This is quite a different post as it is not related as usual to Windows vulnerabilities 😉. In the past period, I have been looking into the myAudi connected vehicle platform “Audi Connect and…
France confirms data breach at government agency that manages citizens’ IDs
The French government agency that issues and manages national IDs, passports, and other documents, announced that hackers stole the personal information of an unspecified number of citizens.
Another spyware maker caught distributing fake Android snooping apps
Researchers have found a new case where government authorities used a fake Android app to plant spyware on a target’s phone. The company that allegedly developed the spyware was not previously known to sell this type of software.
Hacker who allegedly carried out cyberattacks for China is extradited to US
Xu Zewei is accused of participating in a Chinese government hacking group that broke into thousands of U.S. organizations and stole COVID-19-related research.
Paragon is not collaborating with Italian authorities probing spyware attacks, report says
Despite promising to help determine what happened with the hacks targeting journalists and activists in Italy, Israeli-American spyware maker Paragon has reportedly not responded to authorities’ requests for information.
A group of hacktivists have claimed responsibility for a distributed denial-of-service attack, which has affected several Ubuntu and Canonical websites, and prevented users from updating the Linux-based operating system.
Hackers steal students’ data during breach at education tech giant Instructure
The data breach at education tech giant Instructure includes students' private data, according to a sample of the allegedly stolen data seen by TechCrunch.
AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys
Braintrust, a startup that makes an “operating system for engineers building AI software,” notified customers that hackers broke into one of its Amazon cloud environments, and is asking customers to rotate their API keys.
An unknown group of hackers is breaking into systems previously breached by the cybercrime group TeamPCP. Once inside, the hackers immediately kick out TeamPCP and remove its hacking tools from the victims’ systems.
Hackers deface school login pages after claiming another Instructure hack
The cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools with an extortion message.
US defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employers
Former cybersecurity executive Peter Williams stole several surveillance and hacking tools and sold them for $1.3 million to a Russian broker that works with Putin’s government.
Poland says hackers breached water treatment plants, and the US is facing the same threat
A report by Poland’s top intelligence agency accused Russia of sabotage and hacking activities against the country’s military and civilian infrastructure.
US bank discloses security lapse after sharing customer data with AI app
Community Bank, which operates in Pennsylvania, Ohio, and West Virginia, disclosed a cybersecurity incident that exposed customers’ names, dates of birth, and Social Security numbers.
Google launches new Android security feature to help uncover spyware attacks
Intrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices.
A spyware investigator exposed Russian government hackers trying to hijack Signal accounts
A group of likely Russian government hackers tried to hack a security researcher who investigates spyware attacks. He was then able to turn the tables on the hackers and reveal details of their espionage campaign.
OpenAI says hackers stole some data after latest code security issue
OpenAI said the damage was limited to the employees’ devices, and did not affect user data nor its production systems, and none of its intellectual property was stolen.
US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
People who travelled to Beijing for a summit between the United States and China had to throw away items they received during the trip before boarding Air Force One, presumably for security reasons.
Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting
We recently discovered an exposed server that was used for multi-victim exploitation, staging, review, and validation. Claude Code and OpenClaw were used as an operator-side harness supporting exploitation activity and workflow orchestration. We identified a large-scale React2Shell (CVE-2025-55182) operation that scanned millions of targets and confirmed 900+ successful exploits. Logs showed an automated pipeline for exploitation, hit scoring, alerting, and secret harvesting.
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
In April, we observed an intrusion linked to the Atos-reported campaign where an EtherRAT was installed via a malicious MSI masquerading as a Sysinternals tool. Later in the intrusion, we observed the deployment of a new malware framework named TukTuk, first reported by Evangelos G, which, according to their analysis, is AI-generated. In addition to this, the threat actor used the RMM GoTo Resolve. Using this access, they successfully exfiltrated data to a cloud service and then deployed The Gentlemen ransomware.
Stop being locked into "black box" ecosystems. Discover how Sekoia’s vendor-agnostic platform ensures data sovereignty, GDPR compliance, and technological independence.