Cybersecurity

• Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. > - Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers.
• The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets.
• Payload delivery and data exfiltration occur exclusively via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord, helping the operation blend into normal traffic and avoid raising alarms. The operation continues to evolve, and threat actors can now bypass Chrome’s App Bound Encryption (ABE) by using adapted tools like ChromeKatz to steal cookies from new Chromium browser versions.

On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for their cases described publicly. The key findings from our forensic analysis of their devices are summarized below:

• Our analysis finds forensic evidence confirming with high confidence that both a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, were targeted with Paragon’s Graphite mercenary spyware.
• We identify an indicator linking both cases to the same Paragon operator.
• Apple confirms to us that the zero-click attack deployed in these cases was mitigated as of iOS 18.3.1 and has assigned the vulnerability CVE-2025-43200. Our analysis is ongoing.

cross-posted from: https://scribe.disroot.org/post/3093548

Archived version

...

Russia’s subsequent efforts to destabilize and subjugate ... Ukraine have involved a combination of conventional military aggression, sabotage, cyberattacks, disinformation campaigns, and support for pro-Russian actors in Ukraine. Thanks to this prolonged exposure to Russian hybrid warfare, Ukraine has been able to develop countermeasures that have helped build resilience and reduce the impact of Russia’s hybrid operations.

Ukraine’s response has been a collaborative effort involving the Ukrainian government, civil society, and the private sector. In the cyber sphere, efforts to improve Ukraine’s digital security have played a key role, with the launch of the country’s popular Diia platform and the establishment of the Ministry of Digital Transformation helping to drive important digital governance reforms.

...

Ukraine has also benefited from a decentralized approach involving digital volunteers, civil society, and public-private partnerships. A wide range of civic tech groups and open-source investigators are active in Ukraine detecting and countering Russian disinformation. These measures have made it possible to expose Russian narratives efficiently, coordinate messaging across government and civil society, and maintain coherence during military operations.

...