Originally reported by Dark Reading, Infosecurity Magazine
TL;DR
Security researchers have identified evolved GlassWorm malware variants using sophisticated evasion techniques to hide in dependencies. Meanwhile, API attacks have surged 113% annually with 87% of organizations suffering incidents, while nation-state actors escalate attacks on UK firms.
Multiple high-impact threats converge: evolved GlassWorm malware with new evasion techniques, 113% surge in API attacks affecting 87% of organizations, and escalating nation-state attacks on UK firms. The combination of actively evolving malware campaigns and dramatic increases in attack volumes warrants high severity classification.
Security researchers have discovered dozens of malicious GlassWorm extensions incorporating advanced evasion techniques designed to hide within software dependencies. The evolved variants represent a significant advancement in the malware family's capability to avoid detection by security tools.
The new techniques allow GlassWorm to embed deeper within legitimate software supply chains, making detection and remediation more challenging for security teams. Organizations should review dependency scanning processes and implement enhanced monitoring for supply chain compromises.
Akamai research reveals a dramatic 113% annual increase in daily API attacks, with 87% of organizations experiencing API-related security incidents in the past year. The surge reflects attackers' growing focus on API endpoints as traditional perimeter defenses strengthen.
The research highlights the critical gap between API deployment velocity and security implementation. Organizations must prioritize API security frameworks, implement comprehensive API discovery, and establish robust authentication and authorization controls.
Armis research indicates a significant surge in nation-state attacks targeting UK organizations, with traditional "mutually assured disruption" deterrence models failing to prevent state-backed cyber operations. The escalation suggests a fundamental shift in nation-state risk calculations.
The attacks span multiple sectors and demonstrate sophisticated techniques designed to establish persistent access for intelligence gathering and potential disruption operations. UK organizations should implement enhanced monitoring for advanced persistent threat indicators and coordinate with government cybersecurity agencies.
Researchers have identified critical vulnerabilities in AppArmor, dubbed CrackArmor, that allow local Linux users to gain root access, escape container isolation, and launch denial-of-service attacks. The flaws affect systems relying on AppArmor for mandatory access control.
The vulnerabilities demonstrate the ongoing challenges in securing Linux container environments and highlight the need for defense-in-depth approaches that don't rely solely on mandatory access controls. Organizations should prioritize patching affected systems and review container security configurations.
Attackers are leveraging legitimate LiveChat customer support platforms to conduct social engineering campaigns impersonating PayPal and Amazon. The technique exploits user trust in customer support interactions to harvest credit card details and personal information.
The campaign demonstrates the evolution of phishing tactics beyond traditional email-based approaches. Organizations using LiveChat platforms should implement additional verification procedures and user education programs to prevent successful social engineering attacks.
Former Paris 2024 Olympics CISO Franz Regul has shared insights into securing major international events, offering lessons for the upcoming Milan Cortina 2026 Olympics. The insights cover unique challenges in protecting high-profile, time-sensitive events from sophisticated threat actors.
The experience demonstrates the critical importance of international cooperation, threat intelligence sharing, and scalable security architectures for major sporting events. Organizations hosting large-scale events can apply these lessons to enhance their security postures.
The UK Cyber Monitoring Centre announced plans for US expansion, with operations expected to begin in 2027. The expansion represents growing international cooperation in cybersecurity monitoring and threat intelligence sharing.
The development signals increasing recognition of the need for coordinated global cybersecurity efforts to address transnational threats. Organizations should prepare for enhanced international cybersecurity cooperation and information sharing requirements.
Researchers report a worldwide increase in fake shipment tracking scams, with some campaigns linked to the Darcula phishing-as-a-service platform. The scams exploit users' expectations of package deliveries to steal credentials and personal information.
The campaigns demonstrate the professionalization of phishing operations through service platforms that lower barriers to entry for cybercriminals. Organizations should implement enhanced email security controls and user training focused on shipping-related phishing indicators.
Originally reported by Dark Reading, Infosecurity Magazine