In today’s cybersecurity news…
Coordinated scams target MENA region
Group-IB reports a coordinated wave of fake job ads targeting the Middle East and North Africa or MENA region, exploiting demand for remote work. More than 1,500 fraudulent ads were identified in 2025, mainly aimed at Egypt, Gulf states, and North Africa, using localized language, currencies, and familiar brands. Victims are lured via social media, moved to WhatsApp or Telegram, asked for personal or financial details, and often pressured to deposit money for higher-paying “tasks” before scammers disappear. (Infosecurity Magazine)
Pen Test Partners accused of ‘blackmail’
Researchers at Pen Test Partners disclosed multiple flaws in Eurostar’s public AI chatbot that allowed prompt injection, system prompt leakage, and potential HTML and cross-site scripting attacks, but now say they were accused of “blackmail” by Eurostar’s head of security during the disclosure process. The issues stemmed from poor guardrail design that only validated the latest message in a chat, letting an attacker tamper with earlier messages to bypass protections. Pen Test says it’s unclear whether all issues have been fully resolved. (The Register)
Hackers steal record $2.7B in crypto in 2025
According to data from Chainalysis, TRM Labs, and De.Fi, hackers stole a record $2.7 billion in cryptocurrency in 2025. The largest incident noted was the $1.4 billion Bybit exchange hack, which U.S. authorities and blockchain analysts attributed to North Korean state-backed hackers, who are estimated to have stolen at least $2 billion this year to fund weapons programs. This continues a rise from $2.2 billion stolen in 2024 and $2 billion in 2023. (TechCrunch)
DDoS protection faces fresh challenges
IT Security Guru posted on Wednesday that automated bot traffic now accounts for more than half of all web traffic, complicating DDoS defense as attackers blend in with legitimate automation. The shift is driving larger, multi-vector attacks that combine network-layer floods with application- and API-layer abuse, including a 6 Tbps DDoS attack against Solana in December that caused no downtime. The article says traditional perimeter defenses and rate limiting aren’t sufficient anymore, and that organizations need behavior-based detection and layered protections spanning network, application, and API layers to counter both volumetric and cost-exhaustion attacks. (IT Security Guru)
Huge thanks to our sponsor, ThreatLocker
workshops that show CISOs exactly how to implement and maintain Zero Trust in real
environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March
6. Get $200 off with ZTWCISO26 at ztw.com.
FCC announces ban on foreign drones and critical components
The FCC added foreign-made drones and critical drone components to its Covered List, citing national security risks, blocking new models from being approved, imported, or sold in the U.S. under the 2025 National Defense Authorization Act. Th targets Chinese manufacturers like DJI and Autel. Existing and previously approved drones aren’t affected, the ban applies only to future device models. (Security Affairs)
Microsoft rolls out hardware-accelerated BitLocker in Windows 11
Microsoft is rolling out hardware-accelerated BitLocker in Windows 11 to improve performance and security by offloading encryption tasks to supported system-on-chip components. On compatible NVMe-based systems, this reduces CPU usage by about 70% per I/O and better protects encryption keys from memory and CPU attacks. The feature is available starting with Windows 11 24H2 and 25H2, initially on Intel vPro systems with Core Ultra Series 3 processors, with more hardware support planned. (Bleeping Computer)
Cyber volunteer effort for small water utilities announces new plan
DEF CON Franklin announced plans to build a managed security service provider model for small and rural U.S. water utilities, after its volunteer-based cybersecurity effort proved hard to scale. Co-founder and former Biden administration cyber official Jake Braun, says the initiative would offer shared, affordable threat monitoring and response through a national framework run with the National Rural Water Association, since findings show more than 70% of water systems fail basic cyber standards. Funding support includes backing from Craigslist’s Craig Newmark, with cybersecurity expert Tara Wheeler hired to help design and run the program. (The Record)
Evasive Panda APT poisons DNS requests to deliver MgBot
Kaspersky reports the China-linked Evasive Panda APT poisoned DNS requests for legitimate sites to deliver its MgBot malware in long-running, highly targeted campaigns from late 2022 through 2024. The group used fake software updates, adversary-in-the-middle techniques, multi-stage loaders, and per-victim encryption to evade detection, ultimately injecting MgBot into legitimate Windows processes for long-term persistence. Victims were identified in Turkey, China, and India, with some systems compromised for more than a year. (Securelist)