Cyber Risk is the Weak Link in Data Center Construction
The rapid growth of data center construction presents significant cyber risks, including attacks on subcontractors, manipulation of design data, and vulnerabilities in building management systems. These threats can lead to costly downtime, project delays, and physical damage, making cyber resilience a strategic imperative.
Global Survey Finds Cyber Incidents Cost Organizations $3.7M on Average in the Past Year | INN
A recent Red Canary report, based on a survey of 550 security leaders, reveals that cyber incidents cost organizations an average of $3.7 million in the past year, with 46% experiencing service disruptions. The report also highlights the increasing reliance on AI in cybersecurity, with 85% of leaders concerned about being overwhelmed by missed threats if automation isn’t adopted, though they also cite AI-generated attacks as a top concern.
Former L3Harris cyber director charged with selling secrets • The Register
A former general manager of L3Harris’s cyber arm, Peter Williams, has been charged with selling seven trade secrets to an unidentified Russian buyer for $1.3 million. Prosecutors are seeking to forfeit Williams’ lavish assets, including his home, multiple luxury watches, designer clothing, jewelry, and cryptocurrency.
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
The APT36 hacking group, also known as Transparent Tribe, is targeting Indian government entities with a Golang-based malware called DeskRAT. The campaign employs spear-phishing emails with malicious attachments or links, aiming to compromise BOSS Linux systems and exfiltrate data.
UN agreement on cybercrime criticized over risks to cybersecurity researchers | CSO Online
Critics argue that the new UN Convention against Cybercrime, set for ratification, contains vague language that could criminalize cybersecurity researchers and hinder cyber defense efforts. While some experts acknowledge improvements in defining malicious intent, others advocate for the established Budapest Convention as a superior alternative that better protects human rights.
The Good, the Bad and the Ugly in Cybersecurity – Week 43
Europol dismantled the SIMCARTEL operation, a major cybercrime-as-a-service network that facilitated over 3,200 fraud cases and caused €4.5 million in damages using 1,200 SIM-box devices and 40,000 SIM cards. Separately, the Jingle Thief threat group targets cloud environments for large-scale gift card fraud by stealing Microsoft 365 credentials, while the PhantomCaptcha campaign used spearphishing to deploy a RAT targeting Ukrainian government and humanitarian organizations.
Shutdown Sparks 85% Increase in US Gov’t Cyberattacks
The US government shutdown has led to an 85% increase in cyberattacks against federal employees, with threat actors exploiting financial anxieties. The Department of Veterans Affairs (VA) and the Department of Justice (DoJ) are the most targeted agencies, particularly among essential employees who continue to work despite the risks.
The Everest ransomware group claims to have breached AT&T Careers, potentially exposing 576,686 personal records of applicants and employees. The data listing is password-protected, with a deadline for AT&T to respond before public release, and AT&T has not yet officially commented on this specific incident.
Doublespeed, a startup backed by Andreessen Horowitz, offers a service that uses AI to generate and manage thousands of social media accounts, violating policies of major platforms like TikTok, Instagram, and Reddit. The service, which costs between $1,500 and $7,500 per month, uses a combination of AI-generated content and human “touch-up” work to create and manage accounts that appear authentic. Despite the service’s potential for misuse, including political manipulation, Doublespeed claims it does not support political efforts.
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
The Smishing Triad, a China-linked group, has been linked to over 194,000 malicious domains since January 2024 in a global phishing operation, generating over $1 billion in the last three years by impersonating services like toll violations and package misdeliveries. This sophisticated operation utilizes a decentralized infrastructure, rapidly registering and churning through domains to evade detection, with a significant portion hosted on U.S. cloud services.
AI Dataset for Detecting Nudity Contained Child Sexual Abuse Images
The NudeNet dataset, used for training AI nudity detection, has been found to contain child sexual abuse material (CSAM) by the Canadian Centre for Child Protection (C3P). This discovery highlights ethical concerns regarding data collection in AI development, similar to previous findings with the LAION-5B dataset.
Security researchers discovered a significant bug in the FIA website, granting them access to the personally identifiable information of all Formula 1 drivers, including passport and license details. Although the vulnerability has since been fixed and there’s no indication of malicious access, the incident highlights the ongoing cybersecurity risks even in highly funded sports.
Stay prepared while you fly: a knife-free EDC kit for modern travel
Air travel introduces a unique constraint for anyone who relies on tools: you can’t bring a knife, and a traditional multitool is almost guaranteed to be confiscated. But that doesn’t mean you need to travel unprepared. By building a compact, knife-free everyday carry kit made of single-purpose tools, you can handle common issues at the gate, in the cabin, or on arrival — without raising concerns at security.
The advantage of this modular approach is simple. If a security officer questions one item, only that item is removed. With a multitool, one decision by an agent wipes out your entire capability.
Ransomware recovery perils: 40% of paying victims still lose their data | CSO Online
A recent survey reveals that 40% of businesses paying ransoms for ransomware recovery still fail to regain their data, with only 60% achieving partial or full recovery. Modern attacks often involve double or triple extortion, and paying the ransom does not guarantee data restoration or prevent data leaks, highlighting the critical need for robust preparation and cyber resilience.
Toys ‘R’ Us Canada Customer Information Leaked Online - SecurityWeek
Toys “R” Us Canada experienced a data breach where a threat actor stole and leaked customer information, including names, addresses, email addresses, and phone numbers, on the dark web. The company is notifying customers and authorities, but no sensitive information like passwords or credit card details was compromised.
Meta’s new free transformer
Standard Transformer models generate text purely autoregressively—each token is predicted based only on the previous tokens, like a stateless function where the only “memory” is the input sequence itself. The Free Transformer adds a learned latent variable layer in the middle of the network that acts like hidden internal state the model can condition on during generation. Think of it as giving the model a small amount of working memory (16 bits per token) to make implicit decisions about the generation strategy before committing to specific tokens. During training, an encoder network learns to set these latent variables appropriately for each training example (using a Variational Autoencoder framework), while during inference they’re sampled randomly—but the model has learned to use whatever random values it gets to organize its generation process more effectively. The practical result is that with only 3% additional overhead (one extra transformer block for the encoder), the model shows 3-11% improvements on complex tasks like code generation and mathematical reasoning, because it can effectively “plan” aspects of the output structure rather than having to reconstruct everything purely from the token sequence so far.
The GlassWorm malware targets developers using Visual Studio Code extensions on the OpenVSX marketplace, spreading by hijacking trusted extensions and stealing credentials. It hides its malicious payload using invisible Unicode variation selectors and communicates through the Solana blockchain and Google Calendar.
Meta boosts scam protection on WhatsApp and Messenger | Malwarebytes
Meta has enhanced scam protection on WhatsApp and Messenger with new safeguards to protect users, especially the elderly, from scammers. Scams targeting the elderly have increased, with losses reaching $4.8 billion in 2024.
U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Motex LANSCOPE flaw, CVE-2025-61932, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies must fix the vulnerability by November 12, 2025.
Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk - SecurityWeek
Hackers are exploiting a critical-severity vulnerability in Adobe Commerce and Magento Open Source, tracked as CVE-2025-54236, with 250 attacks observed on Wednesday. Adobe released hotfixes on September 9, but less than half of the ecommerce sites have been patched.