“Bitcoin Queen” sentenced as UK recovers £5B in crypto
UK investigators seized 61,000 Bitcoin linked to Zhimin Qian’s China-based Ponzi fraud. A London court handed her 11 years and 8 months, while civil recovery fights over billions continue.
Category: National Security
Read More
UK Unveils Cyber Resilience Bill, Tougher Rules for NHS, Water
The UK introduced a Cyber Security and Resilience Bill to harden essential services and their suppliers. Consequently, regulators expand scope, speed incident reporting, and push provable resilience across NHS, water, transport, and energy.
Russia Adds 24-Hour SIM Cooling-Off After Roaming
Russia introduced a 24-hour SIM cooling-off period after roaming or 72 hours of inactivity. Consequently, data and SMS pause while operators run anti-abuse checks, verify identity, and restore access in stages.
Ludwigshafen Shuts Down City IT After Cyberattack
Ludwigshafen detected suspicious activity and took city IT offline to contain risk. Teams isolate systems, assess scope, and plan a safe, phased restoration while core services continue with workarounds.
UK Scrutinizes Chinese E-Buses After Norway Kill-Switch Tests
The UK is investigating whether Yutong electric buses can be remotely deactivated. Norway’s Faraday-cage tests and Denmark’s review raised alarms about SIM-enabled diagnostics and OTA updates. Operators should lock down telematics, broker OTA, and drill outage response now.
Sanctions vs. Transit: Aeza’s Reliance on aurologic Connectivity
aurologic GmbH (AS30823) operates a multi-terabit backbone out of Langen and connects multiple high-risk hosting providers including sanction-linked entities—giving malware C2 and staging servers durable reach. This analysis explains why upstream neutrality often translates into enablement, how TAEs cluster under aurologic, and what blue teams can do: upstream-aware detections, deny-by-default on risky cones, flowspec/RTBH during incidents, and procurement levers that force faster de-peering.
Iran-Linked Phishing Hits US Policy Experts with M365 and RMM
Iran-aligned operators ran a precise phishing campaign against US policy experts. They impersonated scholars, redirected victims to prefilled Microsoft 365 pages, and, when blocked, installed remote-access tools. The goal: long-term visibility into policy drafts, research, and contacts—achieved through identity abuse, inbox rules, and pragmatic persistence.
Louvre Password Heist: Weak Credentials, Wide Open Risk
A trivial surveillance password created an opening at one of the world’s most prominent institutions. Intruders gained awareness and timed their move because credential policy failed. This analysis delivers the signals, mitigations, and governance disciplines that stop repeats: rotation, MFA, segmentation, PAM for service accounts, and continuous validation for VMS and NVR stacks—without resorting to list spam or generic advice.
Cyber Gangs Use RMM to Hijack Freight Loads
Criminal crews deploy legitimate RMM tools inside carriers and brokers, then hijack booking and dispatch to steal real freight. This body explains how access lands, which artifacts reveal the intrusion, and what controls stop RMM-driven cargo theft without breaking logistics operations or delaying shipments.
PM Apologizes to Trump after Reagan Anti-Tariff Spot
A Reagan-themed anti-tariff ad paused U.S.–Canada talks. Canada’s prime minister apologized to Trump, seeking to cool tempers, protect exporters, and restart negotiations.