In today’s cybersecurity news…
iPhone and iPad cleared for classified NATO work
The announcement was made yesterday by Apple that its phones and tablets are the first consumer devices to receive approval of working at the NATO RESTRICTED level. The devices are now part of the NATO Information Assurance Product Catalogue (NIAPC). This means iPhones and iPads can be “used with classified information without requiring special software or settings. The listing specifies that the native Mail, Calendar, and Contacts apps for iOS and iPadOS provide secure access to data.”
U.S. Education and Healthcare targeted with Dohdoor backdoor
This attack is being conducted by a previously unknown group named by Cisco Talos as UAT-10027. The group’s goal is to deliver a new backdoor codenamed Dohdoor, which uses DNS-over-HTTPS (DoH) for command-and-control (C2) communications. The campaign is suspected to “involve the use of social engineering phishing techniques, leading to the execution of a PowerShell script.” The threat actor hides the C2 servers behind the Cloudflare infrastructure. Although the group has not been identified, certain attributes of the campaign strongly resemble those used by North Korea’s Lazarus and Kimsuky groups.
Trend Micro warns of critical Apex One code execution flaws
The cybersecurity software firm has patched the two vulnerabilities, which would allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. “Apex One is an endpoint security platform that detects and responds to security threats, including malware, spyware, malicious tools, and vulnerabilities.” Both vulnerabilities have CVE numbers (CVE-2025-71210 and CVE-2025-71211). As Trend Micro explained in a security advisory released Tuesday that “successful exploitation requires attackers to have access to the Trend Micro Apex One Management Console,” meaning customers whose console’s IP address is exposed externally should consider mitigating factors such as source restrictions if not already applied.”
European ecommerce chain ManoMano suffers data breach
ManoMano is an online marketplace specializing in DIY, home improvement, gardening, and related products. It is based in France and sells to customers in France, Belgium, Spain, Italy, Germany, and the United Kingdom and its e-stores reportedly have 50 million unique visitors per month. The company learned of the hack in January 2026, and an investigation has determined that 38 million individuals are affected. The data stolen appears to be basic PII, with no financial information affected. The cause of the breach is believed to be a third-party vendor, specifically a Tunis-based customer support service provider that suffered a Zendesk breach.(BleepingComputer)
Huge thanks to our sponsor, Adaptive Security
Ransomware payments dropped in 2025, but attack numbers reached record levels
A new report released yesterday by blockchain research company Chainalysis stated that claimed attacks grew by 50%, but victim payment rates dropped to a record low of 28%. This translates to a total of $820 million in payments to ransomware actors in 2025, which might rise to $900 million as more data arrives. Chainalysis researchers attribute the increase in attacks and slowdown in payments to the fact that companies are getting better at incident response, and that “regulatory scrutiny has increased to the point where payouts are now heavily discouraged.”
UK turns to automated scanning to speed cyber fixes
The British government said Thursday it has “slashed the time required to fix some of the most serious cyber vulnerabilities across the public sector, pointing to a new automated monitoring service.” It is called the Vulnerability Monitoring Service, and it “operates as a central scanning platform that continuously checks internet-facing systems used by public bodies, from central government departments to health and local authorities, for signs of known security weaknesses.” This is the latest in a series of steps and attempts made by the UK government to formulate a stronger cyber defense position. The service currently covers around 6,000 organizations and is leading to about 400 confirmed vulnerabilities being processed and resolved each month.
AI-driven development makes security unattainable, warns Veracode
In its annual State of Software Security report, the company says that based on data from 1.6 million applications tested on its cloud platform, more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable. The researchers do say, however, that the higher numbers may be a result of increasing use of testing tools, meaning that more problems are being spotted that might previously have been missed. Veracode also suggests that there is also an accelerating pace of software releases causing new code to be added more quickly than existing vulnerabilities are addressed, and that AI-generated code makes remediation more difficult.
Aeternum C2 botnet stores encrypted commands on Polygon blockchain
Researchers at Qrator Labs have disclosed details of a new botnet loader called Aeternum C2 that “uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts.” The public Polygon blockchain is widely used by decentralized applications, including Polymarket, the world’s largest prediction market. Aeternum C2 first appeared in December 2025, when a threat actor advertised the malware on underground forums.