Skip to content
Get weekly news collection
Metafinanz Security News Collections

Latest Security News Collection

Security news collection - current edition

01

Section titled “01”

Chinese Hackers Exploit Ivanti Firewall Flaw in Global Espionage Campaign

Section titled “Chinese Hackers Exploit Ivanti Firewall Flaw in Global Espionage Campaign”

#CyberSecurity #Ivanti #FirewallVulnerability #ChineseHackers #UNC5221 #CVE202522457 #MalwareThreat #NationStateAttack #RemoteAccessSecurity #PatchManagement

A critical vulnerability in Ivanti’s Connect Secure and Policy Secure gateways has been actively exploited by suspected China-based hackers, according to CISA and security firms Mandiant and Google Threat Intelligence. The flaw, tracked as CVE-2025-22457, enables attackers to deploy advanced malware ecosystems such as Spawn and Brushfire, compromising remote access systems used by major organisations and government agencies. Ivanti issued a patch in February, but unsupported devices remain at high risk. Experts warn that UNC5221, the group behind the attacks, has targeted multiple sectors worldwide, leveraging compromised appliances and routers to conceal its operations.

→ Read more on therecord.media

02

Section titled “02”

EvilAI: Malware Disguised as AI Tools Targets Global Organisations

Section titled “EvilAI: Malware Disguised as AI Tools Targets Global Organisations”

#CyberSecurity #EvilAI #MalwareAlert #AIToolsThreat #DataExfiltration #GlobalCyberAttack #ThreatIntelligence #DigitalSecurity #MalwareCampaign #EndpointProtection

Cybersecurity researchers have uncovered a sophisticated campaign dubbed EvilAI, where attackers distribute malware through seemingly legitimate AI-powered and productivity applications. These apps, including AppSuite, Epi Browser, and PDF Editor, feature professional interfaces and valid digital signatures, making them appear authentic. The malware infiltrates systems across Europe, the Americas, and AMEA, targeting sectors such as manufacturing, healthcare, government, and technology. Once installed, EvilAI conducts reconnaissance, steals sensitive browser data, and maintains encrypted communication with command-and-control servers to deploy additional payloads. The campaign leverages deceptive tactics like fake vendor portals, malicious ads, and SEO manipulation to spread globally.

→ Read more on thehackernews.com

03

Section titled “03”

Hacktivists Breach Canada’s Critical Infrastructure, Sparking Safety Concerns

Section titled “Hacktivists Breach Canada’s Critical Infrastructure, Sparking Safety Concerns”

#CyberSecurity #Hacktivism #CriticalInfrastructure #CanadaCyberAlert #ICS #SCADA #PublicSafetyRisk #CyberResilience #IndustrialSecurity #ThreatMitigation

Canada’s Cyber Centre has issued an urgent warning after hacktivists repeatedly breached critical infrastructure systems, tampering with industrial controls and endangering public safety. Recent incidents include manipulation of water pressure at a treatment facility, false alarms at an oil and gas company, and unsafe conditions at an agricultural silo. Attackers exploited internet-facing industrial control systems (ICS) such as PLCs and SCADA to disrupt operations and damage Canada’s reputation. Authorities stress that poor coordination and unclear roles leave vital services exposed. Organisations are urged to secure ICS devices with VPNs, two-factor authentication, and intrusion prevention systems, alongside regular penetration tests and vulnerability management.

→ Read more on securityaffairs.com

04

Section titled “04”

Marks & Spencer Ends TCS Contract After £300m Cyber Attack Fallout

Section titled “Marks & Spencer Ends TCS Contract After £300m Cyber Attack Fallout”

#CyberSecurity #MarksAndSpencer #TCS #DataBreach #ScatteredSpider #RetailSecurity #ITOutsourcing #VendorRisk #CyberAttackFallout #DigitalResilience

Marks & Spencer has terminated its decade-long IT helpdesk contract with Tata Consultancy Services following one of the largest cyber incidents in UK retail history. The April breach, linked to the Scattered Spider hacking group, disrupted online sales and cost the retailer up to £300 million in lost operating profit. Although both companies insist the decision was part of routine procurement and unrelated to the attack, the timing has raised concerns about third-party IT security. Investigations revealed compromised credentials of TCS employees, though no TCS systems were breached. Experts warn that outsourced helpdesks pose significant risks due to broad access and human error.

→ Read more on ibtimes.co.uk

05

Section titled “05”

Chinese Cyber Spies Exploit Unpatched Windows Flaw to Target European Diplomats

Section titled “Chinese Cyber Spies Exploit Unpatched Windows Flaw to Target European Diplomats”

#CyberSecurity #UNC6384 #MustangPanda #WindowsVulnerability #PlugX #DLLSideloading #CyberEspionage #NationStateThreat #PatchNow #ThreatIntelligence

A Beijing-linked hacking group, UNC6384 (aka Mustang Panda), has weaponised an unpatched Windows shortcut vulnerability (CVE-2025-9491) to infiltrate European diplomatic networks. The flaw, disclosed in March but still unfixed by Microsoft, was exploited through phishing emails carrying malicious LNK files disguised as conference agendas. Once opened, these files triggered a multi-stage attack using DLL sideloading to deploy PlugX, a long-standing remote access Trojan that enables command execution, data theft, and persistent control. Targets included diplomats in Belgium, Hungary, Italy, and the Netherlands, as well as Serbian government aviation departments. Researchers warn this campaign demonstrates rapid vulnerability adoption and advanced social engineering tactics, highlighting the urgent need for patching and robust endpoint security.

→ Read more on theregister.com

06

Section titled “06”

Europe’s Satellites Under Siege: Cyberattacks Threaten Critical Infrastructure

Section titled “Europe’s Satellites Under Siege: Cyberattacks Threaten Critical Infrastructure”

#CyberSecurity #SatelliteAttack #CriticalInfrastructure #AcidRainMalware #HybridWarfare #SpaceSecurity #SupplyChainRisk #EnergySectorThreat #SatelliteCommunication #CyberResilience

Cyberattacks on European satellite systems are emerging as a major threat to critical infrastructure, exposing vulnerabilities in communication, energy, and logistics networks. The infamous KA-SAT breach in February 2022 demonstrated how attackers can cripple connectivity by exploiting weak radio links and supply-chain flaws. The AcidRain malware, used in that attack, destroyed over 30,000 modems, disrupting internet access and remote control of 5,800 wind turbines in Germany. Experts warn that manipulated navigation signals and jamming techniques could paralyse essential services, while hybrid warfare tactics blur the line between military and civilian targets.

→ Read more on security-insider.de

07

Section titled “07”

Eclipse Foundation Tightens Security After GlassWorm Attack on Open VSX

Section titled “Eclipse Foundation Tightens Security After GlassWorm Attack on Open VSX”

#CyberSecurity #GlassWorm #OpenVSX #EclipseFoundation #SupplyChainSecurity #TokenLeak #MalwareAlert #DevSecOps #SecureCoding #ThreatMitigation

The Eclipse Foundation has concluded its investigation into the GlassWorm malware incident targeting Open VSX, the open-source marketplace for VS Code extensions. The breach stemmed from developer errors that exposed access tokens in public repositories, which attackers exploited to upload malicious extensions. Although reports of 35,800 downloads were exaggerated, the malware campaign aimed to steal developer credentials rather than self-propagate. All compromised tokens were revoked, and affected extensions removed. In response, the Foundation introduced stricter security measures, including shorter token lifespans, automated scans for secrets, and mandatory security checks for every release. Collaboration with Microsoft’s Security Response Center and other marketplace operators will enhance transparency and resilience.

→ Read more on heise.de

08

Section titled “08”

Conduent Data Breach Exposes Over 10 Million Patients’ Personal Information

Section titled “Conduent Data Breach Exposes Over 10 Million Patients’ Personal Information”

#AWSOutage #AmazonCloud  #DynamoDB #DNSFailure #CloudInfrastructure  #EC2Issues #NetworkLoadBalancer #ServiceDisruption  #RootCauseAnalysis #HeiseOnline

Amazon has published a detailed root cause analysis of the widespread AWS outage that disrupted global internet services on 20 October 2025. The incident, which affected services like Prime Video, Amazon Music, and even the Signal messenger, originated from a latent defect in the DNS management system of DynamoDB in the US-EAST-1 region. The failure unfolded in three cascading phases: initial API errors in DynamoDB, connection issues in Network Load Balancers due to faulty health checks, and the inability to launch new EC2 instances. Although services were gradually restored by midnight, the outage exposed a critical single point of failure in Amazon’s cloud infrastructure.

→ Read more on cybernews.com

09

Section titled “09”

State-Impersonation Scams Surge: Fraudsters Exploit Trust in Authorities

Section titled “State-Impersonation Scams Surge: Fraudsters Exploit Trust in Authorities”

#CyberSecurity #FraudAlert #StateImpersonation #SocialEngineering #ScamPrevention #IdentitySpoofing #CyberCrime #DigitalSafety #PhishingScams #SecurityAwareness

Cybercriminals posing as government agencies, tax offices, and law enforcement are increasingly using sophisticated social engineering tactics to defraud victims. These scams often begin with convincing narratives, such as alleged investigations or unpaid fines, and escalate to demands for bank access, one-time passwords, or remote device control. Attackers employ spoofed caller IDs, official logos, and multiple fake “officials” to reinforce credibility. SMS-based schemes are gaining popularity over traditional email spam, leveraging urgency and fear to pressure victims into immediate action. Fraudsters also exploit current events, new legislation, and seasonal activities like tax deadlines to make their stories more believable.

→ Read more on it-daily.net

10

Section titled “10”

Swedish Power Grid Operator Hit by Cyberattack, Data Stolen but Supply Unaffected

Section titled “Swedish Power Grid Operator Hit by Cyberattack, Data Stolen but Supply Unaffected”

#CyberSecurity #DataBreach #SvenskaKraftnät #EverestRansomware #CriticalInfrastructure #EnergySector #CyberAttack #InformationSecurity #ThreatIntelligence #DigitalResilience

Svenska kraftnät, Sweden’s state-owned power grid operator, has confirmed a cyberattack that led to a significant data breach without impacting electricity supply. The incident, discovered on Saturday, targeted an isolated external file transfer system rather than core operational infrastructure. Shortly after the breach, the Everest ransomware group claimed responsibility, listing the operator on its leak site and threatening to publish roughly 280 GB of stolen data unless demands are met. While the exact nature of the exfiltrated data remains unclear, the attack underscores growing risks to critical infrastructure from extortion-focused ransomware groups. Svenska kraftnät, which manages 17,500 km of power lines and holds a stake in Nord Pool, has reported the breach to authorities and is investigating its scope.

→ Read more on securityweek.com

Contact us

+49 89 360 5310 | security-awareness@metafinanz.de

The editors are not responsible for the content of each article.