The 2025 Global OT & IoT Threat Landscape Report reveals a sharp rise in industrial cyber risks driven by AI-enhanced cybercrime and targeted attacks on critical infrastructure worldwide. It highlights persistent vulnerabilities in IT-OT convergence, the emergence of AI-powered malware, and sustained threat actor activities including state-sponsored APT operations. #LockBitNG #APT41 #RansomHub #IndustrialCybercrime
Tag: CRITICAL INFRASTRUCTURE
This week highlighted the resurgence of Mirai-based IoT malware and the increasing sophistication of cybercriminal techniques such as AI-powered scams and stealthy malware targeting email servers. Governments and security companies are actively fighting back through regulation, upgrades, and takedowns. #ShadowV2 #Mirai #OpenFind…
Code formatting platforms like JSONFormatter and CodeBeautify are exposing thousands of sensitive secrets, including credentials and API keys, which are exploited by threat actors. Hundreds of organizations across various sectors are affected by these leaks, highlighting the risks of improper data sharing and storage on online tools. #JSONFormatter #CodeBeautify #CredentialLeaks #ThreatActors…
Between late 2024 and early 2025 the U.S. government issued indictments or sanctions against three Chinese information security firms—i-SOON, Sichuan Silence, and Integrity Tech—alleging their support for or links to malicious cyber groups targeting U.S. government and critical infrastructure systems. At LABScon 2025 Mei Danowski and Eugenio Benincasa presented research showing these firms and a broader private cybersecurity industry provide commercial cyber ranges and “attack-defense live-fire” exercises that nurture China’s offensive cyber talent and support state-linked operations. #i-SOON #IntegrityTech
Russian hackers targeted an American engineering firm connected to Ukraine through sister-city relationships, reflecting Moscow’s expanding cyberwar tactics. The campaign was part of a broader effort to disrupt Ukrainian support networks and steal sensitive information, with potential links to Russian intelligence. #RomCom #SentinelOne…
Berserk Bear is an FSB-linked espionage group active since at least 2010 that conducts long-running, stealthy intrusions against critical infrastructure, especially energy, telecom, aviation, and state/local networks. Their campaigns reuse legitimate admin tools, trojanize vendor software, and exploit router vulnerabilities (notably CVE-2018-0171) while deploying implants such as Havex to maintain persistent access. #BerserkBear #Havex
Recent research reveals that sensitive credentials from organizations across various sectors have been leaked through online formatting tools like JSONformatter and CodeBeautify. These tools’ popularity and shareable links have led to widespread exposure and misuse of confidential data. #JSONformatter #CodeBeautify #CredentialLeakage…
Thousands of sensitive credentials and configuration data have been exposed through publicly accessible JSON snippets on online formatting tools, putting organizations in high-risk sectors at serious threat. Researchers found over 80,000 user pastes containing critical information, including API tokens, private keys, and PII, accessible via the platforms’ unsecured Recent Links feature. #JSONFormatter #CodeBeautify #SensitiveDataExposure
A recent data breach involving Almaviva has compromised 2.3 TB of sensitive information, including government contracts, personal data, and trade secrets related to Italy’s national railway operator FS Italiane. The attack underscores the significant risks to critical infrastructure and governmental data sharing. #Almaviva #FerrovieDelloStatoItaliana…
Festo has identified a vulnerability in its MSE6 product-family that could allow remote attackers to exploit hidden functions, risking confidentiality, integrity, and availability. Mitigation strategies include network isolation and secure remote access practices. #Festo #CVE-2023-3634…
Modern organizations must transition from legacy patch management tools like SCCM and WSUS to cloud-native solutions to ensure effective security coverage for hybrid workforces. Cloud-based patch management improves compliance, reduces costs, and mitigates risks associated with outdated, on-premises architectures. #SCCM #WSUS #HybridWork #CloudNativePatching
The leaked October 2025 APT35 corpus documents a quota-driven, bureaucratic IRGC cyber-intelligence apparatus that weaponized Exchange (ProxyShell, Autodiscover, EWS) and Ivanti vulnerabilities, ran HERV-style phishing seeded from harvested Global Address Lists, and maintained persistent mailbox monitoring backed by centralized KPI reporting and on-premises operator attendance logs. #APT35 #ProxyShell
Two British teenagers linked to the Scattered Spider hacking group have pleaded not guilty to charges related to the August 2024 TfL data breach that caused significant disruption and exposed customer information. The case highlights increasing cyber threats targeting critical infrastructure and the growing cybercriminal activities across the UK and the US. #ScatteredSpider #TfLDataBreach
Over 370 organizations participated in GridEx VIII, the largest cybersecurity and physical security drill for North America’s power grid. The exercise aimed to improve emergency preparedness against real-world cyber and physical threats, with increased participation from utilities and cross-industry sectors. #GridEx #NERC #PowerGridCybersecurity…
This report highlights vulnerabilities in iCam365 P201 and QC021 cameras allowing unauthenticated access to their video streams and configuration data. These issues could lead to unauthorized surveillance and configuration manipulation. #CVE2025-64770 #CVE2025-62674…