Incidents
A new analysis from Talos details a long-running espionage operation it calls Static Tundra, attributed to a Russian state-sponsored actor linked to the FSB’s Center 16 and likely related to the Energetic Bear grouping. The actor prioritizes intelligence collection by compromising routers and switches—often unpatched, end-of-life hardware—across telecom, higher education and manufacturing, with notable focus on Ukraine and allied entities. Observed access vectors include exploitation of CVE-2018-0171 (Smart Install), weak or compromised SNMP community strings, and credential guessing. Post-compromise, the operators pivot with harvested credentials and SNMP, create local accounts, enable remote services (including TELNET when present), and modify ACLs and TACACS+ to reduce logging. For persistence they abuse SNMP and deploy firmware implants such as the SYNful Knock IOS implant, and exfiltrate via GRE tunnels, NetFlow collection, and TFTP/FTP including CISCO‑CONFIG‑COPY‑MIB. Talos urges patching or disabling Smart Install, replacing end‑of‑life gear, enforcing strong passwords and SNMPv3, disabling Telnet, enabling MFA and encrypted management, centralizing configuration storage, and auditing device auth/command logs and NetFlow for anomalies.
Extortion pressure continues to intensify. Fortra profiles the Warlock ransomware operation, active in 2025 with double‑extortion tactics and claimed intrusions at public‑sector and critical service organizations. The post cites reported victims in Portugal, Croatia and Türkiye, and describes alleged data from a recent Colt Technology Services incident offered for sale via the group’s leak site. While analysts link some intrusions to exploitation of software flaws—including a tracked SharePoint issue—Fortra emphasizes that phishing, credential theft, misconfiguration, and other unpatched vulnerabilities remain probable entry points. Recommended defenses include timely patching, multi‑factor authentication, modern endpoint and network protections, offline backups, least‑privilege hardening, encryption of sensitive data, and regular training and incident response exercises.
On macOS, CrowdStrike reports blocking a campaign by the cybercriminal group COOKIE SPIDER that attempted delivery of SHAMOS, a derivative of the Atomic macOS Stealer. The delivery chain relied on malvertising to lure users to fake help pages instructing execution of a one‑line command that Base64‑decodes and retrieves a Bash script, which then fetches a Mach‑O stealer binary. SHAMOS runs from /tmp, strips extended attributes to evade Gatekeeper, performs anti‑VM checks, uses AppleScript and host reconnaissance to harvest browser data, Keychain items, cryptocurrency wallets and Apple Notes, and exfiltrates archives (notably out.zip) via curl. It may also pull spoofed installers and attempt persistence via LaunchDaemons when privileged. Falcon detections disrupted activity at download, execution, and exfiltration stages; indicators include malvertising domains, script and binary hashes, and a fake GitHub repository.
Research
Side‑channel risks to shared infrastructure resurfaced with a practical advance on speculative‑execution attacks. A Kaspersky summary of a Google research paper describes enhanced Retbleed exploitation on AMD Zen 2, achieving roughly 13 KB/s of accurate memory reads and demonstrating methods to bypass certain Linux kernel mitigations in realistic settings. The approach adapts Speculative ROP to evade Spectre v2 defenses and, while technically demanding, raises concern for multi‑tenant cloud settings where co‑resident workloads could be at risk. The write‑up notes that the most significant limitation is the need to know or infer kernel configuration, yet many systems use common builds, making reconnaissance feasible. As a precaution in sensitive contexts, some AMD Zen 2 servers have reportedly been removed from specific client‑executed workloads.
In alignment safety, Unit 42 introduces Logit‑Gap Steering, a framework and test method showing that alignment training often increases the probability of refusal tokens without eliminating unsafe pathways. The research demonstrates efficient suffix‑based jailbreaks that close the refusal‑affirmation logit gap and recover harmful outputs across several open models, with high attack success rates in tests. The authors propose using the logit gap as a diagnostic metric and recommend defense‑in‑depth—combining improved alignment with external filtering and runtime monitoring—rather than reliance on internal alignment alone.
Platforms
Cloud platforms emphasized customer control and safer collaboration. AWS added Customer Managed Keys support to Amazon Managed Service for Apache Flink, enabling organizations to apply their own key policies for Flink state stores, checkpoints and persisted artifacts, with full CloudTrail auditability and governance aligned to internal and regulatory requirements. Separately, AWS introduced configurable error message behavior for PySpark analyses in AWS Clean Rooms. Detailed diagnostics are available only when all collaboration members approve, preserving the service’s privacy model while speeding development and troubleshooting for joint analytics.
Cost governance also received attention: AWS made Billing and Cost Management Dashboards generally available, consolidating cost, usage, and coverage/utilization insights into customizable, shareable views at no additional charge in commercial Regions (excluding China). The dashboards centralize FinOps workflows and help surface savings opportunities across accounts.
Vendors continued to blend security tooling with AI‑era workflows. Check Point announced a Harmony SASE MCP Server that exposes curated endpoints via the Model Context Protocol, allowing AI and IDE assistants to retrieve SASE telemetry and policy context with controls for filtering, rate limiting and logging. Fortinet, in a perspective on converged architectures, outlined its unified SASE approach pairing FortiSASE with Secure SD‑WAN and centralized management, arguing for consistent enforcement and simplified operations across edge and cloud; details are in Fortinet.
Looking ahead to cryptography and agent tooling, Microsoft outlined progress and a phased roadmap for post‑quantum cryptography adoption, emphasizing crypto‑agility, hybrid deployments to counter “harvest now, decrypt later,” and alignment with public guidance and standards efforts. In parallel, Azure described enterprise patterns for tool‑centric AI agents, highlighting MCP support, governance via API Management and API Center, and identity controls such as Entra Agent ID for secure, auditable integrations.
Policies
On the public‑private front, CISA is convening partners to close a national “software understanding” gap that leaves critical infrastructure exposed. Recent reports from interagency and national lab collaborators call for software manufactured for analysis—structuring artifacts beyond source code so independent verification and validation are feasible at scale and under adversarial conditions. The initiative seeks sustained research, shared standards and scalable capabilities, with invitations for software analysis professionals and mission owners to participate.
Collaboration dynamics within industry are also under review. A Palo Alto discussion recounts how coordinated sharing during major incidents can correct misconceptions and accelerate response, while noting cultural, legal and prioritization barriers that impede routine exchange. The perspective argues that sharing raw indicators rarely dilutes competitive advantage and that clear guardrails—antitrust statements, embargo protocols, and equal treatment—can build trust for timely, systematic cooperation.