Newsletters

Last week, the US revealed the Russian government had used two state-backed hacktivist groups to carry out disruptive attacks against critical infrastructure worldwide.

The history and activities of the CyberArmyofRussia_Reborn (CARR) and NoName057(16) (NoName), were described in indictments and sanctions announced by the US Department of Justice and Treasury respectively, and in a joint advisory published by CISA. 

The US says that the CARR was "founded, funded and directed" by Russian military intelligence (the GRU) as an unattributable way of deterring anti-Russia rhetoric. The group was founded in early 2022 shortly after Russia's invasion of Ukraine, started out with DDoS attacks and over time has escalated to attacks on operational technology (OT) systems. 

An academic study by a team of Belgian researchers has found that most of today's smart devices come with an embedded web browser that runs extremely out of date versions, sometimes as much as three years.

The study, from the Catholic University in Leuven, Belgium (KU Leuven), looked at browsers that ship with smart TVs, e-readers, gaming consoles, and other modern hardware.

All five e-readers that were tested, and 24 of 35 smart TV models, used embedded browsers that were at least three years behind current versions.

Meta's security team has shut down a disinformation network spreading Russian propaganda across Africa.

The network has been active for more than six months and was run by Russia-based entities, the company said in its quarterly security report [PDF].

The network ran over 65 accounts and 70 pages that mimicked legitimate news outlets and published content critical of France and the US and promoted Russian geopolitical narratives.

Public and private critical sector organizations across the EU are having issues attracting and retaining cybersecurity talent.

According to a survey by the EU's cybersecurity agency, candidates don't have the necessary skills or the employers don't have the proper training programs.

Cyber experts who leave companies cite excessive workloads, burnout, and the lack of competitive salaries and bonuses.

The Linux kernel is adding support for a new security feature designed to help secure cloud server infrastructure.

Support for PCI Express Link Encryption will roll out with the upcoming release of the Linux kernel, version 6.19.

The new feature was developed together by representatives from chipmakers Intel, AMD, and Arm.

At least two Chinese APT groups are exploiting a recently disclosed vulnerability in the React framework's server components.

Attacks began within hours after the vulnerability, tracked as CVE-2025-55182 and named React2Shell, was disclosed last Wednesday.

The AWS security team has linked the attacks to two groups tracked as Earth Lamia and Jackpot Panda.

A new paper from the Germany-based think tank Interface has attempted to define the threshold at which peacetime state cyber operations become irresponsible. 

The author thinks that more concrete definitions of responsible behaviour would help guide states and prevent dangerous conduct.  

It's a commendable effort, but we don't think the architects of cyber operations really care about norms, and a German think tank writing down its preferred rules on a piece of paper won't make any difference to state behaviour. 

OpenAI security incident: OpenAI says some customer data was exposed during a breach at Mixpanel, a third-party analytics provider.

French Football Federation breach: The French Football Federation says hackers gained access to a software panel used by French football clubs to manage their licenses.

West London ransomware attack: A ransomware attack on a shared IT provider has brought down the networks of three city councils in West London—Royal Borough of Kensington and Chelsea, London Borough of Hammersmith and Fulham, and Westminster City Council. [MyLondon]

The Chinese-made DeepSeek-R1 AI model produces more insecure code when prompts mention subjects considered sensitive to the Chinese Communist Party (CCP), according to recent research from Crowdstrike. 

CrowdStrike's testing compared the security of code produced by DeepSeek with that of other state-of-the-art Large Language Models (LLMs). In the baseline test, the models were given straightforward prompts to produce code to carry out a particular task. 

They were then given the same base prompt with additional information that CrowdStrike described as a "contextual modifier" and/or a "geopolitical trigger".

Another Salesforce breach: Hackers are pilfering data from Salesforce customers again, this time after they've breached Gainsight, the maker of a Salesforce app. More than 200 customers were affected. The Scattered Lapsus$ Hunters group took credit for the hack, the same group that breached Salesforce earlier this year as well. [Salesforce//TechCrunch]

CrowdStrike fires malicious insider: Security firm CrowdStrike has fired an employee who was feeding information to the Scattered Lapsus$ Hunters hacking group. The company discovered the insider after screenshots of its internal systems were posted on the group's Telegram channel. [BleepingComputer]

SitusAMC hack impacts Wall Street: Hackers have stolen sensitive data from fintech company SitusAMC. Its main customers include banks and real estate loan platforms. [CNN]