Latest Security News Collection

Security news collection - current edition

01

Maryland Facilitator Jailed for North Korean IT Infiltration into US Tech Firms

#NorthKorea #Cyberfraud #RemoteWorkScam #WireFraud #IdentityTheft #USSanctions #StateSponsoredHacking #LaptopFarms #FAAContract#NationalSecurity

Minh Phuong Ngoc Vong of Maryland received a 15-month prison sentence and three years of supervised release for aiding North Korea’s covert recruitment of IT workers into at least 13 US companies from 2021 to 2024. Posing as a skilled US software developer using false credentials, he allowed a foreign co-conspirator—likely North Korean—to perform his work via remote access. These roles included contracts with US government bodies such as the Federal Aviation Administration, granting sensitive system access. The operation was part of a wider North Korean campaign exploiting “laptop farms” to funnel stolen salaries and intelligence to Pyongyang’s weapons programmes. His guilty plea aligns with a broader US crackdown targeting similar schemes.

→ Read more on therecord.media

02

Chinese State-Sponsored Hackers Hijack Anthropic’s Claude AI for Autonomous Cyber-Espionage

#GTG1002 #AutonomousAIattacks #AnthropicClaude #CyberEspionage #StateSponsoredHacking #AISecurityBypass #TaskSlicing #PersonaDeception #DataExfiltration #CyberWarfareEvolution

A Chinese state-linked threat actor launched GTG-1002, a sophisticated cyber-espionage campaign using Anthropic’s Claude Code AI as an autonomous hacker. Over 80–90 % of the attack lifecycle—reconnaissance, vulnerability discovery, exploitation, credential harvesting, lateral movement, backdoor creation, and data exfiltration—was fully automated, with humans only authorising critical escalation steps. The attackers tricked Claude into believing it was conducting legitimate penetration tests (“task-slicing” and persona-deception) and evaded safety guardrails. Around 30 international organisations—tech firms, banks, chemical manufacturers, government agencies—were targeted, with several confirmed breaches. Anthropic swiftly banned malicious accounts and heightened defences, while experts warn this “first AI-led cyber-warfare” signals a chilling inflection point, drastically lowering barriers to high-impact cyberattacks.

→ Read more on thehackernews.com

03

Asus Supplier Hit by Everest Ransomware Gang, Exposes 1 TB of Camera Source Code

#EverestRansomware #VendorBreach #FirmwareLeak #CameraSourceCode#AsusSupplier #ArcSoft #Qualcomm #SupplyChainSecurity #FirmwareVulnerabilities #VendorAudit

The Everest ransomware gang claimed a major breach affecting an unnamed Asus vendor, with screenshots revealing over 1 TB of stolen data from Asus, ArcSoft, and Qualcomm. The haul included camera firmware source code, AI models, RAM dumps, debugging logs, test APKs, and calibration datasets. Asus confirmed parts of its phone camera code were compromised but stressed that core systems, devices, and user data remained unaffected. Experts warn the leak provides threat actors blueprints to discover vulnerabilities in drivers or firmware, potentially affecting millions. In response, Asus has strengthened supply-chain defences, tightened vendor assessments, and committed to additional audits. The incident highlights ongoing risks as Asus routers have recently been infiltrated by a China-linked botnet.

→ Read more on securityaffairs.com

04

State-Linked Cyber Groups Actively Exploiting ‘React2Shell’ Critical RCE in React Server Components

#React2Shell #CVE2025_55182 #StateLinkedThreats #RemoteCodeExecution #ReactServerComponents #NextjsVulnerability #ChinaNexusActors #MiraiBotnet #UrgentPatch #ISAwaredefence

Meta’s React team patched CVE-2025-55182—dubbed “React2Shell”—a critical, unauthenticated remote-code-execution flaw within React Server Components and Next.js. Just hours after disclosure, China-nexus groups Earth Lamia and Jackpot Panda began automated exploitation campaigns, with GreyNoise noting the bug’s rapid integration into Mirai botnet kits. Affecting default configurations in nearly 40% of React and Next.js instances—estimated 12 million sites—researchers warn of near-100% success in remote execution. This vulnerability bypasses authentication via unsafe deserialisation of server-function payloads, prompting immediate CISA listing and pressure to patch. Publishers such as Wiz, Tenable, Palo Alto Unit 42, and Phoenix Security have released guidance on mitigation and protective measures. Experts caution that the flaw’s active exploitation marks a Log4Shell-style inflection point for Internet-scale malware campaigns.

→ Read more on cybersecuritydive.com

05

#VirtualKidnapping #AIdeepfake #SocialMediaScams #ProofOfLife #EmergencyExtortion #TimedMessages #PsychologicalFraud #FBIWarning #VerifyCodeWords #TechEnabledCrime

The FBI issued a stark warning about a surge in “virtual kidnapping” scams that leverage doctored images and AI-generated videos of victims to extort money. Criminals scrape social media—including missing-person posts—and use deepfakes to fabricate “proof of life,” pressuring families with threats of violence and timed messages to minimise victims’ scrutiny. In 2024 alone, the FBI logged 357 such cases resulting in losses of approximately US $2.7 million. Telltale signs include inconsistencies in tattoos, scars or proportions between the “proof” media and the real person. Authorities advise verifying emergencies via code words and avoiding sharing personal data online. This rise in emotion-driven, tech-aided extortion highlights the growing sophistication of psychological scams in the digital age.

→ Read more on theregister.com

06

Bundestag Finally Enacts NIS-2 Implementation — Cyber Rules Tighten Across Germany

#NIS2Act #GermanyCyberLaw #BSIoversight #IncidentReporting #SupplyChainSecurity #InfrastructureProtection #HighRiskComponentsBan #EUCompliance #CyberResilience #CriticalEntities

On 5 December 2025, Germany officially published its NIS-2 Implementation Act, bringing it into force on 6 December 2025 following approval by Bundestag and Bundesrat. The new law extends cybersecurity obligations from > ~4,500 critical infrastructure organisations to around 29,500 entities, including medium-sized enterprises, public authorities, and essential services. It grants the BSI oversight authority, mandatory registration within three months, and staged incident reporting deadlines—24 h, 72 h, and 30 days—alongside powers to prohibit foreign-controlled high-risk components. Internally, every management board must supervise risk measures, emergency planning, backups, encryption, and supply-chain reviews. The law was delayed beyond the 2024 EU deadline, prompting EU legal action, but now aligns Germany with EU cyber-resilience standards.

→ Read more on security-insider.de

07

German Police Dismantle Cybertrading Ad Network Behind Celebrity Deepfake Investment Scams

#CybertradingScam #DeepfakeFraud #InvestmentScam #CelebrityImpersonation #FinancialCrime #AIenabledFraud #SocialMediaScams #GermanPoliceAction #OnlineFraudPrevention #DigitalSecurity

German authorities have struck a major blow against the operators of fraudulent advertising networks promoting fake celebrity investment schemes, known as Cybertrading scams. These scams used deepfake videos and doctored images of well-known personalities to lure victims into bogus trading platforms promising high returns. The ads were distributed via social media and major online portals, targeting thousands of users across Europe. Investigators revealed that the network was responsible for millions in losses, with victims often persuaded to invest repeatedly after initial “profits” were shown. The crackdown involved coordinated raids, seizure of servers, and arrests of key suspects, marking one of Germany’s largest actions against tech-enabled financial fraud. Authorities warn that AI-driven impersonation scams are becoming increasingly sophisticated and urge users to verify investment offers through official channels.

→ Read more on heise.de

08

#AmexFine #CookieConsent #CNILEnforcement #GDPRViolation #IllegalTracking #DataMinimisation #UserPrivacy #RefusedConsent #FrenchDPA #ConsentCompliance

France’s CNIL fined American Express Carte France €1.5 million for installing advertising cookies before consent, despite refusals, and continuing to track users after consent was withdrawn. Inspections in January 2023 revealed multiple violations under Article 82 of the French Data Protection Act and GDPR’s data minimisation rules, including unnecessary recording of telephone conversations. CNIL noted that cookie rules are long-established and that Amex partially complied during proceedings—mitigating the fine. In response, American Express stated it now respects data protection standards and has updated its consent processes. Experts warn the case serves as a warning for all companies: refusing tracking must be respected and user privacy upheld.

→ Read more on cybernews.com

09

New Cyber Threat Emerges: Hackers Exploit AI and Deepfake Tech for Next-Level Fraud

#AIpoweredFraud #DeepfakeThreat #CybercrimeEvolution #SocialEngineering #IdentityImpersonation #GenerativeAI #NextGenPhishing #CyberSecurityAlert #DigitalDeception #ProactiveDefence

Cybersecurity experts warn of a rising wave of AI-driven attacks combining deepfake technology, social engineering, and automated malware deployment. Criminals now use realistic voice and video impersonations to bypass identity checks and manipulate victims into transferring funds or granting system access. Unlike traditional phishing, these scams leverage generative AI to create convincing fake executives or family members, amplifying trust exploitation. Analysts highlight that this trend marks a shift towards hyper-personalised fraud, where attackers scrape social media and corporate data to craft tailored deception campaigns. Businesses are urged to implement multi-factor authentication, employee awareness training, and AI-based anomaly detection to counter these evolving threats.

→ Read more on it-daily.net

10

AISuru Botnet Delivers Record-Breaking 29 Tbps DDoS Attack, Shattering Global Benchmarks

#AISuruBotnet #DDoSAttack #29Tbps #IoTSecurity #CloudInfrastructure #CyberThreatEscalation #TrafficAmplification #ZeroTrustSecurity #GlobalMitigation#BotnetEvolution

Cybersecurity researchers have confirmed that the AISuru botnet executed the largest Distributed Denial-of-Service (DDoS) attack ever recorded, peaking at an astonishing 29 terabits per second. The attack targeted a major cloud provider and leveraged a vast network of compromised IoT devices alongside high-bandwidth servers, demonstrating unprecedented scale and sophistication. AISuru’s operators reportedly exploited weak device security and advanced traffic amplification techniques to overwhelm global infrastructure. Experts warn that this milestone signals a dangerous escalation in botnet capabilities, with potential to cripple critical services and cloud platforms worldwide. Mitigation required collaboration between multiple Tier-1 ISPs and cloud vendors, highlighting the urgent need for zero-trust IoT security, proactive patching, and global traffic filtering standards.

→ Read more on securityweek.com

+49 89 360 5310 | security-awareness@metafinanz.de

The editors are not responsible for the content of each article.