Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Researchers Uncover Covert Chinese Access to US Service Provider Infrastructure Chris Riotta (@chrisriotta) • September 24, 2025 Image: Visut Chaivithooanukul/Shutterstock In a significant cybersecurity revelation, researchers have elucidated a long-running Chinese-linked cyberespionage campaign that infiltrated U.S. infrastructure and various enterprise service providers…
Increase in DNA Collection Raises Privacy Concerns In recent years, there has been a significant expansion in DNA collection efforts managed by the Department of Homeland Security (DHS). This escalation can be traced back to a notable rule change by the Justice Department in April 2020, which revoked a decades-old…
Recent cybersecurity revelations highlight the activities of North Korean threat actors, specifically within the context of the ongoing Contagious Interview campaign. This campaign has introduced a new JavaScript malware identified as OtterCookie, further escalating the threat landscape. Known as Contagious Interview (alternatively termed DeceptiveDevelopment), this persistent attack strategy employs social…
CISA Reports Breach Linked to GeoServer Vulnerability A recent security incident has come to light involving a breach at a federal agency, attributed to a vulnerability in GeoServer, a popular open-source server used for sharing geospatial data. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed this attack, raising significant…
New Cyber Threat Campaign Targets European Healthcare Sector with Advanced Ransomware Techniques A newly identified threat actor has launched a campaign aimed at European organizations, particularly within the healthcare industry. This operation, dubbed “Green Nailao” by Orange Cyberdefense CERT, utilizes the PlugX and ShadowPad malware, with the final stage involving…
A newly emerging service known as Dark Utilities has gained popularity among cybercriminals, with approximately 3,000 users drawn to its capability to provide command-and-control (C2) services aimed at seizing control of compromised systems. This platform has positioned itself as a “C2-as-a-Service” (C2aaS), marketed for tasks including remote access, command execution,…
Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Attackers Conceal Malware Within Vector Image Rashmi Ramesh (rashmiramesh_) • September 24, 2025 Image: Shutterstock Recent findings indicate that hackers have utilized artificial intelligence-generated code to embed malware in a sophisticated phishing campaign, according to insights from Microsoft. This malware…
Cloudflare has announced the successful mitigation of the largest recorded DDoS (distributed denial-of-service) attack to date, which peaked at an astonishing 22.2 terabits per second and included 10.6 billion packets per second. This unprecedented event was identified and countered automatically by Cloudflare’s robust network infrastructure. Despite its severity, the attack…
A significant security breach has been reported involving a coordinated attack targeting numerous browser extensions, designed to inject malicious code for the purpose of credential theft. Over 25 browser extensions with a combined user base exceeding two million have been compromised. LayerX, a cybersecurity firm specializing in the protection of…
