Chinese hackers, reportedly linked to the state-sponsored group “Salt Typhoon,” continue their campaign against global telecommunications providers. The breach, which began earlier this year, targets critical infrastructure to access metadata from millions of users. Metadata, though not including direct content, provides insights into communication patterns, geographical locations, and relationships.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have identified the group’s advanced tactics, including supply chain compromises and persistent backdoors. These attacks pose significant risks to national security and individual privacy, particularly as telecom providers support essential communications and infrastructure globally.

Officials emphasize the need for encrypted communications, proactive patching of telecom systems, and strict access controls to mitigate these threats. This ongoing breach underscores the heightened focus on telecommunications by cyberespionage actors, with a clear shift toward data harvesting for strategic and geopolitical advantage.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the active exploitation of multiple high-severity vulnerabilities. These flaws, impacting popular platforms like Zyxel firewalls, Fortinet appliances, and CyberPanel, are being leveraged by threat actors to gain unauthorized access, execute arbitrary commands, and establish persistent backdoors in compromised systems.

One of the vulnerabilities, rated a critical CVSS score of 9.8, allows attackers to bypass authentication protocols. CISA’s advisory warns administrators to prioritize patching these vulnerabilities immediately, emphasizing that unpatched systems remain lucrative targets for ransomware operators and advanced persistent threats (APTs).

Organizations are also encouraged to review attack indicators, enforce multifactor authentication (MFA), and bolster intrusion detection mechanisms. This alert comes amid rising concerns about the cybersecurity readiness of critical sectors, especially in light of escalating geopolitical tensions and increasingly sophisticated cyberattacks.

CISA’s ongoing advisories serve as a critical reminder for all organizations to remain vigilant and proactive in securing their digital ecosystems. For more details on the specific vulnerabilities and mitigation steps, visit CISA’s advisory page.

The VEILDrive cyberattack campaign, recently uncovered by security researchers, is targeting Microsoft cloud services, including Teams, SharePoint, and OneDrive, to infiltrate enterprise systems. Attributed to Russian threat actors, this campaign employs sophisticated phishing techniques and malicious documents to compromise user accounts and gain access to sensitive corporate data.

Once inside, the attackers establish persistence by leveraging advanced malware that blends into legitimate workflows, enabling long-term data extraction and lateral movement within the victim organization. The attack underscores the vulnerabilities in cloud-based collaboration tools, particularly when organizations lack sufficient safeguards like multifactor authentication (MFA) or behavior-based anomaly detection.

Experts warn that VEILDrive is part of a broader trend of targeting cloud environments to exploit the shift to hybrid work models. Organizations are urged to conduct phishing awareness training, enforce MFA, and regularly audit access logs to detect unusual activity.

This campaign serves as a stark reminder of the evolving strategies threat actors employ to bypass traditional security measures in the cloud era. For more details, see insights from Broadcom’s latest cybersecurity bulletin.

Cybercriminals are leveraging fake year-end salary reports as a phishing tactic to harvest employee credentials. These malicious campaigns, often disguised as legitimate emails from HR departments or payroll providers, exploit the busy holiday season to catch victims off guard.

The phishing emails typically include attachments labeled as “Salary Report” or “End-of-Year Benefits Summary” and prompt recipients to log in to view their details. Once users click the link, they are directed to a fraudulent login page that mimics their company’s portal or payroll service. Entering credentials on these pages gives attackers direct access to corporate systems.

This tactic poses a significant risk, as it allows cybercriminals to escalate their access, steal sensitive data, or deploy further attacks, such as ransomware. Security experts recommend that employees verify unexpected emails with their HR departments and be cautious of attachments and links, especially during high-activity times like the year-end.

Organizations should enhance their defenses with phishing-resistant multifactor authentication (MFA), conduct regular awareness training, and monitor for suspicious login attempts to mitigate such threats. These campaigns highlight the need for heightened vigilance during seasonal periods, when scams often spike.

For detailed mitigation strategies, see CISA’s and cybersecurity firms’ advisories on phishing campaigns.

In a significant win against organized crime, international law enforcement agencies dismantled an encrypted messaging network that was widely used by criminal groups to coordinate illegal activities. The operation, led by Europol and supported by multiple countries, targeted the servers and infrastructure of the platform, effectively cutting off its users from accessing secure communications.

The network, whose name has not yet been disclosed, facilitated a range of illicit activities, including drug trafficking, money laundering, and cybercrime operations. By intercepting messages, investigators uncovered extensive details about ongoing criminal schemes, leading to numerous arrests and the seizure of illegal goods.

This takedown follows similar operations against platforms like EncroChat and Sky ECC, which were also used by criminals seeking anonymity. Authorities warn that while this is a major success, other encrypted networks remain active, requiring continued vigilance and collaboration between governments and private tech companies.

The operation underscores the dual-use nature of encrypted technology—essential for privacy but also exploited by bad actors. It also raises questions about the balance between cybersecurity and law enforcement’s need to combat crime in the digital age.
For further updates, follow announcements from Europol and partner agencies.

A newly identified phishing campaign is bypassing traditional email security measures by employing advanced obfuscation techniques and leveraging legitimate services to mask its malicious intentions.

The campaign, reported by several cybersecurity firms, uses trusted platforms such as Google Docs and Dropbox to host phishing pages, making it harder for detection systems to flag the content.
Victims are lured through well-crafted emails mimicking familiar brands, such as Microsoft or Adobe, prompting them to click links or download files. Once engaged, users are directed to fake login portals designed to steal credentials or deliver malware.

Researchers note that the campaign’s success lies in its ability to exploit the reputation of legitimate services and avoid keyword-based detection systems. Additionally, the attackers frequently rotate hosting domains and use dynamic URLs, making it challenging for organizations to block the phishing infrastructure effectively.

To combat these threats, cybersecurity experts recommend implementing advanced threat detection tools, adopting phishing-resistant multifactor authentication (MFA), and conducting regular employee training on recognizing suspicious emails. This campaign serves as a reminder of the growing sophistication of phishing attacks and the importance of layered defenses in securing sensitive information.

Volkswagen is investigating a potential data breach claimed by the ransomware group 8Base. The group alleges it has accessed sensitive information related to the automaker, though Volkswagen has stated its core IT infrastructure remains unaffected. This situation raises concerns that the breach may have occurred through third-party vendors or suppliers, a common weak link in large supply chains.

Volkswagen operates an extensive global network of suppliers, making it a prime target for attackers looking to exploit less-secure external partners. If confirmed, this could lead to regulatory scrutiny under data protection laws such as GDPR. Ransomware groups like 8Base frequently target supply chains, seeking sensitive data to leverage for ransom demands or illicit sales.

While the automaker is closely monitoring the situation, the exact nature and extent of the breach remain unclear. This case underscores the importance of strengthening cybersecurity measures across entire ecosystems, including third-party suppliers, to mitigate such risks.

Deloitte has denied claims made by the Brain Cipher ransomware group, which alleges that the firm’s systems were breached and over 1 terabyte of sensitive data was stolen. The group, which recently emerged in 2024, posted these claims on its Tor-based leak site, accusing Deloitte UK of failing to secure its systems adequately. They also threatened to release the stolen data unless a ransom was paid.

Deloitte responded by stating that no company systems were compromised. The firm clarified that the breach, if any, only affected a third-party client’s external system and not its own internal infrastructure. This response came after Brain Cipher, known for disruptive ransomware attacks, claimed responsibility for various high-profile incidents, including the attack on Indonesia’s National Data Center earlier this year.

While Deloitte has refuted the claims, cybersecurity experts are still cautious about the broader implications. The situation highlights the risks associated with third-party systems and the potential vulnerabilities they introduce to larger organizations like Deloitte.