Cyber Warfare Asia

⚠️ Microsoft Defender 0-Day Vulnerability Enables Privilege Escalation Attack Source: cybersecuritynews.com/microsoft-defe… Microsoft has released patch Tuesday security updates to address a newly discovered zero-day vulnerability in the Microsoft Defender Antimalware Platform. Disclosed on April 14, 2026, the flaw is tracked as CVE-2026-33825 and carries an "Important" severity rating. If successfully exploited, this elevation-of-privilege vulnerability allows an attacker to bypass standard permissions and gain full SYSTEM privileges on the affected machine. The core issue stems from insufficient access-control granularity (CWE-1220) within the Microsoft Defender Antimalware Platform. #cybersecuritynews

A China-linked cyber threat group has been quietly operating inside telecom networks, prepositioned. Dormant presence meant to be used later. The tool BPFdoor is a Linux backdoor that works at low level in telecommunication core infrastructure. This improves stealth and covert activity. When listing processes or connections, those are not visible (like the 90s and 00s kernel rootkits, so let's call it 26-year-surprising). It can also hide its activation signal inside normal HTTPS network traffic (web browser-like), lets the network's own SSL decryption layer termination decrypt it, and then fires commands. This means that web application firewalls and proxies are effectively bypassed. BPFdoor has been found monitoring SCTP traffic. SCTP is the protocol that carries 4G and 5G signalling between core telecom network functions -- registration requests, subscriber identity, device location updates.

🚨 A fake Ledger Live app in the Apple Store led to $9.5M stolen from over 50 victims in under one week, according to recent work by crypto detective ZachXBT. The app even has fake 5-star reviews describing it as "incredibly smooth and reliable."

Silent Sabotage: How Iranian #Hackers Threaten U.S. Critical Infrastructure medium.com/p/505c8691cf8a…

Gharun Lacy, Deputy Assistant Secretary for the Directorate of Cyber & Technology Security at @StateDept, warned that quantum computing “changes the timepiece” of cybersecurity, compressing response windows, while AI accelerates both offensive and defensive capabilities. He highlighted China alongside Russia’s urgency and long-term consistency contrasting it with leadership turnover in democracies. Cyber strategy, he argued, must outlast political cycles and anticipate adversaries’ next moves by leveraging historical telemetry and trend analysis. Modernization isn’t just about new hardware; it must address an expanding, AI- and quantum-driven threat surface. A critical tactic: injecting deliberate randomness into systems to disrupt and break the attack chain before it succeeds. #CyberTalks

⚠️ Hackers Hijacked Notepad++ Update Servers to Redirect Users to Malicious Servers Source: cybersecuritynews.com/notepad-hijack… The developer of Notepad++ has confirmed that a targeted attack by a likely Chinese state-sponsored threat actor compromised the project's former shared hosting infrastructure between June and December 2025. The breach allowed attackers to intercept and selectively redirect update traffic to malicious servers, exploiting a weakness in how the software validated update packages before the release of version 8.8.9. The compromise occurred at the infrastructure level rather than through a vulnerability in the Notepad++ codebase itself. The attackers gained access to the shared hosting server, allowing them to intercept requests destined for notepad-plus-plus[.]org. #cybersecuritynews

🛠️ Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities in 90 Minutes Source: cybersecuritynews.com/shannon-ai-pen… Shannon is a fully autonomous AI pentesting tool for web applications that identifies attack vectors via code analysis and validates them with live browser exploits. Unlike traditional static analysis tools that merely flag potential issues, Shannon operates as a fully autonomous penetration tester that identifies attack vectors and actively executes real-world exploits to validate them. Shannon emulates human red team tactics across reconnaissance, vulnerability analysis, exploitation, and reporting phases. #CybersecurityNews

A major cyberattack targets Iran, disrupting multiple government and ministerial websites.

#cyber Alert 2026 : Top Asian Cyber-offensive Firms to Watch Out mahdiabbastech.medium.com/cyber-alert-20…

Illicit Crypto Activity Hits Record $158bn in 2025 infosecurity-magazine.com/news/illicit-c… #cybersecurity #infosec #hacking

‼️A German hacker known as "Martha Root" dressed as a pink Power Ranger and deleted a white supremacist dating website live onstage This happened during the recent CCC conference. Martha had infiltrated the site, ran her own AI chatbot to extract as much information from users as possible, and downloaded every profile. She also uncovered the owner of the site. She has published all of the data.

China and the US are locked in a constant struggle for information, using cyber espionage to gain strategic advantage. But recently leaked files show rapid advances in China’s capabilities bloom.bg/3GAtt1u

European authorities dismantle call center fraud ring in Ukraine bleepingcomputer.com/news/security/… #Security

Intellexa Predator cyber tool (spyware hacking user devices) operates across multiple countries, recent targets identified in Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan. Among the users are at least 25 countries including Germany, Austria, Switzerland, Qatar, Congo. Once a device is hacked and infected, Predator provides complete access to encrypted messaging apps like Signal and WhatsApp, email, photos, location data. It can remotely activate cameras and microphones. The system had at least 15 zero-day exploits in use since 2021. A very interesting revelation indicates Intellexa's operational access to client systems. Training videos show company staff remotely connecting to live government systems, observing real-time infection attempts, viewing logs of targets, and accessing backend interfaces normally reserved for government operators. The company uses an infection method called Aladdin that can silently infect phones through malicious digital advertisements without any user interaction, exploiting the global online advertising ecosystem. The system uses public IP addresses to target specific devices, instructing ad platforms to deliver exploit code disguised as normal advertisements on legitimate websites and apps. Intellexa has adapted its infrastructure to evade detection, hiding behind services like Cloudflare and establishing front companies in Dubai's free trade zones to handle logistics and facilitate the advertising-based infection operations. securitylab.amnesty.org/latest/2025/12… cloud.google.com/blog/topics/th… recordedfuture.com/research/intel… haaretz.com/israel-news/se…

India’s #Cyber Mercenaries: When Gulf Contracts Turn Toxic mahdiabbastech.medium.com/indias-cyber-m…

KSA’s Quiet Crackdown on #Cyber Experts and Investors mahdiabbastech.medium.com/ksas-quiet-cra…

North #Korea’s Lazarus Group carried out 31 #cyberattacks in the past year, underscoring rising #APT activity worldwide. menafn.com/1110413954/N-K…

New reporting highlights #Iran growing integration of cyber operations with real-world military activity. #Cyber reconnaissance is increasingly being leveraged to support precision kinetic strikes raising the stakes for global cyber defense darkreading.com/threat-intelli…

#Riyadh is set to host #BlackHatMEA, a key #CyberSecurity event shaping the future of #digital defense, bringing together global experts, innovators, and critical-infrastructure stakeholders to tackle evolving #Cyber threats. utilities-me.com/news/riyadh-cy…