Ticker feed
The Chinese APT group Bronze Butler exploited a critical zero-day vulnerability in Lanscope, an endpoint management platform used by 25% of listed Japanese companies and 33% of the country's financial institutions. The flaw (CVE-2025-61932) scored 9.8/10 severity and allowed hackers complete system access through missing security checks.
Sophos researchers discovered Bronze Butler had been exploiting this vulnerability since mid-2025, months before its October disclosure. The attackers deployed their Gokcpdoor backdoor and stole sensitive data from multiple organizations.
Motex has released a patch, and only 50-160 on-premises servers were exposed online. CISA added the vulnerability to its Known Exploited list, while Japanese authorities confirmed domestic victims since April 2025.
Source: Dark Reading
The Chinese APT group Bronze Butler exploited a critical zero-day vulnerability in Lanscope, an endpoint management platform used by 25% of listed Japanese companies and 33% of the country's financial institutions. The flaw (CVE-2025-61932) scored 9.8/10 severity and allowed hackers complete system access through missing security checks.
Sophos researchers discovered Bronze Butler had been exploiting this vulnerability since mid-2025, months before its October disclosure. The attackers deployed their Gokcpdoor backdoor and stole sensitive data from multiple organizations.
Motex has released a patch, and only 50-160 on-premises servers were exposed online. CISA added the vulnerability to its Known Exploited list, while Japanese authorities confirmed domestic victims since April 2025.
Source: Dark Reading
Marks and Spencer's Easter cyber attack has cost the retailer £136 million in direct response and recovery expenses, nearly eliminating its statutory profit for the first half of the year. Profits plummeted from £391.9m to just £3.4m as ransomware hackers infiltrated systems through a third-party contractor, knocking online shopping offline until June.
The attack devastated sales, with fashion and beauty dropping 16.4% and international sales down 11.6%. Click and collect services weren't restored until August. M&S expects to claim back £100m through insurance and anticipates profits will recover to last year's levels in the second half. Despite the setback, food sales remained strong with three consecutive years of monthly growth.
Source: Sky News
Marks and Spencer's Easter cyber attack has cost the retailer £136 million in direct response and recovery expenses, nearly eliminating its statutory profit for the first half of the year. Profits plummeted from £391.9m to just £3.4m as ransomware hackers infiltrated systems through a third-party contractor, knocking online shopping offline until June.
The attack devastated sales, with fashion and beauty dropping 16.4% and international sales down 11.6%. Click and collect services weren't restored until August. M&S expects to claim back £100m through insurance and anticipates profits will recover to last year's levels in the second half. Despite the setback, food sales remained strong with three consecutive years of monthly growth.
Source: Sky News
Iranian government hackers launched targeted phishing attacks against prominent US think tanks between June and August 2025, impersonating influential policy experts like Brookings Institution's Suzanne Maloney. The mysterious group, dubbed "UNK_SmudgedSerpent" by Proofpoint researchers, sent fake collaboration emails to 20 think tank members, later directing victims to credential-stealing Microsoft 365 login pages disguised as OnlyOffice or Teams links.
What makes this campaign unusual is how it blends tactics from multiple known Iranian hacking groups. The phishing approach mirrors Charming Kitten's methods, while the infrastructure resembles TA455's setup, and it's the only Iranian group besides MuddyWater known to use remote monitoring software. This hybrid approach suggests possible reorganization, collaboration, or resource-sharing between Iran's cyber units.
Source: Dark Reading
Iranian government hackers launched targeted phishing attacks against prominent US think tanks between June and August 2025, impersonating influential policy experts like Brookings Institution's Suzanne Maloney. The mysterious group, dubbed "UNK_SmudgedSerpent" by Proofpoint researchers, sent fake collaboration emails to 20 think tank members, later directing victims to credential-stealing Microsoft 365 login pages disguised as OnlyOffice or Teams links.
What makes this campaign unusual is how it blends tactics from multiple known Iranian hacking groups. The phishing approach mirrors Charming Kitten's methods, while the infrastructure resembles TA455's setup, and it's the only Iranian group besides MuddyWater known to use remote monitoring software. This hybrid approach suggests possible reorganization, collaboration, or resource-sharing between Iran's cyber units.
Source: Dark Reading
Cybercriminals are targeting transportation companies with sophisticated cargo theft schemes that cause over $30 billion in annual losses. The attacks begin with fake load postings on broker marketplaces, then hackers send malicious emails containing remote access tools to carriers who respond.
Once inside company systems, attackers deploy tools like ScreenConnect and LogMeIn to take control of scheduling and dispatch systems. They book loads under the victim's name, then divert valuable shipments to their own operatives for resale online or overseas.
Proofpoint researchers believe organized crime groups are behind these operations, which have targeted companies across the US, Brazil, Germany, India, and other hotspots since January 2025.
Source: Security Week
Cybercriminals are targeting transportation companies with sophisticated cargo theft schemes that cause over $30 billion in annual losses. The attacks begin with fake load postings on broker marketplaces, then hackers send malicious emails containing remote access tools to carriers who respond.
Once inside company systems, attackers deploy tools like ScreenConnect and LogMeIn to take control of scheduling and dispatch systems. They book loads under the victim's name, then divert valuable shipments to their own operatives for resale online or overseas.
Proofpoint researchers believe organized crime groups are behind these operations, which have targeted companies across the US, Brazil, Germany, India, and other hotspots since January 2025.
Source: Security Week
Security researchers discovered a sophisticated Android banking Trojan called "BankBot-YNRK" targeting users in Indonesia and Southeast Asia. The malware disguises itself as Indonesia's official digital ID app, tricking users into installing it from outside Google Play Store.
Once installed, the Trojan mutes all device alerts—calls, notifications, messages—to avoid detection while stealing cryptocurrency wallet data, banking credentials, and personal information. It specifically targets devices running Android 13 and earlier, exploiting accessibility features to gain complete remote control.
The malware takes real-time screenshots of banking and crypto wallet apps to map their interfaces, then automates fraudulent transactions. It targets Bitcoin, Ethereum, Litecoin, and Solana wallets, extracting seed phrases and private keys without user knowledge.
Source: Dark Reading
Security researchers discovered a sophisticated Android banking Trojan called "BankBot-YNRK" targeting users in Indonesia and Southeast Asia. The malware disguises itself as Indonesia's official digital ID app, tricking users into installing it from outside Google Play Store.
Once installed, the Trojan mutes all device alerts—calls, notifications, messages—to avoid detection while stealing cryptocurrency wallet data, banking credentials, and personal information. It specifically targets devices running Android 13 and earlier, exploiting accessibility features to gain complete remote control.
The malware takes real-time screenshots of banking and crypto wallet apps to map their interfaces, then automates fraudulent transactions. It targets Bitcoin, Ethereum, Litecoin, and Solana wallets, extracting seed phrases and private keys without user knowledge.
Source: Dark Reading
A suspected Chinese state-sponsored group called CL-STA-1009 is targeting business process outsourcing (BPO) companies with sophisticated malware called Airstalk, according to Palo Alto Networks. BPO firms make attractive targets because they handle critical systems for multiple clients simultaneously, giving attackers a gateway to numerous organizations.
The Airstalk malware comes in PowerShell and .NET variants that abuse AirWatch mobile device management APIs to communicate covertly with command servers. The malware steals browser data from Chrome, Edge, and Island Browser, takes screenshots, and harvests cookies and browsing history. Both versions use likely stolen certificates and altered timestamps to avoid detection within corporate networks.
Source: Security Week
A suspected Chinese state-sponsored group called CL-STA-1009 is targeting business process outsourcing (BPO) companies with sophisticated malware called Airstalk, according to Palo Alto Networks. BPO firms make attractive targets because they handle critical systems for multiple clients simultaneously, giving attackers a gateway to numerous organizations.
The Airstalk malware comes in PowerShell and .NET variants that abuse AirWatch mobile device management APIs to communicate covertly with command servers. The malware steals browser data from Chrome, Edge, and Island Browser, takes screenshots, and harvests cookies and browsing history. Both versions use likely stolen certificates and altered timestamps to avoid detection within corporate networks.
Source: Security Week
Check Point researchers discovered multiple severe vulnerabilities in Windows' Graphics Device Interface that allow remote attackers to execute code by tricking users into opening malicious Word documents or images. The most dangerous flaw, CVE-2025-53766, scores 9.8 on the severity scale and requires no user privileges to exploit.
These bugs affect Windows 10, 11, and Office across platforms. Attackers can trigger them through rigged thumbnails or documents, potentially gaining full system control. The vulnerabilities stem from improper handling of Enhanced Metafile formats, causing buffer overflows and memory corruption.
Microsoft patched these issues in recent updates, but the discovery highlights ongoing risks in legacy graphics code. Users should install patches immediately and enable automatic updates to stay protected.
Source: Cyber Security News
Check Point researchers discovered multiple severe vulnerabilities in Windows' Graphics Device Interface that allow remote attackers to execute code by tricking users into opening malicious Word documents or images. The most dangerous flaw, CVE-2025-53766, scores 9.8 on the severity scale and requires no user privileges to exploit.
These bugs affect Windows 10, 11, and Office across platforms. Attackers can trigger them through rigged thumbnails or documents, potentially gaining full system control. The vulnerabilities stem from improper handling of Enhanced Metafile formats, causing buffer overflows and memory corruption.
Microsoft patched these issues in recent updates, but the discovery highlights ongoing risks in legacy graphics code. Users should install patches immediately and enable automatic updates to stay protected.
Source: Cyber Security News
A new Auburn University report reveals that China's state-sponsored 'Typhoon' hacking groups are systematically targeting US critical infrastructure—energy grids, water systems, telecommunications, transportation, and healthcare—to enable large-scale disruption during future conflicts.
The hackers have already penetrated major telecom providers like Verizon and AT&T, accessing data from one million Americans including senior officials. Energy sector intrusions could trigger cascading blackouts across multiple states, while water system compromises threaten public safety and military operations.
Unlike traditional espionage, these campaigns aim to preposition capabilities for strategic disruption, potentially delaying US military deployments in an Indo-Pacific conflict. Current US countermeasures—sanctions, indictments, advisories—haven't deterred China's activities, highlighting gaps in international cyber law and the need for stronger allied coordination.
Source: Industrial Cyber
A new Auburn University report reveals that China's state-sponsored 'Typhoon' hacking groups are systematically targeting US critical infrastructure—energy grids, water systems, telecommunications, transportation, and healthcare—to enable large-scale disruption during future conflicts.
The hackers have already penetrated major telecom providers like Verizon and AT&T, accessing data from one million Americans including senior officials. Energy sector intrusions could trigger cascading blackouts across multiple states, while water system compromises threaten public safety and military operations.
Unlike traditional espionage, these campaigns aim to preposition capabilities for strategic disruption, potentially delaying US military deployments in an Indo-Pacific conflict. Current US countermeasures—sanctions, indictments, advisories—haven't deterred China's activities, highlighting gaps in international cyber law and the need for stronger allied coordination.
Source: Industrial Cyber
Security researcher hxr1 discovered a new way to sneak malware past Windows defenses by hiding it inside AI model files. The attack exploits Windows' built-in AI features, which automatically trust ONNX neural network files used by apps like Windows Hello and Office.
Since Windows doesn't check these AI files for threats, attackers can embed malicious code in the model's data and use Microsoft's own trusted system files to execute it. Security programs see legitimate AI processing instead of a cyberattack.
The researcher suggests this highlights a major blind spot as AI becomes more common. Security tools need updates to scan AI files, and users shouldn't blindly trust AI models downloaded from the internet.
Source: Dark Reading
Security researcher hxr1 discovered a new way to sneak malware past Windows defenses by hiding it inside AI model files. The attack exploits Windows' built-in AI features, which automatically trust ONNX neural network files used by apps like Windows Hello and Office.
Since Windows doesn't check these AI files for threats, attackers can embed malicious code in the model's data and use Microsoft's own trusted system files to execute it. Security programs see legitimate AI processing instead of a cyberattack.
The researcher suggests this highlights a major blind spot as AI becomes more common. Security tools need updates to scan AI files, and users shouldn't blindly trust AI models downloaded from the internet.
Source: Dark Reading
More than half a dozen federal agencies now support banning TP-Link routers, which control roughly 65% of the US router market. Commerce, Defense, and Justice departments opened investigations into the company last year over alleged ties to China's government, despite TP-Link's denials.
The company split in October 2024, creating TP-Link Systems as a US-based entity with 500 American employees. However, officials worry the routers handle sensitive data and remain subject to Chinese influence. TP-Link grew from 20% market share in 2019 to dominating today's market, with over 300 internet providers using their devices.
The Justice Department is also investigating potential predatory pricing. While Trump administration negotiations with China may delay action, the ban proposal sits with the Commerce Department awaiting final decision.
Source: CNET
More than half a dozen federal agencies now support banning TP-Link routers, which control roughly 65% of the US router market. Commerce, Defense, and Justice departments opened investigations into the company last year over alleged ties to China's government, despite TP-Link's denials.
The company split in October 2024, creating TP-Link Systems as a US-based entity with 500 American employees. However, officials worry the routers handle sensitive data and remain subject to Chinese influence. TP-Link grew from 20% market share in 2019 to dominating today's market, with over 300 internet providers using their devices.
The Justice Department is also investigating potential predatory pricing. While Trump administration negotiations with China may delay action, the ban proposal sits with the Commerce Department awaiting final decision.
Source: CNET