X-Industry

Scouting America, the organization formerly known as the Boy Scouts, is giving scouts the chance to earn two merit badges that engage new technology: one in artificial intelligence, and another in cybersecurity.

The organization, which counts about a million scouts in its ranks, offers hundreds of merit badges spanning everything from fishing to fingerprinting.  The badges have long presented scouts with the opportunity to sharpen skills and explore new subjects.[1]

Scouting America is adding th

In 2025, Chaos ransomware resurfaced with a C++ variant.  This marks the first time it was not written in .NET.  Beyond encryption and ransom demands, it adds destructive extortion tactics and clipboard hijacking for cryptocurrency theft.  This evolution underscores Chaos's shift toward more aggressive methods, amplifying both its operational impact and the financial risk it poses to victims.

This Fortinet report provides a comprehensive technical analysis of Chaos-C++, covering its execution fl

Asahi has confirmed it has been the victim of a ransomware attack, resulting in an “unauthorized transfer of data” from its servers.  The Japanese brewing company provided an update on 3 October 2025, one week after disclosing that it had been targeted by a cyberattack, which forced it to suspend some domestic operations in Japan.  The company established an Emergency Response Headquarters to investigate the incident, which discovered that the attack was related to ransomware.

“Subsequent invest

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group, codenamed UAT-8099, which has been linked to search engine optimization (SEO) fraud and the theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most infections reported in India, Thailand, Vietnam, Canada, and Brazil, affecting universities, tech firms, and telecom providers. The group was first d

Until recently, Tim Haugh was among America's top spymasters. The four-star general spent 33 years in Air Force Intelligence and rose to lead America's largest and most advanced intelligence agency.  Haugh was also in charge of defending America from computer threats.  In his first television interview since retirement, General Haugh is here to warn that China has hacked into US computer networks to an astonishing degree.  And he believes he knows why.  The surprise, Tim Haugh told us, is that C

Cybersecurity firm Cyfirma has recently published a detailed analysis of a new ransomware strain named Yurei, which has quickly gained attention due to its speed, stealth capabilities, and the irreversible damage it inflicts.  Discovered in September 2025, Yurei is a sophisticated Go-based cyber threat designed to intimidate and disable its targets with advanced encryption and cunning operational tactics.  Yurei’s encryption mechanism employs a combination of ChaCha20 and ECIES (Elliptic Curve I

The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August 2025, according to cybersecurity company CrowdStrike.  Tracked as CVE-2025-61882 and patched by Oracle on 01 October 2025, this vulnerability was discovered in the BI Publisher Integration component of Oracle EBS's Concurrent Processing component, allowing unauthenticated attackers to gain remote code execution on unpatched systems in low-complexity

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot.   "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs researchers Aditya K Sood and Varadharajan K said in a report shared with The Hacker News. "When opened,

Jaguar Land Rover (JLR) announced on 7 October it will begin the phased restart of its manufacturing operations following a cyber-attack that completely halted global production last month.  Separately, the company said it was launching a financing scheme to provide some of its suppliers with up-front cash to help them overcome the financial difficulties caused by the shutdown.[1]  The impact to JLR’s supply chain caused what one senior British politician called “a cyber shockwave ripping throug

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

A transnational operation involving 14 African countries has dismantled a large-scale digital scamming network, resulting in 260 arrests and the seizure of 1,235 electronic devices.  The Interpol-led effort, named Operation Contender 3.0, marks the third wave of arrests against fraudsters and romance scammers in Africa following operations in 2021 and 2024.  This third crackdown was conducted between July 28 and August 11, 2025.  It focused on romance scams, where perpetrators build online relat

Gamers and game developers worldwide are being warned of an urgent need to update their software following the disclosure of a vulnerability in the Unity engine, the world’s most popular games development tool.  The bug, tracked as CVE-2025-59489, exposes apps built using affected versions of Unity to attacks that could execute arbitrary code; meaning a malicious file could hijack permissions granted to a Unity game and run commands using the app’s permissions on a victim’s device.[1]  The compa

Software giant Oracle confirmed reports that dozens of its customers have received extortion emails from cybercriminals demanding payment in exchange for not releasing troves of stolen information.  In a statement published last week, Oracle chief security officer Rob Duhart said they are investigating claims made by the Clop ransomware gang that there was a breach of some Oracle E-Business Suite customers.  “Our ongoing investigation has found the potential use of previously identified vulnerab

The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia.  First identified in 2013, the group is believed to have links to state-sponsored operations in the region.  Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries, especially in Pakistan, using spear-phishing and malicious documents as initial access vectors.  Recent campaigns have highlighted a sharp evolut

Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on 29 September 2025.  According to De Telegraaf, the two used a WiFi sniffer device near Europol and Eurojust offices, as well as the Canadian embassy in The Hague.  Europol has confirmed the reports, and a spokesperson acknowledged the incident, noting there are no signs of a compromise on the agency’s systems.  “We are in close contact with the Dutch authorities regarding this

The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team.  Using our honeypots, we monitor traffic targeting various edge devices and internet-facing applications. 

On 22 July 2025, suspicious network traces were observed via our honeypots.  The analysis revealed that a cellular router’s API was exploited to send malicious SMS messages containing phishing URLs, an attack that leverages SMS as a deliver

The UK government’s announcement of a mandatory digital ID scheme has started a debate; pitting promises of streamlined services against fears of a surveillance society.  Unveiled this week, the scheme mandates digital IDs for Right to Work checks by the end of this Parliament, stored on smartphones via a GOV.UK wallet app.  While proponents hail it as a modern fix for illegal migration and bureaucratic woes, critics warn it echoes past failures and amplifies privacy risks in an era of rampant d

Hackers have been identified using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks.  The Oyster malware, also known as Broomstick and CleanUpLoader, is a backdoor that first appeared in mid-2023 and has since been linked to multiple campaigns.  The malware grants attackers remote access to infected devices, enabling them to execute commands, deploy additi

WhatsApp has become one of the most popular applications, with over 2 billion users using it for communication with friends and family. Unfortunately, this makes WhatsApp an easy target for cybercriminals to exploit unsuspecting individuals. Since the app is used for friendly methods, many assume that contact via WhatsApp can be trusted. It cannot, and users must be cautious.[1]

Threat actors have elevated their tactics from the traditional style of email phishing to utilizing WhatsApp. They app

Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT.  Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks.  A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people with little tech know-how to launch major attacks. Two such dangerous platforms have been reported by the end-to-end