Hostile States Behind Three-Quarters of Attacks on Britain's Critical Infrastructure, Cyber Chief Warns
Britain’s National Cyber Security Centre (NCSC) disclosed that state‑backed actors were behind roughly three‑quarters of the more than 200 cyber incidents targeting critical national infrastructure in the year to May 2024. Chief executive Richard Horne warned that these hostile intrusions are part of an ongoing “contest” in cyberspace, with adversaries pre‑positioning footholds that could be weaponised in future conflicts. He cited the Chinese‑linked Volt Typhoon campaign as a prime example and highlighted an NCSC assessment that AI tools are likely to exploit ageing infrastructure by 2028. The briefing coincided with the UK government’s push to pass the Cyber Security and Resilience Bill and draft a new National Cyber Action Plan.
GitHub Dismissed Security Reports on Flaws Now Exploited by Supply-Chain Worm, Researchers Say
GitHub dismissed two formal vulnerability reports from Deep Specter that identified design flaws enabling the Shai‑Hulud supply‑chain worm to infiltrate open‑source packages and developer accounts. The worm leverages back‑dated commit timestamps and forged author metadata to hide malicious changes, while...
Estonia to Quarantine Emails Sent From Russian .ru Domain Before They Reach Government Officials
Estonia will begin quarantining emails that originate from Russia’s .ru top‑level domain before they reach government officials, with the rule taking effect on August 31. The measure adds a notification and requires extra security steps, expanding the country’s existing cyber‑shield that...
Cyber Force Not Included in Senate Defense Policy Roadmap
Senator Kirsten Gillibrand’s amendment to create a dedicated U.S. Cyber Force was narrowly defeated 14‑13 in the Senate Armed Services Committee, part of the FY2027 defense authorization. Lawmakers cited the pending National Academy of Sciences, Engineering, and Medicine study on...
Hacker Linked to Void Blizzard Faces Charges over Cyberespionage Campaign
A Russian national, Denis Obrezko, appeared in Boston federal court charged with facilitating the Kremlin‑linked Void Blizzard cyberespionage campaign. Prosecutors say he provided the infrastructure—purchasing a virtual private server and domain with cryptocurrency—to enable attacks on at least 11 U.S....
Cyberattack Shuts Down Major Australian Sugar Mills, Disrupting Harvest
A cyberattack forced Mackay Sugar to shut down its Farleigh and Racecourse mills in Queensland, halting sugarcane harvesting across the region. The company, Australia’s second‑largest sugar producer with over $420 million in annual revenue, has engaged cybersecurity specialists and local authorities...
UK Weakens Proposed Telecoms Defenses Against Chinese Hackers After Industry Pushback
Britain has softened a draft telecom security code that was drafted after the Salt Typhoon espionage campaign, bowing to industry objections over cost and feasibility. The revised code, due to take effect in mid‑July, drops or delays key safeguards such as...
Hackers Pose as Women Seeking Romance to Spy on Russian Soldiers
A newly identified cyber‑espionage group called SiribClone has been targeting Russian military personnel by posing as women seeking romantic relationships on Telegram and other messaging platforms. The attackers lure servicemen into downloading malicious Android apps or entering credentials on spoofed...
Russia Upgrades Rules for Its Digital Spy System to Better Track Citizens Online
Russia’s Ministry of Digital Development issued new regulations that deepen the technical reach of the SORM surveillance system. The updated rules mandate that operators capture a wider array of personal identifiers—full names, passports, tax IDs, device IDs and geolocation—while specifying...
Supreme Court Rules FCC Fines Punishing Telecom Giants for Sharing Location Data Were Legal
The U.S. Supreme Court upheld the FCC’s authority to levy nearly $200 million in fines against AT&T, Verizon and T‑Mobile for sharing customers’ location data without consent. The 8‑1 ruling dismissed the carriers’ claim that the penalties violated their right to...
DHS Chief Signals Efforts to Reshape CISA
Homeland Security Secretary Markwayne Mullin announced plans to revitalize the Cybersecurity and Infrastructure Security Agency (CISA) after it shed roughly one‑third of its workforce and faced a $3 billion budget reduction under the Trump administration. The agency currently operates with about...
NSA Selects New Leads for Key Cybersecurity Posts
The NSA has appointed David Imbordino as the permanent chief of its Cybersecurity Directorate and Bruce Jones as head of the Cybersecurity Collaboration Center, ending a year‑long leadership vacuum. Holly Baroody will serve as Imbordino’s deputy, bringing experience from the...
Cruise Giant Carnival Confirms Data Breach Affecting Nearly 6 Million People
Carnival Corp. confirmed that a cyberattack attributed to the ShinyHunters group stole personal data of nearly six million individuals, including passports and driver’s license numbers. The breach originated from a compromised employee account in April, with attackers copying data by...
Kremlin Appoints Cyber Executive with Alleged GRU Ties to Security Council Role
President Vladimir Putin appointed Andrei Kozlov, a former head of Rostec’s cybersecurity center, as an aide to Security Council Secretary Sergei Shoigu. Kozlov previously held a classified clearance for Military Unit 26165, the GRU unit linked to the Fancy Bear hacking group....
UK Plans for Cybercrime Law Reform Would Protect Almost No One, Experts Warn
The UK government plans to amend the 1990 Computer Misuse Act by introducing a statutory defence that would only protect security researchers conducting scans of internet‑facing systems. The defence would be limited to British nationals holding chartered accreditation from the...