X-Industry

A recently disclosed vulnerability in train braking systems could let hackers remotely stop trains with relatively simple and inexpensive hardware, potentially causing derailments, according to the US Cybersecurity & Infrastructure Security Agency (CISA).  The high-severity vulnerability, tracked as CVE-2025-1727, involves weak authentication in the protocol used to send what are known as end-of-train and head-of-train packets, radio signals that command a rail vehicle’s end-of-train device to s

Cisco Talos researchers on 24 July 2025 detailed Chaos, a newer Ransomware-as-a-Service (RaaS) group that specializes in big company hunting and double extortion attacks (meaning it both encrypts victim files and steals data for potential leaking).  According to Cisco Talos, the group emerged in early February 2025 and appears to be made up of former BlackSuit ransomware gang members "based on similarities in the ransomware's encryption methodology, ransom note structure, and the toolset used in

The education sector is haunted by a significant fraud problem where fake students impersonate celebrities and employ other identity techniques to steal resources and money from legitimate students.  While sorting through student submission applications, the name Brad Pitt appears.  Admission office employees believe it must be a joke or an accident, but soon they find another familiar-looking celebrity name. It becomes clear that the fraudulent technique, named "ghost students," is highly inten

A new backdoor malware campaign targeting Linux systems and exploiting critical vulnerability in SAP has been uncovered by cybersecurity researchers.  The malware, known as Auto-Color, was deployed in a targeted intrusion against a US-based chemicals company in April 2025.  According to an advisory published by Darktrace on 29 July 2025, the attack began when a threat actor exploited CVE-2025-31324, a critical flaw in SAP NetWeaver that allows remote file uploads and potential system compromise.

The notorious Russian cyber-espionage gang known as Fancy Bear, also known as APT28, has increased its attacks against governments and military entities worldwide using new sophisticated cyber tools and technology.   Fancy Bear is perhaps best known in the United States for its hack and leak of Democratic National Committee emails in the lead-up to the 2016 presidential election.  Eleven Western countries have accused the hacking group of targeting defense, transport, and tech firms involved in

Ukrainian intelligence carried out a secret operation against Russian authorities in occupied Crimea. Over several days, Ukrainian cyber experts accessed and downloaded 100 terabytes of classified data from Russian-run government servers. After extracting the files, they completely erased the originals, leaving a major gap in Russian digital records.

The amount of data stolen, 100 terabytes which is massive.  That’s enough to fill more than 20,000 high-definition movies or store over 25 million

China is conducting intelligence operations in The Netherlands that are targeting key industrial sectors including semiconductors, aerospace and maritime technology, Dutch Defense Minister Ruben Brekelmans recently warned.  Dutch national security and transatlantic supply chains are in danger because of state sponsored cyber-attacks and clandestine intelligence operations.  This activity threatens not only the Netherlands, but also the entire free world.

In reaction to similar Chinese targeting

On 13 June 2025, Israel launched a sweeping pre-emptive operation targeting Iran’s military leadership, conventional military sites, air defenses, and nuclear infrastructure.  The campaign was called Operation Rising Lion by the Israeli government and military.  Last month, our friends at Fortinet published a blog detailing the new realities of cyber warfare, which were highlighted by this recent conflict.

The recent surge in maritime security is a direct response to a troubling increase in hostile activity targeting Critical Undersea Infrastructure (CUI).  As reports confirm, "Over the past 2–3 years, Europe has experienced increasing threats to its undersea cables and pipelines."  The wake of incidents like the Nord Stream pipeline sabotage in September 2022 served as a stark wake-up call, exposing the immense vulnerability of these essential arteries.  Countries from Europe and the US, Australi

A recent analysis reveals how Scattered Spider’s persistent help desk exploitation cost Clorox $400 million.  The analysis reveals Clorox’s operational disruption, and critical steps organizations must take to protect against similar social engineering threats.  The cleaning products giant Clorox has sued its IT services partner, Cognizant, alleging that a devastating August 2023 ransomware attack that crippled production and cost the company $380 million in lost revenue was due to the firm’s ne

The article below is an analysis and follow-up to the analysis titled ‘Intrusion into Middle East Critical National Infrastructure’ (full report here), conducted by the FortiGuard Incident Response Team (FGIR)[1], which investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East.

The Fortinet report revealed that threat actors had installed numerous web shell servers on the compromised system.  In this follow-up, analysts conducted a deep analysis

A new report from NATO’s Cooperative Cyber Defense Center of Excellence (CCDCOE) warns that global ports are vulnerable in the wake of escalating cyber threats.  The policy brief highlights that ports, which handle approximately 80% of international trade, “face unprecedented cybersecurity threats from state-linked actors” from Russia, Iran, and China.  These actors aim to disrupt operations and potentially inflict significant economic and military harm.

Ports serve as crucial nodes in NATO’s de

Currently, European Central Bank (ECB) supervisors are focusing on critical issues, ranging from tariffs to cyberattacks and a possible dollar shortage, as they assess potential risks to the region's banking industry, five senior central bank officials said recently.  The ECB is examining these risks amid a global trade war and conflicts, including the war in Ukraine and the Middle East.

Chief ECB supervisor Claudia Buch said last week that the central bank would test banks' resilience to geopol

In a communication with Bleepingcomputer, Dell has recently acknowledged a breach to its Customer Solutions Centers platform, which encompasses a variety of programs for evaluating technology solutions.  The Dell Customer Solutions Centers are partitioned from the rest of Dell’s customer-facing networks and internals systems, so the breach affecting this platform should not pose much risk to customer data or sensitive internal data.

Dell representatives state that the data used in this platform

US insurance giant Allianz Life announced on July 26 that hackers had stolen the personal information of many of its customers, financial professionals, and select Allianz Life employees in the United States.  The insurance giant's filing with Maine's attorney general did not immediately provide the number of customers affected.  According to the filing, the data breach, which the company described as a hack, occurred on July 16 and was discovered on July 17. 

TechCrunch first reported the data

A cyber-espionage campaign linked to a sophisticated hacking group believed to be based in China is continuing to compromise virtualization and networking infrastructure used by enterprises globally, according to a new deep-dive report by cybersecurity company Sygnia.  The hackers are targeting VMware ESXi hypervisors, a type of software that controls and hosts virtual machines for enterprise networks.  They are using custom tools that grant persistent access while evading detection by standard

Yesterday, KrebsOnSecurity heard from one of its readers whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries.

A reader who works in the transportation industry sent a tip about a recent successful phishing campaign that t

There has and will be debates on how governments can regulate the current cyber advancements, which are changing at lightning speed.  As an example, water and wastewater entities in the State of New York, that will soon have access to a new $2.5 million grant program to help them mitigate the costs of forthcoming cybersecurity regulations.

This past week, NY state officials announced the new funding pool alongside the proposed regulations, which would require regulated water and wastewater syste

The FortiCNAPP team, part of FortiGuard Labs, recently investigated a cluster of virtual private servers (VPS) used for Monero mining. The identified samples are associated with prior H2miner campaigns that we documented in 2020 and have since been updated with new configurations. H2Miner is a Crypto mining botnet that has been active since late 2019.

Researchers also identified a new variant of the Lcryx ransomware, called Lcrypt0rx. Lcryx is a relatively new VBScript-based ransomware strain fi

Hackers believed to be affiliated with an Iranian intelligence agency are using a newly-discovered strain of the DCHSpy malware to snoop on adversaries.  Researchers from the cybersecurity firm Lookout detected the latest version of DCHSpy one week after Israel’s June bombing campaign targeting Iran’s nuclear program began.  DCHSpy was first detected in 2024, but has since evolved and can now exfiltrate data from WhatsApp and files stored on devices, Lookout said.  The malware also collects cont