X-Industry

Cyber researchers have uncovered a large-scale software supply chain attack on GitHub dubbed “GhostAction”, which has exposed more than 3,300 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare API keys, AWS access keys, and database credentials so far.  

The campaign came to light after suspicious activity was detected in the FastUUID project on September 2.  Attackers had compromised maintainer accounts and injected a malicious GitHub Actions workflow designed to trigger on code

A joint study by Cybersecurity at MIT Sloan (CAMS) and Safe Security has examined 2,800 ransomware incidents and found that a staggering 80.83%, or more than 2,272 attacks, were driven by artificial intelligence. This statistic is not theoretical; it's based on comprehensive, real-world data collected during 2023–2024.

The Rethinking the Cybersecurity Arms Race working paper paints a vivid picture of how AI is transforming attack methods. Adversaries are no longer relying on manual orchestration

What began as a quiet investigation into suspicious Salesforce activity has escalated into one of the most significant SaaS supply chain incidents of the year. Google's Threat Intelligence Group (GTIG) reports that a threat actor, tracked as UNC6395, exploited compromised OAuth tokens from Salesloft's Drift integrations to extract data from multiple customers' Salesforce instances. The campaign ran at least from 8 to 18 August 2025. GTIG's assessment is blunt: "GTIG assesses the primary intent o

Cybercriminals are abusing Grok AI, the conversational assistant built into X (formerly Twitter), to spread malware through a campaign researchers have dubbed "Grokking."  The scheme was uncovered by Guardio Labs researcher Nati Tal, who found that attackers are leveraging Grok's trusted status on the platform to amplify malicious links hidden in promoted ads.[1]

Instead of including a clickable link directly in the ad where X's scanning mechanisms might detect i,t attackers hide the malicious U

In a significant move toward accountability, Qantas Airways has reduced short-term bonuses for its executive leadership, cutting 15% of their pay considering a recent cyber breach that compromised customer data for millions.  So, what happened, and what does it all mean for CISOs, their teams, and the broader corporate ecosystem?   Qantas slashed short-term bonuses in fiscal 2025 for its top executives, including CEO Vanessa Hudson, by 15%, amounting to a A$250,000 cut for the CEO and a combined

Organizations today are often ambivalent about agentic AI because of both its unpredictable failures and its potential use in cybercrime.  Agentic systems are increasingly being given more control and are operating autonomously, taking on complex tasks and decision-making processes on behalf of users.   These are often conducted with minimal human oversight, and agentic AI systems are interacting directly with enterprise systems to automate workflows.  While this approach offers efficiency in ro

Microsoft Corporation issued security updates on 9 September 2025 to fix more than 80 vulnerabilities in its Windows operating systems and software.  There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label.  Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

Microsoft assigns security flaws a “critical”

Our friends at FortiGuard Labs recently discovered a phishing campaign that employs multiple advanced evasion techniques.  These include the use of an Easy Programming Language (EPL) to develop a staged payload, concealing malicious operations and disabling security tools to prevent alert triggers, securing Command and Control (C2) communications using mutual TLS (mTLS), supporting various methods for deploying additional payloads, and even installing popular remote access tools to grant attacke

In collaboration with the internet intelligence platform Validin, SentinelLABS has been tracking activity on the platform, which we attribute with high confidence to North Korean threat actors involved in the Contagious Interview campaign cluster.  This activity, which took place between March and June 2025, involved the threat actors examining cyber threat intelligence (CTI) information related to their infrastructure.  Our unique visibility has provided valuable insights into their operational

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Autonomous vehicles and many other automated systems are controlled by AI, but the AI itself could be compromised by malicious attackers who take control of the AI’s weights.  Weights within AI’s deep neural networks represent the models’ learning and how it is used.  A weight is usually defined in a 32-bit word, and there can be hundreds of billions of bits involved in this AI's reasoning process.  It is a no-brainer that if an attacker controls the weights, they control the AI.[1]

A research t

The US needs a "whole-of-nation approach" to deterring and warding off cyber-attacks backed by foreign states, President Trump’s newly confirmed national cyber director said on 9 September.  Such attacks will continue until officials impose more severe consequences on bad actors, Sean Cairncross said in his first public address since his confirmation last month to lead the Office of the National Cyber Director.[1]

The nation “must send a message this behavior is unacceptable” and will come at a

Jaguar Land Rover (JLR) finds itself in a 'truly dreadful situation' after the cyber assault that shuttered numerous facilities last week, an expert has claimed.  The Coventry-headquartered automotive giant confirms it is operating 'round the clock' to address the continuing issue.

A statement previously issued by JLR disclosed the incident had caused significant disruption to business and production activities - the firm has now confirmed it is collaborating with specialists and police to tackl

Hackers, criminals, and spies are rapidly adopting Artificial Intelligence (AI), and considerable evidence is emerging of a substantial acceleration in AI-enabled crime.  This includes evidence of the use of AI tools for financial crime, phishing, distributed denial of service (DDoS), child sexual abuse material (CSAM), and romance scams.  In all these areas, criminal use of AI is already augmenting revenue generation and exacerbating financial and personal harms.  Scammers and social engineers,

The cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.  Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time.  The open-weight language model was released by OpenAI earlier this month.  "PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target

Car tire manufacturer Bridgestone confirms it is investigating a cyberattack that impacts on the operation of some manufacturing facilities in North America. The company believes that its rapid response contained the attack at its early stages, preventing customer data theft or deep network infiltration.  Bridgestone Americas (BSA) is the North American arm of Bridgestone, a Japanese multinational tire manufacturer, the largest in the world by production volume.[1]

BSA operates 50 production fac

The popular Streameast illegal sports streaming site was taken down this past week as officials in Egypt arrested two men allegedly involved in the effort.  The Alliance for Creativity and Entertainment (ACE) said it worked with Egyptian authorities to shut down the piracy network, which had more than 80 associated domains and logged more than 1.6 billion visits over the past year.

ACE called Streameast the largest illicit live sports streaming operation in the world, giving people free access t

Modern vehicles are transforming into full-fledged digital devices that offer a multitude of features, from common smartphone-like conveniences to complex intelligent systems and services designed to keep everyone on the road safe. This digitalization, while aimed at improving comfort and safety, is simultaneously expanding the vehicle’s attack surface.

In simple terms, a modern vehicle is a collection of computers networked together. If a malicious actor gains remote control of a vehicle, they

Threat actors are abusing virtual private servers (VPS) to compromise Software-as-a-Service (SaaS) accounts, according to an investigation by Darktrace.  The cybersecurity vendor identified coordinated SaaS account compromises across multiple customer environments, all of which involved logins from IP addresses linked to various VPS providers.  The compromised accounts were used to conduct follow-on phishing attacks, with threat actors taking steps to avoid detection and enable persistent access

They say necessity is the mother of invention.  As our reliance on digital infrastructure has grown, we have demanded more from our networks: seamless access, automated processes, uninterrupted user journeys, and effortless interoperability.   Each improvement has pushed us further toward a hyper-connected, “smarter” enterprise, but at a cost that rarely registers on the risk scale.  In the background, facilitating all of this is a new type of workforce, an army of AI bots and agents that keep t