Tag: emerging threats
3120 articles
Ransomware Groups Clash in Turf War, Exposing Each Other's Operations
In a shocking display of cyber turf warfare, ransomware groups are clashing and exposing each other's operations, with one group, KryBit, firing back at 0APT with a defiant message. The online battle began when 0APT claimed to have taken down three rival groups, but its boasts only sparked a retaliatory strike.
Researchers Uncover 38 Flaws in OpenEMR Software
A security firm just uncovered 38 vulnerabilities in widely-used OpenEMR software, including two critical zero-day flaws that could have put sensitive healthcare data at risk - but thankfully, they've already been patched. The flaws were discovered using AI-driven analysis and have been fixed, safeguarding the data of around 100,000 healthcare providers worldwide.
Microsoft Phases Out Legacy TLS in Exchange Online
Microsoft is phasing out support for outdated TLS versions (TLS 1.0 and TLS 1.1) for POP3 and IMAP4 connections to Exchange Online, starting July 2026, to boost security. From then on, only TLS 1.2 or later will be accepted, making older connections obsolete.
Threat Actors Formalize Operational Security Playbook
Cybercrime players are now treating operational security as a sophisticated game-changer, and it's time for you to level up your security strategy beyond just using VPNs. A battle-tested three-tier infrastructure model has emerged, separating exposure, execution, and monetization to safeguard high-stakes operations.
China Hacker Extradited Over Silk Typhoon Cyber Attacks
In a major breakthrough, 34-year-old Chinese national Xu Zewei has been extradited to the US to face charges for his alleged role in the massive Silk Typhoon cyber attacks that hit over 12,700 US organizations. Xu appeared in a Houston federal court over the weekend, facing serious charges including wire fraud, unauthorized computer access, and identity theft.
Unpatched Flaw Exposes Hugging Face LeRobot to Remote Code Execution
A critical, unpatched vulnerability in Hugging Face's LeRobot platform, rated CVSS 9.3, allows hackers to remotely execute code by exploiting Python's insecure pickle format, putting users at risk of devastating attacks. This flaw enables unauthenticated attackers to gain control by deserializing malicious data sent over unsecured channels.
AI Accelerates Exploits, Forces New Breach Playbooks
The game-changing capabilities of AI models like Anthropic's Claude Mythos have drastically shrunk the exploit window, allowing them to uncover vulnerabilities in minutes that would take human experts weeks or even hours to detect. This seismic shift is forcing organizations to rethink their approach to vulnerability management and incident response.
SUSE's European Sovereignty Pitch Tested by $6 Billion Sale Talks
SUSE's pitch for European digital sovereignty is being put to the test as its majority stakeholder, EQT, explores a potential $6 billion sale that could see the Linux vendor fall under US ownership. This development creates an intriguing contradiction for a company that's deeply rooted in European values.
Microsoft Warns of Flawed Remote Desktop Security Alerts
Microsoft warns that Remote Desktop security alerts may not display correctly, causing overlapping text and misplaced buttons that can make it difficult to interact with the dialog. This issue affects all supported Windows releases that received the April 2026 cumulative updates.
Scattered Spider Targets Global Firms with Identity-Driven Attacks
Scattered Spider is on the prowl, launching identity-driven attacks on major global firms across various industries, from retail and hospitality to telecom, insurance, and airlines. Get insider expert advice from Dr. Torsten George on how to outsmart this sophisticated cybercrime collective.
China's Silk Typhoon Hacker Extradited to US Over COVID Cyberattacks
A Chinese hacker, Xu Zewei, has been extradited to the US from Italy for masterminding a series of devastating cyberattacks on US universities, immunologists, and virologists working on COVID-19 vaccines, treatments, and testing between 2020 and 2021. He faces charges of wire fraud and conspiracy for his role in the attacks.
Microsoft Urges iPhone Users to Reauthenticate After Outlook Outage
If you're an iPhone user who relies on Outlook, you may need to re-enter your login credentials to access your account after a global outage hit the service. Microsoft has confirmed the issue is resolved, but iOS users will need to manually sign in again through the default Mail app.
North Korean Hackers Exploit Crypto Firms with AI-Driven Zoom Lures
North Korean hackers launched a massive spear-phishing campaign, targeting over 100 crypto organizations worldwide with cleverly crafted Zoom lures and AI-generated deepfakes. They used fake calendar invites and typosquatted meeting links to gain access and exfiltrate sensitive data in a matter of minutes.
NCSC Warns of Flawed SOC Metrics
The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize speed over substance.
Microsoft Confirms Active Exploitation of Windows Shell Flaw
Microsoft warns of a high-severity Windows Shell flaw that's being actively exploited by attackers, allowing them to spoof victims over a network by simply sending a malicious file to be executed. The vulnerability, patched in April's Patch Tuesday update, poses a significant threat to users if left unprotected.
Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers
Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.
Iran Proposes Deal to Open Strait of Hormuz, End War
Iran has made a bold move, proposing a deal to reopen the Strait of Hormuz and bring an end to the war, but with the US holding all the cards, the odds are against it. The surprising offer, delivered via Pakistan, prioritizes lifting the naval blockade and reopening the strait, with nuclear talks to follow later.
Supreme Court Probes Geofence Surveillance Limits
The Supreme Court is scrutinizing the limits of geofence surveillance, with Justice Samuel Alito bluntly questioning whether the issue belongs in a courtroom or a law review. The case, Chatrie v. The United States, challenges the constitutionality of sweeping geofence warrants used to obtain location data from tech giants like Google.
Risk Informed: New Framework Integrates Assessment into Cognitive Ops Design
In cognitive operations, risk multiplies rapidly, making every design decision a high-stakes game - which is why integrating risk assessment into Cognitive Ops Design is a crucial step that can't be ignored. By acknowledging the unpredictable ripple effects of cognitive ops, you can proactively bake risk assessment into your strategy.
Russia Unveils S-71K Air-Launched Missile Details Amid Wartime Development Push
Russia's latest military advancement, the S-71K air-launched missile, has been unveiled amid a wartime development push, with Ukraine's intelligence agency releasing a detailed breakdown of the missile's design and components. The S-71K Kovyor, or Carpet, boasts a cutting-edge, low-observable shape, indicating a significant leap in missile manufacturing technology.
US Charges Chinese National in Silk Typhoon Cyber Attacks
A Chinese national, Xu Zewei, has been extradited to the US from Italy to face charges for his alleged role in the notorious HAFNIUM cyber attacks, a vast intrusion campaign that compromised over 12,700 US organizations. Xu's arrival in US court marks a significant step in holding him accountable for his actions.
Britain's Naval Defence Woes Raise Concerns for Australia's AUKUS Reliance
US Defense Secretary Pete Hegseth recently hit the nail on the head, questioning the strength of the Royal Navy, and it's hard not to wonder if Australia's AUKUS reliance is built on shaky ground. The Royal Navy's current state, with only one deployable submarine, raises serious concerns about its readiness to meet defence expectations.
MP7 Surfaces in High-Profile Security Detail at White House Correspondents' Dinner
Stunning photos from the Washington Hilton reveal a highly trained agent swiftly drawing a Heckler & Koch MP7 from a sleek Crye Precision pack during the chaotic response to the April 25, 2026 shooting near the White House Correspondents' Dinner. The dramatic scene showcases the agent's lightning-fast reflexes and top-notch security measures in action.
Space Force Overhauls Acquisition Strategy with Focus on Rapid Capability Delivery
The Space Force is shaking up its approach to acquiring new capabilities, prioritizing speed over perfection with a focus on delivering 80% solutions now rather than waiting for a flawless, but delayed, 100% solution. By embracing a faster, iterative approach, the Space Force aims to put critical capabilities in the hands of warfighters ASAP.