Hello everyone! It's been a pretty active 24 hours in the cyber world, with a significant ransomware incident, a deep dive into a global state-sponsored espionage campaign, and some critical warnings about social engineering on messaging apps. We're also seeing more scrutiny on biometric data and AI surveillance. Let's get into it:

Payment Gateway Hit by Ransomware ⚠️
- BridgePay Network Solutions, a major US payment gateway, has confirmed a ransomware attack caused widespread outages across its core production systems.
- The incident, which began on Friday, led to merchants nationwide being unable to process card payments, forcing some to go cash-only.
- While initial forensics suggest no payment card data was compromised, the attack encrypted files and highlights the critical impact of ransomware on payment infrastructure.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/payment-gateway-bridgepay-confirms-ransomware-attack-behind-outage/

Global Espionage Operation 'Shadow Campaigns' Uncovered 🕵️
- Palo Alto Networks' Unit 42 has detailed "Shadow Campaigns," a global espionage operation by an Asia-based state-sponsored actor (tracked as TGR-STA-1030/UNC6619) active since January 2024.
- The group has compromised at least 70 government and critical infrastructure organisations in 37 countries, with reconnaissance efforts targeting 155 nations.
- Initial access methods include tailored phishing with a custom 'Diaoyu' loader and exploitation of 15 known vulnerabilities, alongside the deployment of 'ShadowGuard', a custom Linux kernel eBPF rootkit designed for stealthy persistence.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/state-actor-targets-155-countries-in-shadow-campaigns-espionage-op/

State-Sponsored Signal Phishing Targets High-Value Individuals 📱
- German intelligence agencies (BfV and BSI) are warning of state-sponsored phishing attacks via the Signal messaging app, targeting politicians, military personnel, diplomats, and journalists.
- Attackers impersonate "Signal Support" to trick victims into revealing their Signal PIN or scanning a malicious QR code, gaining access to contacts, profile information, and potentially message history.
- This campaign doesn't exploit Signal vulnerabilities but weaponises its legitimate features; similar tactics could extend to WhatsApp, underscoring the need for Registration Lock and vigilance against social engineering.

📰 The Hacker News | https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html

Biometric Surveillance Under Scrutiny 🔒
- New York City's MTA is trialling AI-powered cameras in subway gates to detect fare evasion, generating physical descriptions of suspected individuals and raising significant privacy concerns.
- This initiative is part of a broader trend of increasing biometric surveillance in NYC by both government and retailers, prompting warnings about "sleepwalking into a surveillance state."
- Separately, the DHS Inspector General has launched an audit into the Department of Homeland Security's privacy practices, specifically focusing on the collection and management of biometric data by ICE and OBIM amid allegations of civil liberties violations.

🗞️ The Record | https://therecord.media/nyc-explores-ai-cameras-fare-evaders-subway
🤫 CyberScoop | https://cyberscoop.com/dhs-ig-audit-ice-obim-biometric-data-privacy-facial-recognition/

#CyberSecurity #Ransomware #Espionage #APT #StateSponsored #Phishing #SocialEngineering #SignalApp #DataPrivacy #BiometricSurveillance #AI #InfoSec #ThreatIntelligence #IncidentResponse

State-sponsored hackers compromised a beloved developer tool while AI platforms exposed millions of sensitive records.
#cybersecurity #supplychainattack #stateSponsored #botnet #databreach

https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-6-43e

“History teaches us that this crime was not a momentary aberration, but the result of systematic hate rhetoric, #statesponsored #propaganda, and society’s tolerance of inhumanity,” KIS said.

“Yet today we see that #antisemitism is once again present, manifesting itself in new forms and under different guises. It is no longer ‘latent’; it no longer lurks beneath the surface or teeters at the margins. Goebbels-style propaganda has been replaced by #revisionism, #disinformation, and the #demonization of #Jews as a social and national collective.” 🔥

https://www.ekathimerini.com/in-depth/society-in-depth/1293528/greek-jewish-community-says-antisemitism-present-under-different-guises/

BBC: Amazon blocks 1,800 job applications from suspected North Korean agents. “A top Amazon executive has said the US technology giant has blocked more than 1,800 job applications from suspected North Korean agents. North Koreans tried to apply for remote working IT jobs using stolen or fake identities, Amazon’s chief security officer Stephen Schmidt said in a LinkedIn post.”

Tom’s Hardware: North Korean hackers stole record $2 billion in crypto in 2025, including single heist worth $1.5 billion, report claims — rogue state accounts for 60% of all reported crypto thefts this year, $6.75 billion total since records began. “North Korean hackers have hit an infernal milestone of stealing $2.02 billion of crypto in 2025, which is nearly 60% of the total $3.4 billion […]

Korea Times: Democracies at risk of persistent foreign manipulation, EU official warns. “The European Commission’s executive vice president for technology sovereignty, security and democracy has warned that democracies are facing ‘constant hybrid attacks’ from foreign actors and called for closer cooperation with Korea to counter cyberthreats, misinformation and online manipulation.”

https://rbfirehose.com/2025/12/02/korea-times-democracies-at-risk-of-persistent-foreign-manipulation-eu-official-warns/

"Many #Americans know of #JosefStalin’s Terror of the late 1930s, during which more than 1 million people were arrested for #politicalcrimes, and over 680,000 #executed.

Fewer know about the repressions that began after #WorldWarII and ended with #Stalin’s death in 1953. Much like the repressions of the 1930s, they involved fabricated #plots, #arrests, coerced #confessions and #purges. Unlike the Terror of the 1930s, they were accompanied by a wave of #statesponsored #antisemitism – including the purge of #Jews from multiple occupations and unwritten quotas that limited their professional and educational opportunities.

The abolition of the #Jewish #AntiFascist Committee on Nov. 20, 1948, and the arrest and execution of its members was central to this postwar #assault."

https://theconversation.com/stalins-postwar-terror-targeted-soviet-jews-in-the-name-of-anti-cosmopolitanism-265562

Gizmodo: Congress Calls Anthropic CEO to Testify About AI Cyberattack Allegedly From China. “The House Homeland Security Committee has sent a letter to Anthropic CEO Dario Amodei to testify on Dec. 17 about a cyberattack campaign allegedly conducted by China-affiliated actors using the company’s Claude AI, according to a new report from Axios.”

https://rbfirehose.com/2025/11/28/gizmodo-congress-calls-anthropic-ceo-to-testify-about-ai-cyberattack-allegedly-from-china/

The Guardian: Hundreds of English-language websites link to pro-Kremlin propaganda. “Hundreds of English-language websites – from mainstream news outlets to fringe blogs – are linking to articles from a pro-Kremlin network flooding the internet with disinformation, according to a study released by a London-based thinktank.”

https://rbfirehose.com/2025/11/23/the-guardian-hundreds-of-english-language-websites-link-to-pro-kremlin-propaganda/

Daily Beast: Top MAGA Influencers Accidentally Unmasked as Foreign Trolls. “Upon rollout, rival factions began to inspect just where their online adversaries were really based on the combative social platform—with dozens of major MAGA and right-wing influencer accounts revealed to be based overseas.”

https://rbfirehose.com/2025/11/23/daily-beast-top-maga-influencers-accidentally-unmasked-as-foreign-trolls/