Microsoft Recall on Copilot+ PC: testing the security and privacy implications
Microsoft’s Recall feature was first announced in 2023, automatically capturing screenshots of everything you do on your PC, and creating a searchable database of your activity. But it had security flaws: data wasn’t properly encrypted, sensitive information like credit card numbers was stored, and it was enabled by default. An updated version is rolling out now on Copilot+ PCs, with improvements like encryption, opt-in activation, and some filtering for sensitive data.
Russian organizations targeted by backdoor masquerading as secure networking software updates
Recently, Kaspersky uncovered a sophisticated backdoor attack targeting Russian organizations across government, finance, and industrial sectors. The malware impersonated updates for secure networking software ViPNet. Attackers then use distributed LZH archive files containing a legitimate executable, a malicious loader, and an encrypted payload, which ultimately deploys a backdoor connected to a command-and-control server, allowing data theft and additional malware. Kaspersky emphasizes the need for layered security defenses to counter such threats.
SSL.com scrambles to patch certificate issuance vulnerability
A vulnerability in SSL.com’s domain control validation process allowed nearly a dozen mis-issued digital certificates for seven legitimate domains, including Alibaba Cloud’s aliyun.com. A researcher exploited the flaw by creating a fake DNS record, tricking SSL.com into issuing certificates without proper domain ownership verification. SSL.com has since revoked the fraudulent certificates, disabled the flawed validation method, and continues investigating.
Russia attempting cyber sabotage attacks against Dutch critical infrastructure
Russian state-sponsored hackers have attempted cyber sabotage against Dutch critical infrastructure over the past two years, according to the Dutch Military Intelligence and Security Service (MIVD). It represents the first known cyber sabotage attempts against control systems in the Netherlands. The MIVD warns Russia is increasingly using a “whole-of-society” approach to cyber operations, which poses a threat to NATO allies. Dutch defense officials emphasized the need to strengthen military and cybersecurity capabilities.
Huge thanks to our sponsor, Dropzone AI
Today’s LLMs craft exploits from patches at lightning speed
Large language models like OpenAI’s GPT-4 and Anthropic’s Claude Sonnet 3.7 are accelerating the time it takes to create working exploits after a vulnerability disclosure. A researcher at ProDefense demonstrated that AI could analyze code patches, identify security flaws, and generate proof-of-concept attack scripts quickly, reducing a defenders’ response time. Experts warn this rapid automation is also shrinking reaction windows for cybersecurity teams.
Two healthcare orgs hit by ransomware impacting over 100,000
Two US healthcare organizations, Bell Ambulance in Wisconsin and Alabama Ophthalmology Associates, confirmed data breaches impacting over 100,000 people each after ransomware attacks. Bell Ambulance’s breach is tied to the Medusa ransomware group, including names, Social Security numbers, and medical information for 114,000 individuals. Alabama Ophthalmology Associates is said to be targeted by the BianLian group and saw similar data compromised for more than 131,000 people.
Marks & Spencer confirms cybersecurity incident amid ongoing disruption
Retail giant Marks & Spencer confirmed it’s managing a cybersecurity incident following customer reports of outages and service disruptions. While physical nstores, the website, and app are operational, some in-store systems, including payment terminals and order pickups, were temporarily affected. The company has brought in external cybersecurity experts and notified authorities, but hasn’t disclosed the nature of the attack or if customer data was compromised.
‘Fog’ hackers troll victims with DOGE ransom notes
Trend Micro reports the Fog ransomware group has ramped up attacks, hitting over 100 victims since January. Attackers now reportedly use phishing emails containing a malicious file disguised as a “Pay Adjustment.zip” archive to infect systems. Researchers warn Fog has adopted double-extortion tactics and recommend strong backup, patching, segmentation, and phishing training to defend against these attacks.
UN researchers warning about Asian scam operations going global
A UN report warns that organized crime groups based in southeast Asia are expanding cyber scam operations globally, moving into Africa, Latin America, and other regions. These so-called scam centers make money from romance scams, fake investments, and illegal gambling. Increased crackdowns have pushed them into areas with weaker law enforcement, with criminals using newer tools like AI, deepfakes, and underground markets, evolving into “crime-as-a-service” networks.