Just hours after the US President announced airstrikes on three key Iranian nuclear sites, a wave of cyberattacks linked to pro-Iranian groups began to surface. Iranian hackers are reported to have hit US banks, defense contractors, and oil industry companies after the US attacks on Iranian nuclear facilities. To date, they have not caused serious problems to critical infrastructure or the US economy. However, some analysts think that the US strikes could even prompt Iran, Russia, China, and N
All Articles (2789)
Sort by
A cross-party group of US lawmakers has introduced the “No Adversarial AI Act,” a bill designed to prohibit federal agencies from using artificial intelligence models developed by companies based in China, Russia, Iran, or North Korea. The bill mandates that the Federal Acquisition Security Council maintain a regularly updated list of banned AI technologies, with China’s DeepSeek cited as a prime example of the threat. The legislation, sponsored by both Democrats and Republicans, responds to g
Five young men from several federal states are being investigated on suspicion of computer sabotage. They are said to have blocked the telephones of police stations for short periods of time over several weeks. In total, over 800 police stations in Germany and neighboring countries have been affected by the attacks since the beginning of the year, according to the police in Osnabrück. Several of the suspects' homes were searched at the end of June.[1]
The five suspects, aged between 16 and 19
Hackers are targeting Russia’s industrial sector with a new spyware strain that steals sensitive internal documents, local researchers warned. The campaign, which began in July 2024 and remains active, uses phishing emails disguised as fake contracts. Victims are urged to download a file via a malicious link, which infects their systems with previously unknown spyware called Batavia, according to a new report by Moscow-based cybersecurity firm Kaspersky.[1]
Link to full report: IR-25-191-002_R
Shipping companies are in the firing line of cyber threats and need to be proactive in preventing attacks by increasing investment in security and training. Many security solutions are inexpensive but need top executives to be involved in practicing security issues, identifying vulnerabilities and updating software on onboard operating systems.[1]
An expert panel recently discussed how technical developments in digitalization and communications have made ships more vulnerable to cyber-attacks d
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
Researchers from FortiGuard Labs recently uncovered an active delivery site that hosts a weaponized HTA script and silently drops the infostealer “NordDragonScan” into victims’ environments. Once installed, NordDragonScan examines the host and copies documents, harvests entire Chrome and Firefox profiles, and takes screenshots. The package is then sent over TLS to its command-and-control server, “kpuszkiev.com,” which also serves as a heartbeat server to confirm the victim is still online and
Nova Scotia Power says the cyber-attack on the utility in the spring means the company needs to collect power usage information on foot rather than digitally for now. It said meters have continued to function since the attack was discovered on 25 April, but that information can’t be sent digitally to the company. “As a result, we initially paused customer billing and have recently resumed billing with most customers receiving estimated bills until our systems are restored and meters begin comm
Security researchers have warned bargain-hunting shoppers to be on the lookout for scams this Amazon Prime Day, after discovering many lookalike domains. Check Point said that, in June alone, it recorded more than 1000 domains with names resembling “Amazon” and “Amazon Prime,” 87% of which have been flagged as malicious or suspicious.
The security vendor warned that big-name online events like Prime Day are a magnet for fraudsters, who tend to target victims via fake (phishing) sites impersonat
The International Criminal Court (ICC) suffered a sophisticated cyber-attack coinciding with the Hague NATO summit attended by US President Donald J. Trump, who pushed for increased defense spending among member countries. Ironically, besides defense spending, the NATO summit also aimed to address measures to address cyber attacks. Meanwhile, Hague-based ICC said it immediately detected the cyber incident and promptly moved to contain the intrusion without divulging additional details.
The inte
Bridewell, a UK-based cybersecurity services company, has released its latest CTI Annual Report, a comprehensive deep dive into ransomware trends. It highlighted a significant shift in attack strategies, payment dynamics, and threat actor behaviors, revealing that data theft and extortion have overtaken traditional encryption-only ransomware as the most successful approach for attackers. While encryption-based attacks tend to result in larger individual ransom payments, often due to the urgenc
Over the past decade, many state governments have set aggressive renewable energy mandates regarding the adoption of grid-scale wind and solar power generation systems and the shuttering of fossil fuel generators. Whether these policy mandates were well-intentioned or the result of foreign influence operations designed to undermine US energy security, most states are meeting their targets.[1]
The closing of baseload power generators, like coal plants, and the simultaneous deep penetration of wi
Since 9 June 2025, Internet users located in Russia and connecting to web services protected by Cloudflare have been throttled by Russian Internet Service Providers (ISPs). As the throttling is being applied by local ISPs, the action is outside of Cloudflare’s control and we are unable, at this time, to restore reliable, high-performance access to Cloudflare products and protected websites for Russian users in a lawful manner. Internal data analysis suggests that the throttling allows Internet
Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client’s Authenticode signature. ConnectWise ScreenConnect is a remote monitoring and management (RMM) software that enables IT administrators and managed service providers (MSPs) to troubleshoot devices remotely. When a ScreenConnect installer is built, it can be customized to include the remote server the client should connect to, the text displayed
Cybersecurity experts at Forcepoint’s X-Labs are warning about the continued activity of Remcos malware. This sophisticated threat consistently adapts to bypass security measures and maintain a hidden presence on infected computers. This malware, often delivered through convincing phishing attacks, allows attackers to establish long-term access.
According to reports, campaigns observed between 2024 and 2025 show that Remcos malware remains highly active, continually adapting to stay hidden, as
The current ceasefire between Iran and Israel may prevent the two countries from firing missiles at each other, but it won't carry any weight in cyberspace, according to former NATO hacker Candan Bolukbas. "In the cyber world, there's no such thing as a ceasefire," he recently said. “If we see something in cyberspace that can disrupt us, we're going to attack it first, and we have that under US Cyber Command's mission
Bolukbas is chief technology officer and founder of Black Kite, a cyber-risk
A massive data leak stemming from a cyber-attack on a third-party subcontractor has affected Swiss banks UBS and Pictet, as well as over a dozen other multinational companies, potentially including auditing firm KPMG. Unhinged cybercriminals attributed to the attack on Swiss-based Chain IQ have leaked over 130,000 UBS employee records on the dark web, including the company CEO Sergio Ermotti’s personal information. Baar-based ChainIQ operates in New York, USA; London, U.K.; Singapore, Singapor
A proof-of-concept attack detailed by Neural Trust demonstrates how bad actors can manipulate LLMs into producing prohibited content without issuing an explicitly harmful request. Named "Echo Chamber," the exploit uses a chain of subtle prompts to bypass existing safety guardrails by manipulating the model's emotional tone and contextual assumptions. Developed by Neural Trust researcher Ahmad Alobaid, the attack hinges on context poisoning. Rather than directly asking the model to generate in
In what may be a portent of things to come, researchers have discovered the first known malware sample in the wild that attempts to evade AI-powered security tools by essentially prompting them to halt their analysis. In its present form, the malware, which its author appears to have named "Skynet" in a nod to the sentient AI overlords in the Terminator franchise, does not work. Researchers at Check Point, who analyzed the sample after recently spotting it on VirusTotal, found the code to be ru
Most email users are now well aware of the scams and attacks that flood inboxes daily. Google has become so adept at identifying rogue messages that most are instantly filtered out before they reach customer accounts. However, it seems now is not the time to let our guard down. Hackers have recently executed a cyber-attack that bypasses Google's multi-factor authentication. This means that cyber criminals could gain full access to accounts without the owner ever realizing something is amiss.
