Information Security News
Thai authorities detain four Europeans in ransomware crackdown
Cyberscoop by Greg Otto
In a coordinated operation, Thai authorities arrested four European nationals in Phuket, suspected of orchestrating Phobos ransomware attacks. The individuals allegedly extorted approximately $16 million in Bitcoin from over 1,000 victims globally. The operation, codenamed “Phobos Aetor,” involved raids across multiple locations, resulting in the seizure of laptops, smartphones, and cryptocurrency wallets. Swiss authorities initiated the request for these arrests, highlighting international collaboration in combating cybercrime. The suspects face charges related to cyber extortion and unauthorised computer access.
Read more
Revelations of Israeli spyware abuse raise fears over possible use by Trump
The Guardian by Stephanie Kirchgaessner
Recent reports reveal that Israeli company Paragon Solutions’ spyware targeted 90 individuals, including journalists and civil society members, via WhatsApp. Paragon licenses its spyware to governments, drawing scrutiny similar to that faced by NSO Group’s Pegasus. Allegations of misuse have emerged in Italy, leading Paragon to terminate its contract there. Despite efforts to limit spyware use, concerns persist about potential misuse by U.S. agencies under President Trump’s administration. Researchers from institutions like Citizen Lab are investigating these breaches and their implications for civil society.
Read more
Apple fixes zero-day exploited in ‘extremely sophisticated’ attacks
BleepingComputer by Sergiu Gatlan
Apple has released iOS 18.3.1 and iPadOS 18.3.1 to address a zero-day exploit that allowed attackers to access data on locked devices. The update patches a vulnerability in USB Restricted Mode, initially introduced in iOS 11.4.1 to prevent passcode bypass attempts. According to Apple, this exploit might have been used in highly sophisticated attacks targeting specific individuals, as reported by Bill Marczak of The Citizen Lab. Users are advised to update their devices promptly to mitigate potential risks.
Read more
Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
BleepingComputer by Bill Toulas
A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites. The suspects, two men and two women, are Europeans accused of conducting cyberattacks on over 1,000 victims worldwide, extorting approximately $16 million in Bitcoin. The operation, codenamed “Phobos Aetor,” involved coordinated raids across multiple locations, resulting in the seizure of laptops, smartphones, and cryptocurrency wallets.
Read more
XE Group Shifts from Credit Card Skimming to Exploiting Zero-Days
Security Affairs by Pierluigi Paganini
The XE Group, a cybercriminal organisation active since 2013, has evolved from credit card skimming to exploiting zero-day vulnerabilities. Recent investigations reveal that the group has been leveraging unpatched software flaws, including two zero-day vulnerabilities in VeraCore’s warehouse management platform, to infiltrate systems. This shift indicates a move towards more sophisticated cyberattacks, underscoring the increasing complexity of cyber threats. Organisations are advised to prioritise timely software updates and implement robust security measures to defend against these emerging exploits.
Read more
Judge temporarily blocks Musk’s ‘Doge’ team from accessing treasury records
The Guardian via Associated Press
Following growing concerns over security risks, a federal judge has temporarily blocked DOGE staff from accessing US Treasury records, citing findings from a recent intelligence report labeling them an “insider threat.” The ruling halts DOGE’s involvement in financial oversight pending further review. Critics argue that Musk’s team lacks transparency and accountability, while supporters claim the restrictions are politically motivated. The legal battle could set a precedent for how private entities engage with critical government financial systems.
Read more
Secret Taliban records published online after hackers breach computer systems
Bitdefender by Graham Cluley
A major breach has exposed classified Taliban documents, revealing sensitive intelligence, financial records, and internal communications. Hackers infiltrated Taliban-controlled systems, leaking files that shed light on military operations and governance strategies. The incident raises concerns over cybersecurity in conflict zones, as compromised data could be exploited by rival factions or foreign intelligence agencies. Analysts warn that insurgent groups are increasingly reliant on digital infrastructure, making cyber warfare a growing factor in geopolitical conflicts.
Read more
Massive brute force attack uses 2.8 million IPs to target VPN devices
BleepingComputer by Bill Toulas
A coordinated brute force attack has leveraged 2.8 million unique IP addresses to target VPN devices worldwide. The campaign, attributed to a sophisticated threat group, aims to crack login credentials through relentless automated attempts, bypassing weak authentication systems. Security researchers warn that businesses relying solely on passwords for VPN access are at risk. The attack underscores the urgent need for multi-factor authentication (MFA) and stronger access controls to defend against large-scale credential-stuffing and brute-force tactics.
Read more
Shortlist Revealed For Most Inspiring Women in Cyber Awards 2025 After Record Breaking Number of Entries
IT Security Guru by Charley Nash
The 2025 Most Inspiring Women in Cyber Awards has announced its shortlist, celebrating outstanding women making strides in cybersecurity. This year’s record-breaking number of nominations highlights the industry’s growing recognition of female leaders, from technical innovators to policy advocates. The awards seek to spotlight achievements in a historically male-dominated field, encouraging more diversity in cyber careers. Organizers emphasize the importance of visibility and mentorship to drive inclusivity and empower the next generation of cybersecurity professionals.
Read more
Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE
Dark Reading by Tara Seals
Microsoft has disclosed a major security flaw in ASP.NET, revealing that thousands of public keys are exposing web servers to remote code execution (RCE) attacks. The vulnerability stems from developers mistakenly leaving private keys accessible, enabling attackers to gain control of affected systems. Exploiting these keys could allow cybercriminals to execute malicious code, steal sensitive data, and disrupt online services. Microsoft urges developers to audit key management practices and secure their applications to prevent widespread exploitation.
Read more
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
The Hacker News by Ravi Lakshmanan
Security researchers have discovered that the DeepSeek app for iOS transmits sensitive user and device information over the internet without encryption, exposing data to potential interception and manipulation. The app collects extensive user data and sends it to servers managed by ByteDance, the parent company of TikTok. Notably, the app disables Apple’s App Transport Security, allowing unencrypted data transmission. These findings raise significant privacy concerns, especially given the app’s Chinese origins and potential data access by the Chinese government.
Read more
Cybercrime Forces Local Law Enforcement to Shift Focus
Dark Reading by Jennifer Lawinski
As cybercrime escalates, local law enforcement agencies are compelled to adapt from traditional place-based policing to tackling digital threats that transcend jurisdictions. A notable case involved an Idaho man sentenced to 10 years for hacking into servers across multiple states, stealing personal information of over 132,000 individuals. The FBI’s Internet Crime Complaint Center reported 880,418 cybercrime complaints in 2023, a nearly 10% increase from 2022, with losses exceeding $12.5 billion. These trends highlight the need for enhanced cyber training and resources for local police to effectively combat the growing cybercrime landscape.
Read more
UK industry leaders unleash hurricane-grade scale for cyberattacks
The Register by Connor Jones
UK industry leaders have introduced a new scale to measure the severity of cyberattacks, likening them to hurricane categories. This “hurricane-grade” scale aims to provide a clear and standardized method for assessing cyber threats, enhancing understanding and preparedness among businesses and the public. By categorizing attacks from minor to catastrophic, the scale seeks to improve communication about risk levels and promote appropriate responses to cyber incidents. This initiative reflects a proactive approach to cybersecurity, emphasizing the importance of clear metrics in threat assessment.
Read more
Research Reveals Data Breaches On The Rise at UK Law Firm
Tripwire by Graham Cluley
A recent analysis by NetDocuments indicates a 39% increase in data breaches within UK law firms between Q3 2023 and Q2 2024, totaling 2,284 incidents and affecting approximately 7.9 million individuals. The breaches are evenly split between internal and external sources. External breaches, now accounting for 50% of incidents, often involve phishing attacks, which constitute 56% of these cases. Internal breaches are frequently due to human error, responsible for 39% of such events. These findings underscore the critical need for robust cybersecurity measures and employee training within the legal sector to protect sensitive client information.
Read more
Trump continues federal purge, gutting cyber workers who combat disinformation
Politico by John Sakellariadis and Maggie Miller
The Trump administration has placed approximately six employees from the Cybersecurity and Infrastructure Security Agency (CISA) on administrative leave. These individuals were involved in countering election-related disinformation. The move follows criticism from congressional Republicans who allege that CISA’s efforts disproportionately targeted conservative speech. This action aligns with the administration’s broader initiative to restructure federal agencies and reduce the workforce, raising concerns about the government’s capacity to address disinformation and cybersecurity threats effectively.
Read more
A US Treasury Threat Intelligence Analysis Designates DOGE Staff as ‘Insider Threat’
Daily Kos by Seashells
A leaked US Treasury intelligence report has flagged Musk’s DOGE team as a potential insider threat, raising alarms over unauthorized access to sensitive financial systems. The report cites multiple security violations, lack of proper vetting, and concerns that DOGE personnel may be bypassing standard cybersecurity protocols. Officials worry about the broader implications of non-traditional government contractors managing critical financial infrastructure. The designation could result in stricter oversight or outright removal of DOGE’s access.
Read more
Revealed: Gambling firms secretly sharing users’ data with Facebook without permission
The Guardian by Shanti Das & Jon Ungoed-Thomas
UK gambling companies have been found sharing customer data with Facebook, enabling hyper-targeted advertising to users vulnerable to gambling addiction. Despite strict privacy regulations, firms allegedly provided browsing histories and betting behavior details without consent. Critics argue this practice exploits at-risk individuals and calls for stricter enforcement of data protection laws. Regulators are now investigating whether these firms violated GDPR, as campaigners demand stronger action against predatory digital marketing practices.
Read more
UK demands access to Apple users’ encrypted data
BBC by Zoe Kleinman
The UK government is pressuring Apple to allow law enforcement access to encrypted user data, citing national security concerns. Officials claim end-to-end encryption hinders investigations into serious crimes, but privacy advocates warn this would create backdoors that weaken security for all users. Apple has consistently resisted such demands, arguing that encryption is essential for user privacy. The standoff highlights an ongoing battle between governments and tech firms over data access, with potential legal ramifications for digital rights worldwide.
Read more
Lazarus Group ‘targets organisations’ with sophisticated LinkedIn recruiting scam
itWire by Gordon Peters
North Korea’s Lazarus Group is using LinkedIn to lure cybersecurity and IT professionals into fake job interviews, ultimately infecting their systems with malware. The campaign involves fraudulent recruiter profiles offering lucrative roles at major firms, with attackers distributing malicious payloads disguised as job application materials. The scam highlights the growing risk of social engineering tactics in cyber espionage. Experts urge professionals to verify recruiter identities, avoid downloading unsolicited files, and be cautious when engaging with unknown contacts on professional networks.
Read more
SA moves on social media ‘posting and boasting’
InnovationAus by Justin Hendry
South Australia is cracking down on criminals who post evidence of their crimes on social media, introducing laws that could lead to harsher penalties for those who “post and boast.” Authorities argue that gang members and cybercriminals use social media to flaunt illegal activity, recruit others, and intimidate victims. The move aligns with broader efforts to combat organized crime in the digital age. Critics caution that the laws must be carefully implemented to avoid overreach, particularly concerning freedom of expression.
Read more
Five Eyes Agencies Release Guidance on Securing Edge Devices
SecurityWeek by Ionut Arghire
The Five Eyes intelligence alliance has released new security recommendations for protecting edge devices, warning that hackers are increasingly exploiting vulnerabilities in routers, IoT gadgets, and remote access systems. The guidance calls for stronger authentication, regular firmware updates, and robust network segmentation. Agencies stress that edge devices remain a weak point in enterprise and critical infrastructure security, urging organisations to prioritise their protection to prevent widespread compromise.
Read more
Analysis
Analyst Burnout Is an Advanced Persistent Threat
Dark Reading by William MacMillan
The cybersecurity industry faces a critical challenge as analyst burnout reaches alarming levels. High stress, overwhelming workloads, and the relentless pace of cyber threats contribute to mental exhaustion among security professionals. This burnout not only affects individual well-being but also poses a significant risk to organisational security posture. Addressing this issue requires a cultural shift towards better support systems, realistic expectations, and investment in tools that alleviate manual burdens, ensuring analysts can perform optimally without compromising their health.
Read more
Is DOGE a cybersecurity threat? A security expert explains the dangers of violating protocols and regulations
Tech Xplore by Richard Forno
Security expert Richard Forno warns that DOGE’s approach to government oversight presents significant cybersecurity risks, including regulatory non-compliance and potential exposure of sensitive financial data. The article details how bypassing established security protocols can undermine trust in government institutions and create vulnerabilities for adversaries to exploit. As debates over public-private collaboration in government systems intensify, the DOGE controversy highlights the need for rigorous security standards in financial operations.
Read more
Will AI threaten the role of human creativity in cyber threat detection?
Security Intelligence by Sue Poremba
As AI tools become more prevalent in cybersecurity, experts are questioning whether automation could diminish the role of human intuition in detecting threats. AI-driven threat intelligence platforms can process vast amounts of data faster than humans, but they struggle with nuanced decision-making and adaptive reasoning. The article explores whether AI will complement or replace human analysts, emphasising the importance of maintaining human oversight in an increasingly automated security landscape.
Read more
Cybersecuring The Digital Realm of Space Systems
Chuck Brooks (LinkedIn)
With space-based infrastructure becoming critical to global communications and defense, cybersecurity risks in satellite networks are escalating. This analysis examines the vulnerabilities of space systems, including signal jamming, cyber hijacking, and satellite spoofing. As both state and non-state actors target these assets, experts call for stronger encryption, improved access controls, and international cooperation to secure orbital assets against emerging threats.
Read more
Hacking the mind: Why psychology matters to cybersecurity
Security Intelligence by Jonathan Reed
Cybersecurity is as much about human behaviour as it is about technology. This article delves into the psychological tactics hackers use to manipulate individuals, from phishing schemes to deepfake social engineering attacks. Understanding cognitive biases, emotional triggers, and decision-making processes can help security professionals design more effective defence mechanisms. As cybercriminals refine their psychological manipulation techniques, businesses must prioritise user awareness training alongside technical defences.
Read more
CyAN Members: Op Eds, Articles, etc:
Enhancing Cybersecurity: A Safer Internet Day Reflection on Protecting the Vulnerable
Kim Chandler McDonald
CyAN Global VP Kim Chandler McDonald reflects on Safer Internet Day, emphasising the importance of collective responsibility in enhancing cybersecurity. She advocates for increased public awareness, education, and proactive measures to protect personal and organisational data. McDonald highlights the evolving nature of cyber threats and the need for continuous adaptation in security practices. She calls for collaboration among individuals, businesses, and governments to create a safer online environment, stressing that cybersecurity is a shared duty requiring ongoing commitment.
Read more
Delving into the Shadows: An Approach to Identifying Obscure Cyberattacks
RSAC by Shantanu Bhattacharya
CyAN member Shantanu Bhattacharya explores how attackers exploit overlooked UNIX system calls and file manipulations to exfiltrate sensitive data. He highlights calls like openat, ptrace, and mmap, which can bypass traditional security measures. Attackers may use ptrace to manipulate processes or mmap to access files stealthily. Bhattacharya also examines data hiding tactics such as symbolic links and rootkits. He critiques security solutions for weak device authentication, advocating for a multi-dimensional approach to strengthen protection against these evolving threats.
Read more
A Call to Action for Privacy: Defending End-to-End Encryption as a Business Imperative
Kim Chandler McDonald
As a rejoinder to the recent news of the UK government pressuring Apple to allow law enforcement access to encrypted user data, Kim Chandler McDonald makes a compelling case for preserving end-to-end encryption, emphasising its role in protecting businesses, individuals, and critical infrastructure. The article addresses growing government pressure to introduce encryption backdoors and argues that weakening encryption would have dire consequences for privacy and security. McDonald calls for industry leaders to take a stand, advocating for stronger legal protections and public awareness on the importance of digital privacy.
Read more
Upcoming CyAN Global Events:
MaTeCC, Rabat, Morocco – June 7-9, 2025 (The third annual North Africa and beyond cybersecurity event, hosted by CyAN partner organisation École High-Tech.)
Read more
Breaking the Cycle: Combating Online IBSA for a Safer Digital Experience webinar – March 6th (EST 6AM, CET 12PM, AEST 10PM)
Read more
CyAN APAC: The Geopolitical Impacts of Cyber Threats: From Espionage to Influence keynote by Dan Elliot – March 12, Peoplebank, Sydney (Save the date, general release tickets available soon!)
GITEX AFRICA, Marrakesh, Morocco – April 14-16
Read more
GITEX ASIA, Singapore (Marina Bay Sands) – April 23-25
Read more
GISEC, Dubai World Trade Center, UAE – May 6-8
Read more
The Cyber Outstanding Security Performance Awards (Cyber OSPAs), London, UK – May 8
Read more