espionage

Microsoft and multiple security vendors confirm that a long-known Windows shortcut (.lnk) vulnerability tracked as CVE-2025-9491 is being actively weaponized in targeted espionage campaigns — and, as of the latest reports, there is no Microsoft patch available to close the hole. Background...

Microsoft has quietly extended its Copilot footprint into the lightweight Microsoft 365 companion apps that live on the Windows 11 taskbar, embedding contextual AI prompts and one‑click Copilot access into People and Files today — with Calendar integration scheduled to follow — and doing so via...

A stealthy, long-running espionage campaign that researchers have named BRICKSTORM has quietly infiltrated high-value organizations across the technology and legal sectors, maintaining extremely long dwell times and using novel techniques to hide on devices that traditional defenses often...

CISA’s September additions to the Known Exploited Vulnerabilities (KEV) Catalog — the TP‑Link TL‑WA855RE missing‑authentication flaw (CVE‑2020‑24363) and the WhatsApp incorrect‑authorization weakness (CVE‑2025‑55177) — are a reminder that adversaries continue to exploit both legacy IoT devices...

Diplomatic missions working in Moscow now face a newly exposed, advanced cyber threat: Secret Blizzard’s adversary-in-the-middle (AiTM) campaign, designed to penetrate even the most security-conscious organizations. According to detailed analysis from Microsoft Threat Intelligence, this Russian...

Microsoft has recently issued an urgent security patch in response to active attacks targeting on-premises SharePoint Server installations. These attacks exploit critical vulnerabilities, specifically CVE-2025-53770 and CVE-2025-53771, which allow unauthenticated remote code execution and...

The recent revelation that Microsoft employed China-based engineers to support the U.S. Department of Defense's (DoD) cloud computing systems has ignited a firestorm of concern over national security and cybersecurity vulnerabilities. This practice, which involved foreign engineers assisting...

Microsoft's recent decision to cease utilizing China-based engineers for supporting U.S. Department of Defense (DoD) cloud services has ignited a multifaceted discussion on national security, globalized tech operations, and the evolving standards for cloud security in government contracts. The...

A significant security vulnerability has been identified in Synology's Active Backup for Microsoft 365 (ABM), potentially exposing sensitive data across all Microsoft 365 tenants utilizing this backup solution. This flaw, designated as CVE-2025-4679, was discovered by the security firm ModZero...

In an era defined by rapid digital transformation and the proliferation of generative AI platforms, the business landscape faces an unprecedented information security crisis. Recent insights into workplace AI use, particularly with tools like ChatGPT and Microsoft Copilot, have uncovered a...

A concerted pro-Russian influence operation aimed at Australia has come to light in the lead-up to the country's federal election. Dubbed the “Pravda Network,” this sprawling initiative leverages an array of dubious online portals—including the recently emerged “Pravda Australia”—to seed...

Eight in the morning at your average critical infrastructure plant: the sweet serenade of humming motors, flashing status lights, and, somewhere deep in the control network, the silent scream of a security vulnerability newly discovered. This time, the haunting culprit is none other than the...

The digital landscape is becoming increasingly treacherous as threat actors evolve their tactics. One of the most prominent players in this game, the Russian hacking group known as Midnight Blizzard (also referred to as NOBELIUM), has recently embarked on a large-scale spear-phishing campaign...

In an alarming development, it has been reported that an Iranian threat group known as APT34 is intensifying its espionage activities targeting Gulf state government entities, particularly those in the United Arab Emirates (UAE). This group, which has connections to the Iranian Ministry of...

Original release date: October 27, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...

Original release date: October 1, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened tensions between the United States and...

Original release date: April 15, 2020 | Last revised: June 23, 2020 Summary The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international...

Original release date: April 14, 2020 | Last revised: April 15, 2020 Summary The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international...

:usa: :rolleyes:

Sent from my 8063 using Tapatalk