📄 Download Feature PDF Want to connect? Here is Sarah Jane Mellor’s professional profile. Feel free to say hello and show your support. 🔗 Connect on LinkedIn About the Author Saba Bagheri, PhD Cyber Threat Intelligence Manager at Bupa APAC Director at the Cybersecurity Advisors …
Information Security News 1. Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbedThe Register – Thomas ClaburnRead more 2. CoffeeLoader Malware Is Stacked With Viscous Evasion TricksDark Reading – Becky BrackenRead more 3. Phishing platform ‘Lucid’ behind wave of iOS, Android …
Italian government approved use of spyware on members of refugee NGO, MPs told
The Guardian by Angela Giuffrida & Stephanie Kirchgaessner
Italian lawmakers have been informed that spyware was authorised against members of a refugee NGO, sparking fierce backlash over potential human rights violations. Critics argue this blurs the line between national security and the criminalisation of humanitarian work. The use of surveillance tools on aid workers raises serious concerns about transparency, oversight, and democratic accountability. It also reignites broader debates on the unchecked proliferation of spyware in democratic societies and its chilling effect on civil society, dissent, and freedom of expression.
Read more
How CISA Cuts Impact Election Security
Dark Reading by Alexander Culafi
Budget cuts to CISA are raising alarms ahead of the U.S. election season, with experts warning that downsizing critical cyber defences could leave electoral infrastructure vulnerable. The agency plays a vital role in helping states defend against disinformation, phishing campaigns, and nation-state meddling — all of which are expected to escalate. Reducing CISA’s capacity now not only limits real-time response capabilities but also undermines public trust. With threats evolving, the need for robust, well-funded cyber readiness has never been more urgent — especially when democratic legitimacy is on the line.
Read more
Mozilla warns Windows users of critical Firefox sandbox escape flaw
BleepingComputer by Sergiu Gatlan
A newly disclosed Firefox vulnerability allows attackers to bypass the browser’s sandbox protections on Windows, exposing users to significant risk. The flaw could let malicious code execute with elevated privileges, opening the door to full system compromise when paired with other exploits. Mozilla has issued patches and urges users to update immediately. This incident underscores how even widely trusted tools can harbour critical flaws—and how attackers continue to target popular software used by millions. Regular patching and layered defences remain essential in mitigating zero-day threats.
Read more
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
The Hacker News by Ravie Lakshmanan
A sophisticated phishing kit dubbed “Morphing Meerkat” has been spotted in the wild, leveraging victims’ own DNS email records to convincingly impersonate more than 100 well-known brands. This dynamic attack method enables real-time spoofing, tricking recipients into trusting fraudulent emails with alarming accuracy. By tailoring each message to align with the recipient’s existing email infrastructure, the kit bypasses traditional detection methods and increases the likelihood of successful compromise. Organisations are urged to review DNS configurations, implement strict email authentication protocols like DMARC, and educate users to spot red flags in even the most convincing emails.
Read more
Security shop pwns ransomware gang, passes insider info to authorities
The Register by Connor Jones
In a bold counteroffensive, cybersecurity firm Halcyon turned the tables on a ransomware gang by infiltrating their operations and relaying critical intel to law enforcement. The gang in question, involved in high-profile attacks under various aliases like Arcus Media and Volcano Demon, has been using advanced ransomware variants to target enterprises globally. Halcyon’s efforts exposed tools, payment structures, and infrastructure used by the criminals, aiding investigations. This proactive move not only disrupted ongoing campaigns but also highlighted the growing role private sector defenders play in hunting threat actors. It’s a rare but powerful win for the good guys.
Read more
UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach
SecurityWeek by Eduard Kovacs
A UK software company has been hit with a £3 million fine after a ransomware attack led to a significant data breach, exposing personal and sensitive information. Regulators found the firm failed to implement adequate cybersecurity measures, including proper access controls and regular risk assessments—despite having previously identified critical vulnerabilities. The fine underscores how regulatory bodies are tightening scrutiny around ransomware readiness and response. It also sends a clear message: neglecting basic cyber hygiene can lead to financial and reputational fallout far beyond the ransom demand. Prevention, not just reaction, is key.
Read more
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
The Hacker News by Ravie Lakshmanan
Cybercriminals have adapted RansomHub’s EDRKillShifter tool for use in high-profile ransomware campaigns by Medusa, BianLian, and Play. This repurposed tool is designed to neutralise endpoint detection and response (EDR) systems, making it easier for attackers to encrypt data and evade detection. Its modular design allows threat actors to target a wide range of systems, suggesting a growing level of collaboration or shared tooling among ransomware groups. The trend highlights how the ransomware ecosystem is evolving, with advanced techniques being recycled and rebranded for new campaigns—escalating the cat-and-mouse game between attackers and defenders.
Read more
SignalGate Isn’t About Signal
Wired by Andy Greenberg & Lily Hay Newman
Despite headlines suggesting otherwise, the so-called “SignalGate” controversy has little to do with the Signal messaging app itself. At the heart of the story is a national security blunder: high-ranking U.S. officials shared classified military intelligence via Signal—but the issue wasn’t the app’s encryption. It was the human error and poor judgement in using any messaging platform to share sensitive content in the first place. The coverage serves as a potent reminder that even the most secure tools can’t compensate for bad operational security. In this case, the real breach wasn’t in technology—it was in trust and protocol.
Read more
Fake DeepSeek Ads Spread Malware to Google Users
Dark Reading by Rob Wright
A malicious ad campaign is impersonating legitimate DeepSeek content to target Google users, distributing malware through carefully crafted phishing lures. Victims are enticed by ads that appear genuine, only to be redirected to sites hosting malware that can steal data or compromise systems. This attack highlights how even trusted ad networks can be manipulated by threat actors and underscores the risks associated with search engine advertising. As attackers continue to blend social engineering with technical deception, users are urged to verify URLs and avoid downloading content from unfamiliar sources—no matter how legitimate it looks on the surface.
Read more
Threat actor in Oracle Cloud breach may have gained access to production environments
Cybersecurity Dive by David Jones
A threat actor behind a recent Oracle Cloud breach may have infiltrated production environments, raising serious concerns about the extent of access and potential data exposure. Investigators are still piecing together the timeline, but evidence suggests that compromised credentials allowed lateral movement within the environment. The incident illustrates the dangers of credential misuse in cloud ecosystems and the critical need for layered defences, robust access controls, and continuous monitoring. As cloud dependencies grow, so does the risk—making it essential for organisations to reassess their cloud security posture before attackers find their way in.
Read more
New Atlantis AIO platform automates credential stuffing on 140 services
BleepingComputer by Bill Toulas
The Atlantis AIO platform represents a major shift in cybercrime, offering an automated solution for credential stuffing across a vast range of 140 services, including banks, email providers, and VPNs. This tool dramatically simplifies the process for cybercriminals to test and exploit stolen credentials efficiently, with advanced evasion techniques that minimise detection. It continuously updates to adapt to new security measures, making it a persistent threat. The rise of Atlantis AIO underscores the urgent need for enhanced defensive strategies across all digital platforms to counteract the growing ease of conducting large-scale fraud operations.
Read more
OpenAI Offering $100K Bounties for Critical Vulnerabilities
SecurityWeek by Ryan Naraine
OpenAI is offering bounties of up to $100,000 for critical vulnerabilities, reinforcing the vital role of responsible disclosure in safeguarding AI systems. As generative models become more embedded in sensitive operations, the stakes for security have never been higher. This initiative rewards researchers for identifying flaws that could lead to data leaks, prompt injection attacks, or unauthorised model manipulation. It also signals growing awareness that AI products, like any tech, require continuous testing, ethical oversight, and community involvement to remain secure at scale.
Read more
New Readerupdate Malware Variants Target MacOS Users
Security Affairs by Pierluigi Paganini
New ReaderUpdate malware variants are targeting macOS users with heightened stealth and persistence. These strains masquerade as legitimate software updates, tricking victims into granting access that enables full system compromise. Once installed, the malware can monitor activity, steal credentials, and evade detection through rootkit-like behaviour. Security researchers warn that this marks a worrying escalation in macOS-targeted campaigns, reinforcing the need for vigilant patching, strict download practices, and robust endpoint protection—even in ecosystems traditionally seen as safer.
Read more
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
The Hacker News by Ravie Lakshmanan
INTERPOL’s latest operation has led to the arrest of 306 individuals and the seizure of nearly 2,000 devices in a sweeping international crackdown on cybercrime. Coordinated across 55 countries, the operation targeted a wide range of digital threats, including ransomware, phishing, and online fraud. Authorities also identified over 1,300 suspicious IP addresses and dismantled numerous criminal infrastructure networks. This effort highlights the growing success of international law enforcement collaboration in tracking and disrupting cybercriminal operations, reinforcing the importance of cross-border threat intelligence and resource sharing.
Read more
Private Data and Passwords of Senior U.S. Security Officials Found Online
Spiegel International by Patrick Beuth, Jörg Diehl, Roman Höfner, Roman Lehberger, Friederike Röhreke & Fidelius Schmid
An alarming investigation has revealed that the personal data and passwords of high-ranking U.S. security officials—some still in office—were freely available on the dark web. The compromised credentials, including those from official government platforms, were traced back to widespread data leaks and poor credential hygiene. The findings underscore the persistent risks of credential stuffing, the failure of password reuse policies, and the absence of strong multi-factor authentication. This incident is a stark reminder that even national security leaders are vulnerable if basic cybersecurity practices aren’t rigorously enforced and continuously monitored.
Read more
DOGE staffer ‘Big Balls’ provided tech support to cybercrime ring
itNews by Raphael Sagger
New revelations suggest that a DOGE-affiliated staffer, known only by the handle “Big Balls,” provided hands-on technical support to a notorious cybercrime ring. This staffer allegedly assisted in developing and troubleshooting the systems used to distribute malware and conduct illicit online activities. The involvement of someone from a federally linked entity raises critical questions about internal oversight, trust, and the porous boundaries between official platforms and malicious operations. This case highlights the urgent need for rigorous vetting, continuous monitoring, and transparent accountability for those operating within or adjacent to sensitive digital ecosystems.
Read more
Files stolen from NSW court system, including restraining orders for violence
The Register by Connor Jones
A data breach within the NSW court system has led to the exposure of sensitive legal documents, including restraining orders tied to domestic violence cases. The breach has alarmed privacy advocates and legal professionals, given the highly personal nature of the leaked information and the potential for real-world harm to victims. Authorities are investigating how the breach occurred and whether security failings enabled unauthorised access. This incident underscores the critical importance of securing judicial data, especially where the safety of vulnerable individuals may be directly compromised.
Read more
Trump signs executive order that will upend US voter registration processes
The Guardian by Joseph Gedeon & Sam Levine
A sweeping executive order signed by Donald Trump threatens to dramatically reshape how voter registration is handled across the United States. The order includes provisions that critics argue could suppress voter turnout, particularly among marginalised communities, by tightening verification requirements and limiting digital registration options. Civil liberties groups have voiced concern over the implications for election accessibility and integrity. As the US heads into another contentious election cycle, the move is expected to prompt legal challenges and intensify debates over democratic participation and electoral security.
Read more
Secretive Chinese network tries to lure fired US gov workers
itNews by AJ Vicens
A covert influence campaign linked to China is targeting recently dismissed U.S. government employees, aiming to exploit their insider knowledge and access. The campaign uses job offers and recruitment outreach as a front, hoping to gather sensitive information or sway opinion in Beijing’s favour. National security experts warn that such operations highlight the risks posed by abrupt personnel changes, especially in critical sectors like defence and cybersecurity. This development underscores the need for robust post-employment protocols and greater awareness of foreign interference tactics.
Read more
Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT
Wired by Lily Hay Newman
Concerns are mounting over the potential use of Starlink Wi-Fi within sensitive U.S. government settings like the White House. While the satellite service offers reliable internet, its proprietary infrastructure and lack of transparency raise red flags about data sovereignty, control, and vulnerability to surveillance or disruption. Security experts caution that relying on non-government-managed networks—especially those linked to powerful private entities—introduces significant risks to national cybersecurity. The situation calls for clearer federal policies around external tech integration and digital autonomy.
Read more
OTF, which backs Tor, Let’s Encrypt and more, sues to save funding from Trump cuts
The Register by Thomas Claburn
The Open Technology Fund (OTF)—a key supporter of privacy-enhancing tools like Tor and Let’s Encrypt—has launched legal action to protect its funding, which is threatened by proposed Trump-era budget cuts. OTF argues the cuts would weaken digital rights efforts globally and endanger activists, journalists, and at-risk communities who rely on secure communication platforms. The lawsuit underscores the essential role of publicly funded, open-source technologies in defending internet freedom. As global threats to online privacy grow, the outcome of this legal battle could have far-reaching implications for the future of secure digital infrastructure.
Read more
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
The Hacker News by Ravie Lakshmanan
A newly disclosed vulnerability in the NGINX Ingress Controller for Kubernetes could allow remote code execution without authentication—posing a significant threat to cloud-native environments. The flaw, dubbed “IngressNightmare,” stems from improper handling of annotations and affects multiple versions widely deployed in production. If exploited, it could let attackers execute arbitrary code, compromise workloads, and escalate privileges within clusters. Security teams are urged to apply patches immediately and review ingress configurations for exposure. As Kubernetes adoption grows, securing its control planes becomes essential to maintaining resilience in increasingly containerised infrastructure.
Read more
Top Trump officials text classified Yemen airstrike plans to journo in Signal SNAFU
The Register by Iain Thomson
A major operational security lapse has come to light involving former Trump officials, who reportedly shared classified details of Yemen airstrikes via Signal with a journalist. The messages—containing sensitive military plans—were part of a broader communication exchange that raises serious questions about mishandling of classified information and the misuse of encrypted messaging apps. While Signal itself remains secure, the incident underscores how poor operational judgment—not just technical flaws—can lead to critical breaches. Experts warn that trust in encryption tools can’t compensate for user behaviour that disregards basic security protocols, especially in government and defence circles.
Read more
New VanHelsing ransomware targets Windows, ARM, ESXi systems
BleepingComputer by Bill Toulas
A newly identified ransomware strain, VanHelsing, is making waves by targeting a diverse array of systems—including Windows, Linux on ARM, and VMware ESXi. This multi-platform approach allows attackers to cast a wider net, increasing their ability to disrupt operations across hybrid environments. Researchers say the ransomware uses a variety of obfuscation techniques and custom scripts to evade detection and escalate privileges before encrypting files. Its wide compatibility highlights a growing trend among cybercriminals to design attacks that can bypass traditional defences and strike where visibility is weakest. As hybrid infrastructure becomes the norm, organisations are urged to revisit their endpoint security, backup policies, and threat detection capabilities.
Read more
Critical ‘IngressNightmare’ Vulns Imperil Kubernetes Environments
Dark Reading by Jai Vijayan
“IngressNightmare”—is sending shockwaves through the Kubernetes community. These flaws affect the NGINX Ingress Controller, a widely used component in Kubernetes clusters, and allow remote code execution without authentication under certain configurations. With widespread usage across production environments, the exposure risk is significant, especially for organisations that have not implemented strict access controls. The discovery has prompted urgent calls for patching, configuration reviews, and broader Kubernetes security hygiene. As container orchestration grows in popularity, so too does its attractiveness to attackers, highlighting the need for continuous monitoring, rapid patch deployment, and a deeper focus on securing the cloud-native stack.
Read more
Cyberattack takes down Ukrainian state railway’s online services
BleepingComputer by Bill Toulas
A cyberattack has disrupted the online services of Ukrainian state railway operator Ukrzaliznytsia, affecting ticket purchasing and passenger information systems. While operations on the ground continue, the digital shutdown poses a serious inconvenience to travellers and reflects broader cyber risks targeting critical infrastructure in conflict zones. Ukrainian authorities suspect state-aligned threat actors, consistent with past patterns of cyber aggression amid the ongoing war. The incident highlights the vulnerability of national transport systems to digital sabotage and underscores the importance of investing in resilient infrastructure and contingency planning. As geopolitical tensions continue, public services must prioritise cybersecurity as a frontline defence.
Read more
Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US
Cyberscoop by Matt Kapko
A Canadian national accused of involvement in the high-profile Snowflake data theft campaign has agreed to extradition to the United States. Authorities believe the individual was linked to cyberattacks that compromised multiple companies by exploiting misused credentials and cloud services. The decision marks a step forward in cross-border cooperation to hold cybercriminals accountable. As breaches grow in scale and complexity, this case underscores the global nature of cybercrime and the mounting pressure on legal systems to keep pace with threats exploiting cloud infrastructure and identity-based vulnerabilities.
Read more
Enhancing Threat Intelligence and Threat Detection in Australian Central Government Organisations
IT Wire by Cyrille Badeau
Australian central government agencies are under increasing pressure to modernise their cybersecurity practices, with real-time threat detection and AI-driven intelligence now essential for identifying and countering sophisticated attacks. Traditional perimeter defences are no longer sufficient—agencies must embrace advanced analytics, automation, and behavioural insights to stay resilient. Visibility across complex IT environments is critical, along with a proactive, intelligence-led approach that aligns security strategies with today’s evolving threat landscape and heightened policy expectations.
Read more
How to delete your 23andMe data and why you should do it now
ZDNet by Steven Vaughan-Nichols
Following last year’s breach that exposed the genetic data of millions, 23andMe is again under fire for its data handling practices. Users are now being urged to permanently delete their personal and genetic information, with clear steps provided for doing so. With sensitive DNA profiles potentially accessed by law enforcement or third parties via platform loopholes, the risks of leaving data behind are mounting. While deletion can’t guarantee total erasure, it significantly limits future exposure and prompts a critical re-evaluation of trust in consumer genetics services.
Read more
Amazon ends little-used privacy feature that let Echo users opt out of sending recordings to company
The Associated Press
Amazon has quietly discontinued a privacy option that allowed Echo users to opt out of having their voice recordings reviewed by the company. The feature, introduced after backlash over human review of Alexa interactions, is no longer available—raising fresh concerns about transparency and user control. While Amazon claims it still limits how recordings are used, privacy advocates argue the move erodes trust and limits meaningful consent. As voice assistants become more embedded in everyday life, users may want to rethink how much they’re willing to share with their smart devices.
Read more
Explain Signal, cybersecurity, and how a journalist was sent high-level military intelligence
Virginia Tech News with France Bélanger, Aaron Brantly, Jimmy Ivory & Anthony Vance
When Atlantic editor-in-chief Jeffrey Goldberg unexpectedly received classified military plans via Signal, it exposed how encrypted messaging can be both a shield and a sword. The incident raises critical questions about digital trust, secure communications, and insider threats. While apps like Signal are essential for privacy, they also complicate traditional information controls. This analysis explores how governments and media must rethink cybersecurity training and access protocols, ensuring that encryption empowers democracy without unintentionally bypassing national security safeguards.
Read more
Improving cybersecurity to protect against online hate
Harvard School of Public Health by Jay Lay
Online hate is on the rise, yet cybersecurity strategies often overlook its role in fuelling real-world violence. This fascinating piece explores how hate-fuelled digital abuse transcends mere content moderation, requiring stronger security protocols to shield targets from harassment, doxxing, and coordinated attacks. It highlights the need for an interdisciplinary approach—combining tech, policy, and public health—to build safer platforms. Addressing online hate isn’t just about protecting reputations; it’s about safeguarding mental health, social cohesion, and democratic discourse from digital weaponisation.
Read more
Cybersecurity Gaps Leave Doors Wide Open
Dark Reading by Jai Vijayan
Despite growing investment in cybersecurity, many organisations remain exposed due to fundamental oversights—such as misconfigured systems, weak identity management, and neglected patching routines. These gaps are routinely exploited in ransomware, phishing, and supply chain attacks. Security leaders are being urged to refocus on core cyber hygiene, ensuring that basic controls are prioritised alongside advanced tools. In a threat environment where attackers thrive on preventable mistakes, resilience depends not on having the flashiest defences, but on the reliability of the essentials.
Read more
Global Data Privacy Minefield
PrivID (Substack)
Navigating global data privacy laws has become a regulatory tightrope walk. With divergent standards between the EU, U.S., and emerging markets, organisations must juggle compliance obligations while maintaining operational efficiency. This analysis explores the growing friction between localisation mandates and cross-border data flows, warning that inconsistent regulation threatens innovation and business continuity. Without harmonised frameworks or updated treaties, companies face legal uncertainty and escalating costs. Clearer global alignment is essential to create a digital ecosystem where privacy rights are upheld without stifling economic growth.
Read more
Australia’s government agencies use encrypted messaging apps such as Signal. But should they?
The Guardian by Josh Taylor & Josh Butler
The increasing reliance on encrypted messaging apps like Signal by Australian government agencies has sparked debate over security, transparency, and public accountability. While these tools provide robust privacy and are vital for protecting sensitive communications, they also raise concerns about record-keeping obligations and public access to government decisions. This piece explores the tension between national security needs and democratic oversight, questioning whether these apps are being used appropriately or risk circumventing proper governance. Striking the right balance is critical to maintaining trust and compliance in the digital age.
Read more
When Cybersecurity Measures Backfire
PrivID (Substack)
Not all security controls improve security—some can actually increase risk. Overly complex authentication, intrusive surveillance, or rigid access restrictions can frustrate users, encouraging risky workarounds or disengagement. In high-stakes environments, such counterproductive measures undermine trust and resilience, making systems more fragile, not less. This piece explores the paradox of protection, arguing that effective cybersecurity must be user-centred, context-aware, and flexible enough to adapt without compromising core defences. Security isn’t about more controls—it’s about smarter, more human-focused ones.
Read more
How to Enter the US With Your Digital Privacy Intact
Wired by Andy Greenberg
Crossing the U.S. border with your digital devices can feel like navigating a surveillance minefield. Authorities may search phones, demand passwords, or access cloud data—raising major privacy concerns for travellers, especially journalists and activists. This guide outlines how to protect your digital footprint, from using burner devices and disabling biometric locks to limiting stored sensitive data and backing up securely beforehand. Maintaining digital privacy at international borders isn’t just about evasion—it’s about preparation, precaution, and understanding your rights in a data-driven world.
Read more
Is nation-state hacking becomes ‘more in your face,’ are supply chains secure?
The Register by Jessica Lyons
The gloves are off—nation-state hacking is no longer covert, it’s confrontational. As geopolitical tensions rise, adversaries are escalating cyber operations, targeting supply chains with brazen attacks that aim to destabilise critical infrastructure and erode trust. With the SolarWinds and Microsoft Exchange attacks still casting long shadows, experts warn that many organisations remain underprepared for these sophisticated threats. The piece calls for improved vendor scrutiny, real-time threat intelligence, and resilient architecture to withstand increasingly direct cyber onslaughts from well-resourced state actors.
Read more
powered by evisec
Highlights from this week’s cybersecurity research by evisec – CRD #19
CyAN Member and evisec CEO Henry Röigas
Highlights from the latest cybersecurity research sources by evisec: Read more
• Ransomware hits record high: February 2025 saw 962 victims—more than double the monthly average—with Cl0p behind one-third of cases.
• Credential compromise leads access: Nearly half of ransomware cases in 2024 began with compromised credentials, often via brute-force or weak MFA.
• Infostealers drive initial access market: 3.2 billion credentials were leaked in 2024, 75% linked to infostealers.
• Machine identities under attack: Half of surveyed firms faced breaches via exposed API keys or certificates; usage is rising fast.
• LLMs linked to secret leaks: GitHub repos using Copilot saw 40% more hardcoded secrets, highlighting AI-related security risks.
Defining Digital Sovereignty in Our Times In his thought-provoking article, “Digital Sovereignty: A Framework for the Internet Age,” Robin Berjon skilfully outlines the challenges and necessities of digital sovereignty. This article builds on his foundation, delving deeper into nuanced facets of digital sovereignty and highlighting …
CyAN is proud to announce our role as a Community Partner for the following prominent global cybersecurity and technology events. Mark your calendars! Supply Chain Cyber Security Summit (SCCS) 9–11 April 2025 | Lisbon, Portugal CyAN board member Bharat Raigangar will be speaking at this …
Dark Reading by Robert Lemos
As geopolitical tensions escalate, the US has notably reduced its efforts to combat disinformation, especially from key adversaries like Russia and China. This rollback occurs despite increasing efforts by these nations to spread misinformation aimed at influencing global politics and US public opinion. Security analysts express concerns that diminishing these critical defences could significantly heighten vulnerabilities to foreign interference, potentially impacting election security and undermining public trust in democratic processes. The implications of these changes are profound, prompting debates on the balance between freedom and security in the digital age.
Read more
Dark Reading by Alexander Culafi
Security researchers have uncovered a sophisticated cyber-espionage campaign by the China-nexus advanced persistent threat (APT) group known as ‘Weaver Ant.’ The group has been deploying web shells across multiple victim networks globally for several years, exploiting vulnerabilities to gain persistent access and exfiltrate sensitive data. This prolonged infiltration highlights significant weaknesses in current cybersecurity defences and underscores the challenges of detecting and mitigating APT activities. The campaign’s complexity and stealth demonstrate the evolving sophistication of state-sponsored cyber actors and the continuous arms race in global cybersecurity.
Read more
BleepingComputer by Sergiu Gatlan
In a significant crackdown on cybercrime, police forces across multiple countries have arrested over 300 individuals connected to extensive African cybercrime syndicates. These groups have been involved in various fraudulent schemes, including phishing, romance scams, and advanced fee fraud, causing substantial financial losses worldwide. This coordinated operation showcases the growing international collaboration in combating cyber threats and highlights the increasing sophistication of cybercriminal networks in Africa. The arrests not only disrupt ongoing operations but also serve as a deterrent to the wider cybercriminal community, emphasising the global reach and consequences of law enforcement against online crime.
Read more
SecurityWeek by Ryan Naraine
The National Institute of Standards and Technology (NIST) is facing ongoing challenges in managing a significant backlog of vulnerability submissions in its National Vulnerability Database (NVD). This delay in processing and cataloguing vulnerabilities poses a risk to cybersecurity as unaddressed vulnerabilities remain exploitable for longer periods. The backlog has been attributed to a surge in reported vulnerabilities and resource constraints. This situation underscores the critical need for improved processes and additional resources to ensure timely updates to the NVD, which is essential for maintaining up-to-date security postures across industries.
Read more
BleepingComputer by Bill Toulas
In a significant security enhancement, Cloudflare has announced that it will now block all unencrypted traffic to its API endpoints, mandating HTTPS for all connections. This move aims to bolster the security of data in transit, preventing interception and manipulation by malicious actors. By enforcing encrypted communications, Cloudflare enhances the overall security framework for its users and sets a higher standard for API security practices across the tech industry. This change reflects the growing emphasis on encryption as a fundamental aspect of cybersecurity in an increasingly interconnected digital landscape.
Read more
Wired by Matt Burgess
Amidst escalating tensions over data sovereignty, European countries are increasingly wary of relying on U.S.-based cloud service providers. This shift in sentiment is largely driven by recent aggressive stances taken by the Trump administration, which have intensified concerns about data privacy and cross-border data flows. European regulators and businesses are now pushing for greater use of local cloud services to ensure data protection and compliance with stringent EU regulations. This growing distrust could reshape the global cloud services market, driving innovation and investment in European cloud infrastructure as an alternative to U.S. giants.
Read more
The Hacker News by Ravi Lakshmanan
Developers and security teams are on high alert following the discovery of a critical vulnerability in Next.js, a popular web development framework. This security flaw allows attackers to bypass middleware authorisation checks, potentially enabling unauthorised access to sensitive data and functions. The vulnerability, identified as highly severe, affects multiple versions of the framework and poses a significant risk to applications built on Next.js. Immediate updates and patches have been released to address this issue, urging developers to upgrade their systems without delay to safeguard against potential exploits.
Read more
Security Affairs by Pierluigi Paganini
The FBI has issued a warning about the risks associated with free online document converters, which have become a vector for distributing malware. Cybercriminals are exploiting these platforms to embed malicious software into seemingly benign documents, leading to data theft, system compromise, and ransomware infections. Users are advised to exercise caution and verify the security of any online converter used. This advisory underscores the importance of cybersecurity awareness and the need for robust protective measures when using online tools. Read more
itNews
In a surprising move, the Chinese government has issued guidelines suggesting that facial recognition technology should not be imposed on individuals without consent. This statement marks a significant shift in policy in a country known for its widespread use of surveillance technologies. The new guidelines aim to address growing public concerns about privacy and personal freedoms, reflecting a broader debate on the ethical use of technology in society. However, the implementation and enforcement of these guidelines remain to be seen, as they contrast with the extensive state surveillance practices currently in place.
Read more
InnovationAus by Justin Hendry
The Australian Federal Police (AFP) is leveraging new encryption laws to compel tech companies to provide technical assistance in criminal investigations. These powers enable the AFP to bypass encryption, facilitating access to data that could be crucial in solving cases. While intended to enhance law enforcement capabilities, this use of power raises significant privacy and security concerns among civil liberties groups and the tech community, who argue it could undermine the security of digital communications and infringe on individual rights.
Read more
itNews by Eleanor Dickinson
In a proactive step towards enhancing digital security, Service NSW has announced that it will mandate multifactor authentication (MFA) for all its services by 2026. This initiative aims to strengthen protection against cyber threats and identity theft, requiring users to verify their identity through multiple verification methods before accessing services. The move reflects an increasing trend among government agencies to adopt stricter security measures to safeguard sensitive information and user data, aligning with global best practices in cybersecurity.
Read more
The Observer by Shanti Das
In response to the growing issue of ‘revenge porn,’ prosecutors are being urged to take stronger actions to remove illicit images from circulation and penalise perpetrators more severely. This push for tougher enforcement comes amid reports of increasing incidents where private images are distributed without consent, causing significant distress to victims. Legal experts and advocacy groups emphasise the need for robust legal frameworks that not only prevent the initial sharing of such images but also swiftly remove them from all digital platforms. These efforts are part of a broader movement to protect individuals’ privacy and dignity in the digital age, ensuring that abusers face significant legal consequences for their actions.
Read more
Security Affairs by Pierluigi Paganini
The U.S. Treasury has lifted sanctions on Tornado Cash, a prominent cryptocurrency mixer, reversing a previous decision that had broadly impacted the crypto community. This move comes after extensive discussions about the role of privacy in financial transactions and the legitimate uses of crypto mixing services. Tornado Cash was initially sanctioned due to concerns over money laundering and other illicit activities. The reversal highlights the complex balance regulators seek between preventing financial crimes and supporting technological and financial innovation. The decision has been met with relief in the cryptocurrency sector, which advocates for stronger privacy protections for legitimate users while acknowledging the need for oversight to prevent abuses.
Read more
BleepingComputer by Lawrence Abrams
Cybersecurity researchers have uncovered a troubling misuse of Microsoft’s Trusted Signing service, where attackers have successfully code-signed malware, lending it an appearance of legitimacy. This abuse poses significant risks, as signed software is generally trusted by operating systems and security software. The incident reveals vulnerabilities in the digital signing process and raises questions about the reliability of security measures that depend heavily on certificates and signatures. Microsoft is investigating the issue and working on strengthening its verification processes to prevent similar breaches in the future.
Read more
Security Affairs by Pierluigi Paganini
Operation Zero, a prominent zero-day broker, has announced a bounty of up to $4 million for new exploits targeting the popular messaging app Telegram. This initiative reflects the high demand for vulnerabilities that can be used in cyber operations, emphasising the ongoing arms race in cybersecurity. The lucrative offer aims to attract skilled hackers and researchers to uncover previously unknown security flaws. Such bounties highlight the dual nature of the cybersecurity industry, where the discovery of vulnerabilities can either enhance security through patching or be exploited for malicious purposes, depending on who controls the information.
Read more
BleepingComputer by Lawrence Abrams
In a recent security incident, Coinbase, a leading cryptocurrency exchange, was identified as the primary target of breaches involving GitHub Actions. Attackers exploited GitHub’s continuous integration and delivery service to execute unauthorised actions and potentially access sensitive data. The breach highlights the vulnerabilities associated with third-party platforms and the importance of securing software development pipelines. Coinbase has responded by enhancing their security measures and collaborating with GitHub to address these vulnerabilities, aiming to prevent similar incidents in the future and protect user assets.
Read more
Dark Reading by Becky Bracken
The Cybersecurity and Infrastructure Security Agency (CISA) is currently grappling with internal challenges related to its red team operations, which are essential for testing and improving US cyber defences. This disarray has raised concerns about the effectiveness of national cybersecurity strategies, especially at a time when threats are increasingly sophisticated. The red team’s role in simulating attacks to expose vulnerabilities is critical, and any disruption in their activities could significantly impact the nation’s ability to detect and respond to real cyber threats. The situation underscores the need for robust and well-coordinated cybersecurity practices to safeguard national interests.
Read more
BleepingComputer by Sergiu Gatlan
Oracle has publicly refuted claims of a data breach after a hacker alleged the theft of 6 million records from their systems. The hacker’s claims, circulated widely online, suggested a significant security lapse. However, Oracle’s investigation found no evidence supporting these claims, asserting that their security measures remained intact. This incident highlights the challenges companies face in managing cybersecurity threats and the impact of false breach claims on reputation and trust. It also underscores the importance of rigorous security protocols and timely, transparent communication in maintaining stakeholder confidence.
Read more
Dark Reading by Nate Nelson
The sophisticated ‘Paragon’ spyware, linked to a nation-state actor, has been discovered targeting civil society organizations worldwide. This malware campaign is noted for its precision and stealth, designed to infiltrate systems and gather sensitive information without detection. The impact on civil society is profound, threatening the privacy and security of activists and non-governmental organizations engaged in sensitive or controversial work. The discovery of ‘Paragon’ underscores the growing trend of state-sponsored cyber espionage aimed at political manipulation and surveillance, raising serious concerns about digital security and human rights.
Read more
The Hacker News by Ravi Lakshmanan
The Medusa ransomware has evolved with a new tactic, using a malicious driver signed with stolen certificates to disable anti-malware software, enhancing its ability to infect systems undetected. This development represents a significant escalation in ransomware sophistication, as attackers now manipulate legitimate software validation mechanisms to bypass security. The use of stolen certificates complicates detection efforts, as it allows the malware to appear trustworthy to the system’s security protocols. This strategy underscores the necessity for enhanced vigilance and updated security measures to combat advanced ransomware threats.
Read more
Forbes by Davey Winder
The FBI has issued a critical alert urging users of email services and VPNs to activate two-factor authentication (2FA) immediately. This warning comes in response to a surge in cyber attacks targeting these services, exploiting weak or reused passwords. By implementing 2FA, users can significantly enhance their security, creating an additional barrier against unauthorised access. This precaution is particularly crucial as cybercriminals increasingly deploy sophisticated techniques to bypass traditional security measures. The FBI’s advisory highlights the ongoing need for robust cybersecurity practices to protect personal and organisational data.
Read more
Gov Exec by Chris Teale
A recent executive order by President Trump has shifted significant responsibility for responding to cyberattacks and natural disasters to state governments. This directive aims to enhance local readiness and response capabilities by empowering states with more autonomy and resources. However, it also challenges states to rapidly upscale their infrastructure and training programs to effectively manage these critical situations. The order reflects a strategic shift towards a more decentralised approach in managing emergencies, intending to foster quicker and more localised responses but also requiring significant coordination and support from federal agencies.
Read more
American Public Power Association by Paul Ciampoli
Advocacy groups are calling on Congress to extend the Cybersecurity Information Sharing Act’s expiration date, emphasising the importance of continued and enhanced public-private collaboration in cybersecurity efforts. The act facilitates the sharing of cybersecurity threat information between the government and private sector, playing a crucial role in pre-emptive threat detection and response. Supporters argue that extending the act is vital for maintaining a robust defence against increasingly sophisticated cyber threats, ensuring that both sectors can rapidly exchange information and coordinate responses effectively.
Read more
Wired by Vittoria Elliott
The Trump administration has proposed integrating blockchain technology into the operations of USAID, the U.S. agency responsible for foreign aid. The initiative aims to increase transparency, reduce corruption, and improve accountability in aid distribution. By using blockchain’s decentralised ledger system, the administration hopes to track aid flows more accurately and ensure that funds reach their intended recipients. While the idea has garnered interest for its potential efficiency, critics warn of challenges including technical complexity, data privacy, and the risk of excluding communities with limited digital access.
Read more
Dark Reading by Apu Pavithran
The Middle East’s rapid digitisation efforts are raising concerns about potential vulnerabilities in critical infrastructure. This technological push aims to boost economic growth and modernise various sectors, but it also exposes these systems to cyber threats. Experts warn that without robust cybersecurity measures, the region’s infrastructure could be at risk of cyberattacks that disrupt essential services. The article emphasises the need for comprehensive security strategies to safeguard these vital systems as they become increasingly interconnected and reliant on digital technologies.
Read more
Wired by Amit Catwalk
Imagine a world where today’s encryption crumbles in seconds—this is the looming threat posed by quantum computing. Often called the ‘quantum apocalypse,’ the scenario envisions a future where critical infrastructure, financial systems, and private communications are laid bare. The article explores how quantum advancements could dismantle current cryptographic defences, sparking urgent investment in quantum-resistant technologies. With adversaries already developing quantum capabilities, the race is on to secure digital systems before quantum breakthroughs force a global reckoning in cybersecurity.
Read more
PrivID (Substack)
This analysis explores the geopolitical and cybersecurity implications of the ongoing conflict in Ukraine, arguing for stronger support from Canada and the European Union. The piece highlights how the conflict has not only regional but global cybersecurity ramifications, emphasising the need for collective action to counter threats and bolster security frameworks. The author argues that supporting Ukraine is pivotal not just for regional stability but also as a stand against cyber aggression that could set precedents affecting global norms and cybersecurity policies. The call for collaborative support from Canada and the EU reflects a broader strategy to enhance resilience against cyber threats and ensure a coordinated response to international security challenges.
Read more
Bellingcat by Connor Plunkett, Peter Barth and Beau Donelly
Digital footprints don’t just expose everyday over-sharers—they’re now unravelling global crime networks. This investigation tracks the online activity of an alleged Kinahan cartel associate, revealing how open-source intelligence (OSINT) tools can map relationships, locations, and movements with remarkable precision. The piece highlights how social media and digital platforms, once seen as neutral ground, have become both tools of the trade for criminals and goldmines for law enforcement. As the boundaries between digital life and real-world crime blur, the role of OSINT in modern policing is becoming impossible to ignore.
Read more
The Human Factor: Redefining Cybersecurity In The Age Of AI
Forbes by Tony Bradley
As AI transforms cybersecurity, the human element is proving more essential—not less. While machine learning brings speed, scale, and automation to threat detection, it lacks the nuance, ethics, and context-driven reasoning that human judgment provides. This piece explores how people remain both a vulnerability and a vital line of defence, particularly in high-stakes decision-making. It calls for sustained investment in human capability—through training, adaptability, and oversight—to ensure AI augments rather than replaces skilled professionals. In an age of automation, resilient cyber defence still begins with people.
Read more
International Monetary Fund by Rangachary Ravikumar
What’s standing between nations and stronger cyber resilience? A recent IMF survey offers clues, revealing persistent gaps in protecting critical infrastructure and inconsistencies in how countries approach cybersecurity. The findings point to the urgent need for greater international cooperation, clearer standards, and the sharing of best practices. With threats growing in speed and scale, the piece argues that no single country can go it alone—collective defence is now essential. Investment in capacity-building, policy alignment, and cross-border collaboration will be key to staying ahead of an increasingly complex threat landscape.
Read more
Fel Gayanilo
When it comes to measuring risk, not all cybersecurity metrics are created equal. Fel breaks down the roles of CVE, CVSS, and EPSS, examining how each contributes to a security team’s understanding of vulnerabilities. While CVE identifies flaws and CVSS scores their severity, EPSS stands out for its predictive power—estimating the likelihood a vulnerability will actually be exploited. Fel’s analysis calls for a shift toward more dynamic, intelligence-led security strategies that prioritise risk by likelihood, not just theoretical impact—enabling teams to stay ahead of the curve, not just react to it. As threat actors move faster and exploit windows shrink, timing is everything. Metrics that help security teams prioritise what will be attacked—rather than what could be—are quickly becoming essential.
Read more
Nick Kelly
Few places are leaning into cybersecurity innovation quite like Singapore. With government support, a booming startup ecosystem, and growing international collaboration, the city-state is fast becoming a regional powerhouse. As momentum builds ahead of Black Hat Asia 2025, Nick reflects on Singapore’s strategic role in shaping cybersecurity conversations across the Asia-Pacific. From policy to practice, the event promises to showcase both local leadership and global expertise—reinforcing CyAN’s commitment to community, knowledge sharing, and advancing security on a global scale. The energy is palpable, and the opportunities for cross-border learning and partnership are vast. If Singapore is any indication, the future of cybersecurity will be as collaborative as it is cutting-edge.
Read more
Information Security News Judge blocks Elon Musk’s Doge from accessing social security records The Guardian by Guardian Staff & AgenciesA federal judge has issued a restraining order preventing Elon Musk’s Department of Government Efficiency (Doge) from accessing Social Security Administration (SSA) records, citing privacy concerns …
The European Union’s Digital Markets Act (DMA) is setting the stage for significant changes in the tech landscape, particularly for companies like Apple, known for their tightly controlled ecosystems. While the DMA aims to enhance competition and consumer choice by opening up platforms like iOS to third-party app stores and facilitating app sideloading—where users can install apps from sources other than the official App Store—these changes introduce serious cybersecurity concerns. In this article, I delve deep into the potential risks associated with malware distribution and the challenges to maintaining end-to-end encryption integrity.
Under the DMA, Apple will need to allow third-party app stores and the sideloading of apps—practices previously prohibited under its stringent security model. This move fundamentally alters the security dynamics of iOS devices, historically insulated from many cyber threats by Apple’s rigorous app vetting process.
With third-party app stores, the gatekeeping role diminishes, potentially making room for malicious actors to exploit newfound vulnerabilities. The primary concern here is malware, which could be more easily distributed through less-regulated app stores or deceptive sideloading scenarios. Such changes could see iOS users facing threats similar to those on more open platforms, where malware infections are significantly more common.
Another critical concern is the DMA’s requirement for messaging service interoperability, which could compromise the secure, End-to-End Encrypted (E2EE) communication channels platforms like iMessage currently offer. The mandate to allow cross-platform messaging challenges the very foundation of E2EE, potentially requiring decryption and re-encryption processes that could introduce vulnerabilities. This not only jeopardises user privacy but also exposes them to risks of interception and data breaches. Ensuring that messages remain secure across different messaging platforms, without introducing backdoors or weaknesses, is a formidable technical challenge that has yet to be fully addressed.
In response to these risks, Apple plans to implement several security measures, such as notarising apps distributed outside the App Store and requiring developers to register with Apple to run third-party app stores. However, these measures may not fully replicate the security levels currently provided by the App Store’s ecosystem.
The notarisation process, while helpful, might not catch all forms of malware, especially sophisticated ones designed to bypass such checks. Additionally, the effectiveness of these countermeasures depends significantly on my awareness and the vigilance of third-party store operators.
The opening of Apple’s ecosystem under the DMA guidelines presents a dual-edged sword: it promotes competition and innovation but also significantly raises the stakes for digital security.
What does this mean for Apple customers? Without doubt, we will need to be more discerning about where we download our apps from, potentially adjusting to a new reality where app source verification becomes a routine necessity. For businesses, particularly small app developers, the changes could provide an opportunity to reach consumers directly but also require them to invest more heavily in security measures to protect their apps and maintain user trust.
As the DMA begins to reshape the digital market, our attention must sharpen around the security implications for end-users. The trade-offs between increased competition and potential security lapses are not trivial—especially in an era where data breaches and cybersecurity threats are increasingly sophisticated. Ensuring that consumer protection remains a priority is essential as we navigate this new regulatory environment.
I invite you to share your views and concerns in the comments below as we consider the future of digital security and privacy in a post-DMA world.
Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions.
She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.
The Psychological Impacts of Cyberattacks This is the second episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack. What I will call the “Heroes” Which role within a …
