Skip to main content

Latest Analysis

Cybersecurity intelligence, threat analysis, and national security reporting.

Smart devices like TVs and streaming boxes scattered in a brightly-lit living room.

Google Disrupts NetNut Residential Proxy Network

Google's Threat Intelligence Group has disrupted NetNut, a massive residential proxy network controlling at least 2 million infected devices worldwide, including smart TVs and streaming boxes. This botnet, powered by trojanized apps and malicious software like Badbox 2.0, was used for cybercrime and espionage activities.

Analyst 207
Government officials gather around a large table in a modern, industrial-style workspace, planning and overseeing defense…

Australia's Defence Acquisition Shift Raises Stewardship Risks

The government's reform plan introduces a new, quasi-independent Defence Delivery Agency (DDA) tasked with not only delivering projects, but also taking charge of the long-term stewardship of Australia's sovereign defence industrial base. This bold move aims to ensure the nation's defence capabilities are secure and thriving for years to come.

Analyst 207
Royal Navy personnel stand near a kamikaze drone on a catapult launcher on a naval ship at sea.

Royal Navy Deploys Kamikaze Drone at Sea

The Royal Navy is revolutionizing its fleet with cutting-edge drones, marking a major step towards a Hybrid Navy. Britain's commitment to innovation is clear with the successful deployment of a kamikaze drone, known as the Nyan one-way effector, during Exercise Neptune Reach.

Analyst 207
Government office workspace with computer workstation hinting at cyberattack.

Armored Likho Exposes BusySnake Stealer Campaign

Meet Armored Likho, a sneaky group behind the BusySnake Stealer Campaign, which has already compromised government agencies and power companies in Russia, Kazakhstan, and Brazil. Their clever tactics start with targeted spear-phishing emails, often disguised as harmless attachments like psychological tests or aid applications.

Analyst 207
Scientist holds a small power cell device in a research facility with nuclear equipment in the background.

DARPA Targets Nuclear Waste for Long-Lasting Power Cells

Imagine a battery that can harness radiation to generate electricity for 30 years - a revolutionary concept that's now being developed by DARPA, with a working prototype expected by 2027. This game-changing technology, known as Long Lasting Power Cells, could provide a reliable and sustainable source of power for years to come.

Analyst 207
Developer workspace with laptop, monitor, and notes, overlooking cityscape through window.

North Korea-Linked npm Packages Target Developers with Stealthy Data Theft

Malicious npm packages, linked to North Korean threat actors, are impersonating popular tools to trick developers into handing over sensitive data. These sneaky packages masquerade as legitimate polyfill tools, making them hard to spot during a quick review.

Analyst 207
Dark industrial control room with a lone, open laptop on a metal console.

Armored Likho Exploits Global Targets with BusySnake Stealer

Meet Armored Likho, a sneaky threat actor who's been wreaking havoc globally, exploiting both private individuals and organizations, including government agencies and electric power sectors in Russia, Brazil, and Kazakhstan. With a blend of financially motivated attacks and targeted cyber espionage, Armored Likho is a force to be reckoned with.

Analyst 207
Brightly lit healthcare setting with paper files and computer screens.

AdaptHealth Breach Exposes Patient Data via Social Engineering Tactics

AdaptHealth recently fell victim to a data breach, where hackers used clever social engineering tactics to trick a third-party contractor into giving them access to sensitive patient information stored in the company's cloud environment. This alarming breach put a large volume of patient data at risk, prompting AdaptHealth to disclose the incident to the Securities and Exchange Commission.

Analyst 207
Modern office building exterior in a business district at daytime.

ARToken Phishing Platform Exposes EvilTokens' Microsoft 365 Toolkit

Cisco Talos researchers have uncovered a sophisticated phishing platform, ARToken, that offers a Microsoft 365 toolkit and goes far beyond traditional credential-harvesting pages, exposing over 80 API endpoints. This phishing-as-a-service operation is a game-changer in the world of cyber threats.

Analyst 207
Modern office buildings with subtle network infrastructure in foreground.

Qilin Consolidates Lead in Ransomware Market

Qilin is tightening its grip on the ransomware market, emerging as a leading player after a recent wave of consolidation, with an estimated 16% share of the cybercriminal market. This surge in power is a result of its technically mature infrastructure and strategic positioning in the ransomware-as-a-service (RaaS) market.

Analyst 207
Technicians investigate a large screen displaying a map of the internet in a network operations center with rows of servers…

Google and FBI dismantle 2-million device NetNut botnet

In a major win for cybersecurity, Google and the FBI have joined forces to dismantle the massive NetNut botnet, a network of 2 million devices used by cybercriminals and espionage groups to hide their malicious activities. This significant disruption is the latest in a series of efforts to take down tools used to conceal online threats.

Analyst 207
Cramped warehouse storage area with industrial computer equipment and tangled cables.

Ransomware Gang Exploits Supply Chain Attacks in New Partnership

Ransomware gangs are now operating like businesses, forming partnerships to supercharge their attacks - and a new alliance between Vect and TeamPCP is a prime example, combining massive credential theft with devastating ransomware-as-a-service operations. This unprecedented pairing puts organizations directly in the crosshairs.

Analyst 207
Home network setup with disrupted connections and erratic router lights.

FBI and Google Disrupt NetNut Proxy Network Used by Cyber Threat Actors

In a major win for cybersecurity, the FBI and Google have joined forces to dismantle the notorious NetNut proxy network, a go-to tool for cyber threat actors. This disruption has significantly reduced the network's capacity, cutting the available pool of devices by millions.

Analyst 207
Person sits at desk, looking concerned, holding phone with laptop and papers nearby.

Impostor Scams Expose Vulnerabilities, Cost $3.5B in 2025

Impostor scams are getting more sophisticated, with personalized attacks costing Americans a staggering $3.5 billion in 2025 - triple the losses since 2020. Social media platforms have become a primary channel for these scams, with $2.1 billion lost to online impostors alone.

Analyst 207
Cluttered home office workspace with Mac computer on desk displaying a blurred download page, with cityscape visible…

PamStealer Targets Mac Users with Fake Maccy Sites and PAM Checks

Researchers have uncovered PamStealer, a sneaky macOS information stealer that tricks users into downloading it from fake Maccy sites, and it can even slip past Apple's security measures. This clever malware uses a two-stage delivery method to steal sensitive info from unsuspecting Mac users.

Analyst 207
Systems administrator looks concerned at computer screen amidst technical equipment.

Error Message Misinterpretation Exposes False Hacking Claim

A simple pause and a couple of words can make all the difference - in this case, changing a supposedly sinister hacking claim into a straightforward hard disk failure. A vice president's misread error message, "General failure reading Drive C:", nearly sparked a security scare before Lee, a quick-thinking sysadmin, got to the bottom of it.

Analyst 207
Somber courthouse interior with global map in foreground.

China Expands Jurisdiction with New Law Targeting Overseas Critics

A new Chinese law that kicked in on July 1 can now label work done legally in Australia by journalists, analysts, and academics as a crime under Chinese law, sparking concerns about its global reach. This law allows China to pursue individuals outside its borders who are deemed to undermine its ethnic unity or promote division.

Analyst 207
Australian defence industry workers in safety gear near a sleek, partially-assembled military vehicle.

Australia's Defence Industry Drives Credible Deterrence Strategy

Defence Industry Minister Pat Conroy says growing Australia's self-reliance in defence is key to a credible deterrence strategy, but what does this really mean for the country's military power? Can a stronger domestic defence industry be the game-changer Australia needs to stay safe in uncertain times?

Analyst 207
Australian industrial facility with machinery and subtle national emblems.

Australia Unveils Defense Industry Overhaul to Bolster Sovereign Capabilities

Australia is taking a bold step towards securing its future with a groundbreaking overhaul of its defence industry, aimed at strengthening its sovereign capabilities and forging a deeper partnership with local businesses. The move is driven by a clear imperative: a robust Australian defence industrial base is crucial to national security.

Analyst 207
Nighttime scene of a military base with a spotlight on the fence and a vague, small, dark shape in the distance.

Russia Likely Conducted Covert Drone Campaign Over European Military Bases

The Kremlin may have secretly flown drones over a dozen European countries, including multiple US bases in England and a major air base in Germany, in a covert campaign that spanned over a year and a half. This shocking revelation raises serious concerns about European security and the reach of Russian espionage.

Analyst 207
Australian industrial facility with workers and machinery, conveying resilience and self-reliance.

Australia Needs Sovereign Fund to Bolster Defence Industry Depth

Australia's defence community has been sounding the alarm for nearly a decade: the country's industrial base is structurally weak and in urgent need of a boost to become more robust, resilient, and self-reliant. Despite consistent warnings, the issue remains unresolved - but a sovereign fund could be the key to bolstering defence industry depth.

Analyst 207
Laptop connected to external authenticator device in bright office setting.

WebAuthn Integration Breaches Windows RDP Security Gap

Prisma Browser's innovative team successfully integrated WebAuthn redirection into their RDP client, pioneering a secure solution that enables seamless authentication via local devices like YubiKey, Touch ID, or Windows Hello. This game-changing move closed a significant security gap in Windows RDP, paving the way for enhanced remote desktop security.

Analyst 207
A smartphone lies face down on a simple office desk surrounded by papers and a notebook, conveying vulnerability.

Pegasus Spyware Targets European Parliament Investigator

In a shocking twist, a member of the European Parliament's PEGA Committee, Stelios Kouloglou, was targeted with the notorious Pegasus spyware - the very same spyware his committee is investigating. This brazen move raises serious concerns about surveillance and accountability.

Analyst 207
Military aircraft component on workbench with industrial equipment in background.

Pentagon Struggles to Meet Weapons Delivery Timelines, GAO Warns

The Pentagon is facing a major challenge in delivering new military capabilities on time, with a staggering 12-year average delay in bringing vital projects to fruition, according to a damning new report from the Government Accountability Office. This alarming trend reveals a worrying pattern of slow progress and broken promises of rapid fielding.

Analyst 207