Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands

Apple is removing its Advanced Data Protection ADP feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that...

Angry Likho: Old beasts in a new forest

Angry Likho referred to as Sticky Werewolf by some vendors is an APT group we've been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we've analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho's attacks tend to be...

Efficiency? Security? When the quest for one grants neither.

Welcome to this week's edition of the Threat Source newsletter. Benjamin Franklin once said, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." In much the same way, those who rush for efficiency without taking into account...

Elon Musk’s DOGE Is Being Sued Under the Privacy Act: What to Know

At least eight ongoing lawsuits related to the so-called Department of Government Efficiency’s alleged access to sensitive data hinge on the Watergate-inspired Privacy Act of 1974. But it’s not airtight...

AI and Civil Service Purges

Donald Trump and Elon Musk's chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department of Government...

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations NGOs, information technology IT services an...

RansomHub Becomes 2024's Top Ransomware Group, Hitting 600+ Organizations Globally

The threat actors behind the RansomHub ransomware-as-a-service RaaS scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their...

DOGE as a National Cyberattack

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history--not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the...

stroom 安全漏洞

stroom is a highly scalable data storage, processing, and analytics platform open-sourced by GCHQ. A security vulnerability exists in stroom that stems from a vulnerability that allows bypassing the authentication of the stroom system when the ALB is configured and installed in a way that the...

Apple ordered to grant access to users’ encrypted data

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. Since then, privacy focused groups have uttered their objections. The UK government has demanded to be able to access encrypted data store...

UK Is Ordering Apple to Break Its Own Encryption

The Washington Post is reporting that the UK government has served Apple with a "technical capability notice" as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and...

CVE-2023-52879

creationtimestamp| type| source ---|---|--- 2025-02-06 02:39:18+00:00| published-proof-of-concept| Telegram/VNjxvAEngOCSsgJapE24tww49qzXyEXZbMRXPrLrAg4C7Xss 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-15 2026-03-19 00:00:00+00:00| seen|...

Malicious code in @infoserver/gov-shared-connections (npm)

--- -= Per source details. Do not edit below this line.=-...

Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign

The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard's targets are most commonly related to government...

GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia

Since 1974, gambling has been officially illegal in Indonesia. However, the digital revolution of the 2000s introduced a new challenge: the rapid growth of online gambling platforms. This technological shift has created enforcement gaps, compelling the Indonesian government to intensify its effor...

Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063 , which...

RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns

Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou,...

US Treasury Department Sanctions Chinese Company Over Cyberattacks

From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the...

New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities

Internet service providers ISPs and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE aka Thumtais comes fitted with various components that allow the backdoor to deploy additional payloads, enumerat...

Salt Typhoon’s Reach Continues to Grow

The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon...