A Ukrainian national linked to the Conti ransomware group has been extradited to the U.S. and faces serious charges for controlling stolen data and orchestrating cyber extortion. The Conti operation, responsible for over 1,000 attacks worldwide, has evolved into smaller groups since its shutdown, continuing to threaten critical infrastructure and organizations. #Conti #TrickBot
Tag: CRITICAL INFRASTRUCTURE
This alert raises awareness about recent cyber threats targeting internet-connected Industrial Control Systems (ICS) in Canada, affecting critical infrastructure such as water facilities, oil and gas companies, and farms. It emphasizes the importance of comprehensive security measures, collaboration, and timely reporting to law enforcement. #ICS #CriticalInfrastructure #CyberCentre #RCMP #Canada…
Hacktivists have targeted Canadian industrial control systems to cause disruptions and generate media attention, rather than for financial gain. These opportunistic attacks have affected critical infrastructure such as water facilities, oil companies, and farms, highlighting vulnerabilities in operational technology. #CanadianCyberSecurity #IndustrialControlSystems…
The Middle East Cybersecurity Market is rapidly expanding, driven by increased digital transformation, cyber threats, and government initiatives. The market is expected to double in size by 2030, with significant investments in cloud security, AI, and national resilience strategies. #MiddleEastCybersecurity #GCC #SaudiVision2030 #UAEVision2021…
The Australian cyber agency warns that over 150 devices remain compromised with the BadCandy implant, two years after patches were released. This highlights the ongoing challenge of patch management and vulnerability re-exploitation in network edge devices. #BadCandy #CVE-2023-20198 #CiscoIOSXE…
Peter Williams, a former U.S. defense contractor executive, pleaded guilty to stealing and selling sensitive cyber exploit components to Russian brokers, risking national security. This case highlights the dangers of insider threats in cybersecurity and the potential for stolen data to empower foreign cyber actors. #TradeSecretsTheft #RussianCyberBrokers…
![Cybersecurity News | Daily Recap [30 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [30 Oct 2025]")
Daily Recap, The latest security alerts cover a broad sweep of breaches, from a Vinomofo data protection ruling and a major Conduent breach to widespread misinformation around Gmail and a surge in NPM credential theft campaigns. The report also highlights tools and flaws enabling rapid credential harvesting, patching gaps, botnet attacks on PHP/IoT, AI misuse in executive-targeted campaigns, and notable industry moves like Reflectiz funding and Spektrum Labs’ market entry. #Vinomofo #Conduent #GmailHoax #WPPluginLeak #PhantomRaven #NPM #LoginsZip #Dovecot #TotalJS #Copilot #DNSOutage #Mirai #Gafgyt #Mozi #BlueNoroff #AICloking #MaliciousSEO #ThreatsDay #ExploitsSold #M&SImpact #Reflectiz #SpektrumLabs #Herodotus
Canadian cybersecurity officials warn of increasing hacktivist attacks on critical infrastructure, including water, energy, and agriculture sectors. Russia-linked hacktivists, particularly since the fall of 2024, have been prominent in targeting internet-accessible ICS devices to discredit organizations and undermine Canada’s reputation. #Z-Pentest #ICSgaps…
A nation-state cyberattack compromised Ribbon Communications’ IT network, potentially affecting multiple government and telecom clients. The breach, linked in pattern to China’s Salt Typhoon group, highlights ongoing threats to critical infrastructure. #SaltTyphoon #TelecomBreaches
British retailers experienced varied impacts from recent cyberattacks, with Next benefiting from competitor disruptions and M&S suffering profits losses. The JLR cyberattack caused significant economic damage, highlighting the need for improved cybersecurity laws in the UK. #MarksAndSpencer #JaguarLandRover #CyberLegalReform…
Canada’s cyber authorities warn that hacktivists are increasingly attacking industrial systems, disrupting utilities and businesses. These incidents highlight the risks of poorly secured ICS components and follow a global rise in hacktivist activity targeting critical infrastructure. #CanadaCyberSecurity #Hacktivists…
Silent Push analysts discovered threat actors abusing the open-source AdaptixC2 post-exploitation framework to deliver malicious payloads, including via the CountLoader loader, and observed a surge in its use within global ransomware campaigns. The report highlights a likely developer/maintainer using the handle “RalfHacker” with Russian-language channels and ties to the Russian criminal…
Hacktivists have repeatedly breached Canada’s critical infrastructure, tampering with systems at water, oil, and agricultural facilities, causing disruptions and safety concerns. The threat underscores the need for stronger security practices to protect industrial control systems from opportunistic attacks. #CriticalInfrastructure #Hacktivists
Microsoft is experiencing a widespread DNS outage affecting services like Azure, Microsoft 365, and associated portals worldwide. This incident has disrupted authentication and access for numerous organizations, including critical infrastructure like the Dutch railway system. #AzureFrontDoor #MicrosoftAzure #Microsoft365
Salt Typhoon (aka Earth Estries / GhostEmperor / UNC2286) is a state-linked APT active since at least 2019 that has targeted telecoms, energy, and government systems worldwide using zero-day exploits, DLL sideloading, custom backdoors (SNAPPYBEE/Deed RAT), and obfuscated C2 channels. Darktrace observed a July 2025 intrusion against a European telco exploiting CVE-2025-5777 on Citrix NetScaler, delivering SNAPPYBEE via DLL side-loading and communicating with C2 domains such as aar.gandhibludtric[.]com. #SaltTyphoon #SNAPPYBEE