wide range of public institutions, Defense Minister Radu Miruta said. First seen on therecord.media Jump to article: therecord.media/romania-cyberattacks-russia-defense-minister
-
Chinese Hackers Target European Governments in Espionage Campaigns
Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-hackers-ta416-europe/
-
TrueConf Vulnerability Under Active Exploitation in Southeast Asia Government Attacks
Check Point Research has discovered a critical zero-day vulnerability in the TrueConf video conferencing client. Tracked as CVE-2026-3502 with a CVSS score of 7.8, this flaw is currently being exploited in targeted attacks against government entities in Southeast Asia. Dubbed >>Operation TrueChaos,<< the campaign uses the application's trusted update system to deliver the Havoc post-exploitation…
-
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos.The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to…
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
How we made Trail of Bits AI-native (so far)
Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerabilityThis post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
-
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets
ey Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf software installed in the targets’ environment. The investigation led to the discovery of a zero-day vulnerability in the TrueConf client, tracked asCVE-2026-3502with aCVSS score of 7.8.…
-
‘Missed opportunity’: US government’s absence from RSAC Conference leaves stark void
The Trump administration’s decision to not attend the world’s biggest cybersecurity conference sent the wrong message to partners, experts said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/rsac-conference-cybersecurity-partnerships-us-government-trump/816157/
-
6 key takeaways from RSA Conference 2026
Tags: ai, api, attack, ceo, cio, ciso, compliance, conference, control, cyber, cybersecurity, data, framework, google, governance, government, identity, infrastructure, injection, intelligence, jobs, LLM, office, RedTeam, regulation, risk, saas, service, technology, threat, tool, trainingSecuring the AI stack: Yes, but the threat surface has grown: The first technical priority I offered for CISOs in my conference preview was securing the AI stack, RAG workflows, LLM data pipelines, vector databases, and model APIs, on the basis that prompt injection, training data poisoning, and model inversion attacks were no longer theoretical.The…