Free Republic

Of the 90 zero-days GTIG tracked in 2025, 43 hitZero-day exploitation targeting enterprise tech products reached an all-time high last year, with China-linked cyber-espionage groups remaining the most prolific state-backed users, according to Google. Google Threat Intelligence Group tracked 43 zero-days in enterprise software and appliances in 2025, representing 48 percent of all attacks against these previously undisclosed bugs. That's up from 36 (46 percent) in 2024. In total, the Chocolate Factory documented 90 zero-day vulnerabilities actively exploited last year, which is more than 2024's number (78), but still not as many as 2023's record high of 100. And...

Mossad operatives hacked into Tehran's traffic camera network to spy on Ayatollah Ali Khamenei, his bodyguards and other top Iranian officials for years Israel gained access to almost all the city's cameras, and tracked the movements of key bodyguards. Images were said to be transmitted back to Tel Aviv and southern Israel, allowing Mossad to develop intimate knowledge on the guards' addresses, work schedules, and who they were assigned to protect. One camera angle proved especially helpful and allowed agents to track where bodyguards parked their personal cars when arriving at the Supreme Leader's compound on Pasteur Street in the...

North Korea hacked into the computers of a Hollywood studio in 2014, and the company's former executive now blames himself—or his own childhood—for okaying a movie that angered the dictator in Pyongyang, Kim Jong Un. "Curiously, I never really got angry at the North Koreans, on the assumption that if you kick the hornet's nest and get stung, you can't really blame the hornets," the former CEO of Sony Entertainment, Michael Lynton, writes in an excerpt that appeared in the Wall Street Journal of his new book, From Mistakes to Meaning: Owning Your Past So It Doesn't Own You. In...

New ransomware of choice, same critical targetsNorth Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters. The US healthcare attempt failed, while the Middle East organization was hit with the Medusa strain, the researchers said. Of the nearly 30 victim organizations listed on the Medusa data-leak site since November 2025, four are healthcare and nonprofit organizations in the US, including a mental health nonprofit...

An analysis released by Google this month showed that the U.S. defense industrial base—a network of public and private entities used to develop or maintain military weapons systems—has sustained cyberattacks from groups and criminal organizations from China, Russia, and North Korea in recent months.The report, released on Feb. 10 by Google Threat Intelligence, found that the Chinese regime and associated groups continue “to represent by volume the most active threat to entities in the defense industrial base,” which it said can pose “significant risk to the defense and aerospace sector.”Google’s report added that it “has observed more China-nexus cyber espionage...

SNIPPET: "In March, La Nueva Cuba, an online newspaper, reported that “Russian personnel has been in Cuba for several months working on modernizing SIGINT operations in the old Lourdes surveillance and monitoring facility.” The Web site said the supposed renovation was: …part of a project of rearming and modernization of Russian armed forces and the goal of completion by 2011. The new operations could include military sections dedicated to hacking or computer systems espionage with a capacity to neutralize U.S. military networks… Then last week, an opinion piece appeared in Miami Herald. The headline: Cuba capable of waging a cyberwar....

The website Stop ICE Raids Alert Network, which allows users to “send and receive alerts about ICE raids and activity in [their] areas,” appears to have been breached in a cyberattack. According to reports circulating on social media on Friday, anti-ICE activists visiting the site were greeted by a message, printed ominously in red letters on a black background, that read, “We were not kidding. We sent your names, logins, passwords, and locations to a bunch of government agencies. Sherman Austin is a terrible coder, so are ‘RC’ Concepcion and Matt Beran.” (Snip) In a separate post, @DataRepublican wrote, “I...

There’s no escaping the annual Black Friday sales, which seem to last longer every year. Equally, there’s no escaping that Amazon is the top dog in both the event itself and as a target for cybercriminals. With an estimated 310 million active users in 2025, Amazon has always been a prime quarry for scammers, hackers and other highly-targeted cybercrime activity. Now the online retail giant has issued a stark warning that every customer must take seriously as attackers strike. Here’s what you need to know and do. Amazon Sends Users Attack Warning – What You Need To Know Hot on...

Hashtag-do-whatever-I-tell-youCato Networks says it has discovered a new attack, dubbed "HashJack," that hides malicious prompts after the "#" in legitimate URLs, tricking AI browser assistants into executing them while dodging traditional network and server-side defenses. Prompt injection occurs when something causes text that the user didn't write to become commands for an AI bot. Direct prompt injection happens when unwanted text gets entered at the point of prompt input, while indirect injection happens when content, such as a web page or PDF that the bot has been asked to summarize, contains hidden commands that AI then follows as if...

Gmail users have been urged to check their accounts after it was revealed that more than 183 million passwords were stolen in a data breach. Australian cyber expert Troy Hunt, who revealed the incident, called it a 'vast corpus' of breached data, which totals 3.5 terrabytes. To put that into perspective, that's the equivalent to 875 full-length HD movies. According to Mr Hunt, 'all the major providers have email addresses in there' – so not just Gmail, but Outlook, Yahoo and others too. 'They're from everywhere you could imagine, but Gmail always features heavily,' Hunt told the Daily Mail. So...

Two former employees of cybersecurity firms that sold services helping companies combat hackers have been indicted and accused of participating in a conspiracy, outside of their day jobs, to hack multiple US firms and extort them for millions of dollars. The two men are accused of deploying ransomware used by a prolific cybercriminal gang in attacks in 2023 against a medical device firm in Florida, a pharmaceutical firm in Maryland and a drone maker in Virginia, among other alleged victims. Kevin Tyler Martin of Roanoke, Texas, and Ryan Clifford Goldberg of Watkinsville, Georgia, face matching federal charges including interfering in...

A city had a rude awakening when it tested its electric buses for security flaws. Some cities have gone all-in on their dedication to renewable energy and electric public transportation, but discovering that a jurisdiction does not actually control its own public property likely was not part of the idea. This turned out to be exactly the case when Ruter — the public transportation authority for Oslo, Norway — decided to run tests on its new Chinese electric buses. Approximately 300 e-buses from Chinese company Yutong made their way to Norway earlier this year, with outlet China Buses calling it...

Air travel has, in recent years, already gotten far less pleasant than it used to be just a decade or two ago: you’ve got the hassle of TSA lines, tiny seats (unless you want to pay for one of the endless upgrades offered), airport food that costs more than a car payment, and other inconveniences. Still, we do it because it’s the fastest way to travel and we want to see our families and/or go on vacation. But imagine if you were strolling about the concourse and suddenly you heard pro-Hamas messages being blasted over the PA system? That’s exactly...

Unless Bitcoin upgrades its core cryptography in the next five years, the trust it has built over 16 years could be wiped out by a single quantum attack. Urgent upgrades are needed to protect the world’s leading cryptocurrency. Satoshi Nakamoto changed how we define money. In response to the 2008 collapse of the financial institutions in which millions put their trust, Satoshi created a decentralized monetary system built on elliptic curve cryptography. This combination of cold math and decentralization was a powerful one, attracting not only diehard skeptics but also the world’s largest financial institutions, such as BlackRock. In the...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive asking federal agencies to take immediate action to identify and mitigate system vulnerabilities to protect their devices from a major hacking campaign, the agency said in a Sept. 25 statement.“This widespread campaign poses a significant risk to victims’ networks by exploiting zero-day vulnerabilities that persist through reboots and system upgrades,” CISA said.Zero-day vulnerabilities refer to unknown or unaddressed security flaws in computer hardware, firmware, or software. Such vulnerabilities are called “zero-day” since the software or device with such flaws has zero days to fix the issue, thus enabling...

Chinese government-backed hackers have reportedly stolen information from critical infrastructure and government computer systems as part of a years-long campaign that includes the well-known Salt Typhoon activity. More than 80 countries were targeted and the Chinese hackers are learnt to have "stolen information from nearly every American", officials said, according to The New York Times. .. During the sweeping yearlong attack, China-backed Salt Typhoon group infiltrated major telecommunications companies and others, and stole data could allow Chinese intelligence services to exploit global communication networks to track targets including politicians, spies and activists, investigators said in a highly unusual joint statement...

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data was stolen from it's Salesforce account. TransUnion is one of the three major credit bureaus in the United States, alongside Equifax and Experian. It operates in 30 countries, employs 13,000 staff, and has an annual revenue of $3 billion. It collects and maintains credit information on over 1 billion consumers worldwide, with approximately 200 million of those based in the U.S. This information is shared with 65,000 businesses, including lenders, insurers,...

"Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage. (snip) “If I were an operative, I would look at that as an avenue for extremely valuable access. We need to...

U.S. officials were acutely aware that Beijing was trying to obtain America's premiere nuclear reactor technology, including through illicit hacking, months before Hunter Biden and his business partners sought to arrange a quiet sale of an iconic U.S. reactor company to a Chinese firm, according to court records and national security experts. Hunter Biden's unsuccessful efforts to help CEFC China Energy acquire Westinghouse, one of America's most famous electricity and appliance brands, and its state-the-art AP1000 nuclear reactor began in early 2016 while Joe Biden was still a sitting vice president, memos published Wednesday by Just the News show. Just...

Charles McGonigal may be the most corrupt FBI official in modern history—and yet somehow, his name has barely made a blip on the radar. This wasn’t some mid-level pencil-pusher. McGonigal was one of the top counterintelligence agents at the FBI’s New York field office. He was directly involved in the bureau’s most sensitive operations, including the infamous “Crossfire Hurricane” probe into (phony) Trump–Russia “collusion.” And after that whole fraudulent mess, it turns out that he was secretly taking money from a Kremlin-linked oligarch and helping shake down Albanian oligarchs on the side. You can’t make this up, right? Now here...