In today’s cybersecurity news…
Alleged RedLine dev extradited to US
An alleged developer of the RedLine infostealer malware, Hambardzum Minasyan, was extradited from Armenia to the U.S. and faces up to 30 years in prison on fraud, hacking, and money laundering charges. Prosecutors say he helped run RedLine’s infrastructure, supported affiliates, and profited from selling access to the malware, which has been used in thousands of attacks across more than 150 countries. The case follows a 2024 international takedown of RedLine systems. Authorities continue to target its operators and ecosystem. (The Record)
Red Menshen uses BPFDoor to spy
China-linked threat group Red Menshen has infiltrated telecom networks to conduct long-term espionage, using stealthy kernel-level implants like BPFDoor to maintain persistent access. Researchers at Rapid7 say the malware operates as a passive backdoor that activates only via specially crafted network packets, allowing covert surveillance, credential theft, and lateral movement without typical detection signals. This targets network infrastructure from vendors like Cisco and Fortinet, with newer variants hiding commands inside HTTPS traffic. (The Hacker News)
Former NSA chiefs worry US cybersecurity is slipping
At RSAC 2026, former National Security Agency leaders warned that the U.S. is losing its offensive cyber edge amid rising threats from China, AI, and cybercriminals. Officials including Paul Nakasone and Mike Rogers said repeated attacks have led to complacency, while political division, lack of major cyber legislation, and weakened public-private coordination are slowing response efforts. They also warned China has pre-positioned inside critical infrastructure, and without stronger action, a major cyber crisis could be inevitable. (CyberScoop)
Auto cyberthreats on the rise
In more news coming out of RSAC, automotive cybersecurity is a big deal as vehicles become increasingly connected and autonomous. Kamel Ghali, vice president of Car Hacking Village, and Julio Padilha, CISO of Volkswagen & Audi South America, say that modern cars, with millions of lines of code and extensive wireless connectivity, face rising threats similar to the 2015 Jeep Cherokee hack by Charlie Miller and Chris Valasek, which allowed remote control over vehicle functions. Ghali highlighted ongoing research at Car Hacking Village and warned AI and post-quantum encryption will reshape vehicle security. Padilha emphasized continued investment to secure autonomous systems. (Dark Reading)
Huge thanks to our sponsor, ThreatLocker
Ajax hack exposed data, ticket hijack
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed a breach where an attacker exploited vulnerabilities to access email addresses of a few hundred users and limited personal data of fewer than 20 banned fans. Journalists at RTL confirmed the flaws allowed ticket transfers, modification of stadium bans, and potential access to hundreds of thousands of accounts via exposed APIs. The club says it has patched the issues, notified authorities, and found no evidence of large-scale abuse. The full extent of prior exploitation is unclear. (BleepingComputer)
Langflow AI platform attacked
Attackers started exploiting a critical code injection flaw in the Langflow AI framework within hours of disclosure, using an exposed API endpoint to execute arbitrary code without authentication. Sysdig researchers say the bug allows data theft and lateral movement by accessing API keys and credentials tied to services like OpenAI and AWS. CISA has flagged the flaw as actively exploited. Users should upgrade to version 1.9.0. (Dark Reading)
FCC cracks down on robocallers
The Federal Communications Commission approved new proposals to crack down on robocalls by tightening requirements for obtaining phone numbers and increasing transparency around caller identities. The rules target abuse of resold numbers and tactics like number cycling, which help scammers evade detection across telecom networks. A separate proposal would restrict the use of foreign call centers and potentially require disclosures or U.S.-based routing, as regulators link non-US operations to a significant share of activity. (CyberScoop)
US official accuses China of exploiting cyber scam crisis
Reva Price, a U.S. official from the U.S.-China Economic and Security Review Commission, has accused China of tacitly supporting cyber scam syndicates in Southeast Asia, alleging links between scam profits, state-backed projects, and selective enforcement that spares groups targeting foreigners. The schemes are said to generate tens of billions annually and increasingly target Americans, with losses rising as China cracks down mainly on domestic victims. U.S. officials are calling for stronger diplomatic pressure and coordination to disrupt the ecosystem. (The Record)