Russia's FSB alleges a large-scale foreign intelligence operation installed malware on mobile devices belonging to senior Russian officials. The claim, offered without technical evidence, may serve as counter-narrative cover for Russia's own aggressive mobile surveillance operations abroad.
Chinese threat actors are targeting high-value Czech organizations using a two-stage spear-phishing campaign deploying Azureveil malware for data exfiltration. The operation signals continued Chinese intelligence focus on Central European government and industrial targets.
Russia's FSB claims foreign intelligence services conducted a large-scale operation compromising smartphones of senior officials but provided zero technical corroboration. The unsubstantiated allegation follows a pattern of Russian counter-accusation used to deflect scrutiny of its own offensive cyber activity.
Risky Business #840 covers adversaries using commercially available location data to monitor US troop movements and a new Signal phishing campaign harvesting message backups.
Microsoft Threat Intelligence identified a campaign dubbed Miasma compromising over 90 versions of @redhat-cloud-services npm packages, deploying credential-stealing worms that harvest GitHub, cloud platform, and local machine secrets from CI/CD environments.
Unknown attackers published 96 malicious versions across 32 Red Hat npm packages, embedding a credential-stealing worm modeled on Mini Shai-Hulud to propagate through developer environments.
Gamaredon is weaponizing CVE-2025-8088, a WinRAR path traversal flaw, to deliver GammaPhish, GammaWorm, and GammaSteel malware targeting Ukrainian entities for data theft and lateral propagation. The campaign confirms Gamaredon's role as Russia's primary persistent-access operator against Ukrainian infrastructure.
Iranian state media reported Tehran is suspending peace negotiations with Washington and may terminate the ceasefire, citing continued Israeli military operations in Lebanon. The move raises immediate escalation risk across the Levant and puts US diplomatic efforts in the region under acute pressure.
CISA and seven U.S. federal agencies issued a joint advisory warning of active malicious activity targeting Automatic Tank Gauge systems used in fuel storage across energy, agriculture, and transport sectors.
Zambia scrapped hosting of the RightsCon human rights summit, reflecting both Chinese diplomatic pressure and the ruling government's own erosion of civil liberties. The cancellation signals China's expanding ability to export censorship norms through compliant partner governments.
Moscow's new security agreements with the Taliban prioritize filling Russia's acute wartime labor shortage over strategic alliance-building. The arrangement exposes how severely the Ukraine war has degraded Russia's domestic workforce and military manpower pool.
Western analysts are mapping the Ukraine conflict onto the 1936โ39 Spanish Civil War interwar framework, but the analogy risks distorting current escalation calculus and alliance dynamics. Strategic misreads drawn from flawed historical analogies shape NATO policy and deterrence posture in dangerous ways.
A ransomware actor broke the cardinal CIS-exemption rule, encrypting targets in Russia and Commonwealth of Independent States countries, exposing their operation to Russian law enforcement scrutiny.
The Kali365 phishing-as-a-service platform, previously flagged by the FBI for targeting Microsoft 365, now harvests credentials from AWS, Okta, and Russian platforms using device code phishing techniques.
A published exploit for an unpatched VS Code vulnerability allows attackers to steal GitHub authentication tokens by luring users to click a single link. Millions of developers using VS Code for CI/CD pipelines face token theft and downstream supply chain compromise.
CISA added CVE-2024-21182, a high-severity Oracle WebLogic Server flaw patched in 2024, to its KEV catalog after confirming active exploitation. Federal agencies face BOD 22-01 remediation deadlines for a bug that should have been closed years ago.
CISA confirmed active exploitation of CVE-2024-21182 (CVSS 7.5), which lets unauthenticated network attackers fully compromise Oracle WebLogic servers. Unpatched enterprise middleware remains a persistent entry point for ransomware and state-linked actors targeting critical infrastructure.
CISA flagged CVE-2022-0492, a Linux kernel improper authentication flaw, and CVE-2025-48595, an Android Framework integer overflow, as actively exploited. The Linux flaw's age underscores persistent patch-lag risk across federal and enterprise Linux deployments.
Google's July Android update patches CVE-2025-48595, an integer overflow in the Android Framework confirmed exploited in limited, targeted attacks, alongside 123 other vulnerabilities. Targeted exploitation before public disclosure indicates probable threat-actor access to private exploit inventory.
CVE-2024-21182 is being exploited in the wild, giving unauthenticated attackers with network access full control of vulnerable Oracle WebLogic servers. WebLogic's recurring position in KEV catalogs marks it as a sustained high-value target for initial access brokers and ransomware operators.