Nucor, the leading steel manufacturer in the U.S., said it has restored operations following a hack in May that compromised a limited amount of information. The company - which produces roughly a quarter of America's raw steel - believes it has evicted the hackers from its systems and does not expect the incident to have a material impact on its financial performance or operations, it said in a filing with the Securities and Exchange Commission. READ MORE...
Threat actors are targeting cloud-based networks by exploiting misconfigured Docker APIs to gain access to containerized environments, then using the anonymity of Tor to hide their deployment of cryptocurrency miners. Researchers from Trend Micro discovered the attack targeting "cloud-heavy sectors" in particular, including organizations in the technology, financial services, and healthcare sectors, they revealed in a blog post. READ MORE...
The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges. READ MORE...
The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. To be clear, this is not a security issue in Signal. Instead, threat actors are more commonly utilizing the messaging platform as part of their phishing attacks due to its increased usage by governments worldwide. READ MORE...
A China-linked APT has built an operational relay boxes (ORB) network of more than 1,000 backdoored nodes for espionage purposes, SecurityScorecard reports. The prolonged espionage infrastructure campaign, dubbed LapDogs (PDF), has been targeting IT, media, networking, real estate, and other industries in the US and Southeast Asian countries, including Japan, South Korea, Hong Kong, and Taiwan. READ MORE...
A new proof-of-concept (PoC) cyberattack uses subtle language over multiple prompts to manipulate major large language models (LLMs) into generating inappropriate content. That's according to research published today by AI security vendor Neural Trust on the "Echo Chamber" attack, which was discovered by Neural Trust AI researcher Ahmad Alobaid. According to the research, Echo Chamber "leverages context poisoning and multi-turn reasoning to guide models into generating harmful content." READ MORE...
According to the advisory published by the industrial giant, the problem is that Defender Antivirus currently does not provide 'alert only' functionality. According to the advisory published by the industrial giant, the problem is that Defender Antivirus currently does not provide 'alert only' functionality. Siemens' documentation describes Microsoft Defender Antivirus configurations for specifying threat alert levels at which no default action is taken when a threat is detected. READ MORE...