Spyware, 0-Days and depressing AI

This week's newsletter explores the expanding threat of spyware, with incidents involving Paragon and Predator targeting journalists and activists globally. Cyber conflicts are ongoing as Ukraine hacks Russian defense systems and Belarusian hackers challenge Kaspersky. Policy shifts highlight Denmark's move away from Microsoft. Critical vulnerabilities in Microsoft products and ongoing cyberattacks on corporations driving some of them to insolvency, while GenAI shows us how depressing it really is.

Cyber Conflict

• Spyware: Paragon spyware activity found on more journalistic’ devices (link). Italy admits it hacked activists with Israeli spyware Paragon (link). Cloudflare observes a surge in cyberattacks targeting journalists (link). Predator spotted in Mozambique for first time, another sign of spyware’s availability (link)

• Cyber weapons in the Israel-Iran conflict may hit the US (link)

• Chinese industrial espionage: Deep dive on what happens in the Netherlands but doesn’t stay in the Netherlands (link)

• Belarusian hackers taunt Kaspersky over a report detailing their attacks (link)

• Ukraine's military intelligence agency (HUR) said it hacked into the internal systems of Russia’s major state-owned aircraft manufacturer Tupolev, days after Ukraine launched surprise drone assaults on Russian air bases (link)

• Cyber and cognitive conflict: Kremlin-backed disinformation campaigns are bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers: Inside a dark adtech empire fed by fake CAPTCHAs (link)

Cyber Policy around the world

• US National Cyber Director Harry Coker: We can’t have economic prosperity or national security without cybersecurity (link). In an industry where talent is key, rare and hard to maintain, the CISA brain drain continues, and the budget cuts haven't even started yet (link)

• Danish government agency to ditch Microsoft software in push for digital independence (link)

• EU Citizens, you can actively do something for EU tech sovereignty by opting for DNS4EU servers (link)

IT-Security News

• The end of human creativity and happiness: Google can now generate a fake AI podcast of your search results (link) and ChatGPT's AI Codex aims to replace coders with new features (link). High hopes, considering that ChatGPT 'got absolutely wrecked' by an Atari 2600 in a beginner's chess match (link). Oh, your Meta AI chats might be public, but it’s not a bug (link) but one of the most depressing features of the internet (link)

• 0-Days: Critical vulnerability in Microsoft 365 Copilot shows risk of AI agents (link) Windows WebDav zero-day being exploited (link) and there is an iPhone-Zero-Click exploit used for spyware (link)

• Denial of business: German napkin maker Fasana faces insolvency after cyber-attack (link)

• Canadian Airline WestJet hit by Cyberattack (link)

• Paraguay is being targeted by cybercriminals - 7.4 million citizens records for sale (link)

• Do you trust Xi with your 'private' browsing data? Apple, Google stores still offer Chinese-owned VPNs, report says (link)

• Phishing sites posing as DeepSeek downloads drop a proxy backdoor (link)

Research

• Space cybersecurity governance: assessing policies and frameworks in view of the future European space legislation (link)

• Europe could win the battle for the future of digital money (link). The article discusses the contrasting strategies of China and the US regarding digital currencies, with China focusing on a state-controlled central bank digital currency () and the US favoring private cryptocurrencies. Europe, adopting a hybrid approach by embracing both CBDC and private cryptocurrencies, could potentially lead in digital currency innovation while mitigating risks to its banking system.

• All’s Not Quiet on the Western Front: Increasingly hostile behaviour in cyberspace tests coalitions of the willing (link) leads to more public attributions particularly involving Russia, China, but it raises questions about the effectiveness of the 'naming and shaming' policy.

• One of the most important pieces of tech that you probably never heard off: Researchers claim spoof-proof random number generator breakthrough (link) by leveraging quantum entanglement and a publicly verifiable hash chain. This ensures that the generated numbers are both truly random and resistant to tampering.

The sad Bit

• RIP: Bill Atkinson, co-creator of Apple Lisa and Mac (link)