Author: Staff Writer

Fast Facts Russian hacking group APT28 has developed a new Outlook backdoor, NotDoor, utilizing VBA macros to monitor emails, exfiltrate data, and execute remote commands while evading detection. NotDoor is delivered via DLL side-loading through Microsoft OneDrive, activating malicious PowerShell scripts that disable security and establish persistence. The malware exfiltrates files by encoding and emailing them to attacker-controlled addresses, triggered by specific email keywords like "Daily Report." Attackers use sophisticated techniques such as cloud service abuse, domain rotation, and multi-layer obfuscation to maintain covert, resilient operations targeting NATO countries. Problem Explained The Russian cyber espionage group known as APT28 has…

Quick Takeaways Chess.com experienced a data breach on June 5, 2025, affecting 4,541 users, exposing names and personal identifiers due to an external hack. The company began notifying impacted individuals on September 3, 2025, and is offering 12 months of free identity theft protection. The breach highlights that even large platforms with over 150 million users remain vulnerable to cyberattacks, with stolen data risking fraud and identity theft. Chess.com is strengthening its security measures and monitoring systems, with ongoing investigations possibly involving law enforcement. The Core Issue On June 5, 2025, Chess.com, a prominent online chess platform with over 150…

Fast Facts Texas Attorney General Ken Paxton sued PowerSchool after a December 2024 data breach exposed personal data of 62 million students and 9.5 million teachers, including sensitive information of over 880,000 Texans. The breach involved a ransom demand of $2.85 million in Bitcoin, with PowerSchool acknowledging the theft of data and paying a ransom, though the threat actor continued extorting school districts afterward. The attacker, linked to the group ShinyHunters and a 19-year-old college student, compromised PowerSource in multiple incidents in 2024, exploiting stolen credentials to access sensitive educational data. PowerSchool’s security lapses violated Texas laws and failed to…

Fast Facts CISA added two TP-Link router vulnerabilities (CVE-2023-50224 and CVE-2025-9377) to its KEV list, with evidence of active exploitation, linked to a China-linked botnet, Quad7. The CVE-2023-50224 flaw allows an authentication bypass in TP-Link TL-WR841N, exposing stored credentials; CVE-2025-9377 enables remote code execution via command injection in specific models. Affected models, including TL-WR841N, TL-WR841ND, and Archer C7 (versions 2.0 and 3.0), are end-of-life and no longer receive security updates—firmware patches were provided only until November 2024. US agencies are mandated to implement mitigations by September 24, 2025, to defend against ongoing threats, amid warnings to upgrade hardware for better…

Top Highlights SLTT government organizations face increasing cyber threats but often lack sufficient resources, prompting the CIS to offer a cloud-hosted Managed Detection and Response (MDR) service tailored to their needs. The CIS MDR uses Sophos Endpoint powered by Intercept X to provide 24/7, scalable, and threat-specific protection directly on endpoints, including detection, response, and remediation of both known and unknown threats. The service integrates real-time incident investigation, proactive threat blocking, and expert response support through continuous monitoring by the CIS Security Operations Center (SOC), acting as an extension of local IT teams. Combining trusted SOC services with advanced endpoint…

Summary Points Bridgestone Americas responded to a "limited" cyberattack that temporarily disrupted operations at some plants, including those in South Carolina and potentially across North America. The company claims to have contained the incident early, with ongoing forensic analysis, and asserts that no customer or employee data was compromised. Employees at affected plants had options to stay for maintenance with pay or leave unpaid, and local officials suggest the attack may have impacted all North American factories. This marks a second major cybersecurity incident for Bridgestone in recent years, following a ransomware attack in 2022, with investigations still ongoing. Underlying…

Fast Facts The US Department of State offers up to $10 million for information on three FSB officers—Akulov, Gavrilov, and Tyukov—who conspired to hack into hundreds of energy companies worldwide to disrupt critical infrastructure. The suspects, part of FSB’s Center 16, targeted over 380 energy firms across 135 countries, using malware like Havex and spear-phishing in campaigns called Dragonfly and Dragonfly 2.0. Indicted in 2021, they faced charges of computer and wire fraud and cyber-espionage, aiming to gain persistent access and extract sensitive data from US and international energy and technology sectors. The FBI warned in 2025 that the same…

Top Highlights Rise in Cyber Threats: The food and agriculture sector has become a target for government-backed cyberattacks, prompting companies to prioritize cybersecurity amidst the growing risks. Formation of Food ISAC: Key industry players, including PepsiCo and Tyson Foods, established the Food and Agriculture Information Sharing and Analysis Center (ISAC) to enhance cybersecurity collaboration and protect the food supply chain. Improved Cybersecurity Collaboration: The ISAC is now a hub for real-time intelligence sharing, helping companies navigate cyber threats and refine their security measures based on collective insights and updated guidance. Challenges and Resilience: While facing increasing threats from sophisticated hackers,…

Summary Points Researchers uncovered a new AI supply chain attack, ‘Model Namespace Reuse,’ where threat actors register deleted or transferred model names on platforms like Hugging Face to deploy malicious models and gain control over deployment environments. Demonstrations against Google’s Vertex AI and Microsoft’s Azure AI Foundry showed how attackers could embed payloads and establish unauthorized access by exploiting model registration practices. The attack also poses a threat to open source repositories referencing AI models by name, with thousands of projects being potentially vulnerable, often unknowingly continuing to use compromised models. To mitigate risks, experts recommend pinning models to specific…

Summary Points 1. 75% of German automotive companies view cyber threats as “high” or “very high,” highlighting widespread concern about cyber risks in the industry. 2. Cloud security gaps are perceived as the primary threat (19.5%), surpassing traditional malware and ransomware risks. 3. Only 47% of companies trust their cybersecurity measures, with larger firms feeling more confident, yet infrastructure deficits, personnel shortages, and process gaps hinder protection. 4. Nearly half (46.7%) of automakers plan to invest in threat detection and incident response, with additional focus on AI-driven security and training programs. What’s the Problem? Recently, the automotive industry faces significant…