Rep. August Pfluger (R-Texas) reintroduced the Cyber Deterrence and Response Act on Tuesday, legislation that would formally designate foreign hackers behind major cyberattacks as "critical cyber threat actors" subject to sanctions.

The bill would create a framework for attributing cyberattacks and target hackers who disrupt critical infrastructure, steal personal data or trade secrets, or undermine elections. The Office of the National Cyber Director would lead the designation process.

The legislation comes as Congress grows frustrated with cyberattacks like the Salt Typhoon campaign that infiltrated telecommunications networks. Similar legislation passed the House in 2018 but stalled in the Senate.

Source: CyberScoop

The Russian-speaking Tomiris cyber-espionage group has launched a sophisticated new campaign targeting foreign ministries and government entities across Commonwealth of Independent States countries. Kaspersky researchers discovered the attacks beginning in early 2025, marking two major tactical shifts for the group.

Tomiris now routes command-and-control traffic through popular platforms like Telegram and Discord, helping malicious activity blend with legitimate network use. The group also deploys malware written in multiple programming languages including Go, Rust, C++, Python, and C# to enhance stealth and adaptability.

The attacks begin with phishing emails containing password-protected archives that masquerade as legitimate documents. Once inside systems, Tomiris uses open-source frameworks like Havoc and AdaptixC2 to maintain control and steal internal government documents from countries including Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan.

Source: Dark Reading

Law enforcement agencies across Europe have taken down Cryptomixer, a cryptocurrency mixing service that helped launder $1.5 billion in Bitcoin over nearly a decade. The service allowed users to obscure their cryptocurrency transactions by pooling funds with other users before returning untraceable coins.

Operation Olympia, led by German and Swiss authorities with Europol support, targeted the platform frequently used by criminals to launder proceeds from ransomware attacks, credit card fraud, and drug trafficking. Investigators seized three servers in Switzerland, the platform's web domain, 12 terabytes of data, and $29 million worth of Bitcoin. No arrests have been announced yet.

Source: Security Week

A critical security flaw (CVE-2025-59789) in Apache bRPC framework allows remote attackers to crash servers by sending deeply nested JSON data. The vulnerability affects all versions before 1.15.0 and exploits the json2pb component's recursive parsing method, causing stack overflow crashes.

Servers handling HTTP+JSON requests from untrusted networks are particularly at risk. Apache has released version 1.15.0 with a complete fix, plus an official GitHub patch for immediate deployment.

The fix introduces a default recursion depth limit of 100, which administrators can adjust. Security teams should patch immediately to prevent denial-of-service attacks.

Source: Cyber Security News

The Royal Borough of Kensington and Chelsea confirmed hackers copied historical data during a cyber attack discovered Monday morning. The council quickly shut down systems after detecting unusual activity, emphasizing that while data was copied, it wasn't stolen and remains accessible to them.

The breach also affected Westminster City Council and Hammersmith and Fulham Council through shared IT arrangements. Police are investigating with no arrests made yet. RBKC is checking whether personal or financial details were compromised, warning residents to stay vigilant against suspicious communications.

Council services continue running despite some disruptions to phone lines and online systems.

Source: BBC

Only 14% of organizations feel fully prepared for emerging operational technology (OT) cybersecurity threats, highlighting a persistent divide between IT and OT teams. With manufacturing downtime costing $88,000 per hour on average, this gap has serious financial implications.

Industry experts say the biggest barrier is cultural, not technical. Cybersecurity teams speak risk and data language, while OT operators focus on safety, reliability, and uptime. Building trust requires cybersecurity professionals to understand operational priorities and demonstrate how security supports business goals rather than hindering them.

Geopolitical tensions are reshaping OT security as nation-state actors increasingly target critical infrastructure. Organizations are moving beyond basic compliance toward resilience-focused strategies that integrate cybersecurity into operational excellence rather than treating it as a separate function.

Source: Industrial Cyber

CISA added a critical cross-site scripting vulnerability in OpenPLC ScadaBR to its Known Exploited Vulnerabilities catalog on November 28, 2025, confirming attackers are actively using it. The flaw (CVE-2021-26829) allows remote attackers to inject malicious scripts through the system settings interface, potentially letting them hijack user sessions, steal credentials, or modify critical SCADA configurations.

The vulnerability targets industrial control systems widely used in automation research and implementation. Federal agencies must patch by December 19, 2025. CISA recommends immediately applying vendor patches, reviewing third-party usage, or discontinuing the product if fixes aren't available.

Source: Cybersecurity News

The French Football Federation (FFF) announced Thursday that hackers breached their club management software and stole member data through a compromised account. The cyberattack targeted personal information including names, gender, nationality, and email addresses of registered members, though the federation didn't specify how many people were affected.

The FFF quickly responded by disabling the compromised account, resetting all user passwords, and securing their systems after detecting the unauthorized access. They've filed a complaint over the incident.

The federation emphasized their commitment to data protection and said they're continuously strengthening security measures to combat evolving cyber threats facing organizations today.

Source: Security Week

A dangerous new Android malware called "Albiriox" has surfaced, giving cybercriminals complete remote control over infected devices to drain bank accounts. Russian-speaking hackers launched this Malware-as-a-Service in September 2025, charging affiliates $650 monthly for access.

The malware targets over 400 banking and cryptocurrency apps worldwide. It works by streaming victims' screens directly to attackers through VNC technology, allowing criminals to manually perform banking fraud while users remain unaware. This bypasses security measures like two-factor authentication.

Albiriox spreads through fake apps disguised as legitimate services like "Penny Market," distributed via phishing SMS messages and fake Google Play Store pages. Once installed, it uses accessibility services for overlay attacks and keylogging while staying hidden from antivirus detection.

Source: Cybersecurity News

The Royal Borough of Kensington and Chelsea is urging its 147,500 residents to be "extra vigilant" with calls, emails, and texts after confirming data was stolen in a cyber-attack this week. The breach affected three London councils - RBKC, Westminster, and Hammersmith and Fulham - disrupting shared IT systems and phone lines.

RBKC believes the stolen data is "historical" but is still checking if it contains personal or financial information. The council faces at least two weeks of "significant disruption" while working with the National Cyber Security Centre, National Crime Agency, and Metropolitan Police to restore systems and identify attackers.

Source: The Guardian