X-Industry

Hundreds of thousands of people were left unable to access critical services on 29 October, as Microsoft Azure unexpectedly crashed.  The massive outage came just nine days after an Amazon Web Services outage brought 'half the internet' to a standstill.  Some experts have shown alarming realities of the Internet blackout.  Microsoft and Amazon are the world's two largest providers of 'cloud computing'.  The vast majority of internet services: including apps, social media platforms, and websites

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot.  "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs researchers Aditya K Sood and Varadharajan K said in a report shared with The Hacker News. "When opened,

A cut to federal food assistance is looming, but residents have been struggling with the program for months.  A cyber-attack in July targeted a phone system that lets people call about their account information.  When Julia Smith, 33, qualified for the federal Supplemental Nutrition Assistance Program in late August, she expected to be able to use her benefits.  But obtaining access to her card was complicated by a disruption at a call center a month earlier.  Suzanna Smith, 30, who lives with h

The cybersecurity community recently received an urgent signal from Darktrace's research team about a sophisticated intrusion campaign linked to Salt Typhoon, a persistent threat actor with ties to China.  The core of this campaign: the exploitation of a critical vulnerability in the Citrix NetScaler Gateway (formerly Citrix ADC/Gateway).  This is not just another vulnerability report; it is a live-fire case study highlighting the strategic importance of patching perimeter devices and the necess

Companies should improve the resilience of their software supply chains against ransomware, according to guidance the International Counter Ransomware Initiative (CRI) published recently after its fifth annual summit in Singapore.  The new guidance, developed by the United Kingdom and Singapore as the CRI’s policy leads, aims to raise awareness of the ransomware threat across supply chains, as well as promote good cyber hygiene that will see supply chain vulnerabilities factored into organizatio

New AI-powered web browsers, such as OpenAI’s ChatGPT Atlas and Perplexity’s Comet, are attempting to unseat Google Chrome as the primary gateway to the Internet for billions of users.  A key selling point of these products is their web browsing AI agents, which promise to complete tasks on a user’s behalf by navigating websites and filling out forms.  However, consumers may not be aware of the significant risks to user privacy associated with agentic browsing, a problem that the entire tech ind

For decades, online security has relied on cryptographic systems that are robust against classical computers.  But quantum computing changes the game.  It threatens to undermine the mathematical foundations of widely used encryption methods, exposing sensitive data captured today to future decryption and exploitation.  This looming threat has catalyzed a global effort to build quantum-safe cryptography, and a recent survey by Chhetri et al. offers a sweeping and useful view of how post-quantum c

SpaceX says it has disabled more than 2,000 Starlink devices connected to scam compounds in Myanmar after politicians and others called on the company to crack down on scammers using its kits for fast satellite internet.  The vice-president of Starlink’s business operations, said in a post on X last week that the company “proactively identified and disabled over 2,500 Starlink Kits in the vicinity of suspected ‘scam centers’” in Myanmar.  She cited the takedowns as an example of how the company

Professionals have ignored cybersecurity on their phones.  Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.  Enterprise cybersecurity risks from employees using their personal phones for work are rising, but companies aren't adopting solutions quickly enough to account for them.  The data collected in Verizon Business' 2025 Mobile Security Index (MSI) paints a clear picture

Google’s Threat Intelligence Group (GTIG) has warned that at least two hacking groups are exploiting public blockchains to conceal and control malware, using a technique called “EtherHiding” that turns decentralized ledgers into resilient command-and-control (C2) infrastructure.  GTIG reports it has observed the North Korean (DPRK) threat actor UNC5342, also known as BeaverTail, employing EtherHiding since February 2025, possibly the first known instance of a nation-state group using the method.

Microsoft’s Digital Defense Report 2025[1] warns of a marked increase in identity-based attacks, driven in part by the growing use of artificial intelligence to craft convincing social engineering lures.  The company says its systems analyze more than 100 trillion security signals every day and that identity attacks rose 32% in the first half of 2025 compared with the previous period.[2]

Microsoft emphasizes that password attacks remain the primary vector: more than 97% of observed identity-base

A new report from security researchers details the activities of ‘Jingle Thief’, a financially motivated threat group that operates almost entirely in cloud environments to conduct large-scale gift card fraud.  Active since at least 2021, the group targets retail and consumer services organizations through phishing and smishing campaigns designed to steal Microsoft 365 credentials.[1]

Once inside, the attackers exploit cloud-based infrastructure to impersonate legitimate users, gain unauthorized

Imagine waking up tomorrow to a world without power.  No lights.  No phones.  No internet. No refrigeration. Within days, grocery stores are stripped bare. Within weeks, hospitals close.  Within months, millions are dead.  That isn’t science fiction.  It is the very real danger of an electromagnetic pulse, or EMP, and it is what keeps a national security expert awake at night.

An electromagnetic pulse (EMP) is a burst of electromagnetic energy that can disrupt or destroy electronic equipment and

According to CrowdStrike's 2025 Threat Hunting Report, 81% of intrusions were malware free.  That confirms that attackers aren't dropping files anymore, they are logging in.  That's a big change in Tactics, Techniques, and Procedures for 2025.

In 2025, threat hunting is evolving to address increasingly sophisticated adversaries who are moving away from traditional malware-based attacks.  Instead, attackers are leveraging legitimate credentials to gain access and remain undetected, making identit

In the early morning hours of 20 October, issues regarding a single service allegedly caused major disruptions to the basic things that make our lives functional.  Canvas crashed, disrupting learning nationwide.  Lloyds Bank customers lost access to their accounts.  Some United Airlines flyers could not check in or view their reservations.  People's alarms didn't go off.  There are too many examples to list, it was a full meltdown.  To some, what happened on 20 October was an example of Big Tech

Our colleagues at Sentinel Labs have provided yet another great research and analysis.  As Large Language Models (LLMs) are increasingly incorporated into software‑development workflows, they also have the potential to become powerful new tools for adversaries; as defenders, it is important that we understand the implications of their use and how that use affects the dynamics of the security space.

In Sentinel’s research, they wanted to understand how LLMs are being used and how analysts could s

Ukraine’s parliament has approved, in its first reading, a bill to create a Cyber Forces command within the armed forces, underscoring the growing strategic importance of cyberspace in Kyiv’s defense against Russia.  The draft law, passed on October 9, 2025, with the support of 255 lawmakers, would establish a standalone military command responsible for the country’s cyberspace defense and operations.

According to the explanatory note accompanying the bill, the Cyber Forces of the Armed Forces o

This past week, Red Sky Alliance conducted a webinar detailing the US Secret Service take down of a SIM related espionage campaign during a recent United Nations session in New York City.  Well, the use of SIM farms and cards are also occurring in other parts of the World.  On 10 October 2025, in Latvia, the arrests of five cyber-criminals of Latvian nationality and the seizure of infrastructure were conducted.  The infrastructure was used to enable crimes against thousands of victims across Eur

Behind the Vault - Banks are often seen as bastions of trust, where personal financial information is locked away under layers of regulation and security.  But a new study from the University of Michigan suggests that this trust may be misplaced.  Despite being among the most tightly regulated institutions in the United States, banks may be sharing customer data far more freely than most people realize and doing so behind a maze of confusing and contradictory privacy policies.[1]

The research, t

In January 2025, FortiGuard Labs observed Winos 4.0 attacks targeting users in Taiwan.  In February, it became clear the actor had changed malware families and expanded operations.  What first appeared isolated was part of a broader campaign that shifted from China to Taiwan, then Japan, and most recently Malaysia.

This article examines the methodologies employed to identify strategic connections between their campaigns, revealing how seemingly unrelated attacks are linked through shared infrast