Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to halt all planning against Russia, including offensive digital operations, The Record reports. The directive, issued towards the end of last week to Cyber Command chief General Timothy Haugh, heralds a major shift in U.S. cyber strategy toward Moscow. The order, which was subsequently relayed to the outgoing director of operations, Marine Corps Major General Ryan Heritage, does not extend to the National Security Agency (NSA) or its signals intelligence activities targeting Russia, sources said. However, the full extent of Hegseth’s directive remains unclear. Policy Shift and Diplomatic Implications Hegseth’s decision…
Kirsten Doyle
Kirsten Doyle
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Notorious ransomware gang Qilin has claimed responsibility for the 3 February attack on Lee Enterprises, an American media company. On its data leak site, Qilin claimed to have stolen 350 GB of data, including “investor records, financial arrangements that raise questions, payments to journalists and publishers, funding for tailored news stories, and approaches to obtaining insider information.” The attack disrupted many of the entity’s more than 70 newspapers and other publications, affecting operations, including distribution of products, billing, collections, and vendor payments. In addition, the distribution of print publications across its portfolio of products experienced delays, and online operations were…
Microsoft has amended recent civil litigation to name key developers of malicious tools designed to bypass AI safeguards, including those in Azure OpenAI Service. The legal action targets four individuals—Arian Yadegarnia (Iran), Alan Krysiak (UK), Ricky Yuen (Hong Kong), and Phát Phùng Tấn (Vietnam)—who are part of a global cybercrime group, Storm-2139. These actors exploited stolen credentials to access AI services, modify their capabilities, and resell access to malicious actors, enabling the creation of harmful content such as non-consensual intimate images. Generating Illicit Content Storm-2139 operates through three tiers: creators develop illicit tools, providers distribute them, and users generate violating…
The Cleveland Municipal Court, including Cleveland Housing Court, will remain closed today, one week after it was hit by a cyber event. On its Facebook page on 24 February, it said it is currently investigating a cyber incident. Although it has not confirmed its nature and scope, it said it is taking this incident seriously. The court was closed all last week, and according to Mike Negray, Deputy Court Administrator at Cleveland Municipal Court, it will remain closed on Monday except for jail cases. “As a precautionary measure, the Court has shut down the affected systems while we focus on…
Check Point Research (CPR) has uncovered a sophisticated cyber campaign leveraging a vulnerable Windows driver to disable security protections, evade detection, and deploy malicious payloads. They identified a large-scale, ongoing attack campaign that abuses a legacy version of the Truesight.sys driver to disable endpoint detection and response (EDR) and antivirus (AV) solutions. The attack, which has been active since at least June last year, has already produced more than 2,500 modified variants of the vulnerable driver, enabling attackers to bypass modern security mechanisms. Exploiting a Security Loophole CPR’s investigation revealed that the threat actors exploited the legacy version 2.0.2 of…
Windows CE, a decades-old operating system originally designed for embedded systems, remains a crucial component of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) environments. However, despite its widespread use in human-machine interfaces (HMI), kiosks, and even vehicle infotainment systems, its legacy nature presents significant cybersecurity risks. Recent research from Claroty has looked into Windows CE vulnerabilities, uncovering security gaps that could expose industrial and medical infrastructure to cyber threats. In fact, when they examined an HMI panel using Windows CE, they found several potential dangers and vulnerabilities that could be exploited by bad actors. Outdated, Unsupported …
Researchers at Palo Alto Networks have identified a new Linux malware strain dubbed Auto-Color, which uses cunning, advanced stealth techniques to slip through the security nets and maintain persistence on compromised systems. The malware, first detected in early November last year, mainly targets universities and government offices across North America and Asia. Auto-Color hides its presence by using benign-sounding file names, such as door or egg, and uses an advanced method for hiding command and control (C2) connections—similar to the tactics used by the Symbiote malware family. It also uses proprietary encryption algorithms to obfuscate communication and configuration details. Once…
At a time when artificial intelligence (AI) is reshaping cybersecurity, conventional approaches to passwords and endpoint management are increasingly vulnerable. AI-powered threats are rapidly evolving, leveraging automation and deep learning to crack passwords, slip past authentication measures, and exploit weaknesses in endpoints at an unrivaled scale. Entities that once relied on static credentials and perimeter-based security now face a landscape where adaptive, AI-driven attacks demand equally intelligent defenses. As endpoint ecosystems expand—with remote work, cloud services, and IoT devices—attack surfaces grow, making it critical for businesses to rethink how they manage access and secure endpoints in real-time. To understand how…
Cybersecurity researchers at SentinelLABS have uncovered a new campaign linked to the long-running Ghostwriter operation, targeting Belarusian opposition activists and Ukrainian military and government entities. The campaign, which entered its active phase in late 2024, is ongoing, with recent malware samples and command-and-control (C2) activity indicating continued threats. A Persistent Espionage Operation Ghostwriter, an advanced persistent threat (APT) campaign with ties to Belarusian intelligence, has been active since at least 2016. Previously tracked by cybersecurity firms under the names UNC1151 (Mandiant) and UAC-0057 (CERT-UA), the campaign blends information manipulation with cyber intrusions. Over the years, it has targeted European countries…
The Trump administration is set to significantly weaken the CHIPS Act by terminating hundreds of employees at the National Institute of Standards and Technology (NIST), the agency responsible for administering the semiconductor incentive program. President Biden signed the bipartisan CHIPS and Science Act two years ago, investing $53 billion to boost US semiconductor supply chains, create jobs, and enhance national security. According to multiple sources, including Axios and Bloomberg, nearly 500 NIST employees, many of whom were recently hired to support the CHIPS Act, are expected to be dismissed under the pretext of “probationary” firings. Mass Firings Threaten CHIPS Act…