AChinese national allegedly involved in a massive, pandemic-era attack spree that compromised nearly 13,000 U.S. organizations was extradited from Italy to the United States and formally charged in federal court, the Justice Department said Monday. Xu Zewei and his co-conspirators are accused of exploiting a string of zero-day vulnerabilities in Microsoft Exchange Server to steal research on COVID-19 vaccines, treatment and testing during the initial wave and subsequent height of the pandemic. READ MORE...
A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 - including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees - has been arrested at his home in western France. According to French prosecutors, the man was reportedly preparing to dump yet another collection of stolen data online at the time of his arrest on 20 April, and has admitted to using the pseudonym "HexDex" online. READ MORE...
International espionage isn't always about sophisticated malware and zero-day bugs. Sometimes it's as simple as pretending to be someone else asking for a favor. For four years, a Chinese aerospace engineer did just that. Dozens of researchers at NASA, the US military, and major universities handed him exactly what he asked for, and possibly violated US laws in the process. His name is Song Wu. He's been on the FBI's wanted list since September 2024, and he's still at large. READ MORE...
A new threat actor is combining social engineering techniques, abuse of legitimate cloud infrastructure, and custom malware together to create what appears to be novel attack chain. Google Threat Intelligence Group (GTIG) and Mandiant on April 23 published a blog post detailing the activities of a threat actor tracked as UNC6692. While the researchers did not attribute the threat actor to any previously established identity or location they described a multistage intrusion campaign. READ MORE...
Researchers warn that BlackFile, an extortion group likely associated with The Com, continues to impersonate IT support in voice-phishing and social engineering attacks that have impacted organizations in multiple industries, including healthcare, technology, transportation, logistics, wholesale and retail. Attackers have been actively targeting organizations in the retail and hospitality industry since February, according to Unit 42's latest intelligence on the campaign. READ MORE...
U.S. and U.K. authorities have issued warnings about backdoor malware used against vulnerable Cisco devices that can maintain persistence despite being patched. The backdoor malware, dubbed Firestarter, was discovered during a forensic investigation at a federal civilian executive branch agency during a forensic investigation, according to the Cybersecurity and Infrastructure Security Agency. READ MORE...
Researchers have long considered the Stuxnet attacks on Iran's nuclear centrifuges in Natanz to be the opening chapter of state-sponsored cyber sabotage. As it turns out, at least five years before Stuxnet became public in 2010, somebody had developed an equally potent cyber weapon, one capable of injecting near-imperceptible errors into high-precision mathematical computations to gradually undermine and sabotage systems and applications that rely on their results. READ MORE...
Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers' account workflow that gave access to its signing keys and other sensitive information. On Friday, unknown attackers exploited the vulnerability to push a new version of element-data, a command-line interface that helps users monitor performance and anomalies in machine-learning systems. READ MORE...
Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one of its GitHub repositories after the Lapsus$ extortion crew claimed to have dumped the company's source code, secrets, and other sensitive data. In a Sunday update, Checkmarx said the investigation remains ongoing, and it's working to "verify the nature and scope" of the data. READ MORE...
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. READ MORE...