An Iran-linked threat group claims to have accessed the security cameras of an Israeli defense contractor and leaked videos of internal meetings and employees working on defense systems. The threat group – Cyber Toufan – has been posting about the alleged breach of Maya Engineering on its Telegram channels for at show more ...
least a few weeks, but the group’s claims became public in recent days in an X post and articles on media sites such as Straight Arrow News and Breached Company. The claims remain unverified, and The Cyber Express has reached out to Maya for comment and will update this article with any official statement, but the alleged incident shows the importance of including surveillance cameras and other sensitive devices in cybersecurity plans. “Scary stuff,” SANS instructor and consultant Kevin Garvey said on X. “Shows how *any* connected asset needs rigorous security associated to it! Good reminder to all to check if cameras and other peripherals are part of your standard vuln management and secure config programs (amongst others functional programs).” Alleged Israeli Defense Contractor Breach A check of Cyber Toufan’s Telegram channels by The Cyber Express found claims of the hack as early as October 12 (image below). [caption id="attachment_106549" align="aligncenter" width="533"] October 12 Telegram post by Cyber Toufan claiming Maya hack[/caption] However, the group claims to have had access to Maya’s systems for more than a year. “One and a half years after gaining full access to the network, we have explored every part of it and reached the QNAP archive,” claims a Cyber Toufan post reported by International Cyber Digest on X. “Through the systems, we have breached Elbit and Rafael's through then. Their phones, printers, routers and cameras as well. We have recorded your meetings with sound and video for over a year. This is just the beginning with Maya!” Footage released by the group shows company employees allegedly working on several defense systems, including missile and drone systems, and the group also claims to possess technical drawings of sensitive parts like missile components. Cyber Toufan's Link to Iran Cyber Toufan’s advanced tactics suggest technical acumen well beyond that of a typical hacktivist group, raising the possibility of a nation-state link to Iran. Cyble’s threat intelligence profile of the group states, “Cyber Toufan is a threat actor group known for targeting Israeli organizations, with possible nation-state support from Iran. Their tactics include hack-and-leak operations, data breaches, and data destruction, impacting numerous organizations. Their activities are linked to geopolitical tensions in the Middle East, featuring a mix of technical breaches and psychological warfare. Threat actors associated with Cyber Toufan operate by infiltrating systems to steal sensitive data and disrupt operations, aiming to cause economic and political damage to their targets.”
India and Israel have taken a decisive step toward deepening their strategic partnership with the signing of a Memorandum of Understanding (MoU) on Defense and Cybersecurity Cooperation. The agreement was formalized during the 17th Joint Working Group (JWG) meeting held in Tel Aviv and co-chaired by India’s Defense show more ...
Secretary Rajesh Kumar Singh and Israel’s Director General of the Ministry of Defense Major General (Res.) Amir Baram. A Unified Framework for Defense Collaboration The newly signed MoU provides a comprehensive framework and policy direction to enhance cooperation across a wide range of areas. These include strategic dialogues, training, defense of industrial cooperation, research and development, artificial intelligence (AI), and cybersecurity. Both sides emphasized that the agreement would enable co-development, co-production, and sharing of advanced defense technologies, reinforcing a partnership that has long been based on mutual trust and shared security interests. According to India’s Ministry of Defence, the MoU will serve as a roadmap to promote technological innovation and facilitate greater integration between the two countries’ defense industries. This collaboration reflects a mutual commitment to advancing cutting-edge technologies and improving operational readiness to address modern cyber threats. Strengthening Strategic and Technological Ties During the meeting, both delegations reviewed ongoing initiatives and acknowledged that India and Israel have greatly benefited from their existing defense cooperation. The discussions focused on potential areas of future collaboration, particularly in the development of advanced technologies, joint production, and training exchanges between the armed forces of both nations. In addition, the JWG stressed the importance of enhancing cooperation in AI and cybersecurity, recognizing these domains as critical to national security in an era of increasing digital threats. The two countries agreed that sharing expertise and innovation in these fields would play a crucial role in improving defense preparedness and resilience against cyberattacks. The Indian and Israeli representatives also reaffirmed their collective resolve to combat terrorism and address shared security challenges. The meeting highlighted the ongoing alignment between New Delhi and Tel Aviv on key defense and security objectives, emphasizing their shared strategic interests and mutual commitment to regional and global stability. A Long-standing Partnership for the Future The 17th Joint Working Group meeting marked another milestone in the enduring partnership between India and Israel. Over the years, the two nations have built a robust foundation of collaboration in defense technology, intelligence sharing, and industrial innovation. This latest MoU signals their intent to move beyond traditional cooperation and explore new frontiers in science, technology, and cybersecurity. Both sides recognized that their partnership has evolved from a buyer-seller dynamic to one of co-development and co-production, ensuring that each nation benefits from the other’s strengths. The MoU emphasizes shared research and innovation to drive indigenous defense manufacturing and enhance self-reliance. The agreement sets the stage for India and Israel to jointly address modern threats through strategic foresight and technological excellence. The focus on cybersecurity, AI, and technological innovation reflects the two nations’ understanding that the future of defense lies not only in physical capabilities but also in mastering digital and cognitive domains.
Balancer V2, one of the most prominent automated market makers (AMMs), has suffered a large-scale security incident. The Balancer data breach exposed a critical Balancer vulnerability within its smart contract infrastructure, allowing an attacker to siphon as much as $128 million worth of digital assets from the show more ...
platform in minutes. The Balancer data breach stemmed from a flaw in the V2 vault and its liquidity pools. Investigations by blockchain analysts revealed that a maliciously deployed contract exploited Balancer’s pool initialization process. This contract manipulated internal calls in the vault, bypassing protection meant to prevent unauthorized swaps or balance changes. The vulnerability was tied to a faulty check in the manageUserBalance function, where the internal validation mechanism (_validateUserBalanceOp) could be bypassed. By exploiting this loophole, the attacker was able to specify unauthorized parameters and drain funds from the vault without proper permission. The attack began with a series of rapid Ethereum mainnet transactions before expanding across several networks. The composable design of Balancer V2, where multiple pools share a single vault, amplified the impact, making it easier for the exploit to spread. Extent of the Balancer Data Breach Preliminary data shows the attacker stole between $110 million and $116 million, with some estimates reaching $128 million, making it one of the largest DeFi exploits of 2025. The stolen assets included several liquid staking derivatives and wrapped tokens such as WETH, wstETH, osETH, frxETH, rsETH, and rETH. Most of the funds—around $70 million- were drained from the Ethereum mainnet, while the Base and Sonic networks lost approximately $7 million combined. Other chains accounted for at least $2 million in additional losses. On-chain activity shows that the stolen assets were funneled into newly created wallets, with funds later moved through cross-chain bridges and likely laundered through privacy mixers. Despite the extensive nature of the Balancer vulnerability, investigators confirmed that no private keys were compromised; the breach was purely a smart contract exploit. Security Audits and Community Reactions What makes the Balancer hack particularly interesting is that the protocol had undergone more than ten independent audits. Its V2 vault was reviewed three separate times by different security firms. Yet the exploit still occurred, a fact that has reignited debate over the reliability of DeFi audits. Suhail Kakar noted on X (formerly Twitter): “Balancer went through 10+ audits. The vault was audited three separate times by different firms—still got hacked for $110M. This space needs to accept that ‘audited by X’ means almost nothing. Code is hard, DeFi is harder.” Other blockchain researchers echoed similar concerns, emphasizing that composable DeFi systems—where smart contracts interact in complex, interdependent ways—create additional attack vectors even when individual components appear secure. This is not Balancer’s first security challenge. The platform previously suffered smaller incidents, including a $520,000 exploit in June 2020, an $11.9 million attack in March 2023, and a $2.1 million loss in August 2023 due to precision vulnerabilities in its V2 Boosted Pools. User Warnings and Aftermath Experts urged users exposed to Balancer V2 pools to take immediate precautions: Withdraw funds from affected pools as soon as possible. Revoke smart contract approvals for Balancer-related addresses via platforms such as Revoke, DeBank, or Etherscan. Monitor wallet activity using tools like Dune Analytics or Etherscan to spot unusual transactions. Stay informed by following updates from auditors and blockchain security firms such as PeckShield and Nansen. The impact of the Balancer hack was felt across the broader DeFi market. The BAL token dropped by roughly 5–10% in value, and Balancer’s total value locked (TVL) decreased sharply as liquidity providers withdrew funds amid growing uncertainty.
The year is 2024. A team of scientists from both the University of California San Diego and the University of Maryland, College Park, discovers an unimaginable danger looming over the world — its source hiding in space. They start sounding the alarm, but most people simply ignore them… No, this isn’t the plot of show more ...
the Netflix hit movie Don’t Look Up. This is the sudden reality in which we find ourselves following the publication of a study confirming that corporate VoIP conversations, military operation data, Mexican police records, private text messages and calls from mobile subscribers in both the U.S. and Mexico, and dozens of other types of confidential data are being broadcast unencrypted via satellites for thousands of miles. And to intercept it, all you need is equipment costing less than US$800: a simple satellite-TV receiver kit. Today, we explore what might have caused this negligence, if it’s truly as easy to extract the data from the stream as described in a Wired article, why some data operators ignored the study and took no action, and, finally, what we can do to ensure our own data doesn’t end up on these vulnerable channels. What happened? Six researchers set up a standard geostationary satellite-TV antenna — the kind you can buy from any satellite provider or electronics store — on the university roof in the coastal La Jolla area of San Diego, Southern California. The researchers’ no-frills rig set them back a total of US$750: $185 for the satellite dish and receiver, $140 for the mounting hardware, $195 for the motorized actuator to rotate the antenna, and $230 for a TBS5927 USB-enabled TV tuner. It’s worth noting that in many other parts of the world, this entire kit likely would have cost them much less. What distinguished this kit from the typical satellite-TV antenna likely installed outside your own window or on your roof was the motorized dish actuator. This mechanism allowed them to reposition the antenna to receive signals from various satellites within their line of sight. Geostationary satellites, used for television and communications, orbit above the equator and move at the same angular velocity as the Earth. This ensures they remain stationary relative to the Earth’s surface. Normally, once you point your antenna at your chosen communication satellite, you don’t need to move it again. However, the motorized drive allowed the researchers to quickly redirect the antenna from one satellite to another. Every geostationary satellite is equipped with numerous data transponders used by a variety of telecom operators. From their vantage point, the scientists managed to capture signals from 411 transponders across 39 geostationary satellites, successfully obtaining IP traffic from 14.3% of all Ku-band transponders worldwide. The researchers were able to use their simple US$750 rig to examine traffic from nearly 15% of all active satellite transponders worldwide. Source The team first developed a proprietary method for precise antenna self-alignment, which significantly improved signal quality. Between August 16 and August 23, 2024, they performed an initial scan of all 39 visible satellites. They recorded signals lasting three to ten minutes from every accessible transponder. After compiling this initial data set, the scientists continued with periodic selective satellite scans and lengthy, targeted recordings from specific satellites for deeper analysis — ultimately collecting a total of more than 3.7TB of raw data. The researchers wrote code to parse data transfer protocols and reconstruct network packets from the raw captures of satellite transmissions. Month after month, they meticulously analyzed the intercepted traffic, growing increasingly concerned with each passing day. They found that half (!) of the confidential traffic broadcast from these satellites was completely unencrypted. Considering that there are thousands of transponders in geostationary orbit, and the signal from each one can, under favorable conditions, be received across an area covering up to 40% of the Earth’s surface, this story is genuinely alarming. Pictured at the University of San Diego roof setup, from left to right: Annie Dai, Aaron Schulman, Keegan Ryan, Nadia Heninger, and Morty Zhang. Not pictured: Dave Levin. Source What data was broadcast with open access? The geostationary satellites were found to be broadcasting an immense and varied amount of highly sensitive data completely unencrypted. The intercepted traffic included: Calls, SMS messages, and internet traffic from end-users; equipment identifiers and cellular encryption keys belonging to various operators, including T-Mobile and AT&T Mexico Internet data for users of in-flight Wi-Fi systems installed on commercial passenger aircraft Voice traffic from several major VoIP providers, including KPU Telecommunications, Telmex, and WiBo Government, law enforcement and military traffic: data originating from U.S. military ships; real-time geolocation and telemetry data from Mexican Armed Forces air, sea and ground assets; and information from Mexican law enforcement agencies — including data on drug trafficking operations and public assemblies Corporate data: internal traffic from major financial organizations and banks like Grupo Santander Mexico, Banjército, and Banorte Internal traffic from Walmart-Mexico, including details on warehouse inventory and price updates Messages from key U.S. and Mexican infrastructure facilities like oil and gas rigs and electricity providers While most of this data seems to have been left unencrypted due to sheer negligence or a desire to cut costs (which we’ll discuss later), the presence of cellular data in the satellite network has a slightly more intriguing origin. This issue stems from what is known as backhaul traffic — used to connect remote cell towers. Many towers located in hard-to-reach areas communicate with the main cellular network via satellites: the tower beams a signal up to the satellite, and the satellite relays it back to the tower. Crucially, the unencrypted traffic the researchers intercepted was the data being transmitted from the satellite back down to the remote cell tower. This provided them access to things like SMS messages and portions of voice traffic flowing through that link. Data operators’ response to the researchers’ messages It’s time for our second reference to the modern classic by Adam McKay. The movie Don’t Look Up is a satirical commentary on our reality — where even an impending comet collision and total annihilation cannot convince people to take the situation seriously. Unfortunately, the reaction of critical infrastructure operators to the scientists’ warnings proved to be strikingly similar to the movie plot. Starting in December 2024, the researchers began notifying the companies whose unencrypted traffic they’d successfully intercepted and identified. To gauge the effectiveness of these warnings, the team conducted a follow-up scan of the satellites in February 2025 and compared the results. They found that far from all operators took any action to fix the issues. Therefore, after waiting nearly a year, the scientists decided to publicly release their study in October 2025 — detailing both the interception procedure and the operators’ disappointing response. The researchers stated that they were only publishing information about the affected systems after the problem had been fixed or after the standard 90-day waiting period for disclosure had expired. For some systems, an information disclosure embargo was still in effect at the time of the study’s publication, so the scientists plan to update their materials as clearance allows. Among those who failed to address the notifications were: the operators of unnamed critical infrastructure facilities, the U.S. Armed Forces, Mexican military and law enforcement agencies, as well as Banorte, Telmex, and Banjército. When questioned by Wired about the incident, in-flight Wi-Fi providers responded vaguely. A spokesperson for Panasonic Avionics Corporation said the company welcomed the findings by the researchers, but claimed they’d found that several statements attributed to them were either inaccurate or misrepresented the company’s position. The spokesperson didn’t specify what exactly it was that the company considered inaccurate. “Our satellite communications systems are designed so that every user-data session follows established security protocols,” the spokesperson said. Meanwhile, a spokesperson for SES (the parent company of Intelsat) completely shifted responsibility onto the users, saying, “Generally, our users choose the encryption that they apply to their communications to suit their specific application or need,” effectively equating using in-flight Wi-Fi with connecting to a public hotspot in a café or hotel. The SES spokesperson’s response to Wired, along with a comment by Matthew Green, an associate professor of computer science at Johns Hopkins University in Baltimore. Source Fortunately, there were also many appropriate responses, primarily within the telecommunications sector. T-Mobile encrypted its traffic within just a few weeks of being notified by the researchers. AT&T Mexico also reacted immediately, fixing the vulnerability and stating it was caused by a misconfiguration of some towers by a satellite provider in Mexico. Walmart-Mexico, Grupo Santander Mexico, and KPU Telecommunications all approached the security issue diligently and conscientiously. Why was the data unencrypted? According to the researchers, data operators have a variety of reasons — ranging from technical to financial — for avoiding encryption. Utilizing encryption can lead to a 20–30% loss in transponder bandwidth capacity. Encryption requires increased power consumption, which is critical for remote terminals, such as those running on solar batteries. For certain types of traffic, such as VoIP for emergency services, the lack of encryption is a deliberate measure taken to increase fault tolerance and reliability in critical situations. Network providers claimed that enabling encryption made it impossible to troubleshoot certain existing network problems within their current infrastructure. The providers did not elaborate on the specifics of that claim. Enabling link-layer encryption may require additional licensing fees for using cryptography in terminals and hubs. Why did some vendors and agencies fail to react? It’s highly likely they simply did not know how to respond. It’s difficult to believe that such a massive vulnerability could remain unnoticed for decades, so it’s possible the problem was intentionally left unaddressed. The researchers note that no single, unified entity is responsible for overseeing data encryption on geostationary satellites. Each time they discovered confidential information in their intercepted data, they had to expend considerable effort to identify the responsible party, establish contact, and disclose the vulnerability. Some experts are comparing the media impact of this research to the declassified Snowden archives, given that the interception techniques used could be deployed for worldwide traffic monitoring. We can also liken this case to the infamous Jeep hack, which completely upended cybersecurity standards in the automotive industry. We cannot exclude the possibility that this entire issue stems from simple negligence and wishful thinking — a reliance on the assumption that no one would ever “look up”. Data operators may have treated satellite communication as a trusted, internal network link where encryption was simply not a mandatory standard. What can we as users do? For regular users, the recommendations are similar to those we give for using any unsecured public Wi-Fi access point. Unfortunately, while we can encrypt the internet traffic originating from our devices ourselves, the same cannot be done for cellular voice data and SMS messages. For any confidential online operations, enable a reliable VPN that includes a kill switch. This ensures that if the VPN connection drops, all your traffic is immediately blocked rather than being routed unencrypted. Use your VPN when making VoIP calls, and especially when using in-flight Wi-Fi or other public access points. If you lean toward the paranoid side, leave your VPN on at all times. An effective and fast solution for your needs could be Kaspersky VPN Secure Connection. Utilize 5G networks whenever possible, as they feature higher encryption standards. However, even these can be insecure, so avoid discussing sensitive information via text or standard cellular voice calls. Use messaging apps that provide end-to-end encryption for traffic on user devices, such as Signal, WhatsApp, or Threema. If you’re using a cellular service in remote locations, minimize SMS chats and voice calls, or use services from operators that integrate encryption at the subscriber equipment level. What else you need to know about telecommunication security: Attacks on 5G networks: the arms race continues How to protect yourself from SMS blaster scams Chatting offline: an overview of mesh messaging apps Messengers 101: safety and privacy advice What makes a messaging app secure?
Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and website for nefarious purposes.
Some of the world's biggest technology companies use a program liable to introduce malware into their software. The potential consequences are staggering, but there's an easy fix.
CISOs must navigate five critical dimensions of AI in cybersecurity: augmenting security with AI, automating security with AI, protecting AI systems, defending against AI-powered threats, and aligning AI strategies with business goals. Neglecting any of these areas is a recipe for disaster.
The Japanese media giant said thousands of employee and business partners were impacted by an attack that compromised Slack account data and chat histories.
Japanese media giant Nikkei said hackers gained unauthorized access to its internal Slack communication system, potentially exposing data linked to more than 17,000 people.
Rep. Jim Himes said things have changed for House Democrats when it comes to their potential to back legislation to renew Section 702 of the Foreign Intelligence Surveillance Act.
The cross-border investigation led to more than 60 house searches and 18 arrests across Germany, the U.S., Canada, Singapore, Luxembourg, Cyprus, Spain, Italy and the Netherlands.
Researchers at Google said Wednesday that they recently observed malware "that employed AI capabilities mid-execution to dynamically alter the malware's behavior."
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to
Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI's GPT-4o and GPT-5 models. OpenAI has
Raise your hand if you’ve heard the myth, “Android isn’t secure.” Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking its full potential. The truth is, with work happening everywhere, every device connected to your
A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the
The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of
Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’t through working harder, but through working smarter, together. Here are three practical steps every SOC can
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is written in VBScript and interacts with Gemini's API to request specific VBScript obfuscation and
