Russian hackers tap into Signal conversations
Russian state-backed hackers are exploiting Signal’s “linked devices” feature to hijack accounts by tricking targets—often Ukrainian military personnel—into scanning malicious QR codes. Once linked, attackers can intercept messages in real time without fully compromising the victim’s device. Google researchers identified multiple threat groups using this technique, with some embedding QR codes in phishing pages disguised as military applications or security alerts. Signal has rolled out security updates to counter these threats but urging users to take extra precautions when scanning QR codes.
(Bleeping Computer), (The Record), (The Hacker News)
Ransomware group hits critical infrastructure globally
Ghost ransomware has hit critical infrastructure and multiple industries across 70+ countries by exploiting unpatched vulnerabilities in Fortinet, ColdFusion, and Exchange servers. In a joint advisory on Wednesday, CISA, the FBI, and MS-ISAC warn that attackers rotate malware variants, ransom notes, and email addresses to evade attribution, using tools like Mimikatz and CobaltStrike for initial access. To defend against these attacks, the advisory recommends organizations should patch vulnerabilities, implement phishing-resistant MFA, segment networks, and maintain offline backups.
CISA says patch Palo Alto flaw immediately
Attackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in Palo Alto Networks’ PAN-OS firewalls, chaining it with two other vulnerabilities (CVE-2024-9474 and CVE-2025-0111) to escalate privileges and read sensitive files. Exploitation attempts have surged, with 25 malicious IPs now targeting affected devices, up from just two initially. CISA has added CVE-2025-0108 to its ‘Known Exploited Vulnerabilities’ catalog, requiring federal agencies to patch by March 11, 2025. Organizations are urged to apply patches immediately and whitelist IPs in the management interface.
(Dark Reading), (Bleeping Computer)
Thousands rescued from scam hubs
Thailand is set to take in 7,000 people rescued from illegal cyber scam hubs in Myanmar as part of a regional crackdown on human trafficking and online fraud. Criminal syndicates in Myanmar, Cambodia, and Laos have forced thousands—many trafficked through Thailand—into scams like cryptocurrency fraud and fake investment schemes. While authorities continue efforts to dismantle these operations, past crackdowns have shown that these groups often relocate and are able to continue this multibillion-dollar industry.
Huge thanks to our sponsor, Scrut Automation
FBI official provides more detail on Salt Typhoon attack
A top official at the FBI painted a clearer picture as to the sheer impact of the Salt Typhoon attack, speaking at the 2025 Zero Trust Summit, FBI deputy assistant director Cynthia Kaiser, emphasized the scale and indiscriminate nature of China’s data collection from major telecom providers. Officials say the breach compromised every group of people including, law enforcement information, call records, and even data on American children—raising concerns over its long-term impact. Kaiser asked the crowd, “Can any of you imagine a world in which China would have been stealing information about you as a 13-year-old? That’s precisely what American children are facing.. And that’s going to follow them in the future.” Since being exposed last year The U.S. has since sanctioned a Chinese national and a cybersecurity firm linked to the operation but Salt Typhoon remains active, with ongoing attacks on global networks.
New malware spreads as fake browser update
A new macOS-targeting malware called FrigidStealer is being distributed via a compromised website disguised as a browser update, tricking users into entering their passwords to steal browser cookies, credentials, Apple Notes, and cryptocurrency-related files. The malware is linked to the financially motivated cybercriminal group TA2727, which has previously targeted Windows and Android users with similar tactics. Attackers are using a traffic distribution service (TDS) operated by TA2726, which also directs traffic to other cybercrime groups, including those behind SocGholish malware.
Military man pleads guilty in telecom attacks
A former U.S. Army soldier has pleaded guilty to hacking a significant amount of phone records from AT&T and Verizon. The defendant, John Wagenius, faces up to 10 years in prison and a $250,000 fine for each of the two charges of unlawful transfer of confidential phone records. The breaches, tied to the indictment of other hackers involved in the 2024 Snowflake data breaches, which exposed data from AT&T, LendingTree, Santander Bank, Ticketmaster, and over 160 other companies.
Trump administration taps top DOJ official
President Donald Trump plans to nominate John Eisenberg, a key figure in his first impeachment, to lead the Justice Department’s National Security Division. Eisenberg, who served as legal adviser to the National Security Council during the Ukraine call scandal, would oversee terrorism and cyber-espionage cases if confirmed. His nomination is likely to spark scrutiny over his handling of the Ukraine call and his position on FISA’s Section 702, a key national security surveillance tool.