Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
China-Linked UAT-8302 Exploits Shared Malware to Target Global Governments
Meet UAT-8302, a sophisticated China-linked threat group that's been secretly targeting governments worldwide, deploying custom malware to infiltrate and gather intel. Its recent attacks have hit government entities in South America and southeastern Europe, raising global cybersecurity concerns.
Stalkerware Breach Exposes Risks for Executives
A shocking stalkerware breach has exposed a treasure trove of sensitive information, including 86,859 images - seemingly screenshots from a single victim's device - used to secretly stalk a high-profile European entrepreneur and media personality. The alarming leak highlights the very real risks executives face in the digital age.
ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering
Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.
CISA Warns of Active Exploits of Linux 'CopyFail' Flaw
A newly disclosed Linux kernel vulnerability, dubbed "CopyFail," is being actively exploited, allowing low-privilege users to gain full root control on unpatched systems with a single, unmodified exploit binary. This alarming flaw, tracked as CVE-2026-31431, has sparked emergency patching efforts to prevent widespread attacks.
FTC Bars Kochava from Selling Location Data Without Consent
The Federal Trade Commission is taking a stand against Kochava, proposing an order that would require the company to obtain explicit consent from Americans before selling their precise location data, and only use it for services they directly requested. This move aims to put an end to the sale of sensitive location information without users' knowledge or consent.
CVE Feeds Overlook End-of-Life Software Vulnerabilities
The blind spot in CVE feeds is leaving end-of-life software vulnerabilities flying under the radar, with a staggering 167,286 false negatives identified in 2025 alone. This oversight can have serious consequences, as outdated software can still be exploited, even if it's no longer receiving patches.
Cushman & Wakefield Discloses Vishing Incident Amid Dual Ransomware Threats
Cushman & Wakefield recently fell victim to a vishing incident, but swift action was taken to contain the breach and protect its systems. The company has confirmed that its operations remain normal and it's working closely with experts to investigate and respond to the incident.
Phishing Campaign Exploits Signed RMM Software to Plant Persistent Backdoors
A long-running phishing campaign has compromised over 80 US organizations by using legitimately signed remote monitoring software to install silent, persistent backdoors, according to Securonix research. The attack begins with a clever email impersonating the US Social Security Administration, tricking victims into downloading malicious payloads.
MetInfo CMS Flaw Exploited for Remote Code Execution Attacks
A critical flaw in the MetInfo content management system, CVE-2026-29014, allows remote attackers to execute arbitrary code with a CVSS score of 9.8, putting your site at risk of full takeover. This unauthenticated PHP code-injection vulnerability affects versions 7.9, 8.0, and 8.1, and can be exploited with crafted requests containing malicious PHP code.
Vimeo Breach Exposes 119,000 in Data Heist by ShinyHunters Gang
A recent data breach at Vimeo exposed the email addresses and names of over 119,000 users, thanks to a hack by the notorious ShinyHunters extortion gang, which gained access through a vulnerability at data anomaly detection company Anodot. The breach highlights the importance of securing third-party integrations to protect sensitive user data.
Vimeo Breach Exposes 119,000 Email Addresses
A data breach at Vimeo has compromised the email addresses of over 119,000 users, with hackers also accessing some metadata and technical data from a third-party analytics vendor. Fortunately, no video content, login credentials, or payment card information was stolen.
OAuth Grants Expose Hidden Attack Vector in Enterprise Workspaces
Unmanaged OAuth grants are a ticking time bomb in enterprise workspaces, with 80% of security leaders recognizing them as a critical or significant risk. A recent attack by threat actor UNC6395 exploited valid OAuth refresh tokens to breach Salesforce environments of over 700 organizations, highlighting the devastating consequences of neglecting OAuth security.
Romance Scammers Rake in £102M Through Emotional Manipulation
Romance scammers exploited the trust of unsuspecting victims to pocket a staggering £102 million in 2025, with the average person losing around £9,500 in these emotionally manipulative scams. This heart-wrenching trend saw a 29% surge in reported cases, with £280,000 lost daily.
Google Boosts Bounty Payouts for Elusive Android Exploits
Google just supercharged its bounty program, offering up to $1.5 million for the most elusive Android exploits that require top-notch technical skills to pull off. The biggest prizes go to zero-click, full-chain exploits with persistence, highlighting Google's focus on tackling the toughest security challenges.
AI Infrastructure Exposes Widespread Security Gaps
A staggering 2 million hosts and 1 million exposed services were uncovered through a simple scan of certificate transparency logs, revealing alarming security gaps in AI infrastructure. The findings painted a concerning picture: most AI projects lack even basic authentication, leaving them vulnerable to exploitation.
AI Adoption Outpaces Security Policies, Heightens Cyber Risk
Most organizations are already using AI tools, with 90% of digital trust professionals confirming employees are leveraging them, yet only 38% have a comprehensive policy in place to manage the risks. This disconnect leaves a staggering 25% of organizations with no AI policy at all, heightening cyber risk.
CloudZ Malware Exploits Microsoft Phone Link to Harvest SMS and OTPs
Beware: CloudZ malware is exploiting Microsoft's Phone Link feature to intercept SMS and OTPs, putting your sensitive info at risk. This sneaky attack uses a plugin called Pheno to tap into your Phone Link activity and steal your private messages.
NCSC Warns of Impending AI-Driven Patch Surge
Get ready for a surge of software updates, warns the National Cyber Security Centre's CTO, as AI-driven patching is set to uncover and fix long-standing vulnerabilities across your tech stack. Prioritise your external attack surfaces and prepare for a "patch wave" to stay ahead of the threat.
Karakurt Ransomware Operative Sentenced for Extortion Role
Meet Deniss Zolotarjovs, a Latvian national who helped his ransomware gang extort dozens of companies - and even a government entity with a crippled 911 system - by leveraging stolen sensitive data, including children's health information. He's now facing 8.5 years in prison for his role in the Karakurt extortion operation.
NHS Moves to Close-Source GitHub Repos Citing AI Security Risks
The NHS is taking steps to boost security by moving its public GitHub repositories to private access by May 11, amid concerns that AI-powered code analysis could be exploited to uncover sensitive information. This temporary measure aims to prevent unintended disclosure of source code and other critical details.
ScarCruft Expands Malware Arsenal with Multi-Platform BirdCall Backdoor
ScarCruft hackers have launched a sneaky attack on a popular video game platform, infecting both Windows and Android users with a new backdoor called BirdCall. The multi-platform threat has been targeting ethnic Koreans in China since late 2024, allowing hackers to gain unauthorized access.
North Korean Hackers Infiltrate Android Games to Spy on Defectors
Security researchers at Eset stumbled upon a sneaky plot by North Korean hackers, who infiltrated popular Android games to spy on defectors by hiding a backdoor called BirdCall in the apps. The malicious code was cleverly disguised in game files available for download on a regional gaming platform's official website.
ScarCruft hackers deploy BirdCall malware via gaming platform.
North Korean hackers APT37, also known as ScarCruft, have cleverly expanded their BirdCall malware to target Android devices, adapting their Windows backdoor to spy on mobile users. They even used a popular gaming platform to sneak the malware onto unsuspecting devices.
Microsoft's GitHub troubles expose neglect
Microsoft's recent GitHub troubles have raised red flags about the platform's reliability, sparking concerns among developers, educators, and organisations that rely on it. This comes at a time when Microsoft is pushing users towards paid services and aggressively integrating AI offerings.