Latest Security News Collection

Security news collection - current edition

01

Russian Hacktivists Exploit Default Passwords to Target Critical Infrastructure

#CyberSecurity #CriticalInfrastructure #OTSecurity #Hacktivists #Russia #CISAAlert #SecureByDesign #MFA #DefaultPasswords #Sandworm

Critical infrastructure operators across North America and Europe face renewed cyber threats as pro‑Russia hacktivists exploit weak security in industrial control systems. A recent advisory from CISA and international partners reveals attackers are infiltrating operational technology (OT) via human–machine interfaces still using factory-default passwords or lacking multi-factor authentication. Although no major disruptions have been confirmed, incidents in Texas and Indiana water facilities—including pump overflows and disabled alarms—have been attributed to the Cyber Army of Russia, linked to the Sandworm group. Officials urge immediate remedial action: ditch default credentials, enforce multi-factor authentication and adopt “secure‑by‑design” principles. NSA’s Cybersecurity Directorate advises urgent implementation of recommended mitigations to strengthen resilience against low‑sophistication yet potentially damaging OT attacks.

→ Read more on therecord.media

02

From HealthKick to GOVERSHELL: How UTA0388’s Malware Campaign Escalated

#GOVERSHELL #CyberEspionage #UTAO388 #SpearPhishing #MalwareVariants #DLLSideLoading #PowerShell #CloudAbuse #ChatGPT #GlobalCyberThreat

A China-aligned hacker group dubbed UTA0388 has ramped up cyber‑espionage efforts across North America, Asia and Europe by evolving its malware from HealthKick to the more potent Go‑based backdoor GOVERSHELL. Delivered via carefully tailored spear‑phishing emails impersonating senior researchers from fictitious organisations, the malware is hidden within ZIP or RAR archives. GOVERSHELL utilises DLL side‑loading and boasts five variants—TE32, TE64, WebSocket, Beacon and the original HealthKick—each adding capabilities like PowerShell reverse shells, dynamic commands and randomised polling intervals. Targets receive convincing, rapport‑building emails in multiple languages, with payloads hosted on trusted cloud platforms such as Netlify, OneDrive, and Sync. Alarmingly, UTA0388 has also employed ChatGPT to draft phishing content and streamline operations, focusing notably on stakeholders connected to Taiwan and other geopolitical hotspots.

→ Read more on thehackernews.com

03

Top Malware Trends & Emerging Threats Across the Globe

#ClayRat #SEEDSNATCHER #FvncBot #Broadside #JSSmuggler #EtherRAT #PeerBlight #AIThreats #ZeroDay #MalwareNewsletter

Pierluigi Paganini’s “Malware Newsletter Round 75” delivers a curated global overview of the latest malware developments. Highlights include the resurgence of ClayRat with enhanced capabilities; SEEDSNATCHER, an Android threat targeting crypto‑wallet mnemonic phrases; and FvncBot, a new Android banking trojan active in Poland. The newsletter also profiles Broadside, a Mirai botnet variant, and JS#SMUGGLER, which employs multi‑stage iframe and obfuscated JavaScript tactics to deliver NetSupport RAT. Other notable entries include EtherRAT, linked to DPRK’s Ethereum exploits via React2Shell; a fresh Linux backdoor named PeerBlight; exploitation of React2Shell CVE‑2025‑55182; and an actively used Gogs zero‑day. The newsletter additionally covers threats like AshTag, SetcodeRat, PyStoreRAT—leveraging AI in supply‑chain attacks—and AMOS Stealer misusing ChatGPT and Grok. Advanced detection frameworks ByteShield, DGA‑based C2 identification, MaSS‑Droid, and AVSVM are also spotlighted.

→ Read more on securityaffairs.com

04

Inotiv Confirms Qilin Ransomware Breach Exposing Employee and Partner Data

#InotivBreach #QilinRansomware #DataTheft #CyberSecurity #ContractResearch #LifeSciences #EmployeeData #DataBreach #CyberAttack #RansomwareThreat

Inotiv, a US-based contract research organisation, confirmed a cyberattack in early August that led to the theft of nearly 200 GB of sensitive data, affecting around 9,500 individuals. Discovered between 5–8 August, the breach was claimed by the Qilin ransomware gang. In response, Inotiv took systems offline, restored access, and notified affected parties and regulators. The firm is still assessing the full operational and financial fallout and has yet to determine if the incident will have a material impact. This compromise highlights ongoing cyber threats targeting the life sciences sector and underscores the need for robust defences in research environments managing employee, partner, and patient data.

→ Read more on cybersecuritydive.com

05

BA Warns AI-Powered Agents Could Leave Brands “Invisible” to Consumers

#BritishAirways #AgenticAI #TravelTech #DigitalTransformation #HyperPersonalisation #Copilot #AIinAviation #BrandVisibility #CustomerExperience #FutureOfTravel

British Airways CEO Sean Doyle has sounded the alarm that the airline faces a momentous shift: AI agents, rather than humans, are increasingly deciding which brands travellers choose. At the Globant Converge 2025 event, he cautioned that without a compelling machine‑readable digital presence, airlines risk being overlooked. Doyle revealed that BA is undergoing a major digital transformation—redeveloping its platforms, breaking down data silos, and embracing hyper‑personalisation—to stay visible to intelligent booking systems. He also stressed that AI isn’t about replacing staff, but liberating them to focus on passenger experience. BA has equipped 5,000 employees with Copilot, emphasising impact over experimentation. Looking ahead, Doyle said the airline’s success will hinge on its ability to communicate effectively with software gatekeepers as much as with human customers.

→ Read more on theregister.com

06

Logistics Under Siege: Weak Links and Human Error Fuel Cyber‑Incidents

#LogisticsSecurity #CyberRisks #SupplyChainVulnerability #HumanError #ThirdPartyRisk #CyberAwareness #ITCompliance #SystemUpdates #CyberResilience #LogisticsSafety

A recent Sophos survey reveals that almost 80 % of logistics companies in Germany reported security incidents in 2025, driven largely by supply‑chain vulnerabilities and human error. With 40 % experiencing disruptions due to supplier or customer breaches, interconnected systems boost efficiency—and risk. The human factor looms large: 81 % of respondents identify low awareness and missteps as core issues, while the sector-wide shortage of cybersecurity expertise further weakens defences. While two‑thirds of firms have introduced contractual IT‑security mandates for partners, continuous compliance monitoring remains patchy. Experts urge logistics operators to implement robust third‑party risk management, regularly audit supplier security, provide tailored employee training, maintain up‑to‑date systems, and embed cybersecurity as a top‑level management responsibility.

→ Read more on security-insider.de

07

Major Blow to Crime-as-a-Service: Police Disrupt Criminal Phone Networks

#CrimeAsAService #CyberCrime #LawEnforcement #TelecomSecurity #FraudPrevention #Smishing #Phishing #DigitalSafety #CyberThreats #SecurityOperation

German authorities have struck a significant blow against organised cybercrime by dismantling illegal phone infrastructures used for fraudulent activities. The operation targeted “Crime-as-a-Service” networks that provided criminals with ready-made tools for phishing, smishing, and other scams. By cutting off thousands of compromised or malicious phone numbers, investigators aim to cripple services that enable large-scale fraud campaigns. These networks allowed attackers to impersonate trusted entities, bypass security checks, and exploit victims through voice and SMS channels. Officials emphasise that such takedowns are crucial to reducing the accessibility of cybercrime services and protecting consumers from identity theft and financial loss. The crackdown highlights the growing collaboration between law enforcement and telecom providers to combat evolving threats in the digital underground.

→ Read more on heise.de

08

Europol’s GRIMM Taskforce Cracks Down on Global Cybercrime with 200 Arrests

#Europol #GRIMMTaskforce #CyberCrime #GlobalCrackdown #Ransomware #Phishing #MoneyLaundering #CyberSecurity #LawEnforcement #CrimeAsAService

Europol has announced a major victory against organised cybercrime, as its GRIMM Taskforce coordinated an international operation resulting in 200 arrests across 27 countries. The crackdown targeted networks involved in online fraud, phishing, ransomware, and money laundering, dismantling key infrastructure that enabled large-scale criminal activity. Authorities seized servers, cryptocurrency wallets, and illicit digital assets, significantly disrupting the underground economy. Europol highlighted the growing sophistication of cybercriminal groups and stressed the importance of cross-border collaboration to combat evolving threats. This operation underscores a clear message: law enforcement agencies are stepping up efforts to dismantle “Crime-as-a-Service” ecosystems and protect individuals and businesses from financial and identity theft.

→ Read more on cybernews.com

09

Cyberattacks in DACH Drop by 10% in November – But Ransomware Still Dominates

#CyberSecurity #DACHRegion #Ransomware #Phishing #SupplyChainSecurity #PatchManagement #MFA #AIThreats #CyberResilience #ThreatLandscape

According to the latest IT-Daily report, cyberattacks across Germany, Austria, and Switzerland fell by 10% in November 2025, marking a slight relief for businesses in the region. However, ransomware remains the most prevalent threat, accounting for nearly half of all incidents. Experts warn that attackers are increasingly targeting critical infrastructure and supply chains, exploiting outdated systems and weak authentication practices. While phishing and credential theft continue to rise, the report highlights growing concerns over AI-driven attack automation, which accelerates intrusion attempts and evasion tactics. Security specialists urge organisations to prioritise patch management, multi-factor authentication, and employee awareness training to counter evolving threats. Despite the decline, the overall risk landscape remains high, and proactive defence strategies are essential to maintain resilience.

→ Read more on it-daily.net

10

Australian Man Jailed for Wi-Fi Attacks on Airports and In-Flight Networks

#CyberCrime #WiFiAttacks #AviationSecurity #AirportCyberRisk #InFlightConnectivity #DataProtection #CyberThreats #LawEnforcement #NetworkSecurity #TravelSafety

An Australian man has been sentenced to prison for orchestrating a series of Wi-Fi attacks targeting airports and aircraft networks. Authorities revealed that the individual exploited unsecured wireless systems to intercept sensitive data and disrupt connectivity during flights. These attacks posed serious risks to passenger privacy and operational safety, highlighting vulnerabilities in aviation-related networks. Investigators traced the breaches to multiple airports and flights, uncovering evidence of credential theft and unauthorised access attempts. The case underscores the growing threat of cybercrime in the aviation sector and the urgent need for robust security measures, including encrypted communications and continuous monitoring of wireless infrastructure. Experts warn that as connectivity becomes integral to travel, airlines and airports must prioritise cybersecurity to protect both passengers and critical systems.

→ Read more on securityweek.com

+49 89 360 5310 | security-awareness@metafinanz.de

The editors are not responsible for the content of each article.