Google says ‘Big Sleep’ AI tool found bug hackers planned to use
Google says its AI agent “Big Sleep” discovered and thwarted a critical SQLite vulnerability before hackers could exploit it—marking what it claims is the first time AI has actively blocked a zero-day attack in the wild. The tool was developed with Project Zero and DeepMind and found multiple real-world bugs since its November debut and is now being used to secure open-source projects.
Google fixes actively exploited sandbox escape zero day in Chrome
Google also released a security update for Chrome that addresses around a half dozen vulnerabilities, including one with a high severity rating. That exploit is being used by attackers to escape the browser’s sandbox protection using specially crafted HTML pages to execute arbitrary code within the browser’s GPU process.
China’s cyber sector amplifies Beijing’s hacking of U.S. targets
The Washington Post reports that U.S. officials have seen Chinese cyberattacks more than double since 2023. Indictments and leaked files tie firms like Shanghai Powerock and iSoon to China’s government, letting large-scale intrusions exist through zero-days sold across agencies. Groups like Salt Typhoon and Silk Typhoon have penetrated U.S. infrastructure, media, and defense systems, with CrowdStrike, Mandiant, and CISA confirming escalating threats.
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group
Europol and 12 countries disrupted the pro-Russian DDoS group NoName057(16) in “Operation Eastwood,” targeting over 100 servers and arresting two suspects. The group appears to have been active since 2022, and used Telegram and volunteer-run tools to attack European infrastructure supporting Ukraine. Authorities warned 1,100 participants and issued seven arrest warrants.
Huge thanks to our sponsor, ThreatLocker
Retailer Co-op: Attackers snatched all 6.5M member records
The UK retailer Co-op confirmed that all 6.5 million member records were stolen in an April cyberattack attributed to Scattered Spider, though ransomware was blocked before deployment. Co-op believes the attackers’ movements were fully tracked and that no financial data was affected. Four suspects tied to attacks on UK retailers were arrested and released on bail. Officials warn the incident underscores the need for stronger cyber defenses across critical infrastructure.
SquidLoader Malware Campaign Targets Hong Kong Financial Sector
Researchers from Trellix say a new malware campaign using SquidLoader is targeting financial institutions in Hong Kong, deploying Cobalt Strike Beacon and evading most detection tools. The attack begins with spear-phishing emails containing disguised executables, followed by a multi-stage infection with extensive anti-analysis techniques. Related activity is also thought to be spreading to Singapore and Australia.
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware
A threat actor tracked as UNC6148 is deploying a stealthy rootkit called OVERSTEP on end-of-life SonicWall SMA 100 devices, exploiting suspected zero-day and known vulnerabilities to gain persistent access and steal credentials. Google’s Threat Intelligence Group says the malware modifies the device’s boot process, hides itself with advanced anti-forensic features, and installs Cobalt Strike or Abyss ransomware. The campaign includes log wiping, credential theft, and long-term persistence, with ties to data extortion and prior ransomware incidents.
Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader
An international law enforcement operation led by Europol dismantled the Diskstation ransomware gang, a Romanian group that had been targeting Synology NAS devices since 2021 under multiple aliases. The attackers encrypted corporate data and demanded ransoms up to hundreds of thousands of dollars, often severely disrupting businesses. A 44-year-old man was arrested in Romania following forensic and blockchain investigations linking him to the attacks.