The UK government is considering legislative reforms to address threats to undersea infrastructure, signaling that UK plans new laws targeting sabotage of critical submarine cables. Current protections rely on the Submarine Telegraph Act of 1885, a statute seen as outdated in the face of evolving security risks. Officials have raised concerns about the vulnerability of […]
Federal agencies are urging operators of critical infrastructure to immediately identify and disconnect vulnerable operational technology (OT) and industrial control systems (ICS) in response to escalating cyber threats linked to Iran. The advisory follows growing concerns that Iran cyber threat spurs increased targeting of essential services, putting energy, water, and transportation sectors at heightened risk. […]
Security researchers have identified a critical flaw in a data exfiltration tool used by the Cl0p ransomware gang, exposing it to potential remote code execution attacks. The Cl0p Hack Tool Flawnaturally, linked to previous high-profile breaches involving MOVEit Transfer software, now appears to carry vulnerabilities that could allow attackers to hijack systems using the same […]
A newly identified advanced persistent threat group known as NightEagle, also tracked as APT-Q-95, has launched a targeted campaign against China’s military and technology sectors, exploiting a vulnerability in Microsoft Exchange servers. Cybersecurity analysts say the NightEagle hacks Exchange servers using a zero-day exploit chain, enabling attackers to infiltrate sensitive networks linked to government and […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new advisories warning of hardware vulnerabilities in industrial control systems from Hitachi Energy and Mitsubishi Electric. In the latest alert, CISA flags flaws in Hitachi Energy products that could expose critical infrastructure to potential compromise if exploited by malicious actors. The agency detailed the specific […]
Cisco has released an emergency security patch to address a critical vulnerability in its Unified Communications Manager (Unified CM) software. The flaw, which involves hardcoded root credentials, could allow attackers to gain full administrative access to affected systems. The company issued the fix after identifying the risk, emphasizing the severity and urging customers to update […]
Estonia’s cyber ambassador-at-large outlined the nation’s digital security strategy during a conversation at the Tallinn Cyber Diplomacy Summer School. He emphasized how Estonia Envoy Targets GRUnaturally by leveraging transparency, cooperation, and technological innovation to counter cyber threats. The ambassador highlighted the importance of small states asserting themselves in global cyberspace through strategic partnerships and rapid […]
Security researchers have identified a high-risk vulnerability that allows attackers to bypass Content Security Policy (CSP) protections by exploiting browser caching and HTML injection. This browser cache exploit bypasses nonce-based CSP implementations by manipulating how modern browsers store and reuse cached content, particularly through the back/forward cache (bfcache) and disk cache systems. The attack begins […]
The European Union has unveiled a new quantum strategy aimed at strengthening the security of critical infrastructure and accelerating the development of semiconductor technologies. As part of this initiative, the EU bets €50 million on quantum to boost chip pilot lines and support quantum-enabled technologies that could protect key sectors from emerging cyber threats. The […]
A California court has ordered Google to pay $314 million after it found the company misused cellular data from Android devices without user consent. The lawsuit accused Google of collecting data from idle Android phones, even when users weren’t actively engaging with their devices. The ruling marks the conclusion of a class-action complaint originally filed […]
A newly identified botnet dubbed Hpingbot Botnet Hidesnaturally has emerged as a sophisticated threat, leveraging legitimate platforms to evade detection and deliver powerful DDoS attacks. First discovered in June 2025, the malware uses the Go programming language and targets both Windows and Linux/IoT systems across various architectures. Unlike variants derived from known botnet families, this […]
Cyber attackers are no longer targeting traditional defenses like firewalls—instead, they’re embedding malicious instructions directly into prompts used by generative AI systems. In response to this growing threat, OWASP flags prompt injection as the top risk facing generative AI technologies. These attacks manipulate AI behavior by exploiting how models interpret and respond to language, often […]