Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.

Armored Likho Exploits Global Targets with BusySnake Stealer
Meet Armored Likho, a sneaky threat actor who's been wreaking havoc globally, exploiting both private individuals and organizations, including government agencies and electric power sectors in Russia, Brazil, and Kazakhstan. With a blend of financially motivated attacks and targeted cyber espionage, Armored Likho is a force to be reckoned with.

AdaptHealth Breach Exposes Patient Data via Social Engineering Tactics
AdaptHealth recently fell victim to a data breach, where hackers used clever social engineering tactics to trick a third-party contractor into giving them access to sensitive patient information stored in the company's cloud environment. This alarming breach put a large volume of patient data at risk, prompting AdaptHealth to disclose the incident to the Securities and Exchange Commission.

ARToken Phishing Platform Exposes EvilTokens' Microsoft 365 Toolkit
Cisco Talos researchers have uncovered a sophisticated phishing platform, ARToken, that offers a Microsoft 365 toolkit and goes far beyond traditional credential-harvesting pages, exposing over 80 API endpoints. This phishing-as-a-service operation is a game-changer in the world of cyber threats.

Qilin Consolidates Lead in Ransomware Market
Qilin is tightening its grip on the ransomware market, emerging as a leading player after a recent wave of consolidation, with an estimated 16% share of the cybercriminal market. This surge in power is a result of its technically mature infrastructure and strategic positioning in the ransomware-as-a-service (RaaS) market.

Google and FBI dismantle 2-million device NetNut botnet
In a major win for cybersecurity, Google and the FBI have joined forces to dismantle the massive NetNut botnet, a network of 2 million devices used by cybercriminals and espionage groups to hide their malicious activities. This significant disruption is the latest in a series of efforts to take down tools used to conceal online threats.

Ransomware Gang Exploits Supply Chain Attacks in New Partnership
Ransomware gangs are now operating like businesses, forming partnerships to supercharge their attacks - and a new alliance between Vect and TeamPCP is a prime example, combining massive credential theft with devastating ransomware-as-a-service operations. This unprecedented pairing puts organizations directly in the crosshairs.

FBI and Google Disrupt NetNut Proxy Network Used by Cyber Threat Actors
In a major win for cybersecurity, the FBI and Google have joined forces to dismantle the notorious NetNut proxy network, a go-to tool for cyber threat actors. This disruption has significantly reduced the network's capacity, cutting the available pool of devices by millions.

Impostor Scams Expose Vulnerabilities, Cost $3.5B in 2025
Impostor scams are getting more sophisticated, with personalized attacks costing Americans a staggering $3.5 billion in 2025 - triple the losses since 2020. Social media platforms have become a primary channel for these scams, with $2.1 billion lost to online impostors alone.

PamStealer Targets Mac Users with Fake Maccy Sites and PAM Checks
Researchers have uncovered PamStealer, a sneaky macOS information stealer that tricks users into downloading it from fake Maccy sites, and it can even slip past Apple's security measures. This clever malware uses a two-stage delivery method to steal sensitive info from unsuspecting Mac users.

Error Message Misinterpretation Exposes False Hacking Claim
A simple pause and a couple of words can make all the difference - in this case, changing a supposedly sinister hacking claim into a straightforward hard disk failure. A vice president's misread error message, "General failure reading Drive C:", nearly sparked a security scare before Lee, a quick-thinking sysadmin, got to the bottom of it.

China Expands Jurisdiction with New Law Targeting Overseas Critics
A new Chinese law that kicked in on July 1 can now label work done legally in Australia by journalists, analysts, and academics as a crime under Chinese law, sparking concerns about its global reach. This law allows China to pursue individuals outside its borders who are deemed to undermine its ethnic unity or promote division.

Australia's Defence Industry Drives Credible Deterrence Strategy
Defence Industry Minister Pat Conroy says growing Australia's self-reliance in defence is key to a credible deterrence strategy, but what does this really mean for the country's military power? Can a stronger domestic defence industry be the game-changer Australia needs to stay safe in uncertain times?

Australia Unveils Defense Industry Overhaul to Bolster Sovereign Capabilities
Australia is taking a bold step towards securing its future with a groundbreaking overhaul of its defence industry, aimed at strengthening its sovereign capabilities and forging a deeper partnership with local businesses. The move is driven by a clear imperative: a robust Australian defence industrial base is crucial to national security.

Russia Likely Conducted Covert Drone Campaign Over European Military Bases
The Kremlin may have secretly flown drones over a dozen European countries, including multiple US bases in England and a major air base in Germany, in a covert campaign that spanned over a year and a half. This shocking revelation raises serious concerns about European security and the reach of Russian espionage.

Australia Needs Sovereign Fund to Bolster Defence Industry Depth
Australia's defence community has been sounding the alarm for nearly a decade: the country's industrial base is structurally weak and in urgent need of a boost to become more robust, resilient, and self-reliant. Despite consistent warnings, the issue remains unresolved - but a sovereign fund could be the key to bolstering defence industry depth.

WebAuthn Integration Breaches Windows RDP Security Gap
Prisma Browser's innovative team successfully integrated WebAuthn redirection into their RDP client, pioneering a secure solution that enables seamless authentication via local devices like YubiKey, Touch ID, or Windows Hello. This game-changing move closed a significant security gap in Windows RDP, paving the way for enhanced remote desktop security.

Pegasus Spyware Targets European Parliament Investigator
In a shocking twist, a member of the European Parliament's PEGA Committee, Stelios Kouloglou, was targeted with the notorious Pegasus spyware - the very same spyware his committee is investigating. This brazen move raises serious concerns about surveillance and accountability.

Pentagon Struggles to Meet Weapons Delivery Timelines, GAO Warns
The Pentagon is facing a major challenge in delivering new military capabilities on time, with a staggering 12-year average delay in bringing vital projects to fruition, according to a damning new report from the Government Accountability Office. This alarming trend reveals a worrying pattern of slow progress and broken promises of rapid fielding.

China's Y-8 Transport Keeps Export Momentum with Price Advantage
Myanmar's airlift capabilities just got a boost with the delivery of two new Y-8F-200 transports, which will help shore up its fleet amid tight budgets and rough runways. With Western procurement channels closed, the affordable Y-8F-200 offers a practical solution for the Myanmar Air Force.

US Navy's 'Doomsday Plane' Program Delayed by Integration Risks
The US Navy's highly anticipated 'Doomsday Plane' program has hit a snag, with integration risks causing a significant delay - pushing back the low-rate initial production by about a year to April 2029. The setback is a reality check for a project that's become increasingly complex.

FBI Disrupts NetNut Proxy Platform Tied to Popa Botnet
In a major cybercrime crackdown, the FBI has seized hundreds of domains linked to NetNut, a residential proxy service allegedly tied to the massive Popa botnet, which controls at least two million devices. This disruption, made possible with the help of industry partners like Google and Lumen, marks a significant blow to the network's operations.

Cybersecurity Reframing Fuels Governance Risks
The growing trend of treating social and regulatory issues as cybersecurity threats is blurring the lines between policy debates and governance, with far-reaching consequences. From misinformation to child safety laws, an increasing array of problems are being reframed as cybersecurity risks, changing the way we approach governance and policy.

Anthropic Temporarily Restricts Fable 5 Access on Subscriptions
Big news for Fable 5 fans: Anthropic is temporarily sweetening the deal for subscription customers, now including access to its powerful model for up to 50% of weekly usage limits on Pro, Max, Team, and select Enterprise plans through July 7. After that, Fable 5 will be available à la carte via usage credits.

Anthropic's Claude Fable Relaunch Marred by Degraded Performance
Anthropic's relaunch of Claude Fable has hit a snag, with users reporting that new safety guardrails are kicking in too aggressively, causing the model to fall back to the older Opus 4.8 and limiting its performance. This development has left users frustrated, especially with usage caps and a forthcoming pay-to-play arrangement.