X-Industry

Cyberattacks are often described as technical failures, yet anyone who has lived through a major outage or breach knows that the real shockwaves travel through people, not machines.  A recent study published in Engineering, Construction and Architectural Management on the Florida water plant hack makes this point vividly clear.  Paired with reporting from TechXplore’s article, “Cyberattacks can trigger societal crises, scientists warn”, the research shows that when hackers target critical infras

A new analysis by researchers at CyberArk has detailed a significant research effort revealing operational details of a StealC malware operator by exploiting a vulnerability in the malware's leaked web panel.  The recent findings demonstrate how poor security practices within criminal infrastructure can be turned against threat actors.  StealC is information-stealing malware operating under a Malware-as-a-Service (MaaS) model since early 2023.  It enables customers to steal passwords, session co

If you use a Microsoft computer, the last few weeks might have been a bit rough. The tech giant released a major security update to Windows 11, its current operating system, this month.  But in the weeks since, people have reported an array of problems, from their laptops not turning off to Microsoft Paint not opening.  Now Microsoft has released yet another urgent update to fix a bug that caused Outlook to crash.[1]

Users described their messages disappearing or seeing endless loading screens. 

A new test of ChatGPT Health tools revealed an integration flaw that produces inconsistent health grades.  The report highlights risks associated with using AI to analyze wearable data without medical context or oversight and clear limits.

OpenAI recently announced its new tool, ChatGPT Health, and now a newly discovered integration flaw has raised serious concerns about it. Recent testing shows the limitations of AI in the medical field.  It also sparks debate on how artificial intelligence sho

Sentinel Labs has provided a keen look into LLMs and SOC operations.  For security teams, AI promised to write secure code, identify and patch vulnerabilities, and replace monotonous security operations tasks.  Its key value proposition was raising costs for adversaries while lowering them for defenders.

To evaluate whether Large Language Models (LLMs) were both sufficiently performant and reliable to be deployed in the enterprise, a wave of new benchmarks was created.  In 2023, these early benc

The US Federal Bureau of Investigation (FBI) has issued a recent advisory, dated 8 January 2026, warning about an emerging and sophisticated cyber threat: North Korean state-sponsored actors, notably the group Kimsuky, are employing malicious QR codes in spear-phishing campaigns.  The FBI's flash alert highlights that, as of 2025, Kimsuky actors, also known by aliases such as APT43, have consistently targeted organizations by embedding malicious QR codes.

These attacks, termed "quishing," are de

The world of automotive retail, including commercial vehicles, is changing fast, and digital adoption, once optional, is now central to every dealership.  From online purchases to always-on laptops and cloud systems, dealerships today operate in a far more connected world than they did just a few years ago.  But with this rapid digital shift comes a new kind of challenge: cybersecurity.[1]

Mr. Gokul Rajan, Chief Digital Officer, Hinduja Leyland Finance said, cybersecurity is no longer a technica

Major sporting events are popular targets for cyber attackers.  There are therefore plenty of risks for the Winter Olympics, which will take place next month in the Italian cities of Milan and Cortina d’Ampezzo.  What can we expect from the digital battle taking place behind the scenes of the sport?  Unit 42 from Palo Alto Networks has provided an excellent overview.[1]

Critical infrastructure is under constant pressure both domestically and internationally.  Global events, from climate summits

The Trump administration is considering a range of measures against Iran in response to the regime's crackdown on anti-government protests, which has reportedly resulted in hundreds/thousands of deaths.  Protests in Iran began in late December 2025, initially sparked by economic grievances including soaring prices and currency collapse.  They have since evolved into widespread anti-government demonstrations challenging the Islamic Republic's theocratic system.[1]

Human rights groups, such as the

According to a recent report by Check Point Software, the number of publicly disclosed ransomware incidents increased approximately 60% year over year as of December.  In fact, there were nearly 1,000 reported incidents in December alone. This marks a clear increase in the consistency and scale of ransomware growth.

A potential contributor to this increase is the fact that ransomware is becoming more and more of an industrialized business model. Ransomware as a service (RaaS) ecosystems allows

In a significant cyber intrusion, Chinese hackers linked to the Salt Typhoon group have accessed email systems used by staff in key US House of Representatives committees. The breach, reported by the Financial Times and covered by Reuters, affects aides on the House Select Committee on China, as well as those handling foreign affairs, intelligence, and armed services.  Detected in December 2025, the incident raises concerns over the security of sensitive government communications.[1]

The hackers

It looks like Google is opening its wallet again.  The tech giant has agreed to pay $8.25 million to settle a class-action lawsuit that claimed it was secretly collecting data from children.  This case focused on how the tech giant handled the personal details of kids under the age of 13 who used apps from the Google Play Store.

Why the Lawsuit Was Filed - The legal trouble centered on a program called “Designed for Families” (DFF).  This was supposed to be a safe space where parents could find

Cyber operations are increasingly viewed as a preparatory measure to influence the battlespace before conventional air or ground forces engage.  Critical infrastructure such as power grids, communication networks, and information systems has become a strategic target.  Disrupting these can impede decision-making, degrade defensive capabilities, and create openings for traditional military units.  Recent reports from events concerning US cyber-attacks on Caracas in Venezuela and speculation about

Has your phone been prompting you for months to log into certain sites with a "passkey"?  Security writer Kim Key of PC Mag explains why you might want to ditch your passwords in favor of passkeys.

JUANA SUMMERS, HOST: For months now, my phone has been nudging me to create passkeys.  And every time it happens, I sort of pause because I don't actually know what a passkey is or whether it's something I actually need.  I actually keep almost all of my passwords written down in the back of a secre

UDPGangster is a UDP-based backdoor associated with the MuddyWater threat group, which is known for its cyber espionage operations across the Middle East and neighboring regions.  This malware enables remote control of compromised systems by allowing attackers to execute commands, exfiltrate files, and deploy additional payloads, all communicated through UDP channels designed to evade traditional network defenses.

Link to full report:  IR-26-021-002_UDPgangster.pdf

FortiGuard Labs recently identified a multi-stage malware campaign primarily targeting users in Russia.  The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign.  These documents and accompanying scripts serve as visual distractions, diverting victims to fake tasks or status messages while malicious activity runs silently in the background.

As the attack chain progresses, it escalates into a full-system compromise that includes

military

In July 2025, Russian President Vladimir Putin proudly added a new nuclear submarine, the Knyaz Pozharsky, to the country’s fleet. He celebrated it as proof that Russia could still build powerful weapons despite Western sanctions. But the celebration didn’t last long. Only days later, Ukrainian cyber experts managed to hack into Russian military networks. They stole and leaked secret documents that revealed the submarine’s technical details, including its design, systems, and crew infor

A new warning has been issued over continued disruptive cyber-attacks against UK organizations, with local government bodies and operators of critical national infrastructure remaining key targets.  Russian-aligned hacktivist groups are continuing to target UK and global organizations by attempting to disrupt operations, take websites offline and disable services.  The activity is largely focused on denial-of-service (DoS) attacks intended to overwhelm websites and online systems, preventing acc

A US House subcommittee was warned on 13 January that without federal action, the automotive aftermarket faces an existential threat that would lead to a vertically integrated industry, reduced competition, higher prices, diminished quality and fewer choices for consumers.[1]

In a hearing with the United States House Committee on Energy and Commerce’s Subcommittee on Commerce, Manufacturing, and Trade (CMT), Auto Care Association President and CEO Bill Hanvey emphasized that safe, affordable, an

AI coding assistants are no longer just autocompleting lines of code, they are quietly making decisions for you.  Tools like Claude Code are able to read projects, plan multi-step changes, install dependencies, and modify files with minimal human oversight.  To make this possible, these assistants rely on plugin marketplaces, where third-party developers can enable ‘skills’ that teach the agent how to manage infrastructure, testing, and dependencies.  Though powerful, the model requires a high d