The computer hacker's guide to the Russian language - how Russia's language fits into cybercriminal campaigns.

Russian is the native language of the majority of people in Russia, and it serves as an official language in several other countries, including Belarus, Kazakhstan, Kyrgyzstan, and Tajikistan. It is also widely used as a lingua franca in many parts of the former Soviet Union. There are approximately 138–154 million native speakers, with the total number of speakers (including second-language…

Army releases Unified Network Plan 2.0 and a new emphasis on zero-trust principles.

The Army Unified Network Plan 2.0 (AUNP 2.0) is the latest strategic framework guiding the modernization and integration of the U.S. Army’s information technology infrastructure to meet the demands of contemporary and future warfare. Released in March 2025, AUNP 2.0 builds directly on the foundation established by the original 2021 plan, which focused on unifying disparate Army networks under…

TAG-140’s DRAT V2 malware upgrade offers a substantial improvement over its initial version.

The new DRAT V2 variant raises significant concerns due to its enhanced operational capabilities, evolved targeting strategy, and improved evasion techniques, which collectively increase its threat to critical infrastructure and national security. DRAT V2 is the latest variant of the DRAT (Delphi Remote Access Trojan) malware, recently identified in a TAG-140 campaign targeting Indian government…

Trezor, the creator of hardware wallets, has issued a warning to its customers about a sneaky phishing campaign that uses their support portal.

Trezor, a leading manufacturer of hardware cryptocurrency wallets, has issued an urgent alert to its users about a sophisticated phishing campaign that abused its automated support system to send deceptive emails. Attackers exploited Trezor’s public contact form by submitting support requests using real users’ email addresses—likely obtained from previous data breaches—which triggered…

Microsoft releases KB5062324 to fix Windows 11 problem that causes Windows Update to fail.

KB5062324 is a Windows Configuration Update released by Microsoft in June 2025 specifically for Windows 11 version 24H2. Its main purpose is to address a critical issue where the scan for Windows updates could become unresponsive, effectively preventing users from successfully checking for or installing new updates. Key Details • Release Date: June 2025• Targeted Issue: Fixes bugs that cause…

Microsoft releases Windows 10 KB5061087, part of the final maintenance cycle before Windows 10’s end of support.

Today, Microsoft released KB5061087, a non-security preview update for Windows 10 version 22H2. It is part of Microsoft’s regular maintenance cycle and focuses on quality improvements and bug fixes rather than introducing new features. Key Highlights of KB5061087 • Build Number: 19045.6036• Release Type: Non-security preview update• Release Date: June 24, 2025• Target: Windows 10 version…

A newly discovered campaign, active since at least 2021, targeted 70 Microsoft Exchange servers worldwide using sophisticated keylogger malware.

A recent, significant cyberattack campaign has targeted over 70 Microsoft Exchange servers across 26 countries, with the aim of stealing user credentials using sophisticated keylogger malware. The attacks have been documented by cybersecurity researchers, particularly Positive Technologies, who identified two main types of keylogger code injected into the Outlook login pages of compromised…

Researchers reveal novel technique for disrupting malicious cryptominer campaigns - meet the XMRogue tool.

Cybersecurity researchers have developed and demonstrated two novel techniques to disrupt and even shut down malicious cryptominer campaigns, significantly reducing attackers’ revenues and freeing infected machines from exploitation. These methods were detailed in recent reports by Akamai and have shown real-world effectiveness against large-scale botnets. Bad Shares Exploit This approach…

U.S. House of Representatives officially bans the use of WhatsApp on all government-issued devices

The U.S. House of Representatives has officially banned the use of WhatsApp on all government-issued devices for congressional staff, effective immediately. This decision follows a memo from the House’s Chief Administrative Officer (CAO), which classified WhatsApp as a “high-risk” application due to several cybersecurity concerns. WhatsApp is a widely used messaging application owned by Meta…

Siemens has informed its customers about a significant problem with Microsoft Defender that could allow discovered malware to remain unnoticed.

Siemens recently notified its customers about a significant issue affecting the integration between Microsoft Defender Antivirus (MDAV) and its industrial process control systems, specifically Simatic PCS 7 and PCS Neo products. The core problem identified is that Microsoft Defender Antivirus currently lacks an “alert only” functionality in its configuration settings. Under current…

Russia's APT28 (Fancy Bear) uses Signal to deploy BEARDSHELL and COVENANT malware on Ukranian targets.

Russian state-sponsored hackers APT28 (also known as Fancy Bear or UAC-0001) have deployed a sophisticated malware campaign against Ukrainian government targets using Signal messenger to deliver malicious payloads. This operation leverages two previously undocumented malware families—BEARDSHELL and COVENANT—disguised within seemingly harmless files. Attack Vector and Initial Compromise APT28…

How to detect a Operational Relay Box (ORB) network infrastructure.

Detecting Operational Relay Box (ORB) networks requires specialized techniques due to their design for stealth and evasion. These networks blend malicious traffic with legitimate flows by leveraging compromised devices (e.g., routers, IoT equipment) and leased infrastructure. As a result, cybersecurity professionals must adapt their strategies to identify and neutralize these covert operations.…

A severe privilege escalation vulnerability has been discovered in the popular Notepad++ version 8.8.1.

A severe local privilege escalation vulnerability, tracked as CVE-2025-49144, was discovered in Notepad++ version 8.8.1, released on May 5, 2025. This flaw resides in the Notepad++ installer and allows unprivileged users to gain SYSTEM-level privileges on Windows systems through an uncontrolled executable search path, also known as binary planting. Notepad++ is a widely used, free, open-source…

China-linked APT group has built an ORB network (LapDogs) comprising > 1,000 compromised devices for cyber-espionage targeting the United States.

A China-linked advanced persistent threat (APT) group has built a large-scale Operational Relay Box (ORB) network named LapDogs, comprising over 1,000 compromised devices globally. This infrastructure supports covert cyber-espionage operations targeting entities in the United States and Southeast Asia, with a focus on sectors like real estate, IT, networking, and media. Campaign…

Secret message encryption via... ice? Researchers have found a way to store messages using the air bubbles formed in ice during the freezing process.

Researchers have developed an innovative method to encode and store messages within ice by manipulating trapped air bubbles during the freezing process. Inspired by natural air bubbles preserved in glaciers, this technique uses controlled freezing rates to create distinct patterns of egg-shaped or needle-shaped bubbles, which correspond to characters in binary or Morse code. The approach offers a…

Campaign exploits misconfigured Docker APIs to mine crypto via tor.

A recent cybersecurity campaign exploits misconfigured Docker APIs to deploy cryptocurrency miners while using the Tor network for anonymity. Attackers target exposed Docker instances to gain unauthorized access, then leverage container environments to mine digital currencies covertly. This method particularly threatens cloud-reliant sectors like technology, finance, and healthcare. Attack…

Iranian cyber operatives are hacking video cameras in Israel to gather real-time intelligence.

Reports have confirmed that Iranian cyber operatives are actively hacking into internet-connected security cameras across Israel to gather real-time intelligence. This tactic has become particularly prominent amid recent military escalations, with Iranian hackers leveraging compromised cameras to assess missile strike impacts, monitor troop movements, and identify sensitive locations—even as…