Russia detains three suspects who are allegedly behind the Meduza infostealer. The malware was used last year in attacks against Russian companies. Their Telegram channel went inactive earlier this year, prompting fears of an exit scam

Ирина Волк: Сотрудники МВД России задержали группу хакеров, разработавших и распространявших вирусное ПО «Медуза»

Информационный интернет-портал «МВД МЕДИА». Всё о российской полиции.

Palo Alto Networks has discovered a new malware strain named Airstalk that the company believes was created by a state-sponsored APT group and deployed via a still-uncovered supply chain attack

Unit 42

Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack

A nation-state attacker is using novel Airstalk malware in supply chain attacks to exfiltrate browser data. Airstalk misuses the AirWatch API.

Zimperium has discovered more than 760 Android apps that steal and relay NFC data to a remote attacker

Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices

NFC relay malware on Android devices is exploiting Tap-to-Pay systems, targeting financial institutions globally with sophisticated attacks and min...

New (annoying) Chromium DoS bug just dropped — Brash

Brash

Brash: Chromium Browser DoS Attack via document.title Exploitation

Brash is a PoC exposing a critical Chromium vulnerability that enables a browser DoS attack by exploiting the total absence of rate limiting on doc...

The Israeli govt used a secret system with AWS and Google to get notifications when foreign courts requested Israeli data The system used return-payments, where the sum started with the telephone dialing code of the country that requested data

the Guardian

Revealed: Israel demanded Google and Amazon use secret ‘wink’ to sidestep legal orders

The tech giants agreed to extraordinary terms to clinch a lucrative contract with the Israeli government, documents show

"DataBreaches was contacted by a spokesperson for Devman. They were unhappy with the characterization of their group as “low-tier” " :KEKW: :KEKW: :KEKW:

DataBreaches.Net

Some lower-tier ransomware gangs have formed a new RaaS alliance — or have they? (1) – DataBreaches.Net

Calling all of the groups 'lower-tier' may have been inaccurate. Please be sure to read the update at the bottom of this post. We've...

AFP cracked a crypto-wallet owned by a criminal suspect and recovered $6mil

National Press Club address by AFP Commissioner Krissy Barrett | Australian Federal Police

Thank you for coming today, and I particularly want to thank those of you who I have personally invited.Today, I want to have a candid and open con...

Hackers working for an unnamed nation-state breached networks at Ribbon Communications, a key U.S. telecommunications services company https://www.reuters.com/business/media-telecom/us-company-with-access-biggest-telecom-firms-uncovers-breach-by-nation-state-2025-10-29/

-HackingTeam successor linked to Chrome zero-days -Charming Kitten server budget is just $10k/y -Twitter will prompt users to re-enroll security keys -Chrome goes HTTPS-first next year -People died after UK MoD Afghan leak -15 to plead guilty in Italy's hacking scandal -F5 breach to slow company growth -GCash data breach -Leak at the House Democrats -Azure gets its own CAPTCHA -Swift for Android has arrived Podcast:

Risky Bulletin: HackingTeam is back! - Risky Business Media

HackingTeam

Newsletter:

Risky.Biz

HackingTeam successor linked to recent Chrome zero-days

In other news: Charming Kitten server budget is just $10k/y; Twitter will prompt users to re-enroll security keys; Chrome goes HTTPS-first next year.

Socket Security has spotted 10 malicious npm packages. The thing that stands out about them is the use of a CAPTCHA challenge in the npm CLI as they're being installed, most likely as a fake-out to convince victims they're installing a legitimate and actively maintained package.

Socket

10 npm Typosquatted Packages Deploy Multi-Stage Credential H...

Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stea...