Cybercrime
-
Around 1,000 systems hit in ransomware attack on Romania’s water agency
Romanian Waters said a ransomware attack that began on December 20 has affected around 1,000 systems across its IT network and spread to most river basin organisations; hydrotechnical operations continued to run locally while authorities investigate and work to restore services.
-
South Korea to require facial scans for new mobile accounts to curb scams
The South Korean government will require facial recognition scans for new mobile accounts to curb scams, using biometric data stored in carriers’ PASS apps, after major data breaches and a large compensation order for SK Telecom customers.
-
Iran-linked APT Infy resurfaces with updated Foudre and Tonnerre malware
SafeBreach and other researchers reported renewed activity by the Iranian APT known as Infy (Prince of Persia), documenting updated Foudre and Tonnerre malware, use of a domain generation algorithm for C2 resilience, and a Telegram-based channel in recent campaigns affecting targets in the Middle East, India, Canada and Europe.
-
Denmark blames Russia for destructive cyberattack on water utility, names hacker groups
Denmark’s Defence Intelligence Service accused Russia of directing cyberattacks against Danish critical infrastructure, naming Z-Pentest and NoName057(16), and said the activity formed part of a Russian hybrid campaign that has used elections to attract attention.
-
University of Sydney says coding repository breach exposed personal data of more than 27,000
The University of Sydney said an online coding repository was breached, exposing files with personal information for more than 27,000 current and former staff and students. The university blocked access, notified regulators, began notifying affected people and set up support services, but said there was no evidence the data has been published or misused.
-
France detains Latvian crew member after malware found on Italian ferry
French authorities detained a Latvian crew member from the ferry Fantastic after discovering malware that investigators say could have enabled remote control; a Bulgarian crewmember was released and probes by the DGSI and Italian authorities are ongoing.
-
Kimsuky campaign uses QR codes to deliver DocSwap Android malware, South Korean firm says
South Korean firm ENKI linked the North Korean actor Kimsuky to a campaign distributing a DocSwap Android trojan via QR codes on phishing sites impersonating CJ Logistics; the malware decrypts an embedded APK, registers a RAT service and accepts many remote commands.
-
CISA adds critical ASUS Live Update flaw to known exploited vulnerabilities catalog
CISA added a critical ASUS Live Update vulnerability, CVE-2025-59374 (CVSS 9.3), to its Known Exploited Vulnerabilities catalog citing active exploitation; the flaw stems from a past supply chain compromise and vendors say affected builds were limited to devices meeting specific targeting conditions.
-
Cisco warns of active exploitation of AsyncOS zero-day by China-nexus APT
Cisco warned that a maximum-severity AsyncOS zero-day (CVE-2025-20393) is being actively exploited by a China-nexus APT, targeting Secure Email Gateway and Secure Email and Web Manager appliances; exploitation requires the Spam Quarantine feature to be exposed to the internet, and Cisco, CISA and other firms have issued mitigations and alerts.
-
Kaspersky links new Operation ForumTroll phishing wave to targeted attacks on Russian academics
Kaspersky detected a targeted October 2025 phishing campaign tied to Operation ForumTroll that used eLibrary impersonation and personalized one‑time links to deliver a PowerShell chain and the Tuoni remote access framework to academics in Russia; the group’s origins remain unknown.
