Tag: nation state
681 articles

Google's Gemini CLI Exploited in Botnet Operation
A Russian-speaking hacker, known as "bandcampro", cleverly exploited Google's open-source Gemini CLI AI tool to create a small but powerful botnet, taking control of eight systems at a dental clinic and breaching the OpenDental database. The AI tool even helped the hacker troubleshoot problems and optimize operations in real-time, making it a highly effective accomplice in the cyber attack.

OkoBot Malware Targets Hardware Wallets with Seed Phrase Phishing
Beware of OkoBot malware, a sneaky threat that's been targeting hardware wallet users since April 2025, tricking hundreds of victims in over 25 countries into divulging their seed phrases through clever phishing tactics. This malicious software can even infiltrate legitimate wallet apps like Ledger and Trezor, replacing their interfaces with fake recovery pages.

Vulnerabilities in UEFI Shims Expose Secure Boot Bypass Risk
Thousands of systems may be at risk of a Secure Boot bypass due to vulnerabilities in 11 UEFI shim bootloaders, all signed by Microsoft, that allow attackers to circumvent security measures. These weaknesses have the potential to create a broad attack surface, putting many devices at risk of compromise.

US Deploys Sea Drones in First Combat Strike Against Iran
The US has made history with its first combat strike using sea drones, targeting Iran's Bandar Abbas Naval Base in a bold move to protect commercial shipping in the Strait of Hormuz. The daring operation, carried out by CENTCOM, hit a submarine facility and dozens of other targets across southern Iran.

Pakistan's Navy Confronts the Dark Side of Unmanned Surface Warfare
The US Navy has just made history with its first-ever combat use of a one-way attack sea drone, striking Iran's Bandar Abbas Naval Base with three Saronic Corsair unmanned surface vessels. This game-changing tech has a 1,000 lb payload capacity, over 1,000 nautical miles of range, and can zip through the water at 35 knots.

China's Economic Reset Propels New Phase of Growth
China is undergoing a significant economic reset, shifting from a low-cost labor market to a hub of skilled talent, with innovation-driven growth at the forefront of its 2026-2030 Five-Year Plan. This transformation is set to propel the country into a new phase of outward-facing, commercially sophisticated growth.

OkoBot Malware Targets Crypto Users Worldwide
Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

UK Bolsters National Risk Register with New Cyber Threat Scenarios
The UK is stepping up its defenses against cyber threats, updating its National Risk Register with new scenarios that highlight the potentially deadly consequences of online attacks. This move comes as the government acknowledges that cyber threats, alongside pandemics and natural disasters, pose a significant risk to the nation's safety.

US Charges Russian Nationals for Bulletproof Hosting Services
US authorities have charged three Russian nationals with operating illicit bulletproof hosting services that enabled cybercrime, affecting victims across 21 states, including banks, schools, hospitals, and media companies. The accused, Aleksandr Volosovik, Yulia Pankova, and Kirill Zatolokin, allegedly facilitated a range of malicious activities through their services.

DHS Breach Exposes Flaws in Cyber Detection Process
A recent cyber incident at the Department of Homeland Security went undetected for weeks, despite raising red flags in not one, but two separate assessments that were initially dismissed as harmless. The breach, which occurred on the Homeland Security Information Network (HSIN), highlights alarming flaws in the cyber detection process.

Treasury Disrupts Ransomware Networks with Sanctions on VPN Service
The US Treasury Department has cracked down on a notorious VPN service, 1VPNS, and its alleged administrators, sanctioning them for enabling ransomware groups to launch devastating attacks on US companies and institutions. This move disrupts the cybercriminal ecosystem, cutting off a key tool used to hide attack origins, deploy malware, and manage stolen data.

DevSecOps Becomes Essential for Modern Government IT
As AI-assisted development accelerates delivery timelines, it's also introducing new risks, with vulnerability disclosures related to AI-assisted development skyrocketing in 2026 and leaving security leaders scrambling to harden defenses. With adversaries using AI to fuel attacks, the need for DevSecOps has never been more pressing.

US Threatens Strike on Iran's Hardened Pickaxe Mountain Bunker
US President Donald Trump has put Iran's heavily fortified Pickaxe Mountain Bunker in the crosshairs, suggesting it could be a prime target for a significant military strike. Located near Iran's key Natanz nuclear facility, this underground complex has been significantly upgraded with new tunnel networks in recent years.

Microsoft Patch Tuesday Disrupts 570 Flaws, Fixes 3 Zero-Days
Microsoft just dropped a massive Patch Tuesday update, tackling a record-breaking 570 security flaws, including three zero-day vulnerabilities that hackers were exploiting or had publicly disclosed. This critical update is a must-apply to keep your systems safe.

China's PAP Targets Terrorism with Unconventional Training Tactics
The People's Armed Police staged a high-altitude anti-terrorism drill in Tibet, where mock suspects were deliberately made to look non-Chinese with face masks, revealing a calculated PR strategy. This unusual tactic hints at a broader effort to shape public perception of terrorism.

AI Fuels End-to-End Cyberattacks With Expanded Role Across Intrusion Stages
Criminal groups are now using AI as the main driver behind massive cyberattacks, breaching government agencies and carrying out thousands of commands with minimal human oversight. This marks a significant shift from AI as a supporting tool to a primary operator in end-to-end cyberattacks.

US Treasury Disrupts Ransomware Networks with Sanctions on VPN, Malware Providers
The US Treasury has cracked down on ransomware networks by sanctioning a VPN provider and its administrator, who allegedly helped cybercrime groups hide their tracks and evade detection. This move aims to disrupt the tools and services that enable devastating attacks causing billions of dollars in losses to US critical infrastructure providers.

Russian Hackers Target Network Devices With Exploits
Russian hackers, linked to the Federal Security Service's Center 16, have been actively targeting critical US and foreign networks across multiple sectors, including defense, energy, and healthcare, for over a decade. This ongoing threat has compromised networks in various industries, posing significant risks to national security and global stability.

Ukraine Deploys Armed Robot Behind Russian Lines via Drone Boat
In a groundbreaking operation, Ukraine's 123rd Separate Territorial Defense Brigade has successfully deployed an armed robot behind Russian lines using a drone boat, marking a new era in modern warfare. The daring mission was captured on video, showing the robot, armed with a 7.62mm machine gun, engaging a target on the occupied Kinburn Spit.

Europe Targets Russia's Turla in Coordinated Cyber Sanctions
The European Union is cracking down on Russia's notorious cyber-espionage group, Turla, with coordinated sanctions aimed at disrupting their years-long campaign of malicious activities. Nine Russian individuals and four entities, including the FSB's Center 16, have been targeted in the punitive measures.

UK, EU Attribute Poland Cyberattack to Russian Spies, Warn Infrastructure Operators
The UK and EU have called out Russia's Federal Security Service for a brazen cyberattack on Poland's power grid, saying it's just another example of their reckless attempts to wreak havoc across Europe. The attack, attributed to FSB's Centre 16, was foiled, but serves as a stark warning for infrastructure operators to stay vigilant.

Chinese and Indian Spies Target Pakistani Police Systems
Suspected Chinese and Indian spies launched a targeted attack on Pakistani police systems, specifically focusing on the Balochistan Police, between February 2024 and April 2026. The intrusion campaigns compromised sensitive data, including biometric records, criminal case files, and national identity information.

Threat Actors Leverage AI-Generated Scripts to Accelerate Active Directory Attacks
Cyber attackers are now using AI-generated scripts to supercharge their Active Directory attacks, allowing them to quickly map and exploit sensitive domains, users, and computers. This alarming trend was uncovered by Huntress researchers, who analyzed a sophisticated PowerShell script that bore hallmarks of AI assistance.

Infostealer Infection Enables Argentine FA Breach
A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.