Newsletters

China's recent crack down on Southeast Asian scam compounds is clearly good news. But its efforts to tackle the scourge are domestically driven and may even cause scammers to shift their focus to Americans. 

Last week authorities announced that an alleged scam kingpin, Chen Zhi, had been arrested by Cambodian authorities and extradited to China. Chen is the founder of the Prince Group, which is ostensibly a Cambodian corporate conglomerate, but which US authorities allege was a transnational criminal organisation that operated forced-labour scam compounds engaging in various fraud schemes. 

US authorities had taken action against Chen Zhi. Back in October of last year, he was sanctioned and indicted and had a whopping USD$15 billion worth of cryptocurrency seized by the US. But China had the regional clout to actually get him in handcuffs. 

Modern security systems designed to protect user voices from getting cloned are still weak and can be bypassed with the proper tools.

These systems work by injecting random noise in voice audio recordings in order to prevent AI-based cloning technology from copying a user's voice. Voice cloning attacks are still possible, but they produce low quality output that can be easily detected and flagged by both manual reviewers and automated systems.

But three researchers from the University of Texas, in San Antonio, say that these systems are not complex enough and can be easily bypassed if attackers account for the added noise.

Respawn Entertainment has patched an exploit in the Apex Legends game that allowed third-parties to take remote control over a player's in-game character.

The exploit was used against several Apex streamers over the past week.

Hackers emptied their inventory (backpack) and moved their in-game avatar off the map, ending their games.

China hacks US House committees: Chinese hacking group Salt Typhoon has hacked the email systems used by congressional staff on multiple committees in the US House of Representatives. [Financial Times]

Jaguar sales slump after cyberattack: Jaguar Land Rover says its sales fell by 43% in Q3 following a ransomware attack that stopped production at its factories last fall for almost a month.

Sedgwick ransomware incident: IT company Sedgwick has confirmed that a ransomware attack has impacted its government contracting subsidiary over the New Year's Eve. The incident was claimed by the TridentLocker ransomware gang. [The Record]

R6S hacked: A threat actor hacked the backend servers of Ubisoft's Rainbow Six Siege FPS game and assigned billions in in-game currency to user accounts. Ubisoft confirmed the breach, took down servers, and rolled back the bans for users who received the currency and were automatically flagged and banned by the backend. The hack was linked to a MongoDB vulnerability known as MongoBleed, CVE-2025-14847, disclosed two days before Christmas and which very few companies had a chance to patch. [Dexerto]

Conde Nast gets hacked: A hacker breached news powerhouse Conde Nast and leaked the data of 2.3 million WIRED subscribers. The newest data points are from September 2024, the date of the presumed breach. Conde Nast has yet to confirm due to the winter holiday break. [DataBreaches.net]

ESA breach: Hackers breached the JIRA and Bitbucket servers of the European Space Agency (ESA). [BleepingComputer]

Docker Hardened Images are now free: Docker has made Hardened Images free for every developer. These are server images managed by Docker that are constantly updated and patched for the most recent security flaws. Devs previously needed some sort of subscription to use Hardened Images.

Piracy group leaks Spotify song database: A piracy and open-source group named Anna's Archive has leaked 256 million Spotify tracks. Spotify said it found and suspended the accounts that scraped its site.

TikTok signs divest deal: Chinese social media network TikTok has signed a deal to divest and sell its US division to a group of Trump allies. More than half the company is now owned by tech company Oracle, private equity firm Silver Lake, and Emirati-backed investment firm MGX. ByteDance and existing shareholders hold the rest. [CNN]

Belarusian authorities are deploying spyware on the smartphones of local journalists during police interrogations.

The ResidentBat spyware was spotted this year after a reporter who was interrogated by the Belarusian KGB intelligence service started receiving malware alerts on his device, days after being questioned by authorities.

The spyware can collect call logs, record through the microphone, take screen captures, collect SMS messages and messages from encrypted messaging apps, and exfiltrate local files.

Last week, the US revealed the Russian government had used two state-backed hacktivist groups to carry out disruptive attacks against critical infrastructure worldwide.

The history and activities of the CyberArmyofRussia_Reborn (CARR) and NoName057(16) (NoName), were described in indictments and sanctions announced by the US Department of Justice and Treasury respectively, and in a joint advisory published by CISA. 

The US says that the CARR was "founded, funded and directed" by Russian military intelligence (the GRU) as an unattributable way of deterring anti-Russia rhetoric. The group was founded in early 2022 shortly after Russia's invasion of Ukraine, started out with DDoS attacks and over time has escalated to attacks on operational technology (OT) systems. 

An academic study by a team of Belgian researchers has found that most of today's smart devices come with an embedded web browser that runs extremely out of date versions, sometimes as much as three years.

The study, from the Catholic University in Leuven, Belgium (KU Leuven), looked at browsers that ship with smart TVs, e-readers, gaming consoles, and other modern hardware.

All five e-readers that were tested, and 24 of 35 smart TV models, used embedded browsers that were at least three years behind current versions.

Meta's security team has shut down a disinformation network spreading Russian propaganda across Africa.

The network has been active for more than six months and was run by Russia-based entities, the company said in its quarterly security report [PDF].

The network ran over 65 accounts and 70 pages that mimicked legitimate news outlets and published content critical of France and the US and promoted Russian geopolitical narratives.