Jaguar Land Rover (JLR) announced on 7 October it will begin the phased restart of its manufacturing operations following a cyber-attack that completely halted global production last month. Separately, the company said it was launching a financing scheme to provide some of its suppliers with up-front cash to help them overcome the financial difficulties caused by the shutdown.[1] The impact to JLR’s supply chain caused what one senior British politician called “a cyber shockwave ripping throug
All Articles (2677)
Sort by
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
A transnational operation involving 14 African countries has dismantled a large-scale digital scamming network, resulting in 260 arrests and the seizure of 1,235 electronic devices. The Interpol-led effort, named Operation Contender 3.0, marks the third wave of arrests against fraudsters and romance scammers in Africa following operations in 2021 and 2024. This third crackdown was conducted between July 28 and August 11, 2025. It focused on romance scams, where perpetrators build online relat
Gamers and game developers worldwide are being warned of an urgent need to update their software following the disclosure of a vulnerability in the Unity engine, the world’s most popular games development tool. The bug, tracked as CVE-2025-59489, exposes apps built using affected versions of Unity to attacks that could execute arbitrary code; meaning a malicious file could hijack permissions granted to a Unity game and run commands using the app’s permissions on a victim’s device.[1] The compa
Software giant Oracle confirmed reports that dozens of its customers have received extortion emails from cybercriminals demanding payment in exchange for not releasing troves of stolen information. In a statement published last week, Oracle chief security officer Rob Duhart said they are investigating claims made by the Clop ransomware gang that there was a breach of some Oracle E-Business Suite customers. “Our ongoing investigation has found the potential use of previously identified vulnerab
The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia. First identified in 2013, the group is believed to have links to state-sponsored operations in the region. Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries, especially in Pakistan, using spear-phishing and malicious documents as initial access vectors. Recent campaigns have highlighted a sharp evolut
Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on 29 September 2025. According to De Telegraaf, the two used a WiFi sniffer device near Europol and Eurojust offices, as well as the Canadian embassy in The Hague. Europol has confirmed the reports, and a spokesperson acknowledged the incident, noting there are no signs of a compromise on the agency’s systems. “We are in close contact with the Dutch authorities regarding this
The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using our honeypots, we monitor traffic targeting various edge devices and internet-facing applications.
On 22 July 2025, suspicious network traces were observed via our honeypots. The analysis revealed that a cellular router’s API was exploited to send malicious SMS messages containing phishing URLs, an attack that leverages SMS as a deliver
The UK government’s announcement of a mandatory digital ID scheme has started a debate; pitting promises of streamlined services against fears of a surveillance society. Unveiled this week, the scheme mandates digital IDs for Right to Work checks by the end of this Parliament, stored on smartphones via a GOV.UK wallet app. While proponents hail it as a modern fix for illegal migration and bureaucratic woes, critics warn it echoes past failures and amplifies privacy risks in an era of rampant d
Hackers have been identified using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks. The Oyster malware, also known as Broomstick and CleanUpLoader, is a backdoor that first appeared in mid-2023 and has since been linked to multiple campaigns. The malware grants attackers remote access to infected devices, enabling them to execute commands, deploy additi
WhatsApp has become one of the most popular applications, with over 2 billion users using it for communication with friends and family. Unfortunately, this makes WhatsApp an easy target for cybercriminals to exploit unsuspecting individuals. Since the app is used for friendly methods, many assume that contact via WhatsApp can be trusted. It cannot, and users must be cautious.[1]
Threat actors have elevated their tactics from the traditional style of email phishing to utilizing WhatsApp. They app
Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks. A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people with little tech know-how to launch major attacks. Two such dangerous platforms have been reported by the end-to-end
A newly identified cyber-attack campaign has exploited Cisco Adaptive Security Appliance (ASA) devices in a sophisticated operation linked to the espionage-focused ArcaneDoor threat actor. The attacks targeted certain Cisco ASA 5500-X Series devices that were running Cisco Secure Firewall ASA Software with VPN web services enabled. Cisco has assessed with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 20
On 17 September 2025, the Las Vegas Metropolitan Police Department arrested a suspected Scattered Spider member linked to attacks on Las Vegas casinos for computer intrusion, extortion, and identity theft. Between August and October 2023, multiple Las Vegas casinos suffered network intrusions linked to the cybercrime group “Scattered Spider,” prompting an FBI investigation.
See: https://redskyalliance.org/xindustry/scattered-spider-s-devious-web
“Through the course of the investigation, detect
A new variant of information-stealing malware, named DeerStealer, has emerged as a significant threat to personal and financial data across infected systems. The malware, identified by cybersecurity researchers at Cyfirma, employs a range of sophisticated techniques to evade detection, maintain persistence, and steal sensitive information from its victims. DeerStealer's primary goal is to compromise personal and financial data, including system information, credentials, cryptocurrency wallets
Somehow this just doesn’t seem right. Who wants to stop the flow of beer? Japanese beverage company Asahi said a recent cyber-attack has caused a system failure that is impacting its ability to ship orders and manage its call center.
Asahi published a statement on 29 September that warned customers the cyber incident was affecting its operations in Japan. Due to the system failure caused by the cyber-attack, Asahi suspended order and shipment operations at group companies in Japan as well as
Cybersecurity firm Tenable discovered three critical flaws that allowed for prompt injection and data exfiltration from Google’s Gemini AI. Learn why AI assistants are the new weak link. Researchers have recently discovered three critical security flaws within Google’s Gemini AI assistant suite,[1] which they’ve dubbed the “Gemini Trifecta.” These vulnerabilities, publicly disclosed around October 1, 2025, made Gemini vulnerable to prompt injection and data exfiltration, putting users at risk
Attacker Breakout Time refers to the time it takes for an intruder to begin moving laterally outside of the initial beachhead to other systems in the network. Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new report from ReliaQuest. The threat intelligence vendor claimed in its latest Threat Spotlight report for the period June–August 2025 that the average breakout time dropped to only 18 minutes. One
It was an easy decision for J. Galen Buckwalter, a 69-year-old quadriplegic living in Southern California, to undergo a craniotomy in 2024. The operation, which involved inserting 384 electrodes in his brain and a large titanium plate in his skull, allows researchers to record data about how his neurons operate, potentially helping future paralysis patients. The hard part, Buckwalter says, has been giving up the right to access and own his neural data and feel assured that it will be kept priv
A group of Iranian hackers known as Nimbus Manticore is expanding its operations, now focusing on major companies across Europe. According to new research from the cybersecurity firm Check Point Research (CPR), the group is targeting businesses in the defense, telecommunications, and aerospace sectors to steal sensitive information.
Nimbus Manticore, also called UNC1549 or Smoke Sandstorm, has been actively tracked since early 2025 and previously ran the Iranian Dream Job campaign. These campa
