Asian Government’s Espionage Campaign Breached Critical Infrastructure in 37 Countries
Article Link: https://www.cybersecuritydive.com/news/asian-governments-espionage-campaign-breached-critical-infrastructure-in-3/811472/
- Hackers linked to an Asian government broke into at least 70 government agencies and infrastructure organizations across 37 countries over the past year, according to a report from Palo Alto Networks Unit 42.
- The campaign focused on intelligence gathering tied to rare earth minerals, trade negotiations, and strategic partnerships, while also running a sly large-scale reconnaissance against government networks in 155 countries during late 2024.
- Victims included national telecommunications firms, finance ministries, police agencies, energy suppliers, airlines, and public service networks, with activity often around elections, diplomatic meetings, and major commercial talks.
- Researchers shared indicators of compromise (IoC) and detailed attacker techniques, including phishing-delivered malware, exploitation of widely used enterprise systems, and stealthy Linux kernel backdoors designed to bypass logging and detection tools.
CISA Tells Agencies to Stop Using Unsupported Edge Devices
Article Link: https://cyberscoop.com/cisa-bod-directive-unsupported-edge-devices-firewalls-routers/
- Cybersecurity and Infrastructure Security Agency (CISA) issued a binding operational directive ordering federal civilian agencies to stop using unsupported edge devices such as firewalls and routers that no longer receive vendor updates.
- The order targets a well-used attack pathway, as new flaws in perimeter devices surface often and give intruders direct access into government networks.
- Agencies must inventory unsupported edge devices within three months, replace items from their specified list within one year, and create a recurring process within two years to identify devices approaching end of service.
- CISA is developing a nonpublic list of affected products, worked with the Office of Management and Budget on the directive, and stated the timeline allows agencies to budget, replace hardware, and manage systems that are difficult to upgrade.
NSA Publishes New Zero Trust Implementation Guidelines
Article Link: https://www.infosecurity-magazine.com/news/nsa-zero-trust-implementation/
- The National Security Agency (NSA) released updated Zero Trust Implementation Guidelines describing how organizations can move from discovery to target-level maturity.
- The guidance introduces Phase One and Phase Two, organizing 152 activities into structured stages that support the federal zero trust framework while allowing flexibility based on operational limits.
- Phase One defines 36 activities across 30 capabilities to establish a secure baseline, while Phase Two adds 41 activities covering 34 additional capabilities across environments and applications.
- The guidance emphasizes continuous evaluation after login, warning that many intrusions occur post-authentication and that network access controls alone fail without visibility into application-level decisions.
FCC Urges Telecoms to Boost Cybersecurity Amid Growing Ransomware Threats
Article Link: https://www.cybersecuritydive.com/news/fcc-telecommunications-ransomware-warning/811100/
- The Federal Communications Commission (FCC) warned telecommunications companies after seeing ransomware incidents disrupt service at a growing number of small and mid-sized providers.
- In a January alert, the commission said recent intrusions locked firms out of files, exposed data, and halted operations, while global ransomware activity against telecom providers rose fourfold between 2022 and 2025.
- The alert outlines common attacker methods, notes supply-chain weaknesses as a frequent entry point and describes how intrusions often spread through poorly maintained systems and third-party vendors.
- The FCC outlined response steps, including patch validation, multifactor login controls, network segmentation, regular backups, employee training, and formal reporting to federal agencies when incidents occur.
Microsoft Starts the Countdown for the End of Exchange Web Services
Article Link: https://www.theregister.com/2026/02/06/microsoft_ews_shutdown/
- Microsoft set firm dates to disable and retire Exchange Web Services in Microsoft 365 and Exchange Online, closing out the long-deprecated API.
- EWS will be disabled by default on October 1, 2026, with a temporary opt-in available until a full shutdown on April 1, 2027, and no extensions planned.
- First released with Exchange Server 2007, the service allowed applications to access mailboxes and data stores and stayed widely used by third parties and legacy tools despite repeated misuse.
- Microsoft told administrators to complete migrations, pointed teams toward Microsoft Graph, and said it may run temporary “scream tests” that toggle EWS access to expose hidden dependencies.
Notepad++ Updates Delivered Malware After Hosting Provider Breach
Article Link: https://hackread.com/notepad-updates-malware-hosting-breach/
- A months-long breach at a former hosting provider let attackers hijack Notepad++ update traffic in 2025, exposing users to malicious downloads without exploiting flaws in the software’s code.
- The compromise began in June and lasted into November, with attackers intercepting update requests and redirecting selected users to servers delivering altered binaries, according to maintainer Don Ho.
- Logs showed the activity focused almost entirely on the notepad-plus-plus.org domain, suggesting deliberate targeting rather than broad abuse, with investigators citing patterns linked to a Chinese state-backed operation.
- The project moved update services to a new provider, added stronger signature and certificate checks in recent releases, and plans stricter validation, while warning users that the full scope of exposure remains unknown.
- FRSecure experts recommend reviewing Rapid 7 IoCs: https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
Hackers Publish Personal Information Stolen During Harvard, UPenn Data Breaches
Article Link: https://techcrunch.com/2026/02/04/hackers-publish-personal-information-stolen-during-harvard-upenn-data-breaches/
- A hacking group calling itself ShinyHunters published data taken from last year’s breaches at Harvard University and the University of Pennsylvania, claiming more than one million records from each school.
- The group posted the data on its leak site after both universities declined to pay ransom demands, a tactic used to pressure victims into payment after intrusions.
- UPenn said attackers accessed systems tied to alumni and development activities through social engineering, while Harvard attributed its breach to a voice phishing attack targeting alumni systems.
- Published data appears to include contact details, addresses, donation records, event attendance, and biographical information, prompting Penn to review the exposure and notify affected individuals where required.
County Pays $600K to Wrongfully Jailed Pen Testers
Article Link: https://www.darkreading.com/cybersecurity-operations/county-pays-600k-wrongfully-jailed-pen-testers
- Dallas County, Iowa agreed to pay $600,000 to Gary De Mercurio and Justin Wynn, two penetration testers arrested in 2019 while performing a contracted courthouse security evaluation.
- The testers were hired by the Iowa Judicial Branch to test alarm systems, presented documentation to responding officers, yet were jailed after a county sheriff disputed the authority behind the engagement.
- The arrests triggered years of legal battles, damaged careers, and client relationships, despite video footage and records confirming the testers were authorized to perform the work.
- The case exposed risks tied to physical testing, particularly when government entities lack shared understanding, prompting calls for tighter documentation, clearer coordination, and legal safeguards before field engagements.
Man Pleads Guilty to Hacking Nearly 600 Women’s Snapchat Accounts
Article Link: https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-nearly-600-womens-snapchat-accounts/
- A 26-year-old Illinois man, Kyle Svara, pleaded guilty in federal court to hacking nearly 600 women’s Snapchat accounts to steal private photos that he kept, sold, or traded online.
- Court records say Svara impersonated Snap employees, texted more than 4,500 targets between 2020 and 2021, harvested access codes from roughly 570 victims, and entered at least 59 accounts without permission.
- Prosecutors said Svara also performed paid hacking jobs, including work requested by former Northeastern University track coach Steve Waithe, who was later sentenced to prison for sextortion involving student athletes.
- Svara now faces multiple federal charges, including identity theft, wire fraud, and computer fraud, and is scheduled for sentencing in May.
