X-Industry

Hackers have been identified using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks.  The Oyster malware, also known as Broomstick and CleanUpLoader, is a backdoor that first appeared in mid-2023 and has since been linked to multiple campaigns.  The malware grants attackers remote access to infected devices, enabling them to execute commands, deploy additi

WhatsApp has become one of the most popular applications, with over 2 billion users using it for communication with friends and family. Unfortunately, this makes WhatsApp an easy target for cybercriminals to exploit unsuspecting individuals. Since the app is used for friendly methods, many assume that contact via WhatsApp can be trusted. It cannot, and users must be cautious.[1]

Threat actors have elevated their tactics from the traditional style of email phishing to utilizing WhatsApp. They app

Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT.  Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks.  A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people with little tech know-how to launch major attacks. Two such dangerous platforms have been reported by the end-to-end

A newly identified cyber-attack campaign has exploited Cisco Adaptive Security Appliance (ASA) devices in a sophisticated operation linked to the espionage-focused ArcaneDoor threat actor.  The attacks targeted certain Cisco ASA 5500-X Series devices that were running Cisco Secure Firewall ASA Software with VPN web services enabled.  Cisco has assessed with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 20

On 17 September 2025, the Las Vegas Metropolitan Police Department arrested a suspected Scattered Spider member linked to attacks on Las Vegas casinos for computer intrusion, extortion, and identity theft.  Between August and October 2023, multiple Las Vegas casinos suffered network intrusions linked to the cybercrime group “Scattered Spider,” prompting an FBI investigation.

See:  https://redskyalliance.org/xindustry/scattered-spider-s-devious-web

“Through the course of the investigation, detect

A new variant of information-stealing malware, named DeerStealer, has emerged as a significant threat to personal and financial data across infected systems.  The malware, identified by cybersecurity researchers at Cyfirma, employs a range of sophisticated techniques to evade detection, maintain persistence, and steal sensitive information from its victims.  DeerStealer's primary goal is to compromise personal and financial data, including system information, credentials, cryptocurrency wallets

Somehow this just doesn’t seem right.  Who wants to stop the flow of beer?  Japanese beverage company Asahi said a recent cyber-attack has caused a system failure that is impacting its ability to ship orders and manage its call center. 

Asahi published a statement on 29 September that warned customers the cyber incident was affecting its operations in Japan.  Due to the system failure caused by the cyber-attack, Asahi suspended order and shipment operations at group companies in Japan as well as

Cybersecurity firm Tenable discovered three critical flaws that allowed for prompt injection and data exfiltration from Google’s Gemini AI.  Learn why AI assistants are the new weak link.  Researchers have recently discovered three critical security flaws within Google’s Gemini AI assistant suite,[1] which they’ve dubbed the “Gemini Trifecta.”  These vulnerabilities, publicly disclosed around October 1, 2025, made Gemini vulnerable to prompt injection and data exfiltration, putting users at risk

Attacker Breakout Time refers to the time it takes for an intruder to begin moving laterally outside of the initial beachhead to other systems in the network.  Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new report from ReliaQuest.  The threat intelligence vendor claimed in its latest Threat Spotlight report for the period June–August 2025 that the average breakout time dropped to only 18 minutes.  One

It was an easy decision for J. Galen Buckwalter, a 69-year-old quadriplegic living in Southern California, to undergo a craniotomy in 2024.  The operation, which involved inserting 384 electrodes in his brain and a large titanium plate in his skull, allows researchers to record data about how his neurons operate, potentially helping future paralysis patients.  The hard part, Buckwalter says, has been giving up the right to access and own his neural data and feel assured that it will be kept priv

A group of Iranian hackers known as Nimbus Manticore is expanding its operations, now focusing on major companies across Europe.  According to new research from the cybersecurity firm Check Point Research (CPR), the group is targeting businesses in the defense, telecommunications, and aerospace sectors to steal sensitive information.

Nimbus Manticore, also called UNC1549 or Smoke Sandstorm, has been actively tracked since early 2025 and previously ran the Iranian Dream Job campaign.  These campa

A suspected cyber-attack targeting a third-party software supplier has caused major flight cancellations and delays at several European airports over the weekend.  London’s Heathrow Airport and terminals in Brussels, Berlin, and Dublin are among those that continue to be impacted by the incident.  A US aerospace and defense leader, RTX, told the BBC that its Muse software was targeted by threat actors.  The software helps airlines to digitally check in passengers, validate boarding passes, and t

The FBI warned that attackers are spoofing the official Crime Complaint Center (IC3) website to steal personal data and commit financial fraud, targeting users who report cybercrimes.

The fake websites mimic the real IC3 domain by making slight changes in spelling or top-level domains, tricking users into submitting sensitive details such as names, addresses, emails, and banking information.  Victims may unknowingly land on these sites while trying to file cybercrime complaints, exposing them to

The automotive industry stands at a cybersecurity crossroads.  Connected cars have evolved from mechanical transportation into software-defined computers on wheels, creating unprecedented convenience alongside equally unprecedented risk.  Modern vehicles contain over 100 million lines of code, which is more than most fighter jets, yet lack the cybersecurity rigor needed to keep them safe.  RunSafe Security’s 2025 Connected Car Cyber Safety & Security Index[1] reveals that consumers increasingly

The assembly lines at Jaguar Land Rover will continue to lay silent, after the company announced a halt in production until 1 October 2025, in the wake of the August cyber-attack that has crippled operations.  The car maker, the largest in the UK which made 300,000 vehicles in 2024 and are employing more than 30,000 people, said the decision will help it to plan a phased restart to operations while it continues investigations into the hack.  “Our teams continue to work around the clock, alongsid

Successful phishing campaigns typically combine sophisticated victim-deception tactics with layers of stealth, persistence, and advanced evasion techniques, so that threat actors can quietly maintain access across compromised systems and networks.  A prime example is a new operation involving the use of a banking malware–turned–remote access Trojan (RAT) that researchers at Fortinet are tracking as "MostereRAT." It chains the use of an obscure programming language, security tool tampering, and t

A teenager has been arrested on suspicion of orchestrating a "sophisticated" cyber-attack that cost MGM Resorts $100 million, Las Vegas police announced this week.  By all reports, the costly heist of Vegas Strip resorts was shockingly simple: Someone allegedly found an MGM Grand employee on LinkedIn and impersonated them, calling the company IT department to ask for a password reset.  Once the reset was granted, the hacker reportedly had access to MGM's internal systems "in 10 minutes."

Between

The US Secret Service on 23 September reported it has foiled what appears to be a sophisticated plot for cyber-espionage and disruption of mobile networks in New York at a time when more than 100 heads of state and governments and foreign ministers are in the city for the UN General Assembly’s leaders’ session.

In a statement, the Secret Service said that the agency recovered more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites in New York tristate area.  The agency s

Ransomware attacks may have decreased recently, but that does not mean the risk has gone.  It remains one of the most disruptive cyber threats facing organizations.   Headlines sometimes create a false sense of relief.  Ransomware attacks are down by 15%, according to Verizon's latest DBIR report, but those of us working in cybersecurity know this doesn’t give the whole picture.  The most important issue isn’t how often an attack occurs; it is what happens to the organization when it does.

The f

The automotive sector, once defined by mechanical innovation, now operates in a digital ecosystem riddled with cybersecurity vulnerabilities.  From 2023 to 2025, the industry has witnessed a seismic shift in the scale and sophistication of cyber threats, with ransomware attacks, data breaches, and supply chain compromises becoming the new normal.  According to Upstream's 2025 Global Automotive Cybersecurity Report, 60% of cybersecurity incidents in 2024 involved data and privacy breaches, a 20%