Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
Malware Campaigns Target Windows, Android Users in Global Finance Sector
Global finance sector faces a double threat as malware campaigns target Windows and Android users, with attackers using clever tactics like hiding in trusted traffic and selling mobile RATs as turnkey services. Two recent campaigns, one using Grandoreiro malware in Portugal, Spain, and Mexico, and another using a new BTMOB trojan in Brazil, highlight the evolving threat landscape.
Canada Pursues GlobalEye Aircraft in Talks with Saab
Canada is one step closer to bolstering its defense capabilities with talks underway with Saab to procure the advanced GlobalEye aircraft, a cutting-edge airborne early warning and control system. Saab has offered to not only supply the aircraft, but also to build, maintain, and upgrade it in Canada, fostering growth in the country's domestic defense industry.
Trump's Taiwan Call Risks Making Security Look Tradable
A single phone call between Donald Trump and Taiwan's leader Tsai Ing-wen in 2016 broke a decades-long silence, sparking debate about the future of US-Taiwan relations. Since then, the possibility of another call has raised questions about the value of security and the unofficial ties between the two nations.
CrowdStrike dismantles Glassworm botnet targeting open-source supply chain
In a major win for cybersecurity, CrowdStrike has successfully dismantled the notorious Glassworm botnet, crippling its ability to target the open-source supply chain. By taking down four key servers, CrowdStrike has forced the attackers to regroup and rebuild, buying time for the industry to stay one step ahead.
US Navy Rethinks Risk in Software Development for Edge Operations
The Department of the Navy is shaking up its approach to software development, redefining risk to deliver mission-critical data at breakneck speeds. By recalibrating its tolerance for risk, the Navy aims to accelerate the flow of vital information to where it's needed most, when it's needed most.
Nations Jockey for Drone Wingman Edge
Get ready to take to the skies with the latest buzz on loyal wingman drones, as experts dissect the past, present, and future of manned-unmanned teaming and how nations are vying for an edge in this game-changing tech. From industrial base issues to global approaches, a panel of top analysts weighs in on the rise of drone wingmen.
OPM Proposes Sweeping NDA Rule for Federal Employees
The Office of Personnel Management wants to shake up the way federal employees handle confidential information, proposing a new nondisclosure agreement rule that would require all employees to sign a pledge protecting internal agency details. If implemented, the rule could have far-reaching implications for whistleblowing and employee accountability.
FortiGuard Labs Exposes Sophisticated Phishing Campaign Targeting Windows Users
Beware of a sneaky phishing campaign that's targeting Windows users with a multi-stage attack chain, starting with a seemingly harmless email attachment that unleashes a powerful malware. This stealthy threat uses clever tactics like process hollowing to inject malicious code into trusted Windows processes.
FBI Warns Law Firms of In-Person Extortion Tactics by Silent Ransom Group
The FBI is sounding the alarm for US law firms, warning them of a growing threat from the Silent Ransom Group, which targets the legal industry for its highly sensitive data and uses in-person extortion tactics. This group has been linked to a string of incidents, and the FBI is urging law firms to be vigilant.
Cybersecurity Burnout Spurs Call for Risk-Based Response
Half of all cyber professionals are burning out weekly or daily - it's time for organizations to shift their approach and view burnout as a critical operational risk, rather than just a wellness issue. By reframing burnout in this way, businesses can prioritize effective solutions and safeguard their cyber resilience.
SOCs Shut Down Incident Risks with Proactive Threat Detection
Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.
CrowdStrike and Google Disrupt Glassworm Botnet Infrastructure
In a major win for cybersecurity, a powerful collaboration between CrowdStrike, Google, and the Shadowserver Foundation successfully dismantled the Glassworm botnet by simultaneously taking down all four of its command-and-control channels. This bold move cut off the botnet's operators from infected devices, preventing further malicious activity.
India's CERT-In Urges 12-Hour Patch Deadline for Exploited Vulnerabilities
CERT-In is urging organizations to act fast - patch, mitigate, or remove exposure to exploited vulnerabilities within 12 hours for internet-facing and high-priority systems. This strict deadline aims to minimize risk and protect critical assets from potential attacks.
Strengthening Active Directory Password Rules Without Frustrating Users
Want to boost your Active Directory password security without driving users crazy? Ditch outdated complexity rules and switch to passphrases - longer, multi-word passwords that are easier to remember and harder for hackers to crack.
Glassworm botnet disrupted by takedown of resilient C2 infrastructure
In a major win for cybersecurity, researchers from CrowdStrike, Google, and The Shadowserver Foundation have successfully disrupted the Glassworm botnet by dismantling its complex command-and-control infrastructure. This takedown cuts off the lifelines of the threat actors, halting their campaigns that had been ongoing since October 2025.
CrowdStrike Disrupts GlassWorm Malware's Global Supply Chain Attack Infrastructure
In a major win for cybersecurity, CrowdStrike teamed up with Google and the Shadowserver Foundation to dismantle the global infrastructure behind the GlassWorm malware attack, crippling its ability to issue commands or deliver new payloads to infected machines. This coordinated operation targeted and neutralized the malware's command-and-control channels, protecting software developers from further exploitation.
Researchers Warn of LLM Guardrail Vulnerability to Multi-Turn Manipulation
Beware: even the toughest-sounding safety guardrails on large language models can be easily bypassed by clever attackers who use multi-turn conversations to manipulate them. Cisco researchers found that none of the models they tested were completely safe from this type of exploitation.
Fraudsters Target World Cup Fans with 4300 Fake FIFA Domains
Scammers are gearing up to target FIFA World Cup fans with a massive network of over 4,300 fake domains, a recent analysis revealed. These fraudulent sites, linked to six distinct scams and four threat actors, are currently dormant but ready to be activated as the 2026 tournament approaches.
Security Researcher Exploits Flaw in Pretalx Conference Tool
A security researcher recently uncovered a vulnerability in pretalx, a popular conference tool, that could let hackers inject malicious code into an organizer's interface, putting sensitive data at risk. This flaw, known as a stored cross-site scripting vulnerability, could be triggered through simple search queries.
FBI Warns of In-Person Data Theft Attacks by Extortion Gang
The FBI has issued a warning about a sneaky new tactic used by the notorious Silent Ransom Group: showing up in person to steal sensitive data, after gaining trust through clever phishing and phone scams. This brazen approach combines remote access tricks with physical presence at victim sites, marking a chilling evolution in their extortion methods.
Gitea Flaw Exposes Private Container Images to Unauthenticated Attacks
A newly disclosed vulnerability in Gitea, tracked as CVE-2026-27771, allows unauthenticated attackers to access private container images, potentially exposing tens of thousands of deployments worldwide. This flaw lets anyone on the internet pull private images without needing an account, password, or credentials.
CISA Mandates Emergency Patch for Exploited cPanel Plugin Flaw
A critical vulnerability in the LiteSpeed cPanel plugin, known as CVE-2026-48172, is being actively exploited by remote attackers, allowing them to execute arbitrary scripts with root privileges. CISA has issued an emergency patch, giving affected users just four days to update and protect themselves.
UK Firms Bolster Cyber Defenses as AI Risks Mount
As uncertainty becomes the new normal, UK businesses are bolstering their cyber defenses, with 68% of leaders planning to boost cybersecurity investment over the next year. Despite this, many remain vulnerable, with fewer than three in 10 confident in their ability to respond to a major cyber incident.
Dutch Police Apprehends Suspect in Ajax Football Club Hack
Dutch police have arrested a 35-year-old man from Buren for repeatedly hacking into Ajax football club's computer systems, granting himself unauthorized access. The suspect's identity and motives are still under investigation.