Google TTIG confirms Turla has continuously developed and deployed the STOCKSTAY .NET backdoor against Ukrainian government and military targets since December 2022, also targeting entities tied to Italian foreign policy.
Google Threat Intelligence
· 18h ago
· Read full article →
Russia's Turla deployed the previously undocumented Windows .NET backdoor STOCKSTAY against Ukrainian government and military organizations and Italian foreign-policy-linked entities. The continuously updated tooling signals sustained investment in Ukraine-focused cyber espionage alongside conventional war operations.
The Hacker News
· 1h ago
· Read full article →
Gamaredon, Russia's FSB-sponsored APT, has significantly improved its malware-loading techniques and infrastructure concealment, forcing defenders to update detection and response playbooks.
Dark Reading
· 11h ago
· Read full article →
๐ท๐บ FSB ยท Russia
Microsoft Threat Intelligence identified a multi-stage campaign deploying persistent Node.js implants via photo-themed ZIP archives and fake shortcut files against hospitality organizations in Europe and Asia.
Microsoft Threat Intelligence
· 9h ago
· Read full article →
Sanctioned Chinese firm Qihoo 360 says it has developed a vulnerability discovery system that outperforms Mythos, framing it as a deterrent against US-weaponized Anthropic AI models. The claim signals Beijing-aligned actors are openly competing in offensive AI capability development despite US export controls.
The Register Security
· 6h ago
· Read full article →
Citizen Lab found Russian authorities used Cellebrite to extract data from opposition figure Andrey Pivovarov's phone despite Cellebrite terminating its Russia contract. The case proves export controls and vendor off-boarding fail to neutralize already-deployed forensic capabilities.
CyberScoop
· 17h ago
· Read full article →
A dairy products manufacturer in Russia's Bashkortostan republic suffered operational disruption from a cyberattack, the latest in a pattern of strikes against Russian food-industry infrastructure. Repeated targeting of civilian economic nodes suggests a coordinated campaign applying economic pressure inside Russia.
The Record
· 17h ago
· Read full article →
Persistent-surveillance and signals-intelligence platforms built for the Global War on Terror could provide the US significant reconnaissance and targeting advantages in a Taiwan contingency against China. Repurposing GWOT assets reframes sunk counterterrorism investment as a near-peer deterrence dividend.
The Diplomat
· 14h ago
· Read full article →
Iranian hacktivist group Handala attacked California Water Service, but Mandiant's investigation confirmed operational technology systems were not compromised. The incident nonetheless demonstrates sustained Iranian threat-actor interest in U.S. critical water infrastructure following the Iran-U.S. conflict escalation.
SecurityWeek
· 20h ago
· Read full article →
Trump and Iranian President Pezeshkian signed a Pakistan- and Qatar-mediated MOU on June 17, halting hostilities and restoring shipping traffic through the Strait of Hormuz. The agreement sets a fragile precedent for crisis de-escalation but leaves core Iranian nuclear and sanctions disputes unresolved.
War on the Rocks
· 12h ago
· Read full article →
Russian authorities used Cellebrite's phone-extraction technology against a dissident after the company publicly ceased sales to Russia in March 2021, exposing the vendor's inability to claw back deployed hardware from authoritarian clients.
The Record
· 20h ago
· Read full article →
Trump is urging U.S. defense manufacturers to accelerate production following the Iran conflict, signaling a major restocking push for depleted munitions inventories. The demand exposes the defense industrial base's capacity constraints and sets the stage for significant procurement budget increases.
Foreign Policy
· 11h ago
· Read full article →
Analysis argues U.S. intelligence community provided accurate warnings on Iran but presidential decision-making overrode those assessments at each critical juncture. The framing directly contests the political utility of labeling outcomes an 'intelligence failure' to shield executive accountability.
Just Security
· 19h ago
· Read full article →
Analysis of CATL and Dongqiao shows China's EV battery dominance is a direct product of local government subsidies and coordinated industrial policy rather than purely market competition. The model reveals structural advantages that Western battery manufacturers cannot replicate without equivalent state intervention.
The Diplomat
· 19h ago
· Read full article →
China is shifting party cadre evaluations away from GDP growth and infrastructure metrics toward stability, consumption, and debt management as the economy slows. The recalibration signals Xi Jinping is managing legitimacy expectations ahead of a prolonged low-growth era.
The Diplomat
· 18h ago
· Read full article →
Homeland Security Secretary Markwayne Mullin told lawmakers President Trump has met with a potential CISA director nominee, with 600 hires planned once confirmed. CISA has operated without a Senate-confirmed director since early 2025, leaving US critical-infrastructure cyber coordination at reduced leadership capacity.
The Record
· 13h ago
· Read full article →
A self-destructing backdoor called Mistic, linked to an initial-access broker, has been spotted inside insurance, education, IT, and professional services firms, with footholds sold onward to ransomware operators. The broker model industrializes intrusion, compressing time-to-ransom and complicating attribution.
The Register Security
· 9h ago
· Read full article →
A new Rust-based macOS infostealer dubbed Gaslight embeds prompt injection payloads to manipulate AI-assisted malware analysis tools into refusing or aborting examination. It sets a precedent for malware actively sabotaging defender toolchains rather than merely evading them.
The Hacker News
· 22h ago
· Read full article →
CISA added CVE-2026-12569, a remote code execution flaw in PTC Windchill product lifecycle management software, to its Known Exploited Vulnerabilities catalog following confirmed in-the-wild exploitation.
SecurityWeek
· just now
· Read full article →
New research demonstrates that LLMs recognize instruction blocks by learned stylistic cues, not structural tags, meaning role-based access separation fails at the representational level and is inherently exploitable via prompt injection.
Schneier on Security
· 20h ago
· Read full article →
Get this in your inbox
Free daily briefing. No spam. Unsubscribe anytime.
Subscribe Now