Information security

Information security

In a notice sent to customers on Monday and seen by The Register, the EV charging outfit said that it detected "unusual activity" on its AWS cloud platform on March 7 and quickly discovered that attackers had launched a ransomware attack against parts of its infrastructure. According to the message, some databases were both encrypted and copied during the intrusion, meaning that the crooks likely walked off with user information before the company pulled the plug.

The scam typically involves state-backed fraudsters applying for remote IT work in the west, using fake identities and the help of facilitators in the country where the company targeted is based. Once hired, they send their wages back to Kim Jong-un's state and have even been known to threaten to release sensitive company data after being fired.

Qilin was the most active ransomware group in 2025 with 1,022 attacks, accounting for 13 percent of the total. The group operates via a franchise-like Ransomware-as-a-Service model: affiliates arrange initial access, while the core operators manage negotiations and publications of the leaked data.

How this proliferation occurred is unclear, but suggests an active market for 'second hand' zero-day exploits. Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities.

The attacks are part of the IRGC's recent operations against Amazon data centres in Dubai and other strategic centres in the region. Amazon and Microsoft in these operations has dealt a serious blow to the enemy's technological and information infrastructure.

The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond.

The vulnerability, related to an insufficiently protected cryptographic key, could allow a remote, unauthenticated attacker to bypass verification and connect to a targeted controller by mimicking an engineering workstation. In a real-world industrial environment, the vulnerability could allow remote attackers to manipulate PLC logic and disrupt manufacturing processes, or even cause physical damage to equipment.

The email seen by at least some customers of the Emma email platform was a phishing scam. Hackers hoped to inspire instant panic with the words, 'As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a Support ICE donation button to the footer of every email sent through our platform.'

Thales S.A. is a French defence and security company specialising in electrical components. Its products range from radar systems, aircraft electronics, drones, missiles and satellites, to sensors, ID cards, e-Gates, biometric databases and cryptographic tools. The company emerged in the 1890s as a French subsidiary of the forerunner of US conglomerate General Electric.

This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

Dust Specter used randomly generated URI paths for command-and-control (C2) communication with checksum values appended to the URI paths to ensure that these requests originated from an actual infected system. The C2 server also utilized geofencing techniques and User-Agent verification.

Impostors are impersonating our reporters to extract sensitive business information from unsuspecting targets. In several cases we know about, scammers have adopted the identity of actual staff members, crafting what looks like a standard media inquiry about a company's products and requesting an introductory call.