Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-affiliated cyber actors are targeting internet-facing operational technology OT devices across critical infrastructures in the U.S., including programmable logic controllers PLCs, cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality,...

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure

As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure...

Traffic violation scams swap links for QR codes to steal your card details

As soon as people start to get to grips with a certain type of scam, criminals deploy new tactics to keep stealing money. Now people have learned to distrust links in text messages, scammers have changed the bait, and in 2026 the “new link” is often a QR code tucked inside a fake notice. The late...

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3...

Border Patrol Agents Sold Challenge Coins With ‘Charlotte’s Web’ Characters in Riot Gear

Nonprofits run out of US Border Patrol stations are also selling other “operation”-themed coins that include a phrase popularized by the Proud Boys, potentially in violation of government rules...

Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins

New Phishing scam uses fake missile alerts and the ongoing conflict involving Iran to target users with QR codes and fake government emails to steal Microsoft passwords...

Killer robots are here. Now what? (Lock and Code S07E07)

Big news : Lock and Code is nominated for a Webby Award! You can help us win the People's Voice Award by voting here. Vote now! This week on the Lock and Code podcast … We have to talk about killer robots. No, not the Terminator, and not some Boston Dynamics robot run amok. We have to talk instea...

The Hack That Exposed Syria’s Sweeping Security Failures

When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity...

CVE-2025-39813

creationtimestamp| type| source ---|---|--- 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/ 2026-04-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260408 2026-05-10 18:00:00+00:00| seen|...

Possible US Government iPhone Hacking Tool Leaked

Wired writes alternate source: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install...

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 CVSS score: 7.8, a lack of integrity...

GHSA-HPFX-H48Q-GVWG

creationtimestamp| type| source ---|---|--- 2026-03-26 18:14:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/squid-security-advisory-av26-284...

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments...

A $20 Billion Crypto Scam Market Faces a New Government Crackdown

The Telegram-based Xinbi Guarantee black market sells services that help prop up scam operations. British officials just hit the highly lucrative marketplace with sweeping sanctions...

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

Executive overview The strategic positioning of covert access within the world’s telecommunication networks A months-long investigation by Rapid7 Labs has uncovered evidence of an advanced China-nexus threat actor, Red Menshen, placing some of the stealthiest digital sleeper cells the team has ev...

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed...

FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts

In a Public Service Announcement PSA the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA warn the public about ongoing Russian-linked phishing campaigns that aim to gain access to messaging accounts. Earlier this month we wrote about a large‑scale...

CVE-2026-22901

creationtimestamp| type| source ---|---|--- 2026-03-23 10:37:14+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-qnap-7 2026-03-23 14:40:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhqc3gk4px2k...

Cybersecurity Guidance for Smart Homes: A Cross-National Review of Government Sources

Smart homes are increasingly targeted by cyberattacks, yet residents often lack guidance when incidents occur. Since affected residents are likely to seek help from trustworthy sources, this paper asks: What actionable cybersecurity guidance do governments provide to smart home users whose system...

CVE-2025-71199

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-04-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260408 2026-05-10 18:00:00+00:00| seen|...