AI-SOC platforms automate triage, correlation, and enrichment to handle large alert volumes, enabling machine-speed operations and a sustainable hybrid SOC with human oversight. The article argues for a co-managed transition where AI handles scale and speed while humans provide context, accountability, and ROI-focused paths for MSSPs and MDRs. #RadiantSecurity #AI_SOC #MSSP #MDR #PagerDuty
Tag: CRITICAL INFRASTRUCTURE
AI has great potential to enhance cyber defense, but securing AI systems is crucial to prevent risks and maintain trust. Proper identity management, layered protections, and best practices are essential for safe AI integration in security operations. #AgenticAI #AISystemsSecurity…
The threat actor Lynx claims to have compromised Trail Ridge Energy Partners II LLC, a Texas-based oil and gas exploration company, by infiltrating their systems amid the ongoing development of the Permian Basin’s resource-rich formations. This cyberattack potentially exposes sensitive operational data and threatens the company’s critical infrastructure, impacting the US.
Chinese authorities accused the NSA of attempting to hack the National Time Service Center in China, accusing it of cyber espionage and sabotage efforts. The U.S. government did not confirm these allegations, and the incident highlights ongoing tensions over cyber activities between China and the U.S. #NSA #NTSC #ChineseCyberOps #CyberEspionage…
China claims to have undeniable evidence that the NSA conducted a two-year cyberattack against China’s NTSC, involving sophisticated weapons and exploiting SMS vulnerabilities. The MSS also accuses the U.S. of extensive cyber espionage targeting multiple regions and dismisses American allegations of Chinese cyber threats. #NSA #NTSC #Cyberattack #TimeService #U.S.Embassy…
International law enforcement has dismantled a sophisticated network selling phone numbers to facilitate cybercrimes across over 80 countries. The operation led to arrests, seizure of servers, and the disruption of a service linked to thousands of fraud cases and millions in losses. #Europol #SIMBox #CyberFraud #LatvianPolice…
Foreign nations including Russia, China, Iran, and North Korea are ramping up their use of artificial intelligence to carry out cyberattacks and create deceptive content targeting the United States. Microsoft’s recent report highlights over 200 instances of AI-driven disinformation and cyber espionage by adversaries in just one month, demonstrating a significant…
A China-backed APT group, assessed as likely Flax Typhoon, maintained year-long access to a self-hosted ArcGIS server by converting a legitimate Java Server Object Extension (SOE) into a gated web shell and embedding it in backups to survive recovery. The attackers also deployed a renamed SoftEther VPN executable as a persistent service to create a VPN bridge for lateral movement and C2, enabling credential harvesting and internal scanning. #FlaxTyphoon #ArcGIS #SoftEtherVPN
This article emphasizes the importance of focusing detection efforts on critical assets and attack paths, rather than just building a vast detection repository. It highlights how strategic prioritization, threat modeling, and effective metrics can showcase the value of a cybersecurity team to leadership. #MITREATT&CK #DetectionStrategy
Researchers have uncovered that half of the geostationary satellite links contain unencrypted IP traffic, exposing sensitive data across various sectors. This study highlights the security vulnerabilities of satellite communications, affecting military, industrial, and commercial networks. #GEOsatellites #SatelliteTrafficProtection…
A recent report from ReliaQuest details how the China-backed APT group “Flax Typhoon” exploited legitimate enterprise software, specifically ArcGIS, to maintain covert long-term access. This sophisticated attack involved repurposing trusted software components into backdoors, evading detection and complicating defense efforts. #FlaxTyphoon #ArcGIS #SupplyChainAttack…
The U.S. federal government has issued an emergency directive for all agencies to update F5 products following a sophisticated nation-state cyberattack that compromised source code and vulnerabilities. This incident highlights the ongoing threat of nation-state actors exploiting vulnerabilities in critical infrastructure components like F5 BIG-IP devices. #F5 #BIGIPAttack…
Rhysida ransomware claims have targeted Tex-Tube, a US-based steel manufacturing company with over 75 years of experience in producing ERW steel pipes for the North American market. The incident highlights the ongoing threat posed by cybercriminals to critical infrastructure in the US. #UnitedStates
SecurityWeek is hosting the 2025 ICS Cybersecurity Conference in Atlanta, featuring over 75 sessions and hands-on training for critical infrastructure protection. The event gathers cybersecurity experts and OT asset owners to discuss strategies, research, and competitions like CTF to strengthen industrial security. #ICS #OTSecurity…
APT35 (Charming Kitten) maintained a professional malware development pipeline producing two RAT families (Saqeb System and RAT-2AC2), custom webshells (m0s.asp variants), support tools, and QA/testing materials used to target 300+ entities across the Middle East from 2022–2025. The collection shows advanced anti-detection, modular architectures, multi-hop C2 (including TOR), and explicit operational playbooks for persistence, credential theft, VNC access, and ransomware staging. #Saqeb_System #RAT-2AC2