Bob Flores, Former CTO of the CIA, Joins Brinker

Delaware, United States, 4th November 2025, CyberNewsWire...

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control OFAC announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi...

The sound of you typing on your keyboard could reveal your password

As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...

Russian Cyberwarfare Documents Leaked

Now this is interesting: Thousands of pages of secret documents reveal how Vulkans engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the...

Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware

A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed...

Tracking Secret German Organizations with Apple AirTags

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a "good...

U.S. Dept Of Defense: IDOR on https://██████ via POST UID enables database scraping

Summary: The UID parameter on █████████ in the ██████ ███████ system, with ███████, does not validate that the caller has permission to view information on the UID entered, thereby enabling personnel and student data extraction. Description: The user operations API endpoint for the ███ ██████████...

The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Senator Ron Wyden asked, and the NSA didnt answer: The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others...

Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China

Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency CIA to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The targeted industry sectors include aviation...

United States Sues Edward Snowden and You'd be Surprised to Know Why

The United States government today filed a lawsuit against Edward Snowden, a former contractor for the CIA and NSA government agencies who made headlines worldwide in 2013 when he fled the country and leaked top-secret information about NSA's global and domestic surveillance activities. And you...

A week in security (June 24 – 30)

Last week on Malwarebytes Labs, we peeled back the mystery on an elusive malware campaign that relied on blank JavaScript injections, detailed for readers our latest telemetry on the tricky GreenFlash Sundown exploit, and looked at one of the top campaigns directing traffic toward scareware pages...

The Russian Sleuth Who Outs Moscow's Elite Hackers and Assassins

Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency...

Smaller Nation State Attacks: A Growing Cyber Menace

Last year, a Qatari state media website was compromised and defaced with false reports of the Emir of that country praising Iran and Hamas. The fake content was blasted on social media and amplified through bots, eventually provoking a regional boycott that persists today. Andrea Little Limbago...

Justice Department Indicts 12 Russian Nationals Tied to 2016 Election Hacking

The United States Justice Department on Friday announced 12 indictments against Russian nationals, accusing them of engaging in a “sustained effort” to hack Democrats’ emails and computer networks. According to Rod Rosenstein, United States deputy Attorney General, all 12 defendants are members o...

Ex-CIA employee charged with leaking 'Vault 7' hacking tools to Wikileaks

A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency's history. Joshua Adam Schulte , who once created malware for both the CIA and NSA to break...

Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012

A global mobile espionage campaign collecting a trove of sensitive personal information from victims since at least 2012 has accidentally revealed itself—thanks to an exposed server on the open internet. It's one of the first known examples of a successful large-scale hacking operation of mobile...

British Hacker Admits Using Mirai Botnet to DDoS Deutsche Telekom

An unnamed 29-year-old man, named by authorities as "Daniel K.," pleaded guilty in a German court on Friday to charges related to the hijacking of more than one Million Deutsche Telekom routers. According to reports in the German press, the British man, who was using online monikers "Peter Parker...

US Defense Contractor left Sensitive Files on Amazon Server Without Password

Sensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation's top intelligence contractor without a password, according to a new report. UpGuard cyber risk analyst Chris Vickery discovered a cache of 60,000 documents from a U...

Crack for Charity — GCHQ launches 'Puzzle Book' Challenge for Cryptographers

The UK's Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity. Dubbed "The GCHQ Puzzle Book," the book features more than 140 pages of codes, puzzles, and challenges created by expert cod...

Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency

Users are still dealing with the Yahoo's massive data breach that exposed over 1 Billion Yahoo accounts and there’s another shocking news about the company that, I bet, will blow your mind. Yahoo might have provided your personal data to United States intelligence agency when required. Yahoo...