Tag: emerging threats
3121 articles
BlackFile Targets Retail with Vishing Extortion Tactics
Meet BlackFile, a financially motivated group that's been wreaking havoc on retail and hospitality organizations with a clever vishing extortion tactic, posing as IT support staff to steal data since February 2026. They're using spoofed VoIP numbers and fake Caller ID names to pull off their scams.
CISA Exposes Persistent FIRESTARTER Backdoor in Cisco Devices
CISA and NCSC have uncovered a sneaky FIRESTARTER backdoor lurking in Cisco devices, allowing hackers to regain control even after patches are applied. This persistent threat can leave devices vulnerable to re-entry, putting your entire network at risk.
US Warns of Coordinated AI Model Extraction Campaigns by Foreign Adversaries
The US government has sounded the alarm on a critical threat: foreign adversaries are launching coordinated, large-scale campaigns to steal American AI capabilities, specifically targeting the distillation of advanced US AI models into smaller, lighter-weight versions. To combat this, the White House is directing federal agencies to collaborate with the private sector to develop best practices for protection.
Linux Flaw Exposes Users to Root Access Attacks
A major Linux flaw, dubbed "Pack2TheRoot," has been hiding in plain sight for 12 years, allowing attackers with local access to gain root permissions and wreak havoc on your system - but a patch has finally been released to squash it. This medium-severity vulnerability, scoring 8.8 out of 10, highlights the importance of staying on top of software updates to protect your Linux setup.
Netherlands Confronts Mounting National Security Threats from Russia, China
The Netherlands is facing its most severe national security threat in 80 years, with Russia and China emerging as the primary sources of pressure, according to the country's domestic intelligence service. This prolonged and multi-directional threat has been described as the gravest national security threat since World War Two.
FCC Expands Foreign Router Ban to Mobile Hotspots
The FCC has expanded its ban on foreign-made routers to include mobile hotspots and home devices that use LTE or 5G connections, affecting U.S. consumers and small businesses. This move now explicitly prohibits the sale of portable Wi-Fi hotspots and home routers manufactured abroad.
CISA Uncovers Firestarter Backdoor in Federal Network
The Firestarter backdoor was a masterfully crafted threat that allowed attackers to maintain secret access to compromised networks even after they'd been updated, essentially giving them a backdoor key to re-enter without having to exploit new vulnerabilities. This sneaky tactic left victims vulnerable to repeat attacks, highlighting the need for robust cybersecurity measures.
NASA Targeted in Chinese Phishing Scheme for U.S. Defense Software
For years, unsuspecting NASA employees and collaborators were duped into sharing sensitive US defense software with a Chinese national masquerading as a colleague, in a brazen phishing scheme that went undetected for years. The scam funneled top-secret aerospace and defense tech to the imposter, violating US export control laws in the process.
Carnival Breach Exposes 7.5M Emails in Alleged ShinyHunters Hack
A massive data breach at Carnival Corporation has exposed a whopping 7.5 million emails, allegedly at the hands of the notorious ShinyHunters hack group, after failed negotiations between the two parties left customers' sensitive information vulnerable. The breach is said to have yielded terabytes of internal corporate data, sparking concerns for customers and the company behind Holland America Line.
DORA Mandates Credential Security as Financial Risk Control
What happens when a threat actor waltzes into your network with a legitimate username and password - can your controls stop them? With DORA now in effect, EU financial institutions must prioritize credential security as a critical risk control, shifting from best practice to binding regulation.
Windows RPC Exposes New Local Privilege Escalation Technique
A newly discovered technique allows hackers to easily escalate their privileges to SYSTEM level on Windows systems, using a vulnerability in the Remote Procedure Call stack. This alarming exploit relies on clever manipulation of Security Quality of Service parameters and impersonation levels.
Japan Rearms, But Taiwan's Defense Remains Uncertain
As Japan bolsters its defenses, concerns linger about Taiwan's uncertain future - and it's easy to see why, given their precarious locations in a volatile neighbourhood. With its recent fleet expansions, Japan is clearly taking steps to protect itself, but what about its vulnerable neighbour?
Linux Kernel Faces Large-Scale Device Support Cuts
The Linux kernel is set for a major overhaul, with plans to cut support for dozens of outdated devices, including ancient network cards and legacy parallel-port hardware, freeing up thousands of lines of code and reducing the maintenance burden. This could slash nearly 30,000 lines of code, just from Ethernet device removals alone.
Zimbra Servers Targeted in Ongoing XSS Attacks
Beware of sneaky phishing emails that can hijack your Zimbra server with just a glance - no clicks or downloads required. A single malicious email can trigger a cross-site scripting attack, thanks to a recently patched vulnerability, CVE-2025-48700.
Malicious Apps Expose Crypto Investors to Seed Phrase Theft on App Store
Beware of malicious apps on the App Store that masquerade as popular cryptocurrency wallets, aiming to steal your crypto seed phrase and drain your funds. These fake apps, uncovered by Kaspersky researchers, can trick you into revealing sensitive information with just a few taps.
Microsoft Update Disrupts Remote Desktop Security Warnings
Microsoft's latest update aimed at boosting Remote Desktop security may have an unintended consequence: a display-scaling bug that makes crucial security warnings hard to read or even unreadable. This glitch comes at a critical time, as the update was designed to protect against phishing attacks that exploit .rdp files.
Governance Gaps Exposed in AI Agent Deployments
To safely deploy AI agents, enterprises must first tighten up governance for the humans, bots, and machine identities that serve as their authority sources, since AI agents aren't independent actors but rather delegated ones. By reframing AI governance as a delegation issue, we can shift the focus from novelty to effective oversight.
Mandiant VP Warns of Resurgent Cybersecurity Risks in AI Deployments
As organizations rush to adopt AI, they're reviving long-standing cybersecurity failures, warns Mandiant VP Jurgen Kutscher, who urges a focus on basic security controls over new AI-specific threats. Neglecting these fundamentals leaves AI-enabled environments vulnerable to measurable operational weaknesses.
Microsoft Unveils Option to Uninstall Copilot on Enterprise Devices
Microsoft just made it easier for IT admins to breathe a sigh of relief: you can now uninstall Copilot from enterprise devices without any disruptions. The new RemoveMicrosoftCopilotApp policy setting is here to give you more control over your organization's devices.
Tropic Trooper Exploits SumatraPDF to Deploy AdaptixC2
Meet Tropic Trooper, a notorious cyber threat group that's been wreaking havoc since 2011, and learn how they've cleverly exploited SumatraPDF to deploy their AdaptixC2 malware. Their latest tactic involves using GitHub as a command-and-control platform to target Chinese-speaking individuals in Taiwan, as well as users in South Korea and Japan.
LMDeploy Vulnerability Exploited Within 13 Hours of Disclosure
A critical vulnerability in LMDeploy's vision-language module was exploited in the wild just 13 hours after its disclosure, allowing attackers to access sensitive resources and internal networks. This server-side request forgery flaw, tracked as CVE-2026-33626, affects all versions of the toolkit prior to 0.12.0.
UK Bans Journalists from Digital ID Forum
The UK government is calling on ordinary citizens to share their thoughts on a proposed Digital ID system, and you don't need to be an expert to join the conversation. Around 36,000 people have been invited to participate in the People's Panel on Digital ID, which will involve in-person meetings and online sessions to discuss how a Digital ID system should be designed for the UK.
Malware Targets Developers with Worm-Like Npm Supply Chain Attack
Malware is targeting developers through a sneaky npm supply chain attack, executing malicious code the moment a package is installed, and harvesting sensitive data to spread across ecosystems. Over 6,700 weekly downloads of one affected package show just how widespread the threat could be.
Researchers Uncover Pre-Stuxnet Cyber-Sabotage Malware
Meet fast16, a stealthy cyber-sabotage malware that went undetected until now, marking a new era in covert statecraft. Discovered by SentinelOne researchers, this silent threat has been hiding in plain sight since 2016.