Chinese APT Volt Typhoon struck a US power utility in Massachusetts in 2023, in a prolonged attack that aimed to exfiltrate sensitive data regarding its operational technology (OT) infrastructure. It's the first known assault on a US power utility by the group, which gained notoriety last year for an attack spree on US telecoms, and which consistently targets critical infrastructure globally. READ MORE...
Researchers at security firm Tenable have analyzed the ability of the Chinese gen-AI DeepSeek to develop malware such as keyloggers and ransomware. The DeepSeek R1 chatbot was released in January and it has made many headlines since, including regarding its susceptibility to jailbreaks. Just like all major LLMs, DeepSeek has guardrails designed to prevent its use for malicious purposes, such as creating malware. READ MORE...
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data in cryptocurrency wallets, according to Socket. READ MORE...
Apple has patched a vulnerability in iPhone and iPad that was under active exploitation by cybercriminals. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. If you use any of these then you should install updates as soon as you can. READ MORE...
The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). As of February 2025, the Medusa ransomware operation had hit over 300 organisations from a variety of critical infrastructure sectors with affected industries including education, health, legal, and more. READ MORE...
A North Korean APT actor has been targeting Korean and English-speaking users with an Android surveillance tool distributed via Google Play, cybersecurity firm Lookout warns. Dubbed KoSpy, the spyware has been in use since March 2022, posing as utility applications to infect unsuspecting users, and abusing Google Play and the Firebase Firestore for app distribution and configuration retrieval. READ MORE...
Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices. According to a Tuesday report from Google Threat Intelligence and a Juniper Networks security advisory, the affected Juniper MX routers were running end-of-life hardware and software. Juniper issued a patch today to fix the issue. READ MORE...
A global Internet of Things (IoT) botnet campaign, dubbed "Ballista," has been targeting unpatched TP-Link routers since the beginning of 2025. The botnet exploits a remote code execution vulnerability in TP-Link Archer routers, tracked as CVE-2024-1389, allowing it to spread itself throughout the Internet automatically. The earliest recorded exploitation attempts of the vulnerability date back to April 2023. READ MORE...