India’s telecom ministry rescinded its controversial order forcing all new and existing smartphones to pre-install the government-run “Sanchar Saathi” app. The reversal follows widespread criticism over privacy risks, consent violations, and potential mass surveillance, raising fresh questions about digital rights and security oversight in a market of over a billion mobile users.
The Iran-linked APT MuddyWater has resurfaced with a new, stealthy malware loader disguised as a retro Snake-style game. The loader delivers a memory-only backdoor to Israeli targets. This shift shows how APTs increasingly combine social-engineering and covert execution to bypass defenses.
The Washington Post reports a staff data breach tied to an Oracle E-Business Suite zero-day. Nearly 10,000 employees and contractors receive notices as responders verify scope and guide credit protection.
UK investigators seized 61,000 Bitcoin linked to Zhimin Qian’s China-based Ponzi fraud. A London court handed her 11 years and 8 months, while civil recovery fights over billions continue.
The UK introduced a Cyber Security and Resilience Bill to harden essential services and their suppliers. Consequently, regulators expand scope, speed incident reporting, and push provable resilience across NHS, water, transport, and energy.
Russia introduced a 24-hour SIM cooling-off period after roaming or 72 hours of inactivity. Consequently, data and SMS pause while operators run anti-abuse checks, verify identity, and restore access in stages.
Ludwigshafen detected suspicious activity and took city IT offline to contain risk. Teams isolate systems, assess scope, and plan a safe, phased restoration while core services continue with workarounds.
The UK is investigating whether Yutong electric buses can be remotely deactivated. Norway’s Faraday-cage tests and Denmark’s review raised alarms about SIM-enabled diagnostics and OTA updates. Operators should lock down telematics, broker OTA, and drill outage response now.
aurologic GmbH (AS30823) operates a multi-terabit backbone out of Langen and connects multiple high-risk hosting providers including sanction-linked entities—giving malware C2 and staging servers durable reach. This analysis explains why upstream neutrality often translates into enablement, how TAEs cluster under aurologic, and what blue teams can do: upstream-aware detections, deny-by-default on risky cones, flowspec/RTBH during incidents, and procurement levers that force faster de-peering.
Iran-aligned operators ran a precise phishing campaign against US policy experts. They impersonated scholars, redirected victims to prefilled Microsoft 365 pages, and, when blocked, installed remote-access tools. The goal: long-term visibility into policy drafts, research, and contacts—achieved through identity abuse, inbox rules, and pragmatic persistence.