Newsletters

Microsoft has sued and seized domains and server infrastructure belonging to SignSpaceCloud (signspace[.]cloud), a Russian cybercrime service that sold code signing certificates to malware and ransomware gangs.

The service, which Microsoft is tracking as Fox Tempest, has been running since May of last year and is what cybersecurity experts call a malware-signing-as-a-service (MSaaS).

The group used hundreds of fake accounts on the Microsoft Artifact Signing service to obtain code signing certificates that it later resold on its website for thousands of US dollars.

Indonesia is emerging as a new hub for cyber scam operations and illegal online gambling in Southeast Asia after massive crackdowns in neighboring countries have sent criminal groups fleeing across borders and seeking to relocate facilities.

Local authorities have detained more than 550 suspects following three raids this month alone.

More than 200 suspects were detained after a raid on an apartment complex in the city of Batam on May 6. Another 321 were arrested in a commercial building near Jakarta's Chinatown neighborhood on May 10. Another 30 were then detained at guest houses on the island of Bali a few days after.

Individuals claiming to be associated with the TeamPCP hacking group have released the source code of the Shai-Hulud worm that has devastated open-source libraries across the npm and PyPI ecosystems.

The code was released this week on the Breached[.]st hacking forum.

It  was released two days after it was used in a supply chain attack that compromised the TanStack React framework and then spread to almost 400 packages, including libraries at AI company Mistral and business automation giant UiPath.

The Trump administration is grappling with whether to give US intelligence agencies a bigger role in the assessment of new AI models, according to The Washington Post.

Ideas about AI regulation within the administration appear to be in a state of flux. Politico reported on Tuesday last week the administration was considering a government vetting process before new models were released. By Thursday, the administration was distancing itself from tighter regulation, and by Friday a lobbyist told Politico that "there is no clarity" because "different factions within the White House have different views about what should happen". 

Amongst that chaos, the National Cyber Director pitched a center within the Office of the Director of National Intelligence for the evaluation of new AI models. The intelligence community has deep expertise in cyber security and AI and their associated national security risks and benefits, so that does make a lot of sense.

The RubyGems package repository has disabled new user sign-ups after a malicious attack on Monday targeted its engineers and staff.

Hundreds of malicious packages were published on Monday and then again on Tuesday.

The packages contained malicious code aimed at RubyGems developers. The code tried to execute cross-site scripting attacks and steal data from their systems.

The US Federal Communications Commission has updated its ban on foreign-made routers to allow vendors to ship security updates for a longer period of time.

The agency banned the sale of foreign routers in March, but allowed companies to ship security updates for one more year until March 2027.

The FCC says that based on comments from the government and private sector it has now updated this cutoff date to January 1, 2029.

This month's Android security updates carry an important patch for a critical vulnerability that can grant attackers remote access to an Android smartphone or smart device.

Tracked as CVE-2026-0073, the bug allows attackers to bypass authentication in the Android remote debugging service ADB.

Successful exploitation opens a remote shell on a device where the ADB service was enabled. ADB is disabled by default in the standard Android OS release, but may be enabled and left exposed by accident by some OEM (device makers) during factory testing, which has happened a lot over the past years.

The Trump administration is considering applying stricter oversight to American AI models due to their cyber security impact. However, before pulling the trigger on strict and inflexible regulation, we believe the government should spend a little time watching and learning.

This apparent shift from the administration's light touch AI regulation has reportedly been driven by concern about the hacking capabilities of frontier models. 

According to the New York Times, the administration wants to establish a group made up of tech executives and government officials to propose oversight procedures for the roll out of all new AI models. The group is likely to consider a range of options, including a formal government review process.

A supply chain attack is currently ongoing on the website of DAEMON Tools, a popular app for burning CDs and DVDs, and for creating bootable USB drives.

DAEMON Tools installers have been shipping with a backdoor since at least April 8. The installers were signed with the vendor's legitimate certificate, suggesting deep access to the AVB Disc Soft's internal network and processes.

The backdoor triggers every time the user runs their PC, collects data about the host, and uploads it to a remote server. Collected data includes the machine's MAC address, hostname, system locale, DNS domain name, and a list of active processes and installed software.

A threat actor gained access to DigiCert's backend and stole 27 code signing certificates they later used to sign malware.

The incident took place last month and was traced back to a social engineering attack that successfully compromised two employees of DigiCert's tech support team.

According to DigiCert's post-mortem, the attacker posed as a customer and tricked the tech support staff into running an SCR file, a format used to install and configure Windows screensavers.