Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.

Malicious Vite npm Packages Exploit Blockchain C2 for RAT Delivery
Security researchers have uncovered a sneaky campaign, dubbed ViteVenom, involving seven malicious npm packages that target Vite developers, executing malicious code as soon as they're imported. These packages, published in a matter of days, may have modest download counts, but their stealthy nature raises major red flags for the supply-chain community.

OpenSSL Servers Vulnerable to Memory-Bloating DDoS Attacks
Beware: a simple 11-byte malicious input can cripple OpenSSL servers with a devastating DDoS attack, leaving them permanently bloated and vulnerable. This sneaky exploit, dubbed HollowByte, takes advantage of a weakness in OpenSSL's TLS handshake to drain server resources.

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates
In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials
Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

ARES Shipyard Unveils Large Container-Rated Catamaran USV Design
Meet the game-changing catamaran USV design from ARES Shipyard, a 22.5-metre vessel capable of carrying a single 40 ft shipping container, revolutionizing unmanned surface vessel capabilities. This innovative design boasts a spacious flatbed section, offering a significant upgrade from ARES's existing ULAQ family.

Pentagon Secures Multiyear Deals for Low-Cost Cruise Missiles
The Pentagon has sealed the deal with three suppliers - Anduril Industries, CoAspire, and Zone 5 Technologies - for low-cost cruise missiles, setting the stage for a modern arsenal. This multiyear agreement paves the way for affordable mass production of missiles.

UK Sentences Scattered Spider Members to 66 Months for Cyberattacks
In a major cybercrime crackdown, two young men have been sentenced to 66 months in jail for their role in a 2024 cyberattack that crippled Transport for London's network operations. Thalha Jubair and Owen Flowers were arrested and pleaded guilty, marking a significant win for the UK's National Crime Agency after nearly two years of investigation.

EDGE Group Expands Aerospace Footprint with Akaer Acquisition
EDGE Group is taking its aerospace ambitions to new heights with the acquisition of Akaer, a Brazilian engineering powerhouse, bringing unparalleled expertise to the table. This game-changing deal is set to supercharge EDGE's capabilities, with Akaer's impressive engineering footprint and program history poised to make a lasting impact.

Turing's Voice Encryption System Uncovered in Wartime Papers
A treasure trove of wartime papers, known as the "Bayley papers," has surfaced in London, selling for nearly $500,000 and revealing groundbreaking details about Alan Turing's pioneering voice encryption system. This long-hidden collection has finally been transferred into the public sphere, offering historians and technologists a fascinating glimpse into Turing's secret work.

Declassified Intel Reveals China's Voter Data Collection
Newly declassified intel reveals a shocking truth: China has collected and analyzed over 200 million US voter records, putting sensitive information at risk of being bought, hacked, or exploited. President Trump has vowed to take swift action to protect voter data and prevent future threats to election integrity.

Trump Escalates Claims of Election Compromise Despite Debunked Evidence
The White House touted a prime-time speech as proof of foreign interference and widespread voter irregularities, but it fell flat, with critics calling it a dud. Despite claims of a bombshell, the declassified documents so far have failed to validate allegations of election compromise.

AI Spam Filters Vulnerable to Text Salting Attacks
Over 1 million retail-themed phishing emails have been detected using a sneaky technique called text salting to evade AI spam filters since April. This clever trick hides harmless words in malicious messages, fooling automated scanners but not the human eye.

China Builds Massive Supply Ship for Carrier Groups
China is building a massive supply ship that has caught the world's attention, particularly in the US, as it signals a new era of maritime power. This hulking vessel, rising from the shipyard on Longxue Island, is set to support China's carrier groups and challenge traditional naval dominance.

Southeast Asia Accelerates Military Modernization Amid Geopolitical Tensions
Southeast Asia is rapidly upgrading its military arsenal, with Indonesia leading the charge with major deals, including the purchase of 42 Rafale fighter jets from France and talks to acquire South Korea's KF-21 Boramae fighters. The region's defense modernization is gaining momentum and shows no signs of slowing down.

Pakistan Air Force Weighs J-35, Kızılelma as F-16 Alternatives
Baykar's Kızılelma UCAV just hit a major milestone, successfully test-firing a Roketsan JET-230 air-launched ballistic missile, further cementing its status as a cutting-edge, strike-capable drone. This latest achievement builds on last year's groundbreaking radar-guided air-to-air missile launch from the same platform.

Siemens ROX II Zero-Days Expose Critical Infrastructure Risks
Our research team, in close collaboration with Siemens, uncovered a critical vulnerability chain of three zero-day exploits in Siemens ROX II operational-technology switches, posing significant risks to critical infrastructure security. This chained exploit could allow attackers to escalate from basic reconnaissance to full root-level control.

Australia Wrestles with Sovereign AI Capability Plan
Australia is taking a bold step towards tech independence, with Prime Minister Anthony Albanese vowing to turn the country into a hub for large-scale AI training and cement its sovereignty in the field. By hosting cutting-edge AI data centres, Australia aims to break free from reliance on foreign tech and secure its economic resilience.

23andMe Agrees to $18m Settlement, New Data Security Mandates
After cracking down on 23andMe's lax security measures, a coalition of 42 US attorneys general, led by New York Attorney General Letitia James, has secured an $18 million settlement and binding data-protection commitments to safeguard customer information. This move comes after a 2023 data breach put millions of 23andMe customers at risk of having their personal info exposed.

Ernst & Young Exposes Client Data in Third-Party Support System Hack
Ernst & Young suffered a data breach when hackers accessed a third-party support system, downloading sensitive client documents between March 28 and April 12. The breach was detected on April 23, prompting the company to alert affected clients and notify authorities.

Ransomware Targets Government Agencies Daily, Study Reveals
Government agencies are under attack, with ransomware hitting a staggering 187 organizations in just six months - that's one body disrupted every single day, on average. This alarming trend is up 13% from the previous half-year, leaving public services vulnerable and citizens at risk.

North Korean Hackers Exploit Coding Tests with Steganography-Laced Malware
North Korean hackers are targeting software developers with a sneaky malware attack, hiding steganography-laced payloads in coding tests to steal sensitive data and cryptocurrency. This latest campaign, tracked as REF9403, is just another example of the DPRK's relentless pursuit of valuable information.

Carders Seek 'Clean' Residential Proxies to Evade Fraud Controls
Criminals are on the hunt for so-called "clean" residential proxies, a new classification that's emerged in the underground world of payment fraud and carding. These proxies are prized for their spotless usage history, making them harder to detect and allowing scammers to evade fraud controls.

US Misidentifies Russian Hacker in Extradition Bid
A Russian man named Aleksandr Ermakov has been wrongly detained in an Armenian jail on a US extradition request, with his lawyers claiming he is not the REvil ransomware suspect the US is actually after. His family and lawyers are now racing against time to clear his name and prevent his deportation to the US.

Military Autonomy Spurs Race for Trusted Information Infrastructure
The future of military capability hinges on a robust trusted information infrastructure that seamlessly connects autonomous systems, enabling secure and efficient data exchange. This backbone of innovation is now driving Western defense plans and funding.