Kirsten Doyle

Huntress analysts have tracked a fresh ransomware incident involving KawaLocker, also known as KAWA4096. The variant is new, but the method is familiar. Attackers gained access, disabled defenses, and moved to encrypt files. Ransomware families surface often. A year ago, Huntress reported on ReadText34. Just last month, a never-before-seen strain called Crux appeared. KawaLocker joins the list. According to Trustwave SpiderLabs, KawaLocker first appeared in June 2025. Its ransom note echoes Qilin. Its leak site resembles Akira. Analysts believe the similarities are meant to draw attention, not signal collaboration. The attack began on 8 August. Threat actors entered a victim’s…

The House of Commons and Canada’s cybersecurity agency are investigating a significant breach of parliamentary employee data, CBC News reports. An internal email to CBC staff on Monday 11 August said a malicious actor exploited a recent Microsoft vulnerability to gain unauthorized access to a database used to manage computers and mobile devices. The data included names, job titles, office locations, email addresses, and technical details about House-managed equipment. Some of the information was not publicly available. The email warned employees and members of Parliament to remain vigilant, as stolen details could be used in scams or to impersonate parliamentarians.…

Ransomware and infostealer threats are evolving faster than most organizations can keep pace.   Security teams have invested heavily in backup and recovery systems, yet today’s most damaging attacks often bypass encryption altogether.   Picus Security’s Blue Report 2025 uncovered a shift: threat actors are targeting credential theft, data exfiltration, and lateral movement, founded on stealth and persistence rather than noise.  The numbers are a wake-up call. In nearly half the environments tested, at least one password hash was successfully cracked. Attempts at preventing data exfiltration fell to a low of 3%, a steep decline from 9% in 2024.  One stolen credential…

Six new vulnerabilities have been found in Microsoft Windows. One is critical. All are serious. Check Point Research discovered the flaws and disclosed them privately to Microsoft. Patches were released on 12 August as part of Patch Tuesday. The risks are varied: system crashes, arbitrary code execution, and information leaks. For attackers, the attack surface is wide. For defenders, the response must be immediate. One flaw is notable beyond its severity. It may be the first publicly disclosed vulnerability in a Rust-based component of the Windows kernel. Rust was introduced to improve memory safety, a longstanding challenge in operating systems.…

In March last year, an insidious software supply chain compromise was revealed. The discovery of a backdoor in XZ Utils shook the cybersecurity world, thanks to its technical sophistication and for the bad actor’s methodical patience. A developer known as “Jia Tan” had spent two years earning trust in the XZ Utils project. The code they contributed was clean. Until it wasn’t. Hidden inside liblzma.so sat a backdoor. It came to life when a client connected to an infected SSH server. It hooked into critical cryptographic functions: RSA_public_decrypt, RSA_get0_key, and EVP_PKEY_set1_RSA,  granting the attacker silent access.  Debian, Fedora, and OpenSUSE…

A critical flaw in Erlang’s Open Telecom Platform is under active attack. CVE-2025-32433 carries a CVSS score of 10.0 and allows remote code execution without authentication. According to Palo Alto’s Unit 42 reseachers, it affects the platform’s native SSH daemon, used to manage hosts in telecom, 5G, and industrial systems.  Bad actors can send specific SSH protocol messages to open ports and gain control before authentication completes. A patch is available in OTP versions 27.3.3, 26.2.5.11, and 25.3.2.20. Until updated, administrators are advised to disable the SSH service or restrict access to trusted sources. From May 1 to May 9,…

A breach at a Dutch laboratory has exposed the personal and medical data of more than 485,000 women in the national cervical cancer screening programme. The attack hit Clinical Diagnostics NMDL, a Eurofins subsidiary in Rijswijk. The lab tests self-sample kits and smear test samples for Bevolkingsonderzoek Nederland (Population Research Netherlands). Bad actors accessed names, addresses, dates of birth, citizen service numbers, possible test results, and the names of participants’ healthcare providers  The ICT systems of Population Research Netherlands were not compromised. “We Are Extremely Shocked” Elza den Hertog, chair of the board at Population Research Netherlands, said: “We are…

Cybersecurity researchers at two companies have uncovered a jailbreak technique that bypasses ethical guardrails set up by OpenAI in its latest large language model (LLM), GPT-5, and produces illicit instructions.    AI security startup SPLX, used more than 1,000 adversarial prompts in different configurations and found that the raw, unguarded GPT-5 without a system prompt will fall for a whopping 89% of attacks. This shows an 11% overall performance score. OpenAI’s system prompt, a “basic prompt layer,” limits the success rate of attacks to 43%. Although this vastly improves hallucination handling and safety, the overall score is still very low, and…

A Google Calendar invite. That’s all it took. Researchers from SafeBreach Labs have shown that an LLM-powered assistant like Google’s Gemini can be tricked into running malicious commands, accessing sensitive data, and even manipulating physical devices in a victim’s home, without a single click. Their work introduces a new variant of Promptware, called Targeted Promptware Attacks. The concept is simple. An attacker embeds a malicious instruction inside a calendar event title or email subject line. When Gemini retrieves that data, for instance, when a user asks “What’s on my calendar?”, the hidden instruction slips into the model’s context and is…

Red Canary has published its mid-year update to the 2025 Threat Detection Report, and the message is that threat actors are shifting tactics, and identity is the new battleground. Based on detections gathered in the first half of the year, the update shows a marked rise in cloud and identity threats, along with troubling signs that even subtle user behaviour may now signal larger risks ahead. Some threats are obvious. Others creep in, masked as routine. Among the most striking findings is a 500% surge in Cloud Account detections compared to all of 2024.  According to Red Canary, much of…