APT37 used stolen Google credentials to access Find Hub, check Android device locations, and trigger remote factory resets. The tactic lives in the cloud, not on the handset, so identity controls matter most. Enforce phishing-resistant MFA, restrict console actions, and rehearse rapid re-enrollment.
Smishing texts now target lost iPhone owners with fake “found” alerts and cloned iCloud pages. Verify only in Find My, keep Activation Lock tied to your Apple ID, and avoid links in messages. Set a SIM PIN, rotate your Apple ID password, and review trusted devices to prevent account takeover.
The UK is investigating whether Yutong electric buses can be remotely deactivated. Norway’s Faraday-cage tests and Denmark’s review raised alarms about SIM-enabled diagnostics and OTA updates. Operators should lock down telematics, broker OTA, and drill outage response now.
aurologic GmbH (AS30823) operates a multi-terabit backbone out of Langen and connects multiple high-risk hosting providers including sanction-linked entities—giving malware C2 and staging servers durable reach. This analysis explains why upstream neutrality often translates into enablement, how TAEs cluster under aurologic, and what blue teams can do: upstream-aware detections, deny-by-default on risky cones, flowspec/RTBH during incidents, and procurement levers that force faster de-peering.
A China-linked crew still breaks in through legacy CVEs Log4j, Struts, Confluence, GoAhead then hides behind scheduled tasks and msbuild.exe to run memory-resident payloads. They probe domain controllers with DCSync, and they target misconfigured IIS by abusing ASP.NET machine keys to deploy TOLLBOOTH with SEO cloaking. Reduce risk by patching edge services, restricting LOLBAS on servers, rotating machine keys, and alerting on replication from non-DC hosts.
Iran-aligned operators ran a precise phishing campaign against US policy experts. They impersonated scholars, redirected victims to prefilled Microsoft 365 pages, and, when blocked, installed remote-access tools. The goal: long-term visibility into policy drafts, research, and contacts—achieved through identity abuse, inbox rules, and pragmatic persistence.
A trivial surveillance password created an opening at one of the world’s most prominent institutions. Intruders gained awareness and timed their move because credential policy failed. This analysis delivers the signals, mitigations, and governance disciplines that stop repeats: rotation, MFA, segmentation, PAM for service accounts, and continuous validation for VMS and NVR stacks—without resorting to list spam or generic advice.
Criminal crews deploy legitimate RMM tools inside carriers and brokers, then hijack booking and dispatch to steal real freight. This body explains how access lands, which artifacts reveal the intrusion, and what controls stop RMM-driven cargo theft without breaking logistics operations or delaying shipments.
A Reagan-themed anti-tariff ad paused U.S.–Canada talks. Canada’s prime minister apologized to Trump, seeking to cool tempers, protect exporters, and restart negotiations.
An engineering-consultant firm supporting Ireland’s defective-block grant scheme suffered a breach that may have exposed homeowner personal data. This article explains the incident, the risks and the lessons cybersecurity teams must apply.