Tag: government
-
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
-
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
-
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/webworm-apt-evolves-tactics/
-
Government digital ID launch was a fiasco, report finds
Tags: governmentBack-to-front policy and a rushed launch destroyed public confidence, as Home Affairs Committee is sceptical government has capacity to implement the digital ID programme First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643374/Government-digital-ID-launch-was-a-fiasco-report-finds
-
Telecom sector launches its own private ISAC
Federal government involvement in an existing group chilled some cybersecurity discussions among major telecom providers. The new group is intended to alleviate those anxieties. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/telecom-cybersecurity-c2-isac-launch/820553/
-
Qualys erhält FedRAMP-Zulassung der Stufe ‘High” für <> und bietet nun Schutz von Cloud-Workloads für Behörden
Qualys gibt bekannt, dass seine <>-Lösung die FedRAMP-High-Zulassung erhalten hat, die von der US-Drogenbekämpfungsbehörde (DEA) gefördert wird. Dieser Meilenstein erweitert den FedRAMP-High-Status der Qualys-Government-Platform um die Cloud-Native-Application-Protection-Platform (CNAPP). Qualys-Totalcloud ist nun im FedRAMP-Marketplace gelistet, sodass Bundesbehörden, Lieferanten und stark regulierte Branchen die umfassenden Cloud-Sicherheitsfunktionen nutzen können. Die FedRAMP-High-Zulassung stellt die strengste Compliance-Stufe innerhalb des Federal-Risk…
-
Poland shifts away from Signal following cyberattacks on officials’ accounts
Poland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for sensitive communications and move to a state-developed alternative. The decision follows repeated cyberattacks targeting Signal accounts belonging to politicians, military personnel, and public servants. Officials believe the campaigns…
-
CISA Admin Reportedly Exposes AWS GovCloud Credentials in Public GitHub Repository
Tags: cisa, credentials, cyber, cybersecurity, data, data-breach, github, government, infrastructureA significant security lapse involving the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has come to light after a contractor reportedly exposed highly sensitive AWS GovCloud credentials in a public GitHub repository. The incident, disclosed by security researchers on May 15, 2026, is being described as one of the most serious government-related data exposures in…
-
Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign
Government Backed Hackers abused Cloudflare storage services in a Malaysian espionage campaign involving hidden C2 systems and data exfiltration. First seen on hackread.com Jump to article: hackread.com/government-backed-hackers-cloudflare-malaysia-espionage/
-
How geopolitical instability could reshape Gulf datacentre investments and sovereign AI strategies
Rising tensions are forcing hyperscalers, governments and investors to reassess risk, resilience and infrastructure strategies as the Gulf positions itself as a global AI powerhouse First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643123/How-geopolitical-instability-could-reshape-Gulf-datacentre-investments-and-sovereign-AI-strategies
-
Gamaredon Deploys GammaDrop, GammaLoad in Phishing Campaigns
Gamaredon Uses GammaDrop and GammaLoad Downloaders in Multi-Stage Phishing Attacks. A sustained cyber-espionage campaign linked to the Gamaredon threat group is actively targeting Ukrainian government entities using multi-stage phishing attacks and evolving malware loaders. Gamaredon, also known as UAC-0010 or Shuckworm, continues to exploit CVE-2025-8088, a directory traversal vulnerability in WinRAR that allows attackers to…
-
How a government contest launched a revolution in AI-based bug hunting
Security researchers have spent months honing AI systems that can find and fix serious vulnerabilities. Critical infrastructure everywhere could benefit. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-vulnerability-discovery-darpa-challenge-critical-infrastructure/819494/
-
How a government contest launched a revolution in AI-based bug hunting
Security researchers have spent months honing AI systems that can find and fix serious vulnerabilities. Critical infrastructure everywhere could benefit. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-vulnerability-discovery-darpa-challenge-critical-infrastructure/819494/
-
Hackers Abuse Cloudflare Storage to Exfiltrate Network Files
A sophisticated cyber espionage campaign targeting multiple Malaysian organizations has been uncovered, revealing a highly structured attack chain that blends custom tooling, cloud infrastructure, and stealthy data exfiltration. At the center of the operation is an Azure virtual machine (IP: 20.17.161.118) used to orchestrate attacks across government-linked networks. The infrastructure contained a wide range of…
-
Crime increasingly a ‘serious barrier’ to UK growth, say business leaders
British Chambers of Commerce survey shows firms ‘are dealing with rising levels of theft, fraud and cyber-attacks’UK business leaders have warned that crime is becoming an increasingly “serious barrier” to growing Britain’s economy amid a rise in shoplifting, fraud and cyber-attacks against companies.The British Chambers of Commerce (BCC), which represents tens of thousands of businesses…
-
Ghostwriter group resumes attacks on Ukrainian Government targets
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat…
-
Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
Hackers linked to the long-running FrostyNeighbor cyber”‘espionage group have intensified attacks against Ukrainian government organizations, deploying updated techniques that rely on scheduled tasks for stealthy persistence and server-side validation to evade detection. FrostyNeighbor also tracked as Ghostwriter, UNC1151, and TA445 has been active since at least 2016 and is widely believed to operate in alignment…
-
‘FrostyNeighbor’ APT Carefully Targets Govt Orgs in Poland, Ukraine
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/frostyneighbor-apt-govt-orgs-poland-ukraine
-
A spyware investigator exposed Russian government hackers trying to hijack Signal accounts
A group of likely Russian government hackers tried to hack a security researcher who investigates spyware attacks. He was then able to turn the tables on the hackers and reveal details of their espionage campaign. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/14/a-spyware-investigator-exposed-russian-government-hackers-trying-to-hijack-signal-accounts/
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
Tags: attack, authentication, business, cloud, communications, control, credentials, defense, detection, email, framework, government, infrastructure, login, malicious, malware, mfa, microsoft, phishing, service, theftThe campaign dynamically adapts to victims: After deobfuscation, the phishing payload loads infrastructure designed to impersonate Microsoft 365 and other login portals while dynamically adapting to targeted users.According to the report, the malware can determine which authentication provider should be impersonated, preload victim email addresses into phishing pages, and customize branding elements such as company…
-
What CISOs need to land a board role
Tags: business, ciso, control, corporate, cyber, cybersecurity, finance, governance, government, intelligence, jobs, resilience, risk, skills, strategy, trainingTips for CISOs aiming for a board role: For CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector.For non-industry or public boards, CISOs must be comfortable contributing…
-
AI cyber capability is speeding past earlier projections
AI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/14/ai-cyber-models-capability-projections/
-
Google launches new Android security feature to help uncover spyware attacks
Intrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/12/google-launches-new-android-security-feature-to-help-uncover-spyware-attacks/
-
Europäisches Parlament: Wissenschaftlicher Dienst fordert Identitätsnachweis bei VPN-Nutzung
Der wissenschaftliche Dienst des Europäischen Parlaments schlägt einen erzwungenen Identitätsnachweis bei jeder VPN-Nutzung vor. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/europaeisches-parlament-wissenschaftlicher-dienst-fordert-identitaetsnachweis-bei-vpn-nutzung-329095.html
-
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
Tags: access, ai, cisco, crowdstrike, cyber, cybersecurity, defense, detection, fortinet, framework, government, malware, network, openai, oracle, penetration-testing, RedTeam, risk, software, strategy, technology, update, vulnerabilityOpenAI’s cybersecurity model stack: OpenAI is pursuing a scalable cyber defense platform strategy with Daybreak and is rolling out the initiative through three different model tiers: GPT-5.5 (default), GPT-5.5 with Trusted Access for Cyber, and GPT-5.5-Cyber.The standard GPT-5.5 model is positioned for general-purpose enterprise use cases, including developer assistance and knowledge work. GPT-5.5 with Trusted…
-
AI and an absent government: Takeaways from RSAC 2026
Cybersecurity professionals spent the recent conference discussing the balance between autonomy and oversight. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-cybersecurity-government-partnerships-rsac-conference/817451/
-
UK government renews calls to sign Cyber Resilience Pledge
Westminster renews calls for business leaders to sign up to its yet-to-be-launched Cyber Resilience Pledge and highlights growth, and challenges, for the UK’s cyber economy. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642938/UK-government-renews-calls-to-sign-Cyber-Resilience-Pledge
-
The Netherlands leads in quantum technology but lags on quantum security
The Dutch government has invested Euro615m to build a world-class quantum technology ecosystem, but many institutions have not started any quantum-specific preparations to protect themselves against the security threat First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642917/The-Netherlands-leads-in-quantum-technology-but-lags-on-quantum-security