X-Industry

A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company.  Davis Lu, 55, of Houston, was a software developer for an Ohio company, reportedly Eaton Corp, from November 2007 to October 2019.  Eaton Corporation is a global power management company that provides electrical, hydraulic, and mechanical solutions for various industries.

Following a corporate restructuring in 2018, Lu lo

Like many advanced AI-driven tools, the Chinese DeepSeek AI application offers incredible innovation. However, significant data privacy concerns are raised due to the sensitive nature of the data being processed and the regulatory environment. Integrating large-scale data collection and advanced AI technologies, particularly in healthcare, surveillance, and financial services, exacerbates these concerns.

See: https://redskyalliance.org/xindustry/banning-deepseek-from-govt-devices

The Australian

Back in the 1970’s there was a commercial that said, “Is it Live, or Memorex.”  Fast forward 50 years and AI.  Artificial intelligence has made fake IDs nearly undetectable, pushing dealers toward biometric verification for security.  Credible identity documents, printed or electronic, are now so easy to forge that printed documents are on their way out and biometrics, identifying someone by their face and other characteristics that are harder to imitate, are on their way in, experts say.  Artif

The US Social Security Administration (SSA) Office of the Inspector General (OIG) is cautioning the public to be aware of emails that appear to be from SSA and include a link to download a utility tool.  This fake email is an attempt to lure individuals to fraudulent sites that are not associated with SSA by claiming there is a problem, a potential error and to correct the issue you must download a ‘Security Update Tool.” 

THIS EMAIL IS NOT FROM SSA (see attached).  This version of the scam emai

If you are looking to plan a future vacation, take a minute to scrutinize hotel and travel service booking sites. Hotel and hostel workers are being tricked into downloading credential-stealing malware by cybercriminals impersonating Booking[.]com. In a phishing campaign that began in December 2024 and continued through February, the threat actors are targeting people in the hospitality industry across North America, Southeast Asia and Europe who are likely to work with Booking[.]com and to op

A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. The attack was devised by SquareX Labs, which warns of its practicality and feasibility on the latest version of Chrome. The researchers have responsibly disclosed the attack to Google. The attack begins with submitting the malicious polymorphic extension on Chrome's Web Store. [1]

SquareX us

When Russia launched its full-scale invasion of Ukraine in February 2022, it also ushered in a new era of warfare, one where cyberattacks were no longer a supporting act but a core component of battlefield operations.  This was the world’s first full-scale cyberwar, where digital operations were synchronized with kinetic strikes to disrupt, disable, and disorient the enemy.  For three years, Ukraine has defended itself not only on the battlefield but also in cyberspace, repelling relentless Russ

Cisco Talos recently uncovered a sophisticated attack campaign targeting Japanese organizations through CVE-2024-4577 [1], a critical PHP-CGI remote code execution flaw with 79 exploits available. While Talos focused on victimology and attacker tradecraft, GreyNoise telemetry reveals a wider exploitation pattern demanding immediate action from defenders globally.

Attack Overview - According to Cisco Talos, the threat actor exploited PHP-CGI installations on Windows systems to deploy Cobalt Strik

FortiGuard Labs has analyzed malicious software packages detected from November 2024 to the present, identifying various techniques used to exploit system vulnerabilities. This analysis provides insights into the evolving threat landscape and emerging attack methods.  FortiGuard Labs leverages our proprietary, AI-driven OSS malware detection system to track and examine these threats. By reviewing the tactics observed—such as low-file-count packages designed to evade detection, command overwrite

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint cyber security advisory on the growing threat of Ghost ransomware. A variation of this strain of malware called GhostSocks uses SOCKS5 to bypass anti-fraud mechanisms and geographic restrictions. First detected in 2021, this ransomware group has targeted organizations in over 70 countries, exploiting unpatched software, weak credentials, and outdated security configurations to infiltrate enterprise networ

Recently, over 100 websites belonging to car dealerships were found to serve malicious "ClickFix" code due to a supply chain attack that affected a third-party domain. According to security researcher Randy McEoin, the threat actor infected LES Automotive, a privately held streaming service provider based in Tolland, CT, that primarily focuses on the automotive industry. All websites using LES Automotive's services shared a ClickFix webpage with their visitors. [1]

See: https://redskyalliance.or

New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. The prosecutors explain that most stolen tickets were for Taylor Swift's Eras Tour. However, the criminals also targeted other high-value and high-profile events, including Ed Sheeran concerts, Adele concerts, NBA games, and the US Open Tennis Championships. [1]

The two defendants, 20-year-old Tyrone Ros

US President Donald Trump has offered a hint about the possible future ownership of TikTok’s American business, whilst speaking aboard Air Force One.  Trump on 9 March was quoted by Reuters as saying that his administration was in touch with four different groups about the sale of Chinese-owned TikTok, and that all options were good.  It comes after US President Joe Biden in April 2024 had signed a bill that gave Chinese owner ByteDance up to a year to divest TikTok or face a nationwide ban acro

The US FBI is warning that a threat moving across America “from state to state" targets citizens via malicious SMS (smishing) texts, telling iPhone, Android users to “delete any smishing texts received.”  Now cybercriminals have registered “over 10,000 domains” to fuel a new wave of attacks.  These new texts are easy to detect, delete them right away.

The new report comes via Palo Alto Networks’ Unit 42.  The new campaign, it says, “entices users to reveal personal and/or financial information,

When was the last time you held a Skype call? After more than 21 years, Skype will soon be no more. Recently, some users visited the latest Skype preview update and noticed as-yet-unsurfaced text that read, "Starting in May, Skype will no longer be available. Continue your calls and chats in Teams." Microsoft has confirmed that it is true. May 5, 2025, will end Skype's long run.

Along with verifying that the end is coming, Microsoft shared details about how it plans to migrate Skype users. Start

Most (87%) security professionals have reported that their organization has encountered an AI-driven cyber-attack in the last year, with the technology increasingly taking hold, according to a new report by SoSafe.  The new SoSafe 2025 Cybercrime Trends report also noted that 91% of all security experts anticipate a significant surge in AI-driven threats over the next three years.   The World Economic Forum’s Global Cybersecurity Outlook 2025 cited a 223% increase in the trade of deepfake-relate

OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. "We banned accounts demonstrating activity potentially associated with publicly reported Democratic People's Republic of Korea (DPRK) affiliated threat actors," the company said in its February 2025 threat intelligence report. "Some of these accounts engaged in activity involving TTPs consistent with a threat group known as VELVET CHOLLI

It has been a confusing few days in US cyber security. At the end of February of this year, it was reported that Defense Secretary Pete Hegseth had ordered US Cyber Command to pause its offensive operations against Russia. The news was swiftly followed by reports that the US Cybersecurity and Infrastructure Security Agency (CISA) staff had been instructed to turn a blind eye to hacks directed against the United States that might be linked to Russia. The Trump administration had reportedly ordere

In January 2025, our friends at FortiGuard Labs observed an attack that used Winos4.0, an advanced malware framework actively used in recent threat campaigns, to target companies in Taiwan.  Figure 1 shows an example of the attack chain. Usually, there is a loader that is only used to load the malicious DLL file, and the Winos4.0 module is extracted from the shellcode downloaded from its C2 server.

Link to full report:  IR-25-063-002_Winos.pdf

Havoc is a powerful command-and-control (C2) framework. Like other well-known C2 frameworks, such as Cobalt Strike, Silver, and Winos4.0, Havoc has been used in threat campaigns to gain complete control over the target. Additionally, It is open-source and available on GitHub, making it easier for threat actors to modify it to evade detection.

FortiGuard Labs recently discovered a phishing campaign that combines ClickFix and multi-stage malware to deploy a modified Havoc Demon Agent. The threat a