X-Industry

Across boardrooms and IT departments, a dangerous assumption continues to grow because data resides in Microsoft 365 and Azure it is automatically secure.  This belief is fundamentally flawed and creates a false sense of protection that masks real exposure, turning what should be a strategic cloud advantage into a ticking time bomb quietly building risk inside the organization’s own environment.[1]

Microsoft builds the platform; it does not defend your specific environment.  What you monitor, ho

Since US and Israeli strikes began against Iranian military and nuclear infrastructure in late February, two wars have been running simultaneously. One is kinetic.  The other involves something the world has not fully reckoned with: the systematic use of artificial intelligence to manufacture reality, at scale, in real time, during active armed conflict.[1]

Within days of the opening strikes, AI-generated video of missile impacts on the USS Abraham Lincoln was spreading across TikTok.  Fabricate

Cybersecurity researchers have spotted a sneaky new trick used by hackers to compromise developers’ computers.  This latest threat, which first appeared at the beginning of February 2026, involves malicious code hidden inside npm packages, which programmers use to create apps.  According to researchers at ReversingLabs, this specific attack, dubbed the Ghost campaign, tricks users into thinking they are installing a helpful tool.  The software is busy stealing private data in the background.[1]

On 24 March 2026, two versions of the litellm Python package on PyPI were found to contain malicious code.  The packages (versions 1.82.7 and 1.82.8) were published by a threat actor known as TeamPCP after they obtained the maintainer's PyPI credentials through a prior compromise of Trivy, an open source security scanner used in litellm's CI/CD pipeline.

The malicious versions were available for approximately three hours before PyPI quarantined the package. litellm is downloaded roughly 3.4 mill

A US federal jury in Los Angeles on 25 March 2026 found Meta and Google liable in a closely watched trial accusing social media platforms of designing their products to get young users addicted, awarding the plaintiff $3 million in damages.  Meta was ordered to pay 70% of the awarded compensatory damages, while Google is responsible for the rest.  The verdict came after nine days, roughly 43 hours, of deliberations.  The jury is expected to decide on punitive damages.  "For years, social media c

A cyber-criminal is attempting to sell a zero-day exploit targeting a Windows Remote Desktop Services (RDS) privilege escalation vulnerability for US$220,000 on a cybercrime forum.  The listing, identified by threat intelligence analysts, highlights the rapid commercialization of critical vulnerabilities within the criminal underground.  The sale was posted by a user registered under the name 'Kamirmassabi' in the "Malware, Exploits, Bundles, AZ, Crypt" section of a prominent dark web forum.  Th

A new iOS exploit chain and payload called ‘DarkSword’ is stealing sensitive personal information from iPhones running iOS 18.4 to 18.7.  The toolkit is linked to multiple threat actors, including Russian-aligned UNC6353, who previously leveraged a similar exploit chain called Coruna. DarkSword was subsequently uncovered while various researchers analyzed Coruna’s infrastructure.

In early November 2025, NC6748 used DarkSword against Saudi Arabian users via a Snapchat-themed website.  Subsequentl

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language.

Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP. In December 2025, the group began compromising corporate cloud environments using

In an increasingly interconnected, digital world, it's essential to make the right choices for your security on the Internet. There are good habits to get into to improve online safety, and you should keep your ear to the ground to know when a new threat has emerged or become more prevalent. For example, the Federal Bureau of Investigation recently warned that something as seemingly safe and secure as a home or small business Wi-Fi network could be in danger. This increasingly common criminal th

The Federal Bureau of Investigation (FBI) has officially confirmed that a limited number of its servers have been compromised in a cybersecurity incident.  The breach affected surveillance systems used by the FBI for lawful foreign intelligence interception operations, with investigators suspecting state-backed Chinese hackers based on suspicious activity patterns.  The security breach occurred during the second week of February 2026 and was detected on 17 February 2026.  The incident has raised

Hewlett Packard Enterprise (HPE) has released its inaugural cyber threat report, titled 'In the Wild', revealing a significant shift in the operational strategies of modern cyber adversaries.  Released on 17 March 2026, the research indicates that cybercrime groups are increasingly mirroring legitimate enterprise business models to maximize financial gain.  The report, based on an analysis of 1,186 active threat campaigns observed globally throughout 2025, suggests that the threat landscape has

You probably associate information security with desktops and laptops, business computers, and servers in datacenters.  Too often, we assume that our mobile devices are inherently more secure, probably because of how we interact with them.  But last week’s security news includes warnings for iPhone and Android users.  Just a reminder that no one is safe.

First, if you haven’t updated iOS, it’s time to do so.  Last week, it was reported that iPhone users running iOS 18.4 to 18.7 are vulnerable to

Cyfirma cybersecurity researchers have unveiled a detailed analysis of a new threat: TaxiSpy RAT, a sophisticated Android banking trojan with remote access capabilities.  This malware primarily targets Russian users and financial institutions, compromising apps related to banking, cryptocurrency, government services, and online marketplaces.  The report highlights how this threat exploits vulnerabilities to facilitate financial fraud, posing significant risks to individuals and organizations ali

Dutch intelligence agencies have revealed an extensive cyber campaign by Russian state-backed hackers aimed at infiltrating Signal and WhatsApp accounts of high-profile individuals worldwide.   The Military Intelligence and Security Service (MIVD) and General Intelligence and Security Service (AIVD) describe the effort as large-scale and ongoing, exploiting user vulnerabilities rather than app flaws.   The operation focuses on government officials, military personnel, and civil servants, with Du

Every time you check your bank balance online, send an email, or make a purchase with a credit card, your information is encrypted, a mathematical shield that keeps your data protected from prying eyes.  This encryption has worked extremely well for decades.  The algorithms safeguarding your most sensitive data would take today’s most powerful traditional computers millions of years to crack.  However, a new type of machine is emerging that could change everything.  That machine is the quantum c

In the ongoing conflict between the United States and Iran, cyber operations have emerged as a significant component alongside conventional military actions.  Operation Epic Fury, initiated on 28 February 2026, involved coordinated strikes that targeted key Iranian leadership and infrastructure, with digital disruptions playing a crucial role in limiting the adversary's response capabilities.  Iranian connectivity fell by at least 46% during the strikes, signaling intense cyber involvement.[1]

T

Lloyd’s of London is reporting that Iran has created a de facto ‘safe’ shipping corridor through its territorial waters in the Strait of Hormuz, offering vetted vessels passage in exchange for approval and in at least one case, a reported $2m payment.  While use of the Iranian corridor is being negotiated on a case-by-case basis, Lloyd’s List understands the IRGC is expected to establish a more formalised vessel approval process in the coming days.[1]

At least one tanker operator is understood t

Throughout early 2026, SentinelOne’s® Digital Forensics & Incident Response (DFIR) team has responded to several incidents in which FortiGate Next-Generation Firewalls (NGFW) have been compromised to establish a foothold in the targeted environment.  Each incident was detected and stopped during the lateral movement phase of the attack.  Fortinet disclosed and issued patches for several high-severity vulnerabilities, allowing unauthorized access during our investigation period.  Successful explo

The National Centre for Nuclear Research (NCBJ) is Poland’s largest research institute focused on nuclear science and technology.  It operates the country’s only nuclear research reactor, MARIA, and conducts research in nuclear and particle physics, reactor technology, radiopharmaceuticals for medical applications, and industrial and environmental applications.

NCBJ also supports Poland’s civilian nuclear power program, but it does not conduct any military-related activities.  Poland does not ha

Cofense researchers have found a new phishing scam where threat actors use LiveChat software to impersonate brands like Amazon and PayPal.  By chatting with victims in real-time, these cybercriminals can bypass security codes and steal credit card information.  Online threat actors have found a new way to trick people by using live chat tools that we usually see on official business websites.  According to the latest research from the Cofense Phishing Defense Center (PDC), a new wave of scams is