X-Industry

Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on 29 September 2025.  According to De Telegraaf, the two used a WiFi sniffer device near Europol and Eurojust offices, as well as the Canadian embassy in The Hague.  Europol has confirmed the reports, and a spokesperson acknowledged the incident, noting there are no signs of a compromise on the agency’s systems.  “We are in close contact with the Dutch authorities regarding this

The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team.  Using our honeypots, we monitor traffic targeting various edge devices and internet-facing applications. 

On 22 July 2025, suspicious network traces were observed via our honeypots.  The analysis revealed that a cellular router’s API was exploited to send malicious SMS messages containing phishing URLs, an attack that leverages SMS as a deliver

The UK government’s announcement of a mandatory digital ID scheme has started a debate; pitting promises of streamlined services against fears of a surveillance society.  Unveiled this week, the scheme mandates digital IDs for Right to Work checks by the end of this Parliament, stored on smartphones via a GOV.UK wallet app.  While proponents hail it as a modern fix for illegal migration and bureaucratic woes, critics warn it echoes past failures and amplifies privacy risks in an era of rampant d

Hackers have been identified using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks.  The Oyster malware, also known as Broomstick and CleanUpLoader, is a backdoor that first appeared in mid-2023 and has since been linked to multiple campaigns.  The malware grants attackers remote access to infected devices, enabling them to execute commands, deploy additi

WhatsApp has become one of the most popular applications, with over 2 billion users using it for communication with friends and family. Unfortunately, this makes WhatsApp an easy target for cybercriminals to exploit unsuspecting individuals. Since the app is used for friendly methods, many assume that contact via WhatsApp can be trusted. It cannot, and users must be cautious.[1]

Threat actors have elevated their tactics from the traditional style of email phishing to utilizing WhatsApp. They app

Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT.  Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks.  A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people with little tech know-how to launch major attacks. Two such dangerous platforms have been reported by the end-to-end

A newly identified cyber-attack campaign has exploited Cisco Adaptive Security Appliance (ASA) devices in a sophisticated operation linked to the espionage-focused ArcaneDoor threat actor.  The attacks targeted certain Cisco ASA 5500-X Series devices that were running Cisco Secure Firewall ASA Software with VPN web services enabled.  Cisco has assessed with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 20

On 17 September 2025, the Las Vegas Metropolitan Police Department arrested a suspected Scattered Spider member linked to attacks on Las Vegas casinos for computer intrusion, extortion, and identity theft.  Between August and October 2023, multiple Las Vegas casinos suffered network intrusions linked to the cybercrime group “Scattered Spider,” prompting an FBI investigation.

See:  https://redskyalliance.org/xindustry/scattered-spider-s-devious-web

“Through the course of the investigation, detect

A new variant of information-stealing malware, named DeerStealer, has emerged as a significant threat to personal and financial data across infected systems.  The malware, identified by cybersecurity researchers at Cyfirma, employs a range of sophisticated techniques to evade detection, maintain persistence, and steal sensitive information from its victims.  DeerStealer's primary goal is to compromise personal and financial data, including system information, credentials, cryptocurrency wallets

Somehow this just doesn’t seem right.  Who wants to stop the flow of beer?  Japanese beverage company Asahi said a recent cyber-attack has caused a system failure that is impacting its ability to ship orders and manage its call center. 

Asahi published a statement on 29 September that warned customers the cyber incident was affecting its operations in Japan.  Due to the system failure caused by the cyber-attack, Asahi suspended order and shipment operations at group companies in Japan as well as

Cybersecurity firm Tenable discovered three critical flaws that allowed for prompt injection and data exfiltration from Google’s Gemini AI.  Learn why AI assistants are the new weak link.  Researchers have recently discovered three critical security flaws within Google’s Gemini AI assistant suite,[1] which they’ve dubbed the “Gemini Trifecta.”  These vulnerabilities, publicly disclosed around October 1, 2025, made Gemini vulnerable to prompt injection and data exfiltration, putting users at risk

Attacker Breakout Time refers to the time it takes for an intruder to begin moving laterally outside of the initial beachhead to other systems in the network.  Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new report from ReliaQuest.  The threat intelligence vendor claimed in its latest Threat Spotlight report for the period June–August 2025 that the average breakout time dropped to only 18 minutes.  One

It was an easy decision for J. Galen Buckwalter, a 69-year-old quadriplegic living in Southern California, to undergo a craniotomy in 2024.  The operation, which involved inserting 384 electrodes in his brain and a large titanium plate in his skull, allows researchers to record data about how his neurons operate, potentially helping future paralysis patients.  The hard part, Buckwalter says, has been giving up the right to access and own his neural data and feel assured that it will be kept priv

A group of Iranian hackers known as Nimbus Manticore is expanding its operations, now focusing on major companies across Europe.  According to new research from the cybersecurity firm Check Point Research (CPR), the group is targeting businesses in the defense, telecommunications, and aerospace sectors to steal sensitive information.

Nimbus Manticore, also called UNC1549 or Smoke Sandstorm, has been actively tracked since early 2025 and previously ran the Iranian Dream Job campaign.  These campa

A suspected cyber-attack targeting a third-party software supplier has caused major flight cancellations and delays at several European airports over the weekend.  London’s Heathrow Airport and terminals in Brussels, Berlin, and Dublin are among those that continue to be impacted by the incident.  A US aerospace and defense leader, RTX, told the BBC that its Muse software was targeted by threat actors.  The software helps airlines to digitally check in passengers, validate boarding passes, and t

The FBI warned that attackers are spoofing the official Crime Complaint Center (IC3) website to steal personal data and commit financial fraud, targeting users who report cybercrimes.

The fake websites mimic the real IC3 domain by making slight changes in spelling or top-level domains, tricking users into submitting sensitive details such as names, addresses, emails, and banking information.  Victims may unknowingly land on these sites while trying to file cybercrime complaints, exposing them to

The automotive industry stands at a cybersecurity crossroads.  Connected cars have evolved from mechanical transportation into software-defined computers on wheels, creating unprecedented convenience alongside equally unprecedented risk.  Modern vehicles contain over 100 million lines of code, which is more than most fighter jets, yet lack the cybersecurity rigor needed to keep them safe.  RunSafe Security’s 2025 Connected Car Cyber Safety & Security Index[1] reveals that consumers increasingly

The assembly lines at Jaguar Land Rover will continue to lay silent, after the company announced a halt in production until 1 October 2025, in the wake of the August cyber-attack that has crippled operations.  The car maker, the largest in the UK which made 300,000 vehicles in 2024 and are employing more than 30,000 people, said the decision will help it to plan a phased restart to operations while it continues investigations into the hack.  “Our teams continue to work around the clock, alongsid

Successful phishing campaigns typically combine sophisticated victim-deception tactics with layers of stealth, persistence, and advanced evasion techniques, so that threat actors can quietly maintain access across compromised systems and networks.  A prime example is a new operation involving the use of a banking malware–turned–remote access Trojan (RAT) that researchers at Fortinet are tracking as "MostereRAT." It chains the use of an obscure programming language, security tool tampering, and t

A teenager has been arrested on suspicion of orchestrating a "sophisticated" cyber-attack that cost MGM Resorts $100 million, Las Vegas police announced this week.  By all reports, the costly heist of Vegas Strip resorts was shockingly simple: Someone allegedly found an MGM Grand employee on LinkedIn and impersonated them, calling the company IT department to ask for a password reset.  Once the reset was granted, the hacker reportedly had access to MGM's internal systems "in 10 minutes."

Between