U.S. officials warned that Russian state-sponsored actors are targeting network devices across defense, energy, finance, health care, and government sectors. The advisory underscores persistent Russian access operations against Western critical infrastructure ahead of potential kinetic conflict escalation.
CyberScoop
· 17h ago
· Read full article →
CISA warned that Russian state-sponsored hackers are compromising routers to build residential proxy networks for masking malicious traffic. Residential proxies defeat IP-based detection, allowing sustained covert access to critical infrastructure networks with minimal attribution risk.
Ars Technica Security
· 12h ago
· Read full article →
Microsoft Threat Intelligence caught ShinyHunters combining voice phishing, supply-chain compromise, and misconfigured guest access to hijack OAuth flows in SaaS environments. The convergence of social engineering and identity-layer abuse marks an escalation beyond ShinyHunters' prior data-extortion playbook.
Microsoft Threat Intelligence
· 11h ago
· Read full article →
An unidentified threat actor deployed a suspected AI-generated PowerShell script to map domain controllers, users, computers, and export an AD_Report.html during an intrusion. The incident confirms adversaries are using AI-assisted coding to accelerate reconnaissance with minimal tradecraft investment.
The Hacker News
· 22h ago
· Read full article →
Ksenia Sobchak confirmed attackers accessed multiple Telegram channels through an email breach, leaking alleged correspondence with political figures she claims are fabricated.
The Record
· 15h ago
· Read full article →
The EU and UK officially attributed a cyberattack on Poland's power grid—potentially leaving 500,000 without power in winter—to Russian intelligence. Targeting civilian energy infrastructure in a NATO member state in winter represents a direct hybrid warfare escalation against the alliance.
The Register Security
· 17h ago
· Read full article →
Iran signed an MOU with the U.S. while continuing Strait of Hormuz toll collection, defying expectations of capitulation after 19 weeks of pressure. Tehran's coercive strategy sets a precedent: conventional military inferiority need not preclude geopolitical leverage.
War on the Rocks
· 1h ago
· Read full article →
GigaWiper is a modular implant drawing from multiple malware families that lets operators toggle between persistent backdoor access and destructive wiper execution. The configurable destruction model lowers the operational cost of hybrid espionage-sabotage campaigns against critical targets.
Dark Reading
· 16h ago
· Read full article →
Former Afghan Interior Minister Masoud Andarabi warns that Chinese algorithmic influence will shape Afghan information space as Beijing deepens ties with the Taliban. The Taliban's legitimization strategy via China and Russia creates a new authoritarian information corridor spanning Central Asia.
The Diplomat
· 18h ago
· Read full article →
Engineers at select firms are building simultaneous AI attack and defense tooling in hybrid 'yellow team' units outside traditional red/blue structures. The organizational model signals a structural shift in how enterprises operationalize AI security before regulation catches up.
Dark Reading
· 14h ago
· Read full article →
State election officials are constructing independent security-sharing networks after federal cyber support evaporated, while facing potential criminal exposure for non-compliance with conflicting federal directives. The decentralization fractures national election security posture ahead of the 2026 midterm cycle.
CyberScoop
· 12h ago
· Read full article →
Senate legislators introduced proposals to restrict DoD development and deployment of AI in lethal operations, mandating civilian protection standards. The bills expose the absence of binding legal frameworks governing autonomous military AI as battlefield deployments accelerate.
Just Security
· 20h ago
· Read full article →
The EU and UK jointly sanctioned Russian GRU-linked individuals and entities for coordinating cyberattacks across Europe. The joint action marks a rare coordinated transatlantic attribution and signals escalating diplomatic costs for Russian state hacking.
BleepingComputer
· 21h ago
· Read full article →
🇷🇺 GRU · Russia
The EU, member states, and UK sanctioned Russian officials and attributed winter cyberattacks on Poland's energy grid to the FSB's Turla unit. Targeting energy infrastructure in winter to maximize civilian harm sets a dangerous escalatory precedent within NATO's eastern flank.
CyberScoop
· 16h ago
· Read full article →
🇷🇺 FSB · Russia
In a historic first, the UK and EU jointly sanctioned Russian individuals and entities for cyberattacks and disinformation campaigns targeting European nations. The coordinated action establishes a new precedent for unified Western punitive response to Russian hybrid operations.
Dark Reading
· 11h ago
· Read full article →
The U.S. Treasury sanctioned First VPN Service (1VPNS), its Ukrainian administrator, and a Belarusian malware cryptor seller for enabling ransomware groups. Sanctioning infrastructure enablers—VPNs and cryptors—signals OFAC is expanding its ransomware disruption strategy beyond direct operators.
The Record
· 14h ago
· Read full article →
OFAC designated 1VPNS and its 45-year-old Ukrainian administrator alongside a malware cryptor seller for providing operational cover to ransomware actors targeting Americans. The designations extend U.S. financial pressure to the anonymization and obfuscation layer of the ransomware ecosystem.
The Hacker News
· 1h ago
· Read full article →
An unknown threat actor published a malicious version of Jscrambler's npm package embedding infostealer malware, downloaded nearly 1,500 times before discovery. The compromise of a client-side security vendor's own package amplifies supply chain risk for every downstream web application using it.
BleepingComputer
· 13h ago
· Read full article →
A threat actor injected a cross-platform credential stealer into multiple Jscrambler NPM package versions in a supply-chain attack. Any pipeline consuming compromised versions risks silent credential exfiltration at build time.
SecurityWeek
· just now
· Read full article →
A CISA contractor published dozens of internal credentials, including AWS GovCloud keys, to a public GitHub repository where they sat undetected for nearly six months until KrebsOnSecurity notified the agency. The gap between exposure and detection reveals systemic secret-scanning failures at the U.S.
Krebs on Security
· 18h ago
· Read full article →
Get this in your inbox
Free daily briefing. No spam. Unsubscribe anytime.
Subscribe Now