Cybercrime
-
Taiwan Web Infrastructure Targeted by UAT-7237, Cisco Talos Says
Cisco Talos links a China-aligned APT cluster, UAT-7237, to attacks on Taiwan’s web infrastructure, using customized open-source tooling and a SoundBill shellcode loader to deploy backdoors and credentials-stealing utilities. The operation, active since 2022 and considered a sub-group of UAT-5918, also employs VPN persistence and RDP access, with updates to embed Mimikatz and broader lateral…
-
Dutch Public Prosecution Service Begins Phased Relaunch After Cyberattack Delays Speed-Camera Network
Dutch prosecutors have begun a phased relaunch after a July cyberattack tied to Citrix vulnerabilities, with dozens of speed cameras still offline. The outage follows the first step in restoring services, including email access, as authorities coordinate with the judiciary and victim-support organizations amid ongoing concerns about system-wide interconnections.
-
Colt Technology Services says cyber incident disrupted customer portal and Voice API; no evidence of data breach reported
Colt Technology Services disclosed a cyber incident that disrupted its customer portal and internal systems, with no confirmed evidence of data breach. The company has engaged cyber experts and is restoring services, while updating customers via its status page. Separately, a ransomware group claimed to have stolen Colt documents, a claim awaiting verification.
-
Norway says pro-Russian hackers sabotaged Bremanger dam to demonstrate capabilities
Norwegian authorities accuse pro-Russian hackers of taking control of Bremanger dam’s operations and opening outflow valves in what officials describe as a demonstration of Moscow’s ability to disrupt critical infrastructure, prompting warnings about hybrid threats.
-
Unicode homoglyph phishing campaign uses Japanese character to spoof Booking.com, delivering MSI malware
Security researchers warn of a phishing campaign that uses the Japanese character ん to visually imitate Booking.com in order to redirect users to a lookalike domain and deliver MSI malware; a separate Lntuit/Intuit-themed campaign is also observed, underscoring the evolving use of homoglyphs in brand impersonation and malware delivery.
-
Canada’s House of Commons Investigates Data Breach Tied to Reported Microsoft Vulnerability Exploitation
Canada’s House of Commons is investigating a data breach after a cyberattack reportedly exposed employee information. The Cyber Centre is assisting, and authorities caution that attribution remains complex. The incident comes as Canada and other nations grapple with recently disclosed Microsoft vulnerabilities, including CVE-2025-53770 (ToolShell) and CVE-2025-53786, which have seen active exploitation by various threat…
-
PhantomCard Android Trojan Uses NFC Relay to Enable Fraudulent Banking Transactions in Brazil
Authorities warn of PhantomCard, a new Android trojan that uses NFC relay technology to siphon card data and complete fraudulent banking transactions in Brazil. Distributed via fake card-protection apps on phishing pages, the threat is linked to a broader ecosystem of NFC fraud tools and a network of threat actors, underscoring rising global risk to…
-
Italy hotel data breach: AGID confirms theft claims affecting up to 10 establishments, investigation opened
Italy’s digital agency AGID says claims by a cybercriminal about data thefts targeting hotel booking systems are credible, with ten hotels affected and thousands of guest identity documents potentially stolen. The case prompted a formal investigation by the national data protection authority, which also warned of scams targeting victims.
-
Russia Restricts Voice Calls on WhatsApp, Telegram as Moscow Pushes National Messaging App Max
Russia’s Roskomnadzor has begun restricting voice calls on WhatsApp and Telegram, saying the apps fuel crime and violence, as Moscow presses ahead with a domestic messaging app called Max. WhatsApp and Telegram push back on encryption and moderation efforts, while lawmakers and media reports highlight a broader battle over secure communication and surveillance.
-
Croatian Research Institute Confirms Ransomware Attack via ToolShell Vulnerabilities
The Ruđer Bošković Institute in Croatia confirmed it was among thousands of institutions hit by ransomware exploiting SharePoint ToolShell vulnerabilities, encryption of administrative data, a pledge not to pay ransom, and ongoing forensic investigations.
