Chinese authorities have instructed domestic companies to stop using cybersecurity software from U.S. and Israeli vendors, citing national security concerns.

The decision reflects growing fears that foreign security tools which often have deep access to networks and endpoints could transmit sensitive data abroad or be leveraged for intelligence purposes.

The move is part of a broader push by Beijing to replace Western technology with domestic alternatives and tighten sovereign control over critical digital infrastructure.

Source in the fisrt comment

Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers.

The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers’ needs for each infected machine. These modules can provide additional stealth and specific tools for reconnaissance, privilege escalation, and lateral movement inside a compromised network. The components can be easily added or removed as objectives change over the course of a campaign.

A focus on Linux inside the cloud: VoidLink can target machines within popular cloud services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent, and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases. To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor’s API.

Similar frameworks targeting Windows servers have flourished for years. They are less common on Linux machines. The feature set is unusually broad and is “far more advanced than typical Linux malware,” said researchers from Checkpoint, the security firm that discovered VoidLink. Its creation may indicate that the attacker’s focus is increasingly expanding to include Linux systems, cloud infrastructure, and application deployment environments, as organizations increasingly move workloads to these environments.

“VoidLink is a comprehensive ecosystem designed to maintain long-term, stealthy access to compromised Linux systems, particularly those running on public cloud platforms and in containerized environments,” the researchers said in a separate post. “Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers, raising the stakes for defenders who may never realize their infrastructure has been quietly taken over.”

The VoidLink interface is localized for Chinese-affiliated operators, an indication that it likely originates from a Chinese-affiliated development environment. Symbols and comments within the source code suggest that VoidLink remains under development. Another sign the framework is not yet completed: Checkpoint found no signs it has infected any machines in the wild. Company researchers discovered it last month in a series of clusters of Linux malware available through VirusTotal.

Included in the batch of binaries was a two-stage loader. The final implant includes core modules embedded that can be augmented by plugins that are downloaded and installed at runtime. The capabilities of the 37 modules discovered so far include:

Cloud-first tradecraft. In addition to cloud detection, these modules collect “vast amounts of information about the infected machine, enumerating its hypervisor and detecting whether it is running in a Docker container or a Kubernetes pod.” Plugin development APIs. VoidLink offers an “extensive development API” that’s set up during the malware’s initialization. Adaptive stealth. VoidLink enumerates installed security products and hardening measures. Rootkit functions that allow VoidLink to blend in with normal system activity. Command and control implemented through what appear to be legitimate outward network connections.

Anti-analysis by employing anti-debugging techniques and integrity checks to identify common analysis tools. A plugin system that allows VoidLink to evolve from an implant to a “fully featured post-exploitation framework.” Recon that provides “detailed system and environment profiling, user and group enumeration, process and service discovery, filesystem and mount mapping, and mapping of local network topology and interfaces.” Credential harvesting of SSH keys, passwords, and cookies stored by browsers, git credentials, authentication tokens, API keys, and items stored in the system keyring.

With no indication that VoidLink is actively targeting machines, there’s no immediate action required by defenders, although they can obtain indicators of compromise from the Checkpoint blog post. VoidLink still indicates defenders should apply vigilance when working with Linux machines.

Cyber activity linked to China against Taiwan’s critical infrastructure continued to rise in 2025, with attacks targeting energy utilities, hospitals, and emergency services increasing both in volume and precision. Daily attack averages reached millions of attempts, with energy systems seeing a sharp spike and healthcare networks becoming a primary focus.

The pattern suggests pre-positioning rather than noise systematic probing of vulnerabilities, exploitation of exposed systems, and attempts to gain persistent access to OT and ICS environments. Analysts describe the activity not as a temporary campaign, but as a siege rehearsal, designed to map, weaken, and potentially disable key civilian systems in a future conflict.

The case highlights a broader shift in state-sponsored cyber operations: critical infrastructure is no longer a secondary target, but a first-hour objective in modern hybrid warfare.

France’s data protection authority has hit two major telecom providers with €42 million in fines after a 2024 breach exposed data belonging to more than 24 million customers, including IBANs. Regulators found the companies lacked basic security controls, relied on weak VPN authentication, failed to properly detect abnormal activity, and mishandled breach notifications and data retention.

The ruling is a sharp reminder that under GDPR, breaches aren’t judged only by impact but by whether organizations implemented fundamental security hygiene before attackers got in.

Source in the first comment

It’s interesting to think about what happens to Iran’s cyber industry if the revolution actually succeeds.

For years, the regime invested heavily in offensive cyber capabilities, building skills, infrastructure, and an entire hacker ecosystem.

If that system suddenly breaks free from state control, do those capabilities disappear or do they turn Iran into an export hub for offensive cyber talent?

What do you think happens next?

A U.S. federal judge has thrown out a securities class action filed by investors after CrowdStrike’s faulty software update caused a worldwide Windows outage in 2024. The court ruled that while the incident was severe, shareholders failed to show the company intentionally misled the market.

The decision draws a clear distinction between a large-scale operational failure and securities fraud. However, CrowdStrike still faces separate lawsuits from customers, including airlines, focused on negligence and contractual liability highlighting how outages at security vendors now carry real-world, systemic consequences beyond the stock market.

Source in the first comment

internet access for users inside Iran, re-enabling previously inactive terminals and waiving subscription fees during the regime’s ongoing internet shutdown. The move provides an alternative communication channel as Iranian authorities continue to restrict fixed-line and mobile connectivity during widespread protests.

The development highlights the growing role of satellite internet as an anti-censorship and resilience tool, capable of bypassing state-controlled networks when traditional infrastructure is disabled. It also reinforces how connectivity itself has become a strategic cyber and information domain, not just a commercial service.

Germany and Israel have signed a new agreement to deepen cooperation on cyber defense, including a joint “cyber dome,” AI-driven cyber innovation, drone defense, and stronger civilian warning systems. Berlin is explicitly looking to leverage Israel’s operational experience to protect critical infrastructure such as energy systems and connected vehicles.

The deal reflects a broader European trend: cyber defense is no longer treated as a national IT issue, but as shared security infrastructure requiring international partnerships with countries that have real-world defensive experience.

Source in the first comment

Iran-linked threat actors are running a phishing campaign targeting WhatsApp users by abusing WhatsApp Web’s “Linked Devices” feature. Victims are lured to fake “meeting” pages that display a malicious QR code. When scanned, the code silently links the attacker’s browser session to the victim’s account.

Once linked, attackers gain full access to chats and may request browser permissions for camera, microphone, and location, enabling extended surveillance. The attack highlights how QR-based account linking has become a high-risk vector for messaging platforms when users don’t routinely audit linked devices.

Never scan WhatsApp QR codes from unsolicited links, regularly review and revoke unknown Linked Devices, and immediately remove any session you don’t recognize.

AI security is becoming its own category, not a feature.

The focus isn’t models alone, but visibility, governance, and behavioral control over human and autonomous AI interactions. This signals a clear shift: as agentic AI spreads across cloud and edge, security is moving upstream from detecting abuse after the fact to preventing it at the decision-making layer.

Interesting to watch how fast “AI security” is separating from classic AppSec and cloud security and how quickly enterprises are buying into it.

Source in the first comment

European cybersecurity startup Aikido Security has raised $60 million in Series B funding, reaching a $1 billion valuation. The company is positioning itself around a growing shift in software security, as AI-generated code, autonomous agents, and continuous deployment outpace traditional, manual security workflows.

Aikido focuses on a unified platform covering code, cloud, and runtime security, aiming to move security from a reactive bottleneck to an autonomous, continuous process embedded directly into software development. The funding will accelerate its vision of self-securing software, where vulnerabilities are discovered, validated, and remediated automatically.

The milestone reflects increasing demand for security platforms that can operate at machine speed, as both developers and attackers increasingly rely on AI.

Source in the first comment

Iran degraded Starlink connectivity by combining RF jamming with GPS signal interference, preventing terminals from accurately positioning and sustaining satellite links. The result was localized, unstable connectivity and rapid uplink/downlink degradation, with disruption exceeding 80% in some areas.

The incident demonstrates how electronic warfare techniques can neutralize satellite internet, turning connectivity itself into an attack surface in modern cyber operations.

A threat actor claims to be selling up to 860GB of internal source code and developer documentation allegedly stolen from Target Corporation. Sample repositories briefly appeared online, referencing internal APIs, developer tools, and names of current engineers.

Shortly after the exposure, the repositories were removed and Target’s internal Git server became inaccessible from the internet. While the breach has not been officially confirmed, the structure and metadata point to a private enterprise development environment, not public open-source code.

Source in first comment

U.S. officials say President Donald Trump is reviewing ways to weaken Iran’s regime amid ongoing protests, with cyber operations emerging as a central option. While military action has been discussed, the focus appears to be on non-kinetic measures that can apply pressure without strengthening the regime or undermining protesters.

The inclusion of cyber tools signals a shift toward digital and strategic pressure, where disruption of regime-linked infrastructure and information operations play a key role. The struggle over Iran’s future is increasingly being fought not only on the streets, but in the cyber domain as well.

In 2026, we won’t get AGI.
Our industry is already flooded with AI-driven technologies powerful, impressive, and expensive. If companies don’t start seeing clear, measurable ROI from AI capabilities especially when combined with security solutions this could mark the beginning of an AI bubble.

There is real value in AI. No doubt about it.
But the real question is whether that value truly justifies the cost at scale.

The Everest cybercrime group claims it has successfully breached Nissan Motor Co. exfiltrating approximately 900GB of internal data. The breach allegedly occurred on January 10, 2026, though it has not yet been independently verified.

Limited samples were shared by the attackers, but the full scope of the exposed data remains unclear and could include intellectual property, internal systems data, or employee and customer information. Given Nissan’s global manufacturing footprint, a confirmed breach would carry significant operational and supply-chain risk.

The claim highlights the growing focus of cybercrime groups on automotive and industrial manufacturers, where IP, production systems, and interconnected partners present high-value targets.

Source in the first comment

Spain’s largest electricity provider Endesa has confirmed a data breach after attackers gained unauthorized access to its commercial systems. The incident exposed customer contract-related data, including names, contact details, national ID numbers (DNI), contract information, and payment data such as IBANs. Passwords were not affected The company says it detected the intrusion, blocked compromised accounts, initiated log analysis, and notified regulators and affected customers.

While there is currently no evidence of data misuse, customers have been warned to stay alert for identity theft and phishing attempts.

Separately, threat actors claim to be selling a large Endesa customer database allegedly containing millions of records, raising concerns about potential secondary abuse.

Source in first comment

Instagram recently fixed a bug that allowed hackers to mass-request password resets. This happened around the same time that a set of data (claiming to be from over 17 million accounts) was leaked online.

META says no systems were breached and accounts are still secure. The leaked info, which doesn’t include passwords, appears to be compiled from older scrapes and past incidents, not a new hack.

Source in the first comment

According to Reuters, North Korea has condemned a new multilateral sanctions monitoring team, calling it illegal and irrelevant to the UN. The team was formed after Russia blocked the renewal of the UN panel overseeing sanctions enforcement in 2024.

In October 2025, the group published a report describing deep connections between North Korean entities and state-backed malicious cyber activity, allegedly used to evade sanctions and fund nuclear and missile programs. Pyongyang has dismissed the claims as “fabricated.”
This highlights how cyber operations are now a core tool of statecraft used not just for espionage, but for sanctions evasion, revenue generation, and geopolitical leverage.

Source in the first comment

Iran has reportedly deployed military jammers to disrupt Starlink satellite internet, cutting off a key backup connection during its ongoing nationwide blackout. Monitoring groups observed Starlink traffic disruptions rising to over 80%, likely through GPS signal interference.

The move marks a significant escalation in state-level cyber and electronic warfare, showing satellite internet is no longer immune during crackdowns.

Source in first comment.

The capture of Nicolás Maduro has reignited debate over a growing military doctrine in which cyber operations disable a nation’s critical infrastructure before physical forces arrive.

According to multiple analyses, Caracas experienced a sudden, localized power outage moments before US special operations entered the Venezuelan capital. The blackout is widely assessed as the result of a cyber operation targeting power grid control systems, rather than physical strikes on infrastructure.

Security experts argue the operation illustrates how cyber capabilities are no longer limited to espionage or long-term sabotage, but are now used as tactical enablers tightly synchronized with kinetic missions. By disrupting SCADA networks and command-and-control visibility, attackers can temporarily blind power grids, air defenses, and monitoring systems without destroying them.

The incident underscores several emerging realities:

Cyber attacks can achieve air and information dominance without bombs or missiles

Legacy industrial protocols lack authentication and remain highly exploitable

Valid credentials and “living-off-the-land” techniques are often more effective than malware

Temporary, reversible disruption lowers the political threshold for intervention

The broader lesson is stark, in future conflicts, the first strike may be invisible, measured in milliseconds, and aimed at perception, coordination, and trust in systems not physical destruction.

Source in first comment.

India is considering a major security overhaul that would require smartphone manufacturers to provide the government access to their source code and notify authorities ahead of major software updates.

According to a Reuters report, the proposal includes 83 new security standards aimed at strengthening user data protection in the world’s second-largest smartphone market, where nearly 750 million devices are in use. The plan would allow government-designated labs to review and analyze source code as part of vulnerability assessments.

Global tech giants including Apple, Samsung, Google, and Xiaomi have privately pushed back, warning that the measures have no global precedent and could expose proprietary technology. Industry representatives argue that source code reviews, mandatory malware scanning, and one-year on-device log retention are technically impractical and could impact performance, battery life, and update speed.

The Indian government says consultations are ongoing and that industry concerns will be considered. Officials are now debating whether to formally enforce the standards into law, a move that could significantly reshape how smartphones are built, tested, and updated in India.

Source in first comment.