Russia used Cellebrite on a jailed activist's phone, Tata Electronics suffered a data breach, and Five Eyes issued an urgent AI threat warning. The roundup surfaces accelerating state and criminal use of commercial surveillance tools against dissidents.
SecurityWeek
· 17h ago
· Read full article →
Google threat researchers identified StockStay, a new backdoor developed by Russia's Turla APT and deployed against Ukrainian targets. The addition expands Turla's toolset as Moscow sustains high-tempo cyber espionage alongside its kinetic war.
The Record
· 18h ago
· Read full article →
Turla is using the StockStay backdoor to conduct espionage against Ukrainian government and military organizations. The campaign confirms Turla's continued investment in bespoke implants to evade detection in high-value wartime targets.
SecurityWeek
· 23h ago
· Read full article →
Palo Alto Networks attributed TinyRCT, a new custom backdoor, to Chinese-speaking APT CL-STA-1062, targeting state-owned energy and government entities in Southeast Asia. The campaign signals sustained Chinese cyber pressure on regional critical infrastructure ahead of contested South China Sea dynamics.
The Hacker News
· 15h ago
· Read full article →
Citizen Lab confirmed Russian authorities used Cellebrite UFED to extract data from opposition activist Andrey Pivovarov's iPhone in June 2021, three months after Cellebrite suspended Russia sales.
The Hacker News
· 23h ago
· Read full article →
FBI and CISA warn a Russian intelligence-linked phishing campaign targeting Signal users has evolved to harvest Backup Recovery Keys, granting persistent access to full message history. Compromising the key is permanent — it survives account resets, turning a single lure into long-term signals intelligence access.
BleepingComputer
· 9h ago
· Read full article →
FBI and CISA updated their March 2025 advisory: Russian intelligence operators now specifically solicit Signal Backup Recovery Keys, enabling full account restoration and historical message access.
The Hacker News
· 12h ago
· Read full article →
Ukraine's SBU exposed a long-running Russian operation using social engineering impersonating tech-support workers to steal credentials for Signal, Telegram, and WhatsApp accounts.
The Record
· 18h ago
· Read full article →
🇷🇺 FSB · Russia
Kaspersky's StrikeShark investigation uncovered SharkLoader, a new loader delivering Cobalt Strike Beacon against a diplomatic organization in Indonesia and government targets in Taiwan. The targeting pattern aligns with Chinese strategic interests in Southeast Asia and cross-strait tensions.
The Hacker News
· 13h ago
· Read full article →
China is repositioning its Middle East strategy to deepen ties with Saudi Arabia and the UAE, prioritizing economic and diplomatic leverage to counter U.S. influence. Beijing's core objective: prevent Gulf states from converting wartime U.S. alignment into permanent security partnerships.
The Diplomat
· 18h ago
· Read full article →
Chinese companies own or control approximately 65% of Argentina's squid fishing fleet, embedding Beijing's economic influence deep into a key South American resource sector.
Schneier on Security
· 11h ago
· Read full article →
The United States conducted strikes against Iran following an attack on a vessel in the Strait of Hormuz, with Washington asserting Tehran breached cease-fire terms. The strike marks a significant escalation threshold, signaling the U.S. will enforce cease-fire compliance with kinetic force.
Foreign Policy
· 10h ago
· Read full article →
The Iran conflict has degraded Tehran's capacity and willingness to resource Hezbollah, shifting the relationship from strategic asset to costly obligation. The rebalancing weakens Iran's forward deterrence posture across the Levant at a moment of maximum vulnerability.
Foreign Policy
· 12h ago
· Read full article →
Apple removed six VK-owned apps — including VKontakte, VK Music, VK Messenger, VK Video, Odnoklassniki, and Mail.ru — from the App Store, prompting Moscow to accuse the company of political censorship.
The Record
· 18h ago
· Read full article →
The Gulf states demonstrated capacity to manage Iran diplomacy independently, recasting Washington from primary broker to guarantor of last resort. The shift accelerates a structural reordering of Middle East security architecture that reduces U.S. leverage while increasing Gulf states' strategic autonomy.
Foreign Policy
· 22h ago
· Read full article →
Operation Endgame dismantled Amadey and StealC malware infrastructure this week while macOS.Gaslight emerged as a tool flooding AI-assisted security triage with fabricated errors to obscure real threats.
SentinelOne
· 19h ago
· Read full article →
Researchers flagged Miasma malware compromising LeoPlatform and RStreams npm packages and abusing GitHub Actions workflows, with propagation now confirmed in the Go ecosystem. The cross-ecosystem spread raises the blast radius and signals a maturing, persistent supply chain threat actor.
The Hacker News
· 20h ago
· Read full article →
CISA issued an emergency directive requiring federal agencies to patch an actively exploited vulnerability in Cisco Unified Communications Manager Server within days. The compressed timeline signals confirmed in-the-wild exploitation posing immediate risk to federal network infrastructure.
BleepingComputer
· 12h ago
· Read full article →
CISA added a critical RCE vulnerability in PTC Windchill PDMlink and FlexPLM to its Known Exploited Vulnerabilities catalog amid ongoing web shell attacks. PLM and PDM systems hold sensitive product design data, making exploitation a direct threat to defense and industrial supply chains.
The Hacker News
· 19h ago
· Read full article →
JFrog Security Research published the first working exploit for CVE-2026-43503 (CVSS 8.8), a Linux kernel privilege escalation enabling root access via cloned network packet memory corruption. As a DirtyFrag variant with public exploit code now available, patch velocity on Linux servers becomes critical.
The Hacker News
· 20h ago
· Read full article →
Get this in your inbox
Free daily briefing. No spam. Unsubscribe anytime.
Subscribe Now