Amazon’s threat intelligence team has uncovered a sophisticated cyber campaign exploiting previously undisclosed zero-day vulnerabilities in critical enterprise infrastructure. Advanced threat actors are actively targeting Cisco Identity Service Engine (ISE) and Citrix systems, deploying custom webshells to gain unauthorized administrative access to compromised networks. CVE ID Affected Product Severity Status CVE-2025-20337 Cisco Identity Service Engine […]
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.
“The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years,” Endor Labs
That text message you got about a “stuck package” from USPS, or an “unpaid road toll” notice, isn’t just random spam it’s become the signature move of an international criminal outfit that’s managed to swindle millions. Today, Google is launching a major campaign to turn the tide: filing a lawsuit to dismantle the infamous “Lighthouse” […]
A Chinese national has been sentenced to over 11 years in prison following one of the most significant cryptocurrency fraud investigations in history.
Zhimin Qian, 47, received an 11-year and eight-month sentence for possessing and transferring criminal property under the Proceeds of Crime Act 2002.
The case marks the culmination of a seven-year investigation by the Metropolitan Police Economic Crime team, resulting in the world’s largest confirmed cryptocurrency seizure.
Between 2014 and 2017, Qian orchestrated a massive fraud operation in China that victimized more than 128,000 individuals.
After converting illegally obtained funds into cash, jewelry, and Bitcoin, she fled to the United Kingdom using a false identity.
The scheme’s sophistication allowed Qian to disguise the origin of criminal proceeds through multiple conversion layers, making detection considerably more challenging for law enforcement agencies.
Following intelligence received in 2018 regarding suspicious financial activities in London, Metropolitan Police security analysts identified unusual patterns in cryptocurrency transactions linked to the case.
Investigators meticulously traced digital footprints across blockchain networks, ultimately recovering over 61,000 Bitcoin from Qian’s possession.
The seized cryptocurrency currently holds an estimated value of approximately £5 billion, representing the largest confirmed crypto seizure globally.
An accomplice, Seng Hok Ling, 47, of Matlock, Derbyshire, received a four-year and 11-month sentence for transferring criminal property.
Both defendants pleaded guilty, acknowledging the overwhelming evidence gathered during the comprehensive investigation conducted by the Metropolitan Police and Crown Prosecution Service.
Digital Trail Analysis and Asset Recovery
The investigation showcased advanced cryptocurrency forensics techniques employed by specialist teams. Every blockchain transaction generates an immutable record, allowing investigators to systematically track the movement of digital assets across multiple wallets and exchanges.
The Metropolitan Police worked closely with the Crown Prosecution Service, National Crime Agency, and Chinese law enforcement to build an extensive evidence portfolio.
These physical discoveries complemented the digital evidence, establishing a clear connection between traditional money laundering methods and cryptocurrency conversion strategies.
The Crown Prosecution Service continues pursuing civil recovery proceedings to permanently seize the remaining £4.8 billion in cryptocurrency and associated assets used to fund Qian’s extravagant lifestyle.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
A vulnerability has been discovered in Lite XL, a lightweight text editor, that could allow attackers to execute arbitrary code on affected systems.
Carnegie Mellon University experts identified CVE-2025-12120, which affects Lite XL versions 2.1.8 and earlier. The flaw exists in how Lite XL handles project configuration files.
How the Vulnerability Works
When users open a project directory, Lite XL automatically runs the .lite_project.lua file without asking for user confirmation.
This file is intended for project-specific settings and configurations, but it may contain executable Lua code.
The problem occurs because there is no verification step before execution. Users expect the configuration file to be harmless, but attackers can embed malicious Lua code within it.
Suppose an unsuspecting user opens a malicious project directory. In that case, this code runs immediately with the same privileges as the Lite XL application.
CVE ID
Product
Affected Versions
Vulnerability Type
CVE-2025-12120
Lite XL Text Editor
2.1.8 and earlier
Arbitrary Code Execution (ACE)
An attacker could distribute a seemingly legitimate project folder via GitHub, file-sharing services, or other platforms.
When a developer opens this project in Lite XL, the embedded malicious.lite_project, lua file executes silently.
The attacker could then steal sensitive data, modify files, install malware, or further compromise the user’s system.
This type of attack is hazardous because users often trust projects from known sources or repositories without carefully inspecting configuration files.
Any user running Lite XL version 2.1.8 or earlier is vulnerable, as reported by researchers at Carnegie Mellon University.
The impact depends on the user’s system permissions. In most cases, the attacker gains the same privileges as the Lite XL process, which could be significant if Lite XL runs with elevated permissions.
Users should immediately update Lite XL to a patched version as soon as it becomes available, and avoid opening untrusted project directories in Lite XL.
Inspect the contents of any .lite_project.lua file before opening projects from unknown sources. This vulnerability demonstrates the importance of understanding how applications handle configuration files, especially when they contain executable code.
Lite XL maintainers should implement confirmation prompts before executing project configuration files or turn off automatic execution entirely.
Recognition we believe underscores global customer trust and proven product excellence for security teams evaluating NDR solutions.
ThreatBook, a global leader in threat intelligence-based cybersecurity solutions, today announced that for its Threat Detection Platform (TDP), it has been recognized as a Strong Performer in the 2025 Gartner Peer Insights Voice of the Customer for Network Detection and Response (NDR).
This marks the third consecutive year that ThreatBook has received this distinction, which we believe underscores consistent customer satisfaction, product innovation, and operational excellence.
According to Gartner: “‘Voice of the Customer’ is a document that synthesizes Gartner Peer Insights reviews into insights for buyers of technology and services. This aggregated peer perspective, along with the individual detailed reviews, is complementary to Gartner expert research and can play a key role in your buying process. Peers are verified reviewers of a technology product or service, who not only rate the offering, but also provide valuable feedback to consider before making a purchase decision.”
“We’re thrilled to be recognized again as a Strong Performer in the Gartner Peer Insights ‘Voice of the Customer’ for NDR,” said Mr. Feng XUE, Chief Executive Officer of ThreatBook. “Our mission is to empower security teams with visibility and precision, especially in the Asia-Pacific region where attacks are becoming more sophisticated and targeted. We believe, this recognition reflects our customers’ trust in ThreatBook TDP’s ability to deliver real detection accuracy and operational resilience.”
Recognition Driven by Real-World Customer Feedback
To be included in the report, vendors must meet stringent inclusion criteria and are positioned within four quadrants based on user interest, product experience, and overall satisfaction — covering areas such as product capabilities, support, and delivery.
According to the research: “in the network detection and response market, Gartner Peer Insights published 1,263 reviews and ratings during the consideration period,” with 11 vendors ultimately meeting the inclusion standards. ThreatBook is among the few vendors recognized as a Strong Performer for three consecutive years. ThreatBook was among the few vendors to meet the full inclusion criteria and achieved 100% of customers willing to recommend ThreatBook TDP, based on 43 overall verified reviews submitted as of Aug 2025.
Enterprise users from finance, manufacturing, energy, services, and retail sectors across Asia-Pacific, North America, the Middle East, and Europe contributed feedback that rated ThreatBook TDP highly in overall product experience, detection precision, and operational efficiency.
TDP: Industry Leading Intelligence-Driven Detection and Response
As the market leader in China’s threat intelligence sector (iResearch, 2024 China Threat Intelligence Industry Development Report), ThreatBook integrates high-fidelity threat intelligence into its detection and response solutions.
ThreatBook TDP is a full-traffic, intelligence-driven NDR platform designed to provide visibility, context, and actionability at scale.
Key strengths include:
l High-Precision Detection – Built on ThreatBook’s proprietary global and APAC threat intelligence, TDP achieves industry-leading detection accuracy for targeted and advanced attacks.
l Operational Readiness – Automatically maps enterprise attack surfaces and reconstructs attack chains from an adversarial perspective for proactive defense.
l Closed-Loop Response – Integrates with a broad ecosystem of security tools, supporting automated blocking and orchestration with 99% effectiveness.
l User-Focused Experience – Offers an intuitive interface and multi-dimensional analytics to enhance SOC efficiency and decision-making.
Proven Across Industries and Regions
Today, ThreatBook TDP is deployed in thousands of leading enterprises across critical industries including finance, energy, power, internet, and smart manufacturing.
It has become a core detection and response system for enterprise and government SOCs, helping them achieve visibility, precision, and proactive defense in dynamic threat environments.
Full review: https://www.gartner.com/reviews/market/network-detection-and-response/vendor/threatbook/product/threatbook-tdp-ndr/review/view/6146934
Full Review: https://www.gartner.com/reviews/market/network-detection-and-response/vendor/threatbook/product/threatbook-tdp-ndr/review/view/6145510
Gartner, Voice of the Customer for Network Detection and Response, 30 October 2025
* Disclaimer: GARTNER and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
About ThreatBook
ThreatBook is a global cybersecurity company specializing in advanced threat intelligence, detection, and response. Founded in 2015, ThreatBook equips enterprises, governments, and service providers with the clarity and context needed to defend against evolving digital risks.
By combining artificial intelligence with deep threat intelligence, ThreatBook delivers real-time visibility, hyper-accurate detections, and early-warning insights against nation-state actors, cybercriminal groups, and emerging attack campaigns.
With unique vantage points from across the Asia Pacific region and beyond, ThreatBook provides intelligence coverage that bridges Eastern and Western threat landscapes, offering an unmatched perspective for global defenders.
ThreatBook: Act with Intelligence that Matters. To learn more, visit www.threatbook.io or follow us on LinkedIn.
Recognition we believe underscores global customer trust and proven product excellence for security teams evaluating NDR solutions. ThreatBook, a global leader in threat intelligence-based cybersecurity solutions, today announced that for its Threat Detection Platform (TDP), it has been recognized as a Strong Performer in the 2025 Gartner Peer Insights Voice of the Customer for Network Detection and Response […]
Air Force planners want ideas on building the service’s next conter-air missile at a cost of $500,000 per unit, although the service already has cheaper munitions in its inventory.
As part of the service’s Counter-Air Missile Program, or CAMP, the Air Force wants to develop a ground-launched missile that will set the groundwork for a “ low-cost air-to-air missile,” according to a Nov. 7 request for white papers posted on SAM.gov.
“The highest priority of this effort is the development and demonstration of an affordable, open system, modular, and highly producible ground-launched capability,” the notice from the Air Force Life Cycle Management Center reads, adding that work would start on ground-launch versions as a way to test the technology before pivoting to “future affordable air-to-air missile capabilities.”
The first phase of CAMP would focus on developing and demonstrating a ground-launched prototype in two years. Phase two would transition the missile into the program of record, and future phases would transition it to an air-to-air variant. Industry ideas are due by Dec. 2.
While technical details of the missile’s design and function are not included in the notice, it states the government will “trade exquisite capabilities for affordability and producibility in support of delivering quantities of 1,000-3,500 per year in full rate production.”
[[Related Posts]]
But it’s unclear how the new missile would be used with existing air-to-air and counter-drone munitions in the Air Force inventory.
The proposed cost is less than the service’s $1 million AIM-120D Advanced Medium-Range Air-To-Air Missile and comparable to the existing $472,000 AIM-9X Sidewinder, according to figures from the War Zone. But it is significantly more expensive than the service’s APKWS II jet-fired anti-drone rockets—the most costly components of those missiles run between $15,000 and $20,000.
Traditional ground or submarine- launched Tomahawk cruise missiles cost around $2.2 million, according to defense experts.
Air Force spokespeople did not immediately respond to questions about the proposed benefits of the program in relation to the price tag.
The call for industry ideas follows the passage of the reconciliation bill this summer, which allocated $250 million to develop, procure, and integrate Air Force low-cost counter-air capabilities. The notice was posted the same day as Defense Secretary Pete Hegseth’s speech to defense companies urging them to invest more and move faster on acquisition programs.
“This effort follows the strategic direction of the [Defense Department] to innovate warfighter advantage, accelerate production, and deliver at scale,” the notice reads.
The notice also mentioned the munition will be a part of the Air Force’s “new weapon class of Enterprise Test Vehicle”—the low-cost cruise missiles currently being pursued by the service in partnership with the Defense Innovation Unit. Anduril and Zone 5 Technologies were both selected to move to the second phase of the ETV program and are progressing towards a live-fire test this summer, DIU announced in September.
The acquisition reforms announced last week by Secretary Pete Hegseth reflect a revolutionary shift in mindset: after decades of aspiring to remain the world’s most advanced force, the U.S. military has finally recognized that adaptability trumps performance.
Better late than never. The last few years of war in Ukraine, the Red Sea, and Israel have been screaming the lesson that better kit doesn’t guarantee success. In fact, “better” means something different than it did even a decade ago.
Rather than faster, bigger, or rangier, the better solution today is one that is already fielded and good enough for the current situation, as we noted in our work with the Pentagon in the runup to the reforms’ release. The only guarantee is that “good enough” will be different in a few weeks or months.
Build an adaptation pipeline
The Pentagon has long taken years to envision, specify, manufacture, and deliver systems to warfighters. The fundamental bet was that these exquisite products would remain superior to countermeasures at least as long as it would take to produce their replacements.
Hegseth’s Nov. 7 directive recognizes the futility of this approach in the modern era. Under the acquisition model announced last week, the pipeline is more important than the product. Any weapon, sensor, or drone will only be relevant for a short time in its current form, so the military needs a robust problem-to-product pipeline that will deliver the next version.
The secretary announced three transformations that will build his department’s new adaptation pipeline. First, he killed the toothless joint-requirements process that was a rubber stamp for service wishlists. In its place, he established a way to define and rank joint problems from combatant commanders, then tie them to dedicated funding for solutions.
Second, he ordered the department to give acquisition executives real authority and accountability. Portfolio Acquisition Executives, or PAEs, will own their programs entirely, including funding, development, specifications, contracting, and delivery. They will have the authority to make trade-offs between performance and schedule to field relevant capabilities when they are needed. And if PAEs cannot deliver, senior leaders will replace them.
And third, Pentagon acquisition will embrace real modularity, rather than the interoperability cosplay of static and proprietary “open architectures.” The new directive requires that systems have machine-readable interface specifications posted in government repositories. Any vendor will be able to build compatible software modules without asking for the system developer’s permission.
This matters because modern military systems are increasingly software-defined. A missile is basically a collection of computers with explosives. By separately competing modules for everything from seekers and guidance and navigation controls to propulsion, PAEs can swap in appropriate components as new technologies and needs emerge. Our adversaries already do this with commercial parts. We're finally catching up.
Like the commercial best practices, the new acquisition model will enable adaptation through a continuous integration and delivery pipeline. When interfaces are exposed and government-owned, innovation can happen at the edge, not just in the prime contractors’ labs.
[[Related Posts]]
Stop fighting yesterday’s wars
Some traditionalists worry that prioritizing timeliness over performance will lead to poor-quality products rushed to meet deadlines. This misunderstands modern military competition, which is about constant adaptation rather than generational, game-changing leaps.
For example, last month Ukrainian air defenders realized their U.S.-supplied Patriot interceptors were missing incoming ballistic missiles due to a combination of new Russian flight profiles and saturation attacks. U.S. and Ukrainian engineers and operators are now scrambling to reprogram decades-old Patriot software.
This wasn’t the first case of 20th-century U.S. designs failing in 21st-century conflict. Less than a year into the war, Ukrainian troops found that Excalibur GPS-guided artillery rounds were no longer hitting their targets. Despite costing more than $100,000 each, the U.S.-supplied rounds could not adapt to use other navigation methods in the face of Russian jamming. Today, Kyiv’s defenders rely on terrain-mapping drones alongside traditional artillery.
Ukrainian forces are keeping those drones relevant through an even more aggressive adaptation cycle. Every day, soldiers and technicians reprogram radios and control software and evolve tactics to counter the latest Russian jammers and counter-drone systems.
The U.S. military hasn’t been spared from the adaptation imperative. As Houthi attacks mounted in the Red Sea, U.S. Navy engineers and surface warriors recognized they needed to use shorter-range defenses to avoid burning through a lifetime of Standard missiles in a month. Now guns and jammers take out more drones than do surface-to-air missiles.
The lesson from these contemporary battlefields is that. Instead of attempting to manufacture weapons for a predicted future, militaries need to use what is available today to solve today’s problems.
The leap to 21st-century mobilization
As these contemporary battlefields suggest, the Pentagon needs this new acquisition model to prepare for 21st-century mobilization.
Within any realistic peacetime budgets, the defense industrial base will never have the capacity to build today’s weapons at the scale needed for sustained confrontations like those in the Red Sea or Ukraine, much less a great power war against China. The U.S. military will need the commercial sector.
That’s the same approach Secretary Hegseth’s predecessors took during World War II, but the industrial base and the military are very different now. Instead of bombers rolling out of Michigan auto plants, the Pentagon will need contract manufacturers that build everything from MRI machines to vehicle chargers to start assembling drones and missiles by the tens of thousands.
That only happens if the War Department follows through on modular designs, open interfaces, commercial-first procurement, and prioritizing speed over sophistication. If not, today’s weapon stockpile could be tomorrow’s junkpile.
Bryan Clark is a Senior Fellow at Hudson Institute.
A leader of a company gathering steam as a data and artificial intelligence provider to the Defense Department has been arrested for allegedly soliciting an underage girl for sex.
Eric T. Gillespie, the founder and chairman of Govini, has been charged as part of a sting operation by the Pennsylvania attorney general’s office and the Lebanon County, Pennsylvania district attorney’s office.
A law enforcement agent with the attorney general’s office posing as a preteen girl allegedly connected with Gillespie in an online chat. Gillespie then attempted to arrange a meeting with the girl, according to the attorney general's office.
Gillespie was charged on Monday with four felony counts and is being held without bail in a Lebanon County jail.
The charges come as the company has built out its defense business and attracted new private equity investment.
The company told Washington Technology that Gillespie was placed on administrative leave when the company learned of the charges on Monday.
“We acknowledge the severity of these charges and as a company will hold all our employees to the highest ethical standards. We stand steadfast in support of all victims of abuse of any kind,” the company said in the statement.
The company, led by CEO Tara Murphy Dougherty, did not respond to a request for further comment.
Govini got its start in the federal market in 2011 as a data provider helping companies track contract awards and upcoming procurements. But over time, it has transitioned into a software provider for government agencies with tools to help them manage their acquisition processes.
The company touts $100 million in annual revenue and attracted a $150 million investment from Bain Capital, which was announced in October. That money is earmarked for investment in Govini’s offerings such as its Ark AI application and the hiring of more tech practitioners.
“This investment validates not just the current position achieved by our incredibly talented team, but also our long-term goal of fundamentally rewiring how defense and national security communities make decisions with AI and data,” Gillespie said of the Bain investment at the time.
