OMICRON’s multi-year IDS deployments across more than 100 substations, power plants, and control centers revealed widespread technical, organizational, and operational security gaps in OT networks that expand the attack surface of energy infrastructure. StationGuard’s passive and active monitoring exposed unpatched PAC devices (including CVE-2015-5374), risky external connections, weak segmentation, and incomplete…
Tag: CRITICAL INFRASTRUCTURE
Distinctive Systems Ltd, a UK provider of management software for the coach, bus, and tour industry supporting over 2,600 systems globally, was listed by the INC Ransom group on January 29, 2026 after the actor claimed to have compromised the company. The group says it exfiltrated a wide range of sensitive…
![Cybersecurity News | Daily Recap [27 Jan 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [27 Jan 2026]")
Daily Recap, emergency fixes have been issued for Microsoft’s Office zero-day CVE-2026-21509 and a critical VMware vCenter DCERPC flaw (CVE-2024-37079) that attackers are already exploiting, with patches and mitigations urging rapid remediation. The roundup also highlights Dormakaba Exos flaws enabling remote door access, the Stanley malware-as-a-service for Chrome extensions, the Amatera infostealer via in-memory PowerShell with the ClickFix method, extortion-linked data breaches at Nike and by ShinyHunters, a Sandworm-linked DynoWiper attempt against Poland’s power grid, a Cloudflare BGP leak, and regulatory actions around Grok, AI privacy and platform governance. #OfficeZeroDay #CVE-2026-21509 #VMwareVCenter #CVE-2024-37079 #DormakabaExos #StanleyService #Amatera #DynoWiper #Sandworm #PolandPowerGrid #Nike #WorldLeaks #ShinyHunters #Cloudflare #BGPLeak #Grok #X
The FBI has seized the RAMP cybercrime forum, and its Tor and clearnet domains now display an FBI seizure notice with name servers switched to ns1.fbi.seized.gov and ns2.fbi.seized.gov. The action gives law enforcement access to user data that could identify operators and affiliates, and alleged RAMP founder Mikhail Matveev (aka Orange) has acknowledged the seizure after being previously linked to Babuk, LockBit, and Hive operations. #RAMP #Babuk
Malicious open source packages surged into industrialized, large-scale campaigns in 2025, with researchers identifying more than 454,600 new malicious packages across npm, PyPI, Maven Central, NuGet, and Hugging Face and attacks increasing in sophistication. The report spotlights npm as the primary vector—featuring self-replicating packages like Shai-Hulud, activity from threat actors such…
Britain risks being left exposed to cyberattacks and hybrid warfare, Lord Sedwill warned, unless it develops the ability to impose costs on hostile states rather than relying solely on resilience. Ministers defended NATO-linked spending plans and promised a refreshed National Cyber Action Plan, but MPs cautioned that vague accounting for resilience…
Chinese espionage group Mustang Panda updated its CoolClient backdoor to a variant that can steal browser login data, monitor the clipboard, and deploy a previously unseen rootkit. The attacks have used legitimate Sangfor software to target government entities in Myanmar, Mongolia, Malaysia, Russia, and Pakistan while adding new plugins, infostealers for Chromium browsers, and exfiltration via hardcoded Google Drive and Pixeldrain tokens. #MustangPanda #CoolClient #Sangfor #ToneShell #PlugX #LuminousMoth
A failed December attempt to disrupt parts of Poland’s energy grid used destructive “wiper” malware that security firm ESET calls DynoWiper. ESET attributed the attack with medium confidence to Russia’s Sandworm unit of the GRU, and Polish officials said defenses held and critical infrastructure was not compromised. #DynoWiper #Sandworm…
![Threat Research | Weekly Recap [25 Jan 2026]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [25 Jan 2026]")
Cybersecurity Threat Research ‘Weekly’ Recap: the report highlights AI‑generated malware frameworks like VoidLink, AI‑driven KONNI backdoors, real‑time LLM‑assembled phishing, and evolving ransomware such as AnubisRaaS and Osiris, alongside supply‑chain and watering‑hole compromises across multiple industries. It also covers state‑sponsored espionage, credential theft campaigns, and defensive insights for detection, telemetry, and incident response. #VoidLink #KONNI #AnubisRaaS #Osiris #CharmingKitten #APT28 #PurpleBravo #Evelyn
The Russian nation-state hacking group Sandworm was attributed by ESET to a December 29–30, 2025 attempted disruptive attack on Poland’s energy sector that used a previously undocumented wiper called DynoWiper. Polish officials, including Energy Minister Milosz Motyka and Prime Minister Donald Tusk, said the attack failed and the government is preparing…
The third week of 2026 saw active exploitation of a supposedly patched FortiOS 7.4.9 vulnerability alongside continuing ransomware breaches that exposed sensitive data at major organizations. Rising hacktivist attacks on industrial and government systems and new EU rules to phase out high-risk non-EU telecom products highlight the need for integrated technical…
This week’s incidents show attackers exploiting ordinary files, trusted services, and routine workflows to gain control without relying on exotic exploits. From targeted spear-phishing that delivered the FALSECUB backdoor to malvertising and droppers seeding infostealers like TamperedChef, adversaries favor low-friction, large-scale, and patient operations. #FALSECUB #TamperedChef…
Leaked internal documents show Knownsec operates as a state-aligned cyber contractor supplying a vertically integrated espionage stack—ZoomEye/TargetDB reconnaissance, o_data_* identity correlation, GhostX/Un‑Mail exploitation and mailbox takeover, and Passive Radar PCAP-based internal mapping—to Chinese public‑security, military, and regulator customers. The corpus includes organizational charts, employee emails, high‑confidence IOCs targeting Taiwanese critical infrastructure, and detailed tradecraft emphasizing persistence, anti‑forensics, and APT‑style operational workflows. #Knownsec #GhostX
Hacktivists in 2025 shifted their focus from DDoS and defacements to targeting critical infrastructure, including ICS and IoT systems, with increased sophistication and alignment with nation-states. The threat landscape is expected to intensify in 2026, with more attacks on vulnerable OT and HMI systems, driven by geopolitical motives and automated scanning…
The European Commission proposes new measures to enhance cybersecurity by certifying trusted suppliers and phasing out high-risk foreign vendors, particularly in critical infrastructure. The proposal has sparked tensions with China and the US, highlighting geopolitical and trade concerns surrounding supply chain security. #Huawei #ZTE…