Latest News Articles
--- TLP:WHITE ---
News
− Canadian National Cyber Threat Assessment 2025-2026
Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors, from cybercriminals to hacktivists, that are targeting our critical infrastructure and endangering our national security. These cyber threat actors are evolving their tradecraft, adopting new technologies, and collaborating in an attempt to improve and amplify their malicious activities.
https://www.cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2025-2026− Three UK Council websites hit by DDoS Cyber Attacks
The National Cyber Security Centre (NCSC), part of the UK’s GCHQ, has confirmed that the attack was carried out by the pro-Russian hacking group NoName057(16). Fortunately, no sensitive data was compromised in the incident.
https://www.cybersecurity-insiders.com/three-uk-council-websites-hit-by-ddos-cyber-attacks/− Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event.
https://www.ic3.gov/CSA/2024/241030.pdf− NCSC-UK Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices
A stealthy network backdoor found on hacked Sophos XG firewall devices is programmed to work on a broader range of Linux-based devices.
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdfVulnerabilities
− Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.
https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/− Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign
Barracuda has observed a large-scale OpenAI impersonation campaign whose goal is to phish for ChatGPT credentials.
https://blog.barracuda.com/2024/10/31/impersonate-openai-steal-data--- TLP:WHITE ---