【Trực quan hóa các vụ thử tên lửa Triều Tiên】
Dữ liệu tương tác minh họa lịch sử 30+ năm thử nghiệm tên lửa đạn đạo của Bắc Triều Tiên qua các đời lãnh đạo. Một góc nhìn trực quan về diễn biến công nghệ quân sự nước này.

#NorthKorea #TriềuTiên
#MissileTest #TênLửa
#DataVisualization #DataViz

https://nagix.github.io/nk-missile-tests/

Triều Tiên thử nghiệm thành công tên lửa Hwasong-11Ma mới với tốc độ Mach 12, tầm bắn 800km, sử dụng công nghệ HGV (Hypersonic Glide Vehicle) có khả năng "xuyên thủng mọi lá chắn".

#TriềuTiên #tênlửa #Hwasong11Ma #quân sự #congnghe #NorthKorea #missile #military #technology

https://vietnamnet.vn/ten-lua-hwasong-11ma-tam-ban-800km-toc-do-mach-12-xuyen-thung-moi-la-chan-2449854.html

It's been a busy 24 hours in the cyber world with significant updates on recent breaches, critical zero-day vulnerabilities, evolving malware, and the ever-present challenge of AI-driven data leakage. Let's dive in:

Recent Breaches & Extortion Campaigns ⚠️

- Jaguar Land Rover is restarting production after a cyberattack last month caused a complete halt to global operations and a "cyber shockwave" through its supply chain, necessitating government-backed loans.
- Several organisations, including Doctors Imaging Group, Discord, Avnet, Red Hat, BK Technologies, and DraftKings, have disclosed recent breaches involving sensitive data theft, third-party compromises, and credential stuffing attacks.
- The Red Hat breach has escalated with the ShinyHunters gang joining the extortion efforts, showcasing their "extortion-as-a-service" model and leaking customer engagement reports from major entities like Walmart and HSBC.

🗞️ The Record | https://therecord.media/jaguar-land-rover-restarting-production-after-cyberattack
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/07/10_months_later_us_medical/
🗞️ The Record | https://therecord.media/discord-data-breach-third-party
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/electronics-giant-avnet-confirms-breach-says-stolen-data-unreadable/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/red-hat-data-breach-escalates-as-shinyhunters-joins-extortion/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/07/police_and_military_radio_maker_bk_admits_breach/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/draftkings-warns-of-account-breaches-in-credential-stuffing-attacks/

Critical Zero-Days Under Active Exploitation 🚨

- The Clop ransomware group has been actively exploiting a critical zero-day vulnerability (CVE-2025-61882, CVSS 9.8) in Oracle E-Business Suite since early August, leading to widespread data theft and extortion.
- This complex exploit chain involves multiple bugs, including SSRF and CRLF injection, to achieve pre-authenticated remote code execution, with CISA adding it to its Known Exploited Vulnerabilities catalog.
- Microsoft also confirmed that the financially motivated Storm-1175 group has been exploiting a maximum-severity GoAnywhere MFT zero-day (CVE-2025-10035) since September 11th, deploying Medusa ransomware and stealing data.

🤫 CyberScoop | https://cyberscoop.com/oracle-zero-day-clop/
📰 The Hacker News | https://thehackernews.com/2025/10/oracle-ebs-under-fire-as-cl0p-exploits.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/clop-exploited-oracle-zero-day-for-data-theft-since-early-august/
🤫 CyberScoop | https://cyberscoop.com/microsoft-goanywhere-ransomware-storm-1175/

Malware Evolution & Nation-State Crypto Theft 💰

- XWorm malware has evolved into version 6.0, featuring over 35 plugins for extensive data theft, keylogging, screen capture, persistence, and even ransomware, with new infection chains using malicious JavaScript files.
- North Korean hackers have stolen an estimated $2 billion in cryptocurrency in 2025, marking a new record and nearly tripling last year's total, primarily through social engineering targeting individuals and exchange employees.
- Their laundering strategies have become more complex, involving multiple mixing and cross-chain transfers, though blockchain transparency still aids investigators in tracing illicit funds.

📰 The Hacker News | https://thehackernews.com/2025/10/xworm-60-returns-with-35-plugins-and.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/cryptocurrency/north-korean-hackers-stole-over-2-billion-in-crypto-this-year/

AI as a Data Exfiltration Channel 🛡️

- New research indicates that AI tools are already the #1 uncontrolled channel for corporate data exfiltration, surpassing shadow SaaS and unmanaged file sharing, with 45% of enterprise employees using generative AI.
- A staggering 77% of employees paste data into GenAI tools, and 82% of this activity occurs via unmanaged personal accounts, with 40% of uploaded files containing PII or PCI data, creating massive blind spots for CISOs.
- OpenAI's latest threat report confirms that threat actors primarily use AI to enhance the efficiency and scale of existing hacking methods (e.g., malware development, spearphishing) rather than creating entirely new tools or workflows.

📰 The Hacker News | https://thehackernews.com/2025/10/new-research-ai-is-already-1-data.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/
🤫 CyberScoop | https://cyberscoop.com/openai-threat-report-ai-cybercrime-hacking-scams/

AI Security Programs & Unpatched Flaws 💡

- Google has launched a dedicated AI Vulnerability Reward Program, offering up to $30,000 for high-impact flaws in its AI systems like Google Search, Gemini Apps, and Workspace core applications.
- This expands on their existing VRP, aiming to foster third-party discovery and reporting of AI-specific security issues.
- Separately, Google has decided not to fix an ASCII smuggling vulnerability in Gemini, which could trick the AI into providing fake information or altering its behaviour, classifying it as a social engineering risk rather than a security bug.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/google/googles-new-ai-bug-bounty-program-pays-up-to-30-000-for-flaws/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/google-wont-fix-ascii-smuggling-attacks-in-gemini/

#CyberSecurity #ThreatIntelligence #Ransomware #ZeroDay #Vulnerability #DataBreach #AI #Malware #Clop #ShinyHunters #NorthKorea #InfoSec #IncidentResponse #CredentialStuffing

Theft of #crypto accounts for 13% of #NorthKorea’s GDP!

https://www.bbc.com/news/articles/cwy8z7wxe03o

North Korean Hackers Target Cryptocurrency for Multi-Billion Dollar Thefts in 2025

In 2025, North Korean-linked hackers have stolen more than $2 billion, marking a record year for cybercrime associated with the secretive regime. According to United Nations estimates, this sum represents approximately 13% of North Korea's GDP. Western security agencies indicate that these stolen fu... [More info]

Well, that's one way to fund a national budget! North Korean hackers have reportedly swiped over $2 billion in crypto *this year alone*, setting a new record. Makes you wonder about their 'dev' team's compensation package, doesn't it? What's the wildest crypto heist you've heard of?

https://techcrunch.com/2025/10/07/north-korean-hackers-stole-over-2-billion-in-crypto-so-far-in-2025-researchers-say/
#Cybersecurity #Crypto #Hacking #NorthKorea #TechNews