Newsletters

R6S hacked: A threat actor hacked the backend servers of Ubisoft's Rainbow Six Siege FPS game and assigned billions in in-game currency to user accounts. Ubisoft confirmed the breach, took down servers, and rolled back the bans for users who received the currency and were automatically flagged and banned by the backend. The hack was linked to a MongoDB vulnerability known as MongoBleed, CVE-2025-14847, disclosed two days before Christmas and which very few companies had a chance to patch. [Dexerto]

Conde Nast gets hacked: A hacker breached news powerhouse Conde Nast and leaked the data of 2.3 million WIRED subscribers. The newest data points are from September 2024, the date of the presumed breach. Conde Nast has yet to confirm due to the winter holiday break. [DataBreaches.net]

ESA breach: Hackers breached the JIRA and Bitbucket servers of the European Space Agency (ESA). [BleepingComputer]

Docker Hardened Images are now free: Docker has made Hardened Images free for every developer. These are server images managed by Docker that are constantly updated and patched for the most recent security flaws. Devs previously needed some sort of subscription to use Hardened Images.

Piracy group leaks Spotify song database: A piracy and open-source group named Anna's Archive has leaked 256 million Spotify tracks. Spotify said it found and suspended the accounts that scraped its site.

TikTok signs divest deal: Chinese social media network TikTok has signed a deal to divest and sell its US division to a group of Trump allies. More than half the company is now owned by tech company Oracle, private equity firm Silver Lake, and Emirati-backed investment firm MGX. ByteDance and existing shareholders hold the rest. [CNN]

Belarusian authorities are deploying spyware on the smartphones of local journalists during police interrogations.

The ResidentBat spyware was spotted this year after a reporter who was interrogated by the Belarusian KGB intelligence service started receiving malware alerts on his device, days after being questioned by authorities.

The spyware can collect call logs, record through the microphone, take screen captures, collect SMS messages and messages from encrypted messaging apps, and exfiltrate local files.

Last week, the US revealed the Russian government had used two state-backed hacktivist groups to carry out disruptive attacks against critical infrastructure worldwide.

The history and activities of the CyberArmyofRussia_Reborn (CARR) and NoName057(16) (NoName), were described in indictments and sanctions announced by the US Department of Justice and Treasury respectively, and in a joint advisory published by CISA. 

The US says that the CARR was "founded, funded and directed" by Russian military intelligence (the GRU) as an unattributable way of deterring anti-Russia rhetoric. The group was founded in early 2022 shortly after Russia's invasion of Ukraine, started out with DDoS attacks and over time has escalated to attacks on operational technology (OT) systems. 

An academic study by a team of Belgian researchers has found that most of today's smart devices come with an embedded web browser that runs extremely out of date versions, sometimes as much as three years.

The study, from the Catholic University in Leuven, Belgium (KU Leuven), looked at browsers that ship with smart TVs, e-readers, gaming consoles, and other modern hardware.

All five e-readers that were tested, and 24 of 35 smart TV models, used embedded browsers that were at least three years behind current versions.

Meta's security team has shut down a disinformation network spreading Russian propaganda across Africa.

The network has been active for more than six months and was run by Russia-based entities, the company said in its quarterly security report [PDF].

The network ran over 65 accounts and 70 pages that mimicked legitimate news outlets and published content critical of France and the US and promoted Russian geopolitical narratives.

Public and private critical sector organizations across the EU are having issues attracting and retaining cybersecurity talent.

According to a survey by the EU's cybersecurity agency, candidates don't have the necessary skills or the employers don't have the proper training programs.

Cyber experts who leave companies cite excessive workloads, burnout, and the lack of competitive salaries and bonuses.

The Linux kernel is adding support for a new security feature designed to help secure cloud server infrastructure.

Support for PCI Express Link Encryption will roll out with the upcoming release of the Linux kernel, version 6.19.

The new feature was developed together by representatives from chipmakers Intel, AMD, and Arm.

At least two Chinese APT groups are exploiting a recently disclosed vulnerability in the React framework's server components.

Attacks began within hours after the vulnerability, tracked as CVE-2025-55182 and named React2Shell, was disclosed last Wednesday.

The AWS security team has linked the attacks to two groups tracked as Earth Lamia and Jackpot Panda.

A new paper from the Germany-based think tank Interface has attempted to define the threshold at which peacetime state cyber operations become irresponsible. 

The author thinks that more concrete definitions of responsible behaviour would help guide states and prevent dangerous conduct.  

It's a commendable effort, but we don't think the architects of cyber operations really care about norms, and a German think tank writing down its preferred rules on a piece of paper won't make any difference to state behaviour.