Lmst
Login

#GovernmentSecurity

DarkWebSonardarkwebsonar@infosec.exchange
2025-11-19

Data breach impacting #India ๐Ÿ‡ฎ๐Ÿ‡ณ in the Government Administration sector involving victim parivahan sewa. Confidence level: low. #DataBreach #GovernmentSecurity #CyberThreat

DarkWebSonardarkwebsonar@infosec.exchange
2025-11-18

A high-confidence DDoS attack has targeted the Ministry of Health in Algeria ๐Ÿ‡ฉ๐Ÿ‡ฟ, impacting government administration. #DDoS #CyberThreats #GovernmentSecurity

SOC Goulashsoc_goulash@infosec.exchange
2025-11-10

Alright team, it's been a pretty active 24 hours in the cyber world! We've got some serious breaches to discuss, a new zero-day under active exploitation, some interesting developments in AI-driven security, and a critical update on US cyber legislation. Let's dive in:

Clop Ransomware Hits Allianz UK via Oracle EBS Zero-Day ๐Ÿšจ
- Allianz UK has confirmed it fell victim to the Clop ransomware gang, who exploited a zero-day vulnerability (CVE-2025-61882, CVSS 9.8) in Oracle E-Business Suite (EBS).
- This attack compromised data for 80 current and 670 previous Allianz UK customers, though thankfully, their LV subsidiary's customers and systems were unaffected.
- Google Threat Intelligence Group notes this is part of a broader campaign affecting "dozens" of organisations, with exploitation potentially starting as early as July, three months before public disclosure. This highlights the critical need for rapid patching and proactive threat hunting.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Chinese Infosec Firm Leaks Cyber-Weapons and Target Lists ๐Ÿ‡จ๐Ÿ‡ณ
- In a rather ironic turn, Chinese security company Knownsec, reportedly linked to Beijing's military, suffered a significant data breach.
- Over 12,000 classified documents were leaked, exposing Chinese state-owned cyber weapons, internal tools, and a global target list.
- The leaked trove includes Remote Access Trojans (RATs) capable of compromising Linux, Windows, macOS, iOS, and Android, with Android variants specifically targeting Chinese messaging apps and Telegram. This is a goldmine for threat intelligence analysts tracking state-sponsored capabilities.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Large-Scale ClickFix Phishing Attacks Target Hospitality Sector ๐Ÿจ
- A widespread phishing campaign is hitting the hospitality industry, using sophisticated "ClickFix" social engineering tactics to deploy PureRAT (aka zgRAT) malware.
- Attackers impersonate Booking.com in spear-phishing emails, leading victims to malicious pages with fake reCAPTCHA challenges, OS-specific instructions, and even clipboard hijacking to execute malicious PowerShell commands.
- The goal is to steal credentials for booking platforms like Booking.com and Expedia, which are then either sold or used for direct customer fraud via WhatsApp/email. Organisations in hospitality need to be hyper-vigilant and train staff on these evolving social engineering techniques.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/larg

Yanluowang Initial Access Broker Pleads Guilty โš–๏ธ
- Aleksei Olegovich Volkov, a 25-year-old Russian national, has pleaded guilty to acting as an initial access broker (IAB) for the Yanluowang ransomware gang.
- Volkov was involved in at least seven attacks on US organisations between July 2021 and November 2022, providing network access for a fee and a percentage of ransom payments, totalling over $250,000 from two victims.
- He faces up to 53 years in prison and has been ordered to pay over $9.1 million in restitution. This highlights ongoing law enforcement efforts to disrupt the ransomware ecosystem by targeting key enablers like IABs.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

Samsung Zero-Day (CVE-2025-21042) Actively Exploited by LANDFALL Spyware ๐Ÿ“ฑ
- CISA has issued a directive for US federal agencies to patch CVE-2025-21042, a critical out-of-bounds write flaw in Samsung's libimagecodec.quram.so library, actively exploited as a zero-day.
- The vulnerability allows remote code execution on Android 13+ devices and has been used to deploy LANDFALL spyware via malicious DNG images sent over WhatsApp.
- LANDFALL is a commercial-grade spyware capable of extensive data harvesting (browsing history, call/audio recording, location, photos, contacts, SMS, files) and targets Samsung Galaxy S22, S23, S24, Z Fold 4, and Z Flip 4 series.
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/week

Critical RCE in Popular JavaScript Library 'expr-eval' โš ๏ธ
- A critical Remote Code Execution (RCE) vulnerability, CVE-2025-12735 (CVSS 9.8), has been found in the widely used `expr-eval` JavaScript library (over 800,000 weekly NPM downloads).
- The flaw allows attackers to execute arbitrary code through malicious input due to insufficient validation of variables passed to the `Parser.evaluate()` function.
- A fix is available in `expr-eval-fork v3.0.0`, and developers using the original, unmaintained `expr-eval` are strongly advised to migrate immediately. This is a significant supply chain risk for projects relying on this library.
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

New Threat Actor Alliance: Scattered LAPSUS$ Hunters (SLH) ๐Ÿค
- A new, coordinated alliance named "Scattered LAPSUS$ Hunters" (SLH) has emerged, combining the tactics and reputations of Scattered Spider, LAPSUS$, and ShinyHunters.
- This group is offering "extortion-as-a-service" and is testing new ransomware, "Sh1nySp1d3r." This merger signifies a professionalisation of cybercrime, leveraging combined expertise for financially motivated attacks.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/week

Curly COMrades Abuses Hyper-V for Stealthy Malware Deployment ๐Ÿ‘ป
- The Russian-aligned threat actor Curly COMrades is using an advanced technique to hide malware: abusing Microsoft's Hyper-V hypervisor to create hidden Alpine Linux virtual machines.
- This method allows their CurlyShell and CurlyCat malware to operate outside the host OS's visibility, bypassing endpoint security tools by making all malicious outbound traffic appear to originate from the legitimate host IP.
- This sophisticated evasion tactic highlights the need for deep visibility into virtualisation layers and advanced detection capabilities that go beyond traditional endpoint monitoring.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/week

Hidden Logic Bombs in Malicious NuGet Packages ๐Ÿ’ฃ
- Nine malicious NuGet packages, published by "shanhai666" in 2023-2024, have been found to contain time-delayed logic bombs.
- These bombs are designed to activate years after deployment (August 2027, November 2028) to sabotage database operations and corrupt industrial control systems.
- This is a serious supply chain threat, demonstrating long-term persistence strategies and the need for rigorous vetting of third-party dependencies.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/week

Microsoft Teams Flaws Expose Users to Impersonation ๐ŸŽญ
- Four now-patched security vulnerabilities in Microsoft Teams could have allowed attackers to manipulate conversations, impersonate colleagues (including C-suite executives), and alter notifications.
- These flaws enabled attackers to change message content without "Edited" labels and forge caller identities, making social engineering attacks highly convincing.
- Timely patching is crucial, but this also underscores the need for robust user awareness training against impersonation attempts, even within trusted communication platforms.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/week

RDP Accounts Targeted by Cephalus Ransomware ๐Ÿ’ธ
- A new Go-based ransomware, Cephalus, is breaching organisations by exploiting Remote Desktop Protocol (RDP) accounts that lack multi-factor authentication (MFA).
- Upon execution, Cephalus disables Windows Defender, deletes VSS backups, and stops services like Veeam and MSSQL to maximise encryption success and hinder recovery.
- This is a stark reminder that RDP remains a primary attack vector, and MFA implementation on all internet-facing services is non-negotiable.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/week

Malicious AI Bots Impersonate Legitimate Agents ๐Ÿค–
- Threat actors are developing and deploying bots that impersonate legitimate AI agents from providers like Google, OpenAI, Grok, and Anthropic.
- These malicious bots exploit updated bot policies by spoofing AI agent identities to bypass detection systems, potentially leading to large-scale account takeover (ATO) and financial fraud.
- Organisations need to implement robust bot management and identity verification for AI interactions, treating AI agents as potential vectors for social engineering and data exfiltration.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/week

Fake Installers Distribute TamperedChef/BaoLoader Infostealer ๐Ÿ“ฆ
- Ongoing infostealer campaigns are leveraging malicious installers that mimic legitimate productivity tools, likely created using EvilAI.
- These installers deliver TamperedChef/BaoLoader malware, providing full command-and-control functionality, including arbitrary command execution, file upload/download, and data exfiltration, along with persistence mechanisms.
- This highlights the continued effectiveness of supply chain attacks via trojanised software and the importance of verifying software sources and integrity.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2025/11/week

US Cyber Information Sharing Law (CISA 2015) in Limbo ๐Ÿ‡บ๐Ÿ‡ธ
- The Cybersecurity Information Sharing Act (CISA 2015) officially expired on September 30, 2025, leaving a significant void in US government-industry cyber threat intelligence sharing.
- This lapse has already resulted in a reported 70% decline in IOC sharing and increased ransomware activity in healthcare, longer response times in energy/utilities, and reduced visibility in financial institutions.
- A short-term funding bill is currently advancing through the Senate, which would temporarily extend CISA 2015 until January 2026, but long-term stability remains uncertain due to political disagreements.
๐Ÿคซ CyberScoop | cyberscoop.com/cisa-informatio
๐Ÿคซ CyberScoop | cyberscoop.com/cisa-2015-shutd
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Louvre Museum's Decade of Poor Infosec Exposed ๐Ÿ›๏ธ
- Investigative reports reveal a decade-long history of incredibly poor information security at the Louvre Museum, with basic failures like using "LOUVRE" as a password for its video surveillance server and "THALES" for vendor software.
- Pen-testers easily breached systems, gaining access to badge control and modifying access rights. Outdated Windows 2000, XP, and Server 2003 systems were also found to be in use.
- This serves as a stark reminder that even world-renowned institutions can suffer from fundamental security hygiene issues, making them easy targets for opportunistic attackers.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

#CyberSecurity #ThreatIntelligence #Ransomware #ZeroDay #Vulnerability #APT #Phishing #Malware #AI #IncidentResponse #DataBreach #InfoSec #GovernmentSecurity

DarkWebSonardarkwebsonar@infosec.exchange
2025-11-08

A defacement incident has been reported targeting the government administration sector in Indonesia ๐Ÿ‡ฎ๐Ÿ‡ฉ, specifically affecting the victim 'siperkasaku'. Confidence level is high. #CyberThreat #GovernmentSecurity #Indonesia

The DefendOps Diariesdefendopsdiaries@infosec.exchange
2025-11-07

Breaking: A sudden zero-day breach sent the CBO into lockdown, stalling vital budget analysis for weeks. How did state-backed hackers exploit a simple phishing ploy to disrupt a government agency? Dive into the unfolding cyber drama.

thedefendopsdiaries.com/cbo-cy

#cyberattack
#apt
#governmentsecurity
#zeroday
#cyberresilience

The DefendOps Diariesdefendopsdiaries@infosec.exchange
2025-11-06

One click. One small mistake. And suddenly, 60 state agencies were held hostage for 28 days. How did a simple ad become a cyber nightmare for Nevada?

thedefendopsdiaries.com/how-a-

#ransomware
#cyberattack
#nevada2025
#incidentresponse
#cybersecurity
#databreach
#governmentsecurity
#infosec

SOC Goulashsoc_goulash@infosec.exchange
2025-11-04

Morning, cyber pros! โ˜• It's been a busy 24 hours with major crypto heists, shocking insider threats, innovative malware C2, critical vulnerabilities, and some questionable AI research. Let's dive in:

Recent Cyber Attacks and Breaches ๐Ÿšจ

- The decentralised finance protocol Balancer suffered a significant exploit, with over $120 million in cryptocurrency stolen from its v2 pools. Initial analysis points to faulty access control mechanisms or a precision rounding error in swap calculations. This incident highlights the ongoing high-value targets in the DeFi space, often linked to sophisticated actors like North Korean groups.
- Two cybersecurity insiders โ€“ a ransomware negotiator from DigitalMint and an incident response manager from Sygnia โ€“ have been indicted for allegedly deploying ALPHV/BlackCat ransomware against five US companies. One victim reportedly paid $1.27 million in virtual currency. This is a stark reminder of the critical insider threat risk, even within the security industry itself.
- The backdoored "secure" messaging app AN0M, created by the FBI and Australian Federal Police, is still leading to arrests four years after its initial reveal. Australian police recently cuffed 55 individuals in South Australia, seizing AUD$25.8 million in assets, following a High Court ruling that validated the legality of the closed-system sting operation.
- A coordinated European law enforcement operation, led by Eurojust, resulted in nine arrests across Cyprus, Spain, and Germany, dismantling a cryptocurrency fraud network that defrauded victims of over โ‚ฌ600 million. The criminals used fake investment platforms and social engineering, then laundered the crypto assets using blockchain technology.
- Miljรถdata, a key IT systems provider for 80% of Sweden's municipalities, suffered a data breach affecting 1.5 million individuals. The Datacarry ransomware group claimed responsibility, leaking sensitive personal data including names, emails, physical addresses, phone numbers, government IDs, and dates of birth. The Swedish Authority for Privacy Protection (IMY) is investigating potential GDPR violations.

๐Ÿ—ž๏ธ The Record | therecord.media/crypto-heist-b
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/cryp
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
โšก The Hacker News | thehackernews.com/2025/11/us-p
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu
โšก The Hacker News | thehackernews.com/2025/11/euro
๐Ÿ—ž๏ธ The Record | therecord.media/9-arrested-eur
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

New Threat Research: Malware and Techniques ๐Ÿ”ฌ

- The Russian cyber-espionage group "Curly COMrades" is deploying a sophisticated Tor-enabled OpenSSH backdoor, dubbed "Operation SkyCloak," primarily targeting defense sectors in Russia and Belarus. This malware hides within hidden Alpine Linux VMs on Hyper-V, using custom tools (CurlyShell and CurlCat) and obfs4 obfuscation to evade detection and maintain stealthy C2 communications.
- Microsoft has uncovered "SesameOp," a novel backdoor that leverages OpenAI's Assistants API as a command-and-control (C2) channel. This technique allows malicious traffic to blend seamlessly with legitimate AI service communications, making it incredibly difficult for traditional security tools to detect, highlighting a growing trend of abusing trusted cloud services for stealthy operations.

โšก The Hacker News | thehackernews.com/2025/11/oper
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Vulnerabilities ๐Ÿ›ก๏ธ

- Google's AI-powered cybersecurity agent, "Big Sleep," has identified five new vulnerabilities (CVE-2025-43429, -43430, -43431, -43433, -43434) in Apple's Safari WebKit component. These flaws could lead to browser crashes or memory corruption, and Apple has already released patches across iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari.
- Check Point researchers discovered and reported four serious, now-patched vulnerabilities in Microsoft Teams, including CVE-2024-38197. These flaws could have allowed attackers to impersonate executives, silently alter chat histories, and spoof notifications or calls, exploiting Teams' messaging architecture and unique message identifiers to undermine digital trust within organisations.

โšก The Hacker News | thehackernews.com/2025/11/goog
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Threat Landscape Commentary ๐ŸŒ

- MIT Sloan has pulled a working paper that controversially claimed 80% of ransomware attacks in 2024 were AI-driven, following widespread criticism from security researchers like Kevin Beaumont and Marcus Hutchins. The paper was slammed for its lack of evidence, outdated references, and potential conflicts of interest, underscoring the need for rigorous academic integrity in cybersecurity research.
- A concerning trend of "violence as a service" is emerging in Europe, with CrowdStrike reporting at least 18 cases this year, primarily in France. These incidents involve physical assaults, kidnappings, and drugging to coerce victims into surrendering cryptocurrency. This highlights a dangerous collaboration between traditional cybercriminals and organised crime groups ("The Com") for close-access operations.
- During a meeting with South Korean President Lee Jae-myung, Chinese President Xi Jinping made a light-hearted remark about checking Xiaomi smartphones for backdoors. This seemingly innocuous joke inadvertently highlights ongoing international concerns regarding potential state-sponsored surveillance through Chinese technology, especially given China's extensive censorship via the Great Firewall and alleged activities of groups like Salt Typhoon.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Data Privacy ๐Ÿ”’

- Senator Bill Cassidy (R-LA) has introduced the Health Information Privacy Reform Act, aiming to extend privacy protections to health data collected by smartwatches and health apps. This legislation seeks to close a significant gap in current regulations, as such data is often not covered by HIPAA, addressing concerns like apps selling user health information to third parties.

๐Ÿ—ž๏ธ The Record | therecord.media/health-privacy

Government Staffing and Program Changes ๐Ÿ›๏ธ

- The Office of Personnel Management (OPM) plans a "mass deferment" for participants in the CyberCorps: Scholarship-For-Service program, giving them more time to secure federal government jobs. This move addresses concerns from students facing potential debt due to difficulties finding federal employment amidst hiring freezes and budget cuts.
- An audit by the Office of the Inspector General (OIG) reveals that the US Consumer Financial Protection Bureau's (CFPB) information security program has degraded from "managed and measurable" to "defined" maturity. This decline is attributed to significant resource reductions, including contractor terminations and staff departures, leading to issues with system authorisations and cybersecurity risk management.

๐Ÿคซ CyberScoop | cyberscoop.com/opm-nsf-cyberco
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Everything Else ๐Ÿ“ฐ

- Microsoft has acknowledged a bug in the October 2025 Windows 10 updates that causes incorrect "Your version of Windows has reached the end of support" messages on systems with active security coverage (LTSC 2021, ESU-enrolled 22H2). While cosmetic, Microsoft has issued a cloud configuration update and a Known Issue Rollback (KIR) group policy workaround.
- Bugcrowd, known for its bug bounty platform, has acquired Mayhem Security, an AI-driven offensive security firm. This acquisition aims to enhance Bugcrowd's capabilities by integrating Mayhem's autonomous vulnerability discovery and continuous penetration testing technology with human hacker expertise, with the goal of eliminating zero-day threats faster.

๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/micr
๐Ÿคซ CyberScoop | cyberscoop.com/bugcrowd-mayhem

#CyberSecurity #ThreatIntelligence #Ransomware #DeFi #InsiderThreat #Malware #C2 #Vulnerabilities #AI #DataPrivacy #GovernmentSecurity #InfoSec #CyberCrime #LawEnforcement

VersitronVersitron1
2025-11-04

Managing multiple security zones across public facilities?

The Versitron IP Surveillance for Government Buildings enables seamless, centralized monitoring across campuses and departments.

Whatโ€™s your biggest challenge in scaling surveillance networks?

VersitronVersitron1
2025-11-03

Managing secure communication networks for government or defense?

The Versitron RS-530 Converter for Government Security provides precision, reliability, and data integrity for mission-critical systems.

Whatโ€™s your top priority encryption, speed, or reliability?

VersitronVersitron1
2025-10-16

Concerned about security gaps in government facilities?

Traditional cameras and monitoring can leave blind spots.
Advanced surveillance systems provide comprehensive coverage, real-time alerts, and high-resolution monitoring.

How do you ensure your facility stays fully secure? Share your strategies!

VersitronVersitron1
2025-10-14

Looking for a robust solution for multi-channel video in government buildings?

Standard video transmission may not withstand long runs or EMI-prone environments.
Versitron 2 Channel Video to Fiber Kits offer durable, interference-resistant connections for secure surveillance.

Have you deployed fiber-based video kits in government facilities? Share your experience!

Comelit South East AsiaComelitSEA
2025-10-10

For government and defense sites, Comelit provides high-security encrypted readers, biometrics, and video surveillance.
A centralized platform unites access, fire, intrusion, and CCTV for mission-critical reliability.

๐Ÿ”— zurl.co/EyTKu
| ๐Ÿ“ฉ enquiries@comelit.sg

ResearchBuzz: Firehoseresearchbuzz_firehose@rbfirehose.com
2025-10-08

The Conversation: Federal shutdown deals blow to already hobbled cybersecurity agency. โ€œCISA is among the entities that will see the deepest staffing reductions during the shutdown that began Oct. 1, 2025, according to Department of Homeland Security documentation. Only about one-third of its employees remain on the job after federal employees were furloughed. As if cybersecurity wasnโ€™t [โ€ฆ]

https://rbfirehose.com/2025/10/08/the-conversation-federal-shutdown-deals-blow-to-already-hobbled-cybersecurity-agency/

SOC Goulashsoc_goulash@infosec.exchange
2025-10-07

Hello everyone! It's been a busy 24 hours in the cyber world with significant updates on nation-state activity, a couple of actively exploited vulnerabilities, a new ransomware decryptor, and a reminder about the ever-evolving privacy landscape. Let's take a look:

Clop & Oracle E-Business Suite Zero-Day Exploitation โš ๏ธ
- The Clop ransomware gang has been actively exploiting a new zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite (EBS) since August 2025, leading to mass data theft and extortion.
- This critical flaw (CVSS 9.8) allows unauthenticated remote code execution, with Oracle rushing out an emergency patch and urging immediate application.
- Mandiant confirms widespread exploitation, advising organisations to patch immediately and assume compromise, as "Scattered Lapsus$ Hunters" also leaked the exploit code, raising questions about collaboration or shared tooling.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿ—ž๏ธ The Record | therecord.media/fbi-uk-urge-or
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu
๐Ÿšจ The Hacker News | thehackernews.com/2025/10/orac

Medusa Ransomware Exploiting GoAnywhere MFT Zero-Day ๐Ÿšจ
- Microsoft has confirmed that the Medusa ransomware affiliate, Storm-1175, has been exploiting a critical GoAnywhere MFT vulnerability (CVE-2025-10035) since at least September 11, 2025.
- This deserialisation flaw allows remote code execution without user interaction, leading to initial access, lateral movement, data exfiltration via Rclone, and Medusa ransomware deployment.
- Fortra patched the bug on September 18, but WatchTowr Labs and now Microsoft have confirmed active zero-day exploitation, urging immediate patching and log inspection for compromise indicators.
๐Ÿ—ž๏ธ The Record | therecord.media/medusa-ransomw
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

Salesloft Drift Supply Chain Attacks: Lessons from Okta and Zscaler ๐Ÿ›ก๏ธ
- The widespread Salesloft Drift supply chain attack, attributed to UNC6395, involved the theft of Salesforce customer data by exploiting OAuth tokens.
- Okta successfully blocked the attack due to proactive IP restrictions on API calls, highlighting the importance of granular access controls.
- Zscaler, despite having stopped using Drift, was compromised because its OAuth token remained active, leading to unauthorised access to customer and internal data, underscoring the need for frequent token rotation and timely deactivation.
๐Ÿคซ CyberScoop | cyberscoop.com/okta-zscaler-se

Jaguar Land Rover Production Resumes After Cyber Stall ๐Ÿš—
- Jaguar Land Rover (JLR) is restarting manufacturing after a cyberattack on September 2, 2025, caused weeks of costly downtime, estimated at ยฃ5-10 million daily.
- The incident led to an estimated ยฃ2.2 billion in revenue losses and ยฃ150 million in profit losses, impacting JLR's supply chain and leading to job losses.
- The UK government provided a ยฃ1.5 billion loan guarantee to aid recovery and safeguard jobs, highlighting the significant economic impact of cyberattacks on critical industries.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Discord Support Vendor Data Breach ๐Ÿ’ฌ
- Discord has confirmed a data breach at an unnamed third-party customer service vendor, not directly on its own systems, exposing user support tickets and personal details.
- Stolen data may include names, email addresses, billing info (last four digits of credit cards), IP addresses, messages, attachments, and potentially government IDs used for age verification.
- Discord has cut off the vendor's access, launched an investigation, and is notifying affected users, advising vigilance against scams and exploitation of the stolen information.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Radiant Group Ransomware Targets Hospital ๐Ÿฅ
- The new ransomware group, Radiant Group, has claimed to hit a US hospital, giving them seven days to comply with demands or face data exposure.
- This follows controversy over their previous attack on Kido Schools, where they leaked images of preschoolers, prompting a rival group (Nova) to chastise them and Radiant to remove the children's data.
- The group's shifting ethical stance (no kids' data, but hospitals are fair game) and apparent native English speaking members highlight evolving ransomware tactics and internal group dynamics.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Suspected Chinese APT Targets Serbian Aviation Agency โœˆ๏ธ
- A suspected China-linked cyber-espionage campaign has targeted a Serbian government department overseeing aviation, as well as other European institutions in Hungary, Belgium, Italy, and the Netherlands.
- The campaign uses phishing emails redirecting to fake Cloudflare verification pages to deliver Sogu, PlugX, and Korplug malware, tools consistently associated with Chinese state-sponsored hackers.
- While specific attribution is pending, the use of these tools and similar tactics seen in other China-linked operations (e.g., UNC6384) points to ongoing espionage efforts against diplomatic and critical infrastructure targets.
๐Ÿ—ž๏ธ The Record | therecord.media/suspected-chin

Zimbra Zero-Day Exploited Against Brazilian Military ๐Ÿ‡ง๐Ÿ‡ท
- A now-patched stored cross-site scripting (XSS) zero-day (CVE-2025-27915) in Zimbra Collaboration's Classic Web Client was exploited earlier this year against the Brazilian military.
- Attackers spoofed the Libyan Navy to send malicious ICS calendar files containing JavaScript, designed to steal credentials, emails, contacts, and shared folders, and set up email forwarding rules.
- The vulnerability, arising from insufficient HTML sanitisation, allows arbitrary code execution within a victim's session, enabling data exfiltration and unauthorised account actions.
๐Ÿšจ The Hacker News | thehackernews.com/2025/10/zimb

Redis Critical RCE Flaw Impacting Thousands of Instances ๐Ÿ”’
- Redis has patched a maximum severity use-after-free vulnerability (CVE-2025-49844) in its source code, allowing authenticated attackers to achieve remote code execution via specially crafted Lua scripts.
- Discovered by Wiz researchers and dubbed "RediShell," successful exploitation can lead to full host system access, data exfiltration, resource hijacking, and lateral movement in cloud environments.
- With an estimated 330,000 Redis instances exposed online (60,000 unauthenticated), immediate patching is crucial, along with enabling authentication, disabling Lua scripting, and implementing network access controls.
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

Unity Game Engine Vulnerability Exposes Gamers ๐ŸŽฎ
- A code execution vulnerability (CVE-2025-59489) in the Unity game engine affects Android, Windows, Linux, and MacOS, potentially allowing arbitrary code execution and information disclosure.
- The flaw, discovered by GMO Flatt Security, stems from Unity's handling of command line arguments, enabling malicious apps to load and execute attacker-supplied native libraries with game privileges.
- While no active exploitation has been observed, Steam has released a client update to block malicious URI schemes, and Microsoft recommends uninstalling vulnerable games until developers update their titles with patched Unity versions.
๐Ÿ—ž๏ธ The Record | therecord.media/unity-game-eng
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

Surge in Scanning for Palo Alto Networks GlobalProtect ๐Ÿ“ˆ
- Greynoise has observed a massive surge in scanning attacks targeting Palo Alto Networks GlobalProtect and PAN-OS login portals, with over 1,300 unique IPs, 93% of which are suspicious.
- This activity, the largest in three months, mimics previous attacks against Cisco kit, suggesting threat actors are actively searching for unpatched systems to exploit existing vulnerabilities.
- Organisations running these systems, especially those internet-facing, should be on high alert, ensure all patches are applied, and monitor for suspicious activity, particularly in the US, Pakistan, Mexico, France, Australia, and the UK.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

XWorm Malware Resurfaces with Ransomware Module ๐Ÿ›
- New versions of the XWorm backdoor (6.0, 6.4, 6.5) are being distributed in phishing campaigns, adopted by multiple threat actors after the original developer abandoned the project.
- The updated variants feature over 35 plugins, expanding capabilities from data theft (browsers, apps, crypto wallets) and remote control to now include a ransomware module for file encryption.
- XWorm's ransomware component shares code overlaps with NoCry ransomware, encrypting user data, dropping ransom notes, and avoiding system files, necessitating a multi-layered defence approach including EDR and network monitoring.
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

Scattered Lapsus$ Hunters' Crowdsourced Extortion Scheme ๐Ÿ’ฐ
- The "Scattered Lapsus$ Hunters" collective has launched a novel crowdsourced extortion scheme, offering $10 in Bitcoin to individuals who "endlessly harass" executives of their alleged victims.
- The group, claiming to have breached 39 organisations via a Salesforce integration (Salesloft Drift), is pressuring companies to pay ransoms to avoid data leaks from their new site.
- Despite questionable grammar and a recent claim of retirement, the group's tactics highlight an evolving, public-facing approach to extortion, even as law enforcement continues to apprehend alleged members.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Chinese Government's Severe Cybercrime Crackdown โš–๏ธ
- The Chinese government has handed down 11 death sentences to members of a cybercrime gang operating a scamming centre in Myanmar, along with other severe penalties including life sentences.
- The gang, which lured over 10,000 workers into forced labour for financial fraud, gambling, and prostitution schemes, reportedly amassed $1.4 billion and killed at least ten workers attempting to escape.
- This crackdown underscores China's stringent approach to combating cybercrime targeting its citizens, with significant international efforts to repatriate those caught in criminal networks.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Zeroday Cloud Hacking Contest Announced โ˜๏ธ
- Wiz, in partnership with Google Cloud, AWS, and Microsoft, has launched "Zeroday Cloud," a new hacking competition offering $4.5 million in bug bounties for exploits targeting open-source cloud and AI tools.
- The contest, scheduled for Black Hat Europe, features six categories with bounties up to $300,000 for exploits achieving complete compromise, such as RCE or container escapes.
- While aiming to inspire research, the initiative has drawn criticism from Pwn2Own organisers for allegedly copying their rulebook, highlighting competition and collaboration dynamics in the bug bounty space.
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

#CyberSecurity #ThreatIntelligence #Ransomware #ZeroDay #Vulnerability #APT #DataBreach #SupplyChainAttack #Malware #IncidentResponse #CloudSecurity #Privacy #EU #GovernmentSecurity #InfoSec

VersitronVersitron1
2025-09-29

Versitron Video Distribution for Government Control Centers

Enhance real-time monitoring with Versitron video distribution for government control centers ! Deliver multiple high-quality video feeds to operators, workstations, and screens simultaneously. Which critical area in your control center needs the clearest visuals security, operations, or surveillance?

VersitronVersitron1
2025-09-29

Versitron Video Amplifier for Maximum Government Security Efficiency

Optimize government surveillance networks with the Versitron video amplifier for government security systems ! Achieve high-quality, long-distance video transmission for control rooms, monitoring centers, and secure facilities. Built for reliability in critical operations.

The DefendOps Diariesdefendopsdiaries@infosec.exchange
2025-08-13

The PA Attorney Generalโ€™s Office just went dark after a major cyberattack exploited tech vulnerabilities. How did a single weak link bring down an entire system? Discover the details behind the digital disruption.

thedefendopsdiaries.com/cybera

#cybersecurity
#cyberattack
#governmentsecurity
#infosec
#citrixnetscaler

ResearchBuzz: Firehoseresearchbuzz_firehose@rbfirehose.com
2025-08-07

The Register: Three US agencies get failing grades for not following IT best practices . โ€œThe GAO flagged failures at the General Services Administration (GSA), Environmental Protection Agency (EPA), and Department of Homeland Security (DHS) in the three reports, with each guilty of not implementing more recommendations than the last. The DHSโ€™ CIO, in particular, has 43 unresolved [โ€ฆ]

https://rbfirehose.com/2025/08/07/the-register-three-us-agencies-get-failing-grades-for-not-following-it-best-practices/

Security Landsecurityland
2025-06-25

The U.S. House of Representatives made a bold move, banning WhatsApp on all government devices due to cybersecurity risks. What does this mean for data privacy, national security, and the future of digital communication? Dive into our comprehensive analysis.

Read More: security.land/from-personal-ch

Whatsapp ban
ResearchBuzz: Firehoseresearchbuzz_firehose@rbfirehose.com
2025-06-06

TechCrunch: Anthropic unveils custom AI models for US national security customers. โ€œThe new models, a custom set of โ€˜Claude Govโ€™ models, were โ€˜built based on direct feedback from our government customers to address real-world operational needs,โ€™ writes Anthropic in the blog post. Compared to Anthropicโ€™s consumer- and enterprise-focused models, the new custom Claude Gov models were designed [โ€ฆ]

https://rbfirehose.com/2025/06/06/techcrunch-anthropic-unveils-custom-ai-models-for-us-national-security-customers/

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst