Meridiano
A suspected Iran-linked threat actor named Dust Specter targeted Iraqi government officials by impersonating the Ministry of Foreign Affairs, deploying new malware like SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. The campaign used compromised government infrastructure and sophisticated evasion techniques, including geofencing and file-based polling for command execution. The malware employed sideloading and in-memory execution to avoid detection, with one variant using a fake Arabic-language survey hosted on Google Forms. Evidence suggests the attackers may have used generative AI tools in the malware's development.
Articles infosec
Showing articles 166 - 176 of 176 total (matching filters).
-
infosec 5 -
infosec 5Spanish and Ukrainian authorities dismantled a criminal network that exploited vulnerable, war-displaced Ukrainian women to launder nearly €4.75 million. The group recruited the women, brought them to Spain to open bank accounts under their names, and then used those accounts to run a fraudulent online gambling operation. The scheme used bots and stolen identities to place thousands of low-risk bets, generating steady profits for laundering. The investigation resulted in 12 arrests in Spain, multiple property seizures, and the freezing of assets across several countries.
-
infosec 4Attackers are using a "harvest now, decrypt later" strategy, collecting encrypted data today to decrypt it in the future with quantum computers. This threatens long-term data confidentiality, making current encryption like RSA and ECC vulnerable. A practical defense is hybrid cryptography, which combines traditional and quantum-resistant algorithms. Organizations are advised to identify sensitive data and begin adopting these strategies. An upcoming webinar will detail these risks and the transition to quantum-safe protections.
-
infosec 3This week's cybersecurity landscape features several significant threats and a major browser update. A phishing campaign is targeting Ukrainian institutions with multiple malware strains, while a fake RMM service called TrustConnect is spreading a remote access trojan via phishing emails. Separately, Google announced it will accelerate Chrome's release cycle to a new version every two weeks to deliver improvements and fixes more quickly. The main topics covered are evolving cyber threats, including state-aligned espionage and malware-as-a-service operations, and a change in software development policy.
-
infosec 5Latin America is now the world's most heavily targeted region for cyberattacks, facing over 3,100 weekly attacks per organization—more than double the volume seen in the United States. The attacks differ not only in volume but also in nature, with ransomware, infostealers, banking malware, and botnets being significantly more common in Latin America. A key distinction is the primary attack vector: 74% of attacks in Latin America originate via email, particularly phishing, compared to 95% via the web in the US. This heightened targeting is attributed to the region's rapid digital adoption combined with low cybersecurity maturity, as most countries scored poorly on cybersecurity capacity assessments.
-
infosec 5The 2026 State of Browser Security Report identifies the browser as a critical, under-protected enterprise control point, having evolved into a primary platform for AI-driven work. AI-native browsers and copilots are now mainstream, with widespread employee usage for tasks involving sensitive data, often through personal accounts outside corporate governance. This rapid adoption has created a major security gap, as traditional security architectures fail to monitor real-time browser activity, leading to significant risks of data exposure and unseen threats. The report concludes that data loss and attacks are increasingly occurring within browser sessions, bypassing conventional security controls designed for networks and endpoints.
-
infosec 6Google's 2025 report tracked 90 exploited zero-day vulnerabilities, a 15% increase from 2024. Nearly half targeted enterprise software, with security appliances, networking gear, and operating systems being the most affected categories. For the first time, commercial spyware vendors surpassed state-sponsored groups as the top users of these flaws, though Chinese espionage actors remained highly active. The report predicts continued high exploitation rates in 2026, aided by AI tools, and recommends enhanced monitoring and rapid patching. The main topics covered are the volume and trends in zero-day exploitation, the most targeted vendors and products, the shifting landscape of threat actors, and security recommendations.
-
infosec 6Cisco has disclosed that two vulnerabilities in its Catalyst SD-WAN Manager software are being actively exploited. These are CVE-2026-20122, an arbitrary file overwrite flaw, and CVE-2026-20128, an information disclosure vulnerability, both requiring attacker authentication. Patches for these and other flaws have been released, and Cisco urges users to update immediately and implement additional security measures. This follows recent reports of exploitation of another critical flaw in the same product line by a sophisticated threat actor.
-
infosec 3The article argues that cybersecurity is now a company-wide responsibility, extending beyond technical teams to areas like HR and governance. It proposes applying secure-by-design software development frameworks, like the SDLC, to non-technical processes such as talent acquisition to manage risks. A key example is using threat profiling during hiring and continuous monitoring after onboarding to mitigate dangers from human error or malicious insiders. The main topics covered are the expansion of security responsibility, applying technical security frameworks to business processes, and specific risks and strategies in talent management.
-
infosec 4John Daghita, the son of a U.S. government contractor, was arrested in Saint Martin for allegedly stealing over $46 million in cryptocurrency from the U.S. Marshals Service. The arrest was a joint operation between the FBI and French tactical police, who also seized cash and digital storage devices. The theft was linked to his father's company, which managed seized assets for the Marshals Service, including funds from the 2016 Bitfinex hack. The case was publicly exposed by blockchain investigator ZachXBT, whom Daghita later taunted online. The main topics covered are the arrest, the alleged theft of government-managed cryptocurrency, and the investigation that led to it.
-
infosec 6A critical vulnerability (CVE-2026-1492) in the User Registration & Membership plugin for WordPress is being actively exploited, allowing attackers to create administrator accounts without authentication. This gives hackers full control of affected sites to steal data or distribute malware. The plugin developer has released a fixed version (5.1.3 and later), and administrators are urged to update immediately or disable the plugin. The main topics covered are the security vulnerability, its exploitation, and the recommended mitigation.