iNews 218

Cybersecurity News:

Russian cyber group exploits seven-year-old network vulnerabilities for long-term espionage

The group, linked to FSB Center 16, has been scanning the internet for end-of-life software, which it has found in droves.

The UK has imposed new sanctions on Kyrgyz financial institutions and crypto networks accused of helping Russia evade restrictions.

The UK imposed sanctions on Kyrgyz financial institutions and crypto networks accused of aiding Russian sanctions evasion, war funding, and ransomware activities.

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages.

Farmers Insurance harvests bad news: 1.1M customers snared in data breach

Crims raided third-party systems and lifted personal data, including license numbers and partial SSNs

Infrastructure News:

The U.S. should bolster investment reviews to combat China

The Committee on Foreign Investment in the United States just published its 2024 report, revealing once again that shielding U.S. tech from risky foreign investments 

DPRK, China Suspected in South Korean Embassy Attacks

Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both.

China cut itself off from the global internet for an hour on Wednesday

Great Firewall took out all traffic to port 443 at a time Beijing didn't have an obvious need to keep its netizens in the dark

Application and Cloud News:

Florida man gets 10 years in prison in first Scattered Spider sentencing

Noah Urban’s sentence stems from a broader conspiracy involving four other defendants who conducted attacks from September 2021 to April 2023.

Europol says Telegram post about 50,000 Qilin ransomware award is fake

It's not unusual for law enforcement agencies to offer substantial rewards for information which might lead to the identification, arrest, and conviction of cybercriminals.

Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container.

Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape the confines of a container.