The Security Service of Ukraine (SBU) has apprehended an individual identified as a hacker, who allegedly provided critical technical support to Russian military forces by facilitating mobile communication within Ukrainian territory. This operation reportedly involved the dissemination of messages to Ukrainian officials, encouraging them to surrender and collaborate with Russian…
Government, Industry Specific CISA Asserts Fired Workers Do Not Qualify for Union Protections Chris Riotta (@chrisriotta) • November 6, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has informed a federal judge that it is adhering to a court order that prohibits layoffs during the ongoing government shutdown. This comes…
A severe security vulnerability has been identified in the Amazon WorkSpaces client for Linux, posing a substantial risk for organizations utilizing AWS’s virtual desktop infrastructure. This flaw, designated as CVE-2025-12779, allows malicious local users to extract valid authentication tokens, leading to unauthorized access to other users’ Workspace sessions. On November…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding malicious actors exploiting unencrypted persistent cookies from the F5 BIG-IP Local Traffic Manager (LTM) module for reconnaissance within target networks. This technique enables attackers to identify additional non-internet-facing devices, raising significant concerns about potential vulnerabilities in those systems.…
New research reveals a sophisticated cyber campaign orchestrated by an actor with suspected connections to Pakistan, targeting government and energy sectors in South and Central Asia. The threat actor has primarily focused on deploying a remote access Trojan on compromised Windows systems, aimed at infiltrating sensitive networks. According to a…
One of the most formidable hacking entities globally, the Russian state-backed group known as Sandworm, has executed a series of destructive cyberattacks amid the ongoing conflict with Ukraine, according to recent findings released by cybersecurity researchers. In April, Sandworm specifically targeted a Ukrainian university with dual wipers—malicious software designed to…
On Tuesday, Microsoft publicly acknowledged that the LAPSUS$ hacking group had achieved “limited access” to its systems, coinciding with a revelation from Okta, an identity authentication services provider, indicating that nearly 2.5% of its customer base may have been affected by the breach. Microsoft’s Threat Intelligence Center (MSTIC) confirmed that…
Governance & Risk Management, Operational Technology (OT) OTsec India Steering Committee Examines Cyberthreats, Compliance Challenges, and Innovation Opportunities Joshua Cunningham-Marsh, Matthew Robertson • November 6, 2025 The OTsec India Summit is a pivotal two-day event bringing together over 200 leaders in IT and OT security from India’s essential infrastructure and…
Local Authority Unintentionally Exposes Hundreds of Consultation Respondents’ Information In a significant breach of privacy, a local authority has inadvertently released personal details of hundreds of individuals who provided responses to a public consultation. This incident has raised serious concerns regarding data protection and the safeguarding of sensitive information in…
