Chinese national extradited to US for pandemic-era Silk Typhoon attacks
AChinese national allegedly involved in a massive, pandemic-era attack spree that compromised nearly 13,000 U.S. organizations was extradited from Italy to the United States and formally charged in federal court, the Justice Department said Monday. Xu Zewei and his co-conspirators are accused of exploiting a string of zero-day vulnerabilities in Microsoft Exchange Server to steal research on COVID-19 vaccines, treatment and testing during the initial wave and subsequent height of the pandemic. READ MORE...
French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches
A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 - including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees - has been arrested at his home in western France. According to French prosecutors, the man was reportedly preparing to dump yet another collection of stolen data online at the time of his arrest on 20 April, and has admitted to using the pseudonym "HexDex" online. READ MORE...
Chinese engineer stole US military and NASA software for years
International espionage isn't always about sophisticated malware and zero-day bugs. Sometimes it's as simple as pretending to be someone else asking for a favor. For four years, a Chinese aerospace engineer did just that. Dozens of researchers at NASA, the US military, and major universities handed him exactly what he asked for, and possibly violated US laws in the process. His name is Song Wu. He's been on the FBI's wanted list since September 2024, and he's still at large. READ MORE...
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
A new threat actor is combining social engineering techniques, abuse of legitimate cloud infrastructure, and custom malware together to create what appears to be novel attack chain. Google Threat Intelligence Group (GTIG) and Mandiant on April 23 published a blog post detailing the activities of a threat actor tracked as UNC6692. While the researchers did not attribute the threat actor to any previously established identity or location they described a multistage intrusion campaign. READ MORE...
BlackFile actively extorting data-theft victims in retail and hospitality sector
Researchers warn that BlackFile, an extortion group likely associated with The Com, continues to impersonate IT support in voice-phishing and social engineering attacks that have impacted organizations in multiple industries, including healthcare, technology, transportation, logistics, wholesale and retail. Attackers have been actively targeting organizations in the retail and hospitality industry since February, according to Unit 42's latest intelligence on the campaign. READ MORE...
US, UK authorities warn that Firestarter backdoor malware survives patching
U.S. and U.K. authorities have issued warnings about backdoor malware used against vulnerable Cisco devices that can maintain persistence despite being patched. The backdoor malware, dubbed Firestarter, was discovered during a forensic investigation at a federal civilian executive branch agency during a forensic investigation, according to the Cybersecurity and Infrastructure Security Agency. READ MORE...
20-Year-Old Malware Rewrites History of Cyber Sabotage
Researchers have long considered the Stuxnet attacks on Iran's nuclear centrifuges in Natanz to be the opening chapter of state-sponsored cyber sabotage. As it turns out, at least five years before Stuxnet became public in 2010, somebody had developed an equally potent cyber weapon, one capable of injecting near-imperceptible errors into high-precision mathematical computations to gradually undermine and sabotage systems and applications that rely on their results. READ MORE...
Open source package with 1 million monthly downloads stole user credentials
Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers' account workflow that gave access to its signing keys and other sensitive information. On Friday, unknown attackers exploited the vulnerability to push a new version of element-data, a command-line interface that helps users monitor performance and anomalies in machine-learning systems. READ MORE...
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one of its GitHub repositories after the Lapsus$ extortion crew claimed to have dumped the company's source code, secrets, and other sensitive data. In a Sunday update, Checkmarx said the investigation remains ongoing, and it's working to "verify the nature and scope" of the data. READ MORE...
Schneier: What Anthropic's Mythos Means for the Future of Cybersecurity
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. READ MORE...
- ...in 1948, fantasy author Terry Pratchett, best known for his "Discworld" series of novels, is born in Buckinghamshire, England.
- ...in 1973, Pink Floyd's "The Dark Side of the Moon" goes to #1 on the US Billboard chart. It stays on the album charts for the next 741 weeks.
- ...in 1986, the US Navy vessel USS Enterprise becomes the first nuclear-powered aircraft carrier to travel the Suez Canal.
- ...in 2001, millionaire Dennis Tito becomes the world's first space tourist, paying $20M to join the Russian Soyuz TM-32 mission.
