Author: Staff Writer

Summary Points Davis Lu, a former software engineer, was sentenced to four years in prison for maliciously sabotaging his former employer’s systems, causing significant disruptions and financial losses. After his access was restricted in 2018, Lu installed malicious code that caused server crashes, deleted files, and created a kill switch to log out all users. He actively researched methods to escalate privileges, delete data, and evade system restoration, indicating premeditated sabotage. Lu’s actions impacted thousands of users worldwide, resulting in millions of dollars in damages, and he was convicted in March, receiving supervised release alongside his prison term. What’s the…

Fast Facts Emerging Threat: The cyber espionage group known as Murky Panda (Silk Typhoon) is exploiting trusted cloud relationships and internet-facing appliances to breach enterprise networks, showcasing advanced capabilities in leveraging both zero-day and N-day vulnerabilities. Targets and Tactics: Murky Panda’s operations are primarily aimed at intelligence gathering from sectors such as government, technology, and academia, using techniques like initial access through compromised appliances and deploying custom malware (CloudedHope) to maintain persistence. Cloud Vulnerabilities: Other China-linked groups, like Genesis Panda, are increasingly targeting cloud services for lateral movement and persistent access, demonstrating a shift in tactics and expanding their operations…

Fast Facts Over 1,200 cybercriminal suspects were arrested across Africa during INTERPOL’s ‘Operation Serengeti 2.0’, targeting cross-border cybercrimes such as ransomware, scams, and BEC, with coordinated efforts from 18 African countries and the UK. The operation resulted in the seizure of $97.4 million and the dismantling of 11,432 malicious infrastructures, impacting nearly 88,000 victims worldwide between June and August 2025. This initiative builds on previous operations, like ‘Operation Red Card’ and ‘Operation Serengeti,’ demonstrating a sustained effort to combat cybercrime, improve cooperation, and share intelligence among participating nations. Funding from the UK and private sector data partners has been crucial…

Fast Facts Colt Technology Services experienced a sophisticated cyber attack on August 12, 2025, resulting in the exfiltration of customer data and publication of document titles on the dark web. The breach targeted Colt’s business support systems, prompting immediate containment actions, system halts, and customer data assessment via a dedicated hotline. The company swiftly engaged forensic experts, notified law enforcement and cybersecurity authorities, and temporarily suspended critical services to prevent further intrusion. Despite the incident, customer-facing networks remain operational due to architecture segregation, with ongoing investigations and enhanced security measures to restore full services. The Core Issue On August 12,…

Top Highlights AWS fixed a vulnerability where attackers could manipulate S3 bucket policies to bypass Trusted Advisor’s security alerts, preventing detection of open or publicly accessible buckets. The flaw involved setting specific deny actions (‘s3:GetBucketAcl’, ‘s3:GetPublicAccessBlock’, ‘s3:GetBucketPolicyStatus’) to thwart Trusted Advisor checks, enabling data exfiltration without warning. Attackers would need prior access to the AWS environment to exploit this weakness, but the issue highlighted gaps in automatic security flagging for S3 permissions. AWS issued a partial fix in May, followed by a complete patch in June, and advised customers to review and align their S3 permissions with security best practices,…

Top Highlights CrowdStrike warns of increased attacks on macOS using a variant of the Atomic macOS Stealer (AMOS), dubbed SHAMOS, via malvertising campaigns. The campaigns, operated by the Cookie Spider group, targeted users seeking macOS help and compromised systems by executing malicious commands that download and run malware. SHAMOS malware specializes in credential theft, data exfiltration, and can also download payloads including botnet modules and fake cryptocurrency wallet applications. The attacks, primarily focused on countries like Canada, China, and the US, involved impersonation of legitimate businesses and leveraged one-line malicious commands to bypass macOS security features. Underlying Problem CrowdStrike has…

Fast Facts Implementing a DevSecOps approach, AI, and SIEM platforms significantly reduce breach costs and response times, with AI enabling real-time threat detection and containment. Shadow AI use and security incidents involving AI models pose increasing risks, often leading to broad data breaches and operational disruptions due to inadequate access controls. Organizations leveraging AI and automation achieve lower breach costs (e.g., £3.11M in the UK) and faster breach response times, but full benefits depend on mature processes and data pipelines. Preparedness, rapid incident response, and a resilient, organization-wide post-breach mindset are critical for minimizing financial damage, as most breaches are…

Summary Points Orange Belgium’s systems were breached in July, exposing data of roughly 850,000 customers, including names, phone numbers, and sensitive account details, though not passwords or financial info. The attack targeted one IT system, with the company aware of the threat group’s identity but not disclosing details pending investigation; it wasn’t linked to the Chinese Salt Typhoon espionage group. Customers are being notified to watch for impersonation scams, as stolen data could be used for fraudulent attempts, and the breach is separate from a recent Orange Group incident affecting mainly French users. This incident follows previous security breaches across…

Summary Points OT-ISAC partners with Protos Labs to leverage agentic AI for enhanced cyber threat intelligence and infrastructure resilience across critical sectors. Protos Labs’ Protos AI functions as an autonomous virtual CTI analyst, analyzing attacker behaviors and rapidly generating contextual threat insights. The alliance aims to improve information sharing, deliver OT/ICS-specific intelligence, and strengthen cyber resilience against emerging threats through AI integration. This collaboration follows recent warnings of active cyberattacks on Singapore’s critical infrastructure by a Chinese state-sponsored group exploiting zero-day vulnerabilities. The Issue The Operational Technology Information Sharing and Analysis Center (OT-ISAC) has entered into a strategic partnership with…

Quick Takeaways The Chinese threat group Silk Typhoon, also known as Murky Panda, has intensified cyber espionage activities targeting North American government, tech, legal, and professional sectors since late spring 2023. Murky Panda exploits cloud vulnerabilities and unmanaged devices to gain prolonged access, leveraging trusted relationships with cloud providers for undetectable lateral movement. The group rapidly exploits both zero-day and known vulnerabilities, including CVE-2023-3519 (Citrix NetScaler) and CVE-2025-3928 (Commvault), and targets internet-facing devices for initial access. Despite indictments of Chinese nationals linked to espionage, China-sponsored cyber intrusions increased by 150% over the first half of 2023, with Murky Panda playing…