X-Industry

Organizations secure work phones and company laptops, but attackers could target the electrical current running through those devices.  Direct current (DC) power regulation helps stabilize the energy powering electronics people use daily, from solar panels and connected cars to smartphones and essential computer parts.  It's also vital across critical infrastructures, including telecommunications, industrial automation, and data centers.  DC regulators provide stable voltage to prevent damage or

According to a recent security report, the North Korean hacker group APT37 is distributing an Android malware strain called “BirdCall” in a supply-chain attack through a compromised video game platform.  BirdCall is a known backdoor for Windows systems, but APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android variant that also functions as spyware.

Researchers at cybersecurity company ESET say the threat group created BirdCall for Android around October 2024 and has sin

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

Life sciences are on the cutting-edge of innovation: They’re developing breakthrough drugs and vaccines, advanced medical devices and diagnostic tools, and sustainable environmental solutions.  But all this advancement is exactly what makes pharmaceutical, biotech and medical device firms prime targets for cyberattacks, data breaches, fraud and even counterfeiting.  And these risks are causing financial and operational disasters across the industry.  That’s why comprehensive insurance programs a

By the time Ayleen Charlotte realized what had happened, she was broke, in debt, and did not know what to do.  Her boyfriend of well over a year was Shimon Hayut, the infamous "Tinder Swindler," and she was one of many women he had scammed out of nearly everything they had.  The women were victims of a "pig-butchering" scam, a type of social engineering campaign in which the criminal spends months building trust with the target, just as a farmer takes time to fatten a pig before slaughter, befor

Quantum technologies are often described as if they operate through a narrow keyhole, letting one fragile process slip through at a time.  Work from Bar-Ilan University, described in the paper Multiplexed processing of quantum information across an ultrawide optical bandwidth shows that this picture is far too small.  A single beam of quantum light can carry many independent channels at once, each one capable of carrying its own quantum information.  The surprising part is that the limitation ha

A new warning has come from the US Federal Trade Commission (FTC) regarding a pointed surge in social media fraud, with reported consumer losses exceeding $2.1 billion in 2025.  Representing an eightfold increase since 2020, malicious actors actively leveraged platforms like Facebook, Instagram, and WhatsApp to exploit nearly 30% of all fraud victims last year.  Remarkably, individuals reported losing significantly more money to Facebook-originated schemes than to traditional text and email camp

Cybersecurity researchers at watchTowr Labs have reported a critical security vulnerability in cPanel and WHM (Web Host Manager) a software suite used to manage over 70 million websites globally.  For your information, WHM is used for server-wide administration and cPanel is for individual website owners, and this vulnerability , tracked as CVE-2026-41940, allows hackers to bypass the suite’s login screens entirely to gain root access.

The risk is unmistakable given that CVE-2026-41940 has a CVS

Anthropic, the AI safety company behind the Claude family of models, said on 22 April 2026, that it is investigating reports of unauthorized access to an experimental internal system called Mythos, described in reporting by The Guardian as capable of enabling advanced hacking techniques. The disclosure has put a company that built its reputation on cautious AI development in the uncomfortable position of defending its own internal security.

What Anthropic has confirmed - The verified facts are n

In 2026, the question for security leaders is not whether a supply chain attack is coming.  Every serious organization should assume it is.  The question is whether their defense architecture can stop a payload it has never seen before.  It is a question that takes on even more critical implications at a time when trusted agentic automation increasingly becomes the norm.

In three weeks this spring, three threat actors each ran a tier-1 supply-chain attack against widely deployed software: LiteLL

The UK’s National Cyber Security Centre (NCSC-UK) and allied cyber agencies are warning that China-linked actors are increasingly relying on vast proxy networks of hijacked consumer devices to conceal cyberattacks and evade detection.  A new joint statement details how the threat actors now route malicious traffic through compromised routers, cameras, recorders, and network-attached storage (NAS) devices instead of using rented infrastructure.  This method means attacks are harder to trace since

With attackers able to move at AI speed, defenders cannot rely on the techniques and instincts they have come to trust.   "That means putting in place stronger identity controls," said Jack Butler, a senior enterprise solutions engineer at Sumo Logic, a SecOps vendor.  "That means putting in place the more robust logging program and correlation engines to detect all of these in real time and reassess signals of trust. It needs to be reassessed dynamically."[1]

As for what to do about the substan

The race to build a quantum computer capable of breaking modern cryptography has always seemed like a contest of scale.  The common belief has been that once someone builds a machine with a million high-quality qubits, the door to factoring classical asymmetric cryptography, such as RSA 2048, will swing open.  Yet the closer the field gets to that scale, the more it becomes clear that the real obstacle is not the qubits themselves but the physical burden of supporting them.  Q CTRL’s recent work

On 20 April 2026, the coding world was alerted after a widely used tool called @bitwarden/cli was found to be compromised.  According to researchers at GitGuardian, who shared their analysis, the attack was a calculated operation by a group called TeamPCP, who used what researchers describe as a cross-campaign pivot to exploit trusted developer tools.

For context, Bitwarden is an open-source password manager that stores and encrypts sensitive data like passwords, API keys, and secure notes in a

The US Coast Guard's first-ever mandatory cybersecurity framework for ports, vessels, and offshore facilities has taken effect, ending two decades of voluntary compliance and putting operators on a countdown with a 2027 deadline.  The regulations affect any US-flagged vessel or maritime facility subject to the Maritime Transportation Security Act of 2002 and require that they develop and maintain a cybersecurity plan, designate a Cybersecurity Officer (CySO), conduct annual assessments, and trai

Jack Wallen, Contributing Writer for ZDnet explains he has several Linux systems connected to his home lab; some of them are desktops, and some of them are servers. Ninety-nine percent of the time, those machines work flawlessly.  When that 1% happens, any machine that goes south needs help.

One way of helping is via a small software package called Watchdog.  This piece of software runs various checks to see if the hardware has "locked up."  If it detects that it has happened, it will reboot the

A group of China-linked hackers known as Mustang Panda has expanded its spying efforts to target the Indian financial sector and political circles in South Korea.  The Acronis Threat Research Unit discovered the group’s latest activity after its previous campaign involving Venezuela-related lures designed to target US government earlier in 2026.

Targeting HDFC Bank and Diplomacy Experts - The hackers reportedly began this dual-sided campaign in March 2026.  In India, they used a file named Reque

President Donald Trump’s administration has outlined plans to reduce the Cybersecurity and Infrastructure Security Agency's budget by $707 million in its fiscal year 2027 proposal. The announcement, made earlier this month, forms part of broader government spending plans that also touch on areas such as airport security.   Separate government budget documents present a slightly different figure, suggesting a reduction of $361 million instead.  The variation is thought to arise from differences i

IoT devices are increasingly prime targets for large-scale attacks due to their widespread use, lack of patching, and often weak security settings.  Threat actors continue exploiting known vulnerabilities to gain initial access and deploy malware that can persist, spread, and cause distributed denial-of-service (DDoS) attacks.

Fo

Ukraine’s CERT-UA has uncovered a new malware campaign using a toolset called “AgingFly” to target local governments, hospitals, and possibly Ukrainian defense personnel.

The attack (UAC-0247) begins with phishing emails disguised as humanitarian aid offers that lure victims into downloading malicious shortcut files.  These files trigger a chain of scripts and loaders that ultimately deploy AgingFly, a C# malware strain that gives attackers remote control of infected systems.[1]

Example of chain