Oktacron - Cyber Security RSS Feeds History

UK Unveils £210M Cyber Overhaul as Nation Faces “Critically High” Digital Threat

cyberexpress Jan 06, 2026 Cyber News

The UK Department for Science, Innovation and Technology released its "Government Cyber Action Plan" today, which admits that the public sector's digital defenses have reached a crisis point. The 108-page document reveals that nearly a third of government technology systems run on legacy platforms that show more ...

sophisticated attackers can easily compromise. "The cyber risk to government is critically high," the plan stated, marking a rare moment of transparency from a government acknowledging its vulnerabilities. The admission follows a string of devastating incidents. A 2023 ransomware attack that crippled the British Library for months, forcing most online systems offline and exposing user data. The 2024 CrowdStrike software failure, though not malicious, cost the UK economy up to £2.3 billion and exposed how fragile digital infrastructure enables cascading failures across essential services. The cyber action plan establishes a Government Cyber Unit, a centralized authority backed by more than £210 million in funding. The unit will coordinate cybersecurity efforts across departments, set mandatory standards, and hold agencies accountable for their digital resilience. Also read: UK Tightens Cyber Laws as Attacks Threaten Hospitals, Energy, and Transport Under the new framework, departmental accounting officers—typically permanent secretaries or chief executives—bear personal responsibility for cyber risk management. The plan creates the Technology Risk Group, which will review aggregate risks and hold leaders accountable when organizations fail to manage threats appropriately. "Every public sector leader bears direct accountability for this effort," Minister of State Ian Murray said. Departments must urgently invest in replacing legacy systems and fixing foundational vulnerabilities. The Government Cyber Coordination Centre, or GC3, will expand its role beyond incident response to cover non-malicious digital resilience failures. The center will publish a Government Cyber Incident Response Plan defining structures and responsibilities when systems fail. The plan also launches the first Government Cyber Profession, addressing chronic skills shortages that plague the public sector. Nearly half of UK businesses and 58% of government organizations report basic cyber skills gaps, according to the 2025 Cyber Security Skills in the UK Labour Market report. Additionally, a new Cyber Resourcing Hub will coordinate recruitment across departments, competing with private sector salaries through competitive pay frameworks and emphasizing government-unique benefits like job security and mission-driven work. The profession will create clear career pathways and professional development opportunities. GovAssure, the government's assurance framework, found significant gaps in fundamental controls across departments. Asset management, protective monitoring, and response planning all showed low maturity levels in first-year assessments. The plan acknowledges that strategic suppliers pose aggregated risks across government. The Government Cyber Unit will establish formal strategic partnerships with major vendors, building cyber requirements into contracts and holding suppliers accountable for the risks they create. Lead government departments will assume responsibility for cyber resilience across their arm's-length bodies and wider public sectors. The Department of Health and Social Care, for instance, must ensure NHS trusts and other healthcare organizations maintain adequate defenses. Implementation spans three phases through 2029 and beyond. By March 2027, the plan aims to establish core governance structures, launch priority services, and publish cross-government incident response protocols. The second phase through 2029 focuses on scaling services and developing role-based learning pathways for high-risk specialisms. The document represents a fundamental shift from previous strategies. Where the 2022 Government Cyber Security Strategy set optimistic targets, this plan acknowledges those goals proved inadequate and resets expectations with measurable milestones. "We are not starting from scratch," Murray wrote. "We are scaling what works, learning from successes across the public sector and our international partners." Also read: UK Cyberattacks Increase Nearly 50% as NCSC Reports Third Consecutive Year of Growth

What Is a Proxy Server? A Complete Guide to Types, Uses, and Benefits

cyberexpress Jan 06, 2026 Cyber News

The term proxy server is very popular these days, especially when discussions are around internet security, internet privacy, and network management. But what exactly is a proxy server? What purpose does a proxy server serve for Individuals and businesses? In layman's terms, a proxy server acts as an show more ...

intermediary between the user's device and the Internet by acting as a Man-in-the-Middle, where it forwards requests to the Internet, returns responses back to the user's device, and processes or filters data along the way. Understanding how a proxy server works, what types of proxy servers exist, and what usage and applications a proxy server has will better define both a proxy server and how a proxy server differs from other technologies, such as a virtual private network (VPN). Understanding Proxy Meaning A Proxy is essentially a representative (acting) on behalf of another entity (the client). In networking, a proxy server acts as a middle layer between a client and the resource it wishes to access. The client requests are routed through the proxy (rather than) directly communicating with a website or application. Thus, the client can enjoy the benefit of anonymity as well as the enforcement of security, monitoring of traffic, and performance optimization provided by the proxy server. Many organizations utilize Proxy-type companies to assist them in managing large-scale deployments; organizations typically work with Proxy-type companies when they require the existence of multiple Proxies to secure, filter/request content, or to manage regional access. Forward Proxy vs. Reverse Proxy Proxy servers are broadly categorized into forward proxies and reverse proxies, each serving distinct purposes in a network. Forward Proxy A forward proxy, commonly referred to simply as a proxy server, operates on behalf of the client. It sits between the user and the external internet. When a user requests access to a website, the forward proxy evaluates the request according to predefined policies and then forwards it to the destination server. Forward proxies are widely used in businesses, schools, and data centers. They can: Mask users’ IP addresses to protect internal networks Enforce internet usage policies and block malicious or inappropriate sites Cache frequently requested content to reduce bandwidth usage and improve response times Inspect traffic for malware or compliance violations In essence, forward proxies control how users access the internet, providing both privacy and operational efficiency. Reverse Proxy A reverse proxy, on the other hand, works on behalf of servers rather than clients. Positioned at the edge of a network, it accepts incoming requests from users and forwards them to the appropriate backend server. To the client, the reverse proxy appears as the server itself. Reverse proxies are often deployed to: Hide server identities and reduce attack surfaces Implement centralized access management and security policies Distribute incoming traffic across multiple servers for load balancing Block malicious requests before they reach internal systems Where forward proxies protect users, reverse proxies protect servers. Both types are sometimes integrated with a proxy server firewall or proxy firewall to enhance security further. Key Differences Between Forward and Reverse Proxies Understanding the distinction helps clarify their roles: Feature Forward Proxy Reverse Proxy Protects Client devices Backend servers Traffic direction Outbound (user → internet) Inbound (internet → server) Common uses Privacy, filtering, caching Load balancing, security, and access control Deployment location Internal network Network edge or DMZ Types of Proxy Servers Proxy servers differ not just by function but also by anonymity, protocol support, and IP source. By Anonymity Level High-anonymity (Elite) Proxies: Conceal both user identity and the fact that a proxy is being used. Often used to avoid tracking or profiling. Anonymous (Distorting) Proxies: Hide the IP but reveal that a proxy is in use. Useful for bypassing geo-restrictions or targeted advertising. Transparent Proxies: Reveal the user’s IP and that a proxy is in use. Often deployed in schools or offices for monitoring and content filtering. By Protocol HTTP Proxies: Handle web traffic, providing basic IP masking but limited security. HTTPS Proxies: Encrypt traffic for secure browsing. SOCKS Proxies: Handle a variety of traffic types, including file transfers and email, but rely on external encryption. Specialized proxies exist for SIP (VoIP), SMTP (email), FTP (file transfers), DHCP, and DNS requests. By Access Model Public Proxies: Free and widely accessible but often slow and insecure. Private Proxies: Dedicated to a single user or organization, offering better performance and security. By IP Source Data Center Proxies: Fast and inexpensive, but easy to detect and block. Residential Proxies: Use real ISP-assigned IPs, appearing legitimate to destination servers. Mobile Proxies: Use cellular network IPs, ideal for mobile app testing and verification. Proxy Servers vs. VPNs It’s common to confuse proxies with VPNs, but they are not the same. While both route traffic through intermediaries, VPNs encrypt all system traffic, creating a secure tunnel, whereas proxies typically operate at the application level. Proxies offer flexibility, speed, and specific traffic routing, while VPNs prioritize privacy and encryption. Organizations often combine both for optimal security. Benefits of Using Proxy Servers Proxy servers deliver several key advantages for individuals and enterprises: Access Control: Forward proxies can restrict access to websites or services, helping enforce organizational policies. Privacy: Proxies mask user IP addresses and can rotate IPs to enhance anonymity. Performance Optimization: Caching frequently accessed content reduces bandwidth use and improves response times. Security: Combined with a proxy firewall, proxies block malicious content and provide a buffer against attacks. Geolocation Management: Proxies allow access to region-restricted content by routing requests through servers in different locations. Server Protection: Reverse proxies hide backend server identities and can distribute traffic to prevent overload. How Proxy Servers Work Every internet-connected device has a unique IP address, which websites use to send requested data. Normally, the IP is visible to any visited site. A proxy server changes this: The user sends a request to the proxy instead of the destination website. The proxy forwards the request using its own IP address. The destination server sees the request as coming from the proxy, not the user. The proxy may inspect, filter, cache, encrypt, or modify the response before delivering it to the user. This process underpins what a proxy is in networking, enabling privacy, security, and traffic management. Practical Considerations Deploying a proxy, especially a reverse proxy, requires careful planning. It involves: Host provisioning Firewall and proxy server firewall configuration Software selection Backend server mapping Logging and performance tuning At scale, default setups rarely suffice, which is why many organizations rely on managed proxy solutions or proxy companies to ensure reliability, security, and ongoing monitoring. Risks and Limitations While proxies offer many benefits, they are not without risks: Free proxies may lack encryption and transparency Logging practices can expose sensitive browsing data if mismanaged Misconfigured proxies can create bottlenecks or security gaps For high-stakes environments, professional deployment and monitoring are crucial. Conclusion A proxy server is a versatile tool in modern networking, capable of enhancing privacy, security, performance, and access management. Whether as a forward proxy regulating user traffic or a reverse proxy protecting servers, understanding the types, protocols, and deployment considerations is essential for making informed decisions. From masking IPs to balancing traffic and enforcing security policies, proxies play a vital role in both personal and enterprise networks. Knowing what proxy is in networking and the differences between a proxy and a VPN can help users and organizations choose the right solution for their needs.

Hacktivist Exposes and Deletes White Supremacist Websites Live at Conference

cyberexpress Jan 06, 2026 Cyber News

A hacktivist exposed and deleted three white supremacist websites during a presentation at a conference last week. The hacker and self-described journalist, who goes by Martha Root, appeared onstage dressed as Pink Ranger from the Power Rangers at the Chaos Communication Congress in Hamburg, Germany, and was joined by show more ...

journalists Eva Hoffmann and Christian Fuchs. Near the end of the presentation, Root remotely deleted the servers of WhiteDate, WhiteChild and WhiteDeal to cheers from the audience. The owner of the dating, family and job sites confirmed the hack in a post on X, writing, “At min 43, they publicly delete all my websites while the audience rejoices. This is cyberterrorism. No wonder some of them hide their faces. But we will find them, and trust me, there will be repercussions.” White Supremacist Websites Data Leaked Root was able to extract significant data from more than 6,000 users from WhiteDate and published much of it on the site okstupid.lol, an apparent pun referencing OkCupid. Root did not include emails and private messages “for now,” but also apparently shared the full data set with DDoSecrets and HaveIBeenPwned. Root wrote on okstupid that their investigation into WhiteDate revealed “Poor cybersecurity hygiene that would make even your grandma’s AOL account blush,” “Image metadata (EXIF) so revealing, it practically hands out home addresses with a side of awkward selfies,” and “A gender ratio that makes the Smurf village look like a feminist utopia.” “Imagine calling yourselves the "master race" but forgetting to secure your own website—maybe try mastering to host Wordpress before world domination,” Root taunted on the site. Root mapped the user data on an interactive map, and indeed, the location data is precise, with specific digital latitude and longitude coordinates capable of identifying a user’s address. Coupled with additional information such as profile pictures and the redacted email addresses, user identification would appear to be possible in many cases. Chatbot Used to Investigate White Supremacist Dating Site Root also used a custom AI chatbot to interact with users and scale data collection. As they noted in a video, “Some of WhiteDate’s most dedicated Aryan suitors spent weeks chatting with a chatbot, trained, prompted, monitored by me. And while they flirted with their perfect trad wife, I collected data.” According to their abstract, Root, Hoffmann and Fuchs claim that "After months of observation, classic OSINT research, automated conversation analysis, and web scraping, we discovered who is behind these platforms and how their infrastructure works." According to HaveIBeenPwned, the WhiteDate data set includes Ages, Astrological signs, Bios, Education levels, Email addresses, Family structure, Genders, Geographic locations, Income levels, IQ levels, Nicknames, Physical attributes, Profile photos, Races, Relationship status and Sexual orientation. HaveIBeenPwned labeled the data as “sensitive,” and noted, “As this breach has been flagged as sensitive, it is not publicly searchable.” Users must sign in to their dashboard to review search results, and DDoSecrets has restricted access to the data too. The name Martha Root appears to be a pseudonym taken from an American peace activist from the early 20th century.

Higham Lane School Cyberattack Disrupts IT Systems, Forcing Temporary Closure

cyberexpress Jan 06, 2026 Cyber News

A UK school cyberattack has forced a British secondary school to close its doors at the start of the new term, highlighting ongoing cybersecurity challenges across the education sector. Higham Lane School in Nuneaton, central England, confirmed that a cyber incident has disrupted its entire IT infrastructure, show more ...

preventing students and staff from accessing essential digital services. The Higham Lane School cyberattack incident has left the school’s approximately 1,500 students unable to return to classrooms following the Christmas holidays. School officials confirmed that the campus will remain closed until at least Wednesday while investigations and recovery efforts continue. Higham Lane School Cyber Incident Disrupts IT Systems In an email sent to parents and carers, Higham Lane School stated that the cyberattack “has taken down the school IT system,” leaving staff without access to “any digital services including telephones / emails / servers and the school’s management system.” The outage has affected all internal communications and administrative functions, prompting school leaders to take the precautionary step of closing the site. Headteacher Michael Gannon detailed the situation in a formal letter to families, explaining the steps being taken to manage the incident. “We are writing to provide you with an update following the recent cyber incident that has affected our school,” the letter stated. “As you are aware, the school will be closed today, Monday 5th January, and will remain closed tomorrow, Tuesday 6th January, while we continue to respond to this situation.” The decision, according to the school, was made following advice from external experts. Higham Lane School is working with a Cyber Incident Response Team from the Department for Education, alongside IT specialists from its Multi Academy Trust, the Central England Academy Trust, to investigate and resolve the issue. UK School Cyberattack: Students Advised Not to Access School Systems As part of the response to the school IT system outage, staff and students have been instructed not to log into any school platforms, including Google Classroom and SharePoint, until further notice. The school emphasized that students who may have already accessed systems using their credentials should not worry, but added that the temporary restriction is necessary to ensure safety while the investigation continues. Despite the closure, students have been encouraged to continue learning independently using external platforms not connected to the school network. Resources such as BBC Bitesize and Oak National Academy were recommended, with the school noting that these services can be accessed safely using personal devices and home internet connections. Education Sector Cybersecurity Under Growing Pressure The Higham Lane School cyber incident comes amid rising concern over cybersecurity in schools, both in the UK and internationally. In October 2025, Kearney Public Schools (KPS) in the United States disclosed a cybersecurity incident that compromised its entire technology network, affecting phones, computers, and digital systems district-wide. The KPS cyberattack disrupted communications as students and staff prepared to return to classrooms, requiring support from external cybersecurity experts. In the UK, recent findings from the Information Commissioner’s Office (ICO) have drawn attention to another emerging risk: student-led insider cyber incidents. According to the regulator’s analysis of 215 personal data breach reports in the education sector, 57% of insider incidents over the past two years were linked to students. Nearly a third involved stolen login credentials, and in 97% of those cases, students were responsible. “It’s important that we understand the next generation’s interests and motivations in the online world to ensure children remain on the right side of the law,” said Heather Toomey, Principal Cyber Specialist at the ICO. She warned that behavior driven by curiosity or dares can escalate into serious cyber incidents, with potential consequences extending beyond school systems. Weak Security Controls Amplify Risks The ICO cited several cases where weak password practices, poor access controls, and limited monitoring created opportunities for misuse. In one secondary school, Year 11 students accessed sensitive data belonging to 1,400 pupils after cracking staff passwords. In another case, a student used a compromised staff login to alter and delete records for more than 9,000 individuals. As investigations continue at Higham Lane School, the UK school cyberattack incident serves as another reminder of the growing importance of education sector cybersecurity, particularly as schools remain heavily reliant on digital platforms for teaching, administration, and communication.

European Commission Investigates Grok AI After Explicit Images of Minors Surface

cyberexpress Jan 06, 2026 Deepfake

The Grok AI investigation has intensified after the European Commission confirmed it is examining the creation of sexually explicit and suggestive images of girls, including minors, generated by Grok, the artificial intelligence chatbot integrated into social media platform X. The scrutiny follows widespread outrage show more ...

linked to a paid feature known as “Spicy Mode,” introduced last summer, which critics say enabled the generation and manipulation of sexualised imagery. Speaking to journalists in Brussels on Monday, a spokesperson for the European Commission said the matter was being treated with urgency. “I can confirm from this podium that the Commission is also very seriously looking into this matter,” the spokesperson said, adding: “This is not 'spicy'. This is illegal. This is appalling. This is disgusting. This has no place in Europe.” European Commission Examines Grok’s Compliance With EU Law The European Commission Grok probe places renewed focus on the responsibilities of AI developers and social media platforms under the EU’s Digital Services Act (DSA). The European Commission, which acts as the EU’s digital watchdog, said it is assessing whether X and its AI systems are meeting their legal obligations to prevent the dissemination of illegal content, particularly material involving minors. The inquiry comes after reports that Grok was used to generate sexually explicit images of young girls, including through prompts that altered existing images. The controversy escalated following the rollout of an “edit image” feature that allowed users to modify photos with instructions such as “put her in a bikini” or “remove her clothes.” On Sunday, X said it had removed the images in question and banned the users involved. “We take action against illegal content on X, including Child Sexual Abuse Material (CSAM), by removing it, permanently suspending accounts, and working with local governments and law enforcement as necessary,” the company’s X Safety account posted. [caption id="attachment_108277" align="aligncenter" width="370"] Source: X[/caption] International Backlash and Parallel Investigations The X AI chatbot Grok is now facing regulatory pressure beyond the European Commission. Authorities in France, Malaysia, and India have launched or expanded investigations into the platform’s handling of explicit and sexualised content generated by the AI tool. In France, prosecutors last week expanded an existing investigation into X to include allegations that Grok was being used to generate and distribute child sexual abuse material. The original probe, opened in July, focused on claims that X’s algorithms were being manipulated for foreign interference. India has also taken a firm stance. Last week, Indian authorities reportedly ordered X to remove sexualised content, curb offending accounts, and submit an “Action Taken Report” within 72 hours or face legal consequences. As of Monday, there was no public confirmation on whether X had complied. [caption id="attachment_108281" align="aligncenter" width="1024"] Source: India's Ministry of Electronics and Information Technology[/caption] Malaysia’s Communications and Multimedia Commission said it had received public complaints about “indecent, grossly offensive” content on X and confirmed it was investigating the matter. The regulator added that X’s representatives would be summoned. DSA enforcement and Grok’s previous controversies The current Grok AI investigation is not the first time the European Commission has taken action related to the chatbot. Last November, the Commission requested information from X after Grok generated Holocaust denial content. That request was issued under the DSA, and the Commission said it is still analysing the company’s response. In December, X was fined €120 million under the DSA over its handling of account verification check marks and advertising practices. “I think X is very well aware that we are very serious about DSA enforcement. They will remember the fine that they have received from us,” the Commission spokesperson said. Public reaction and growing concerns over AI misuse The controversy has prompted intense discussion across online platforms, particularly Reddit, where users have raised alarms about the potential misuse of generative AI tools to create non-consensual and abusive content. Many posts focused on how easily Grok could be prompted to alter real images, transforming ordinary photographs of women and children into sexualised or explicit content. Some Reddit users referenced reporting by the BBC, which said it had observed multiple examples on X of users asking the chatbot to manipulate real images—such as making women appear in bikinis or placing them in sexualised scenarios—without consent. These examples, shared widely online, have fuelled broader concerns about the adequacy of content safeguards. Separately, the UK’s media regulator Ofcom said it had made “urgent contact” with Elon Musk’s company xAI following reports that Grok could be used to generate “sexualised images of children” and produce “undressed images” of individuals. Ofcom said it was seeking information on the steps taken by X and xAI to comply with their legal duties to protect users in the UK and would assess whether the matter warrants further investigation. Across Reddit and other forums, users have questioned why such image-editing capabilities were available at all, with some arguing that the episode exposes gaps in oversight around AI systems deployed at scale. Others expressed scepticism about enforcement outcomes, warning that regulatory responses often come only after harm has already occurred. Although X has reportedly restricted visibility of Grok’s media features, users continue to flag instances of image manipulation and redistribution. Digital rights advocates note that once explicit content is created and shared, removing individual posts does not fully address the broader risk to those affected. Grok has acknowledged shortcomings in its safeguards, stating it had identified lapses and was “urgently fixing them.” The AI tool has also issued an apology for generating an image of two young girls in sexualised attire based on a user prompt. As scrutiny intensifies, the episode is emerging as a key test of how AI-generated content is regulated—and how accountability is enforced—when powerful tools enable harm at scale.

Critical n8n Vulnerability Allows Arbitrary Command Execution (CVE-2025-68668)

cyberexpress Jan 06, 2026 Firewall Daily

A newly disclosed n8n vulnerability has been confirmed to allow authenticated users to execute arbitrary system commands on affected servers. The issue, tracked as CVE-2025-68668, has been assigned a CVSS score of 9.9, placing it firmly in the critical severity range. The flaw impacts the open-source workflow show more ...

automation platform n8n and affects a broad range of deployed versions. n8n is commonly used to design and run automated workflows that connect applications, services, and scripts. Due to its role in handling sensitive integrations and credentials, security vulnerabilities within the platform can have significant consequences. Sandbox Bypass in the Python Code Node The n8n vulnerability affects all versions from 1.0.0 up to, but not including, 2.0.0. According to the advisory, an authenticated user who has permission to create or modify workflows can exploit the issue to execute arbitrary operating system commands on the host running n8n. The vulnerability has been categorized as a protection mechanism failure. The root cause lies in a sandbox bypass within the Python Code Node, which uses Pyodide to execute Python code. The advisory describes the issue clearly: “A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process.” While the attacker does not automatically gain higher privileges than the n8n service itself, the ability to run system commands at that level may still allow for data access, lateral movement, or further compromise depending on how the instance is deployed. The flaw was published under GHSA-62r4-hw23-cc8v, with security researcher csuermann credited for the report. The affected package is the n8n npm package, and the issue remained present until it was fully addressed in version 2.0.0. Patch Details and Security Improvements The CVE-2025-68668 issue has been resolved in n8n version 2.0.0, which is now listed as the patched release. However, security improvements related to this issue were introduced earlier. In n8n version 1.111.0, the project added a task runner–based native Python implementation as an optional feature. This implementation was designed to provide a stronger isolation model than the Pyodide-based sandbox used by the Python Code Node. To enable this more secure execution environment in affected versions, administrators must configure the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables. With the release of n8n 2.0.0, this task runner–based Python sandbox became the default behavior, effectively mitigating the sandbox bypass that made CVE-2025-68668 exploitable. The introduction of this default setting marks an architectural change aimed at reducing the attack surface associated with executing Python code inside workflows. It also reflects a broader shift toward isolating potentially dangerous operations more rigorously within automation platforms. Mitigations, Workarounds, and Broader Context for CVE-2025-68668 For organizations that cannot immediately upgrade, n8n has outlined several workarounds to limit exposure to the n8n vulnerability. One option is to completely disable the Code Node by setting the environment variable NODES_EXCLUDE to ["n8n-nodes-base.code"]. Another mitigation is to disable Python support in the Code Node entirely by setting N8N_PYTHON_ENABLED=false, a configuration option introduced in n8n version 1.104.0. Administrators can also proactively enable the task runner–based Python sandbox using N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER. The disclosure of CVE-2025-68668 follows another recently addressed critical flaw, CVE-2025-68613, which also carried a CVSS score of 9.9 and could lead to arbitrary code execution under certain conditions.

Taiwan Reports 2.6 Million Chinese Cyberattacks Per Day in 2025

cyberexpress Jan 06, 2026 Firewall Daily

Taiwan faced a surge in Chinese cyberattacks in 2025, with government data showing that the island’s critical infrastructure was targeted an average of 2.6 million times per day. According to Taiwan’s National Security Bureau, the scale, frequency, and coordination of these Taiwan cyberattacks suggest a sustained show more ...

and deliberate campaign that intensified alongside military and political pressure from Beijing. The bureau reported that Chinese cyberattacks against Taiwan’s key infrastructure rose 6% compared with the previous year. Sectors experiencing the most severe impact included energy systems, hospitals, banks, emergency rescue services, and telecommunications networks. The agency said the average number of daily attacks reached approximately 2.63 million in 2025, marking an 113% increase from 2023, when the bureau first began publishing such figures. “These attacks indicate a deliberate attempt by China to compromise Taiwan’s crucial infrastructure comprehensively and to disrupt or paralyze Taiwanese government and social functions,” the report stated. Chinese Cyberattacks Timed With Military Drills and Political Events Taiwanese authorities said many of the Chinese cyberattacks were closely synchronized with Chinese military exercises and politically sensitive moments, reinforcing concerns over what Taipei describes as “hybrid warfare.” The bureau documented that China conducted 40 “joint combat readiness patrols” in 2025, involving military aircraft and naval vessels operating near Taiwan. Cyber activity escalated during 23 of those patrols. The report cited specific incidents in which Taiwan cyberattacks intensified during major political events. In May, cyber activity spiked when President Lai Ching-te delivered a speech marking his first year in office. Another escalation occurred in November when Vice President Hsiao Bi-khim spoke at a meeting with lawmakers at the European Parliament. “China’s moves align with its strategic need to employ hybrid threats against Taiwan during both peacetime and wartime,” the report said. Taiwan has repeatedly accused China of using a combination of daily military drills, disinformation campaigns, and cyber operations to weaken the island’s defenses and morale. Beijing claims Taiwan as its own territory and has not ruled out the use of force to bring the island under its control. Taipei rejects China’s sovereignty claims, stating that only Taiwan’s people can decide the island’s future, reported The Japan Times. Hospitals, Energy Systems, and Banks Among Primary Targets The National Security Bureau said the Chinese cyberattacks employed a wide range of techniques designed to disrupt daily life and undermine public trust. These included distributed denial-of-service (DDoS) attacks aimed at overwhelming networks and halting services, as well as man-in-the-middle attacks used to intercept communications, steal sensitive data, and penetrate telecommunications infrastructure. Hospitals, emergency services, and energy providers experienced some of the sharpest year-on-year increases in attack volume. Banks and financial systems were also repeatedly targeted, raising concerns about broader economic disruption. Science parks anchoring Taiwan’s semiconductor industry were identified as another major focus. Facilities linked to advanced chip manufacturing, including firms such as TSMC, were subjected to repeated cyber intrusions. According to the report, attackers used various methods to steal advanced technologies and proprietary information. Technology Competition and Beijing’s Strategic Goals The bureau linked the cyber campaign to China’s broader economic and technological ambitions. The report said the attacks were “an attempt to support China’s self-reliance in technology and economic development and prevent China from being put in a disadvantaged position in the U.S.-China technology competition.” Despite the detailed findings, China has consistently denied involvement. The Chinese government routinely rejects accusations related to hacking or cyber espionage. China’s Taiwan Affairs Office did not respond to a request for comment on the report. Taiwanese officials argue that the sheer scale, timing, and coordination of the attacks point to an organized effort rather than isolated incidents. With Chinese cyberattacks and Taiwan cyberattacks continuing to rise in volume, the bureau warned that protecting digital infrastructure has become as critical as traditional military defense.

Scattered Lapsus$ Hunters Snared in Cyber Researcher Honeypot

darkreading Jan 06, 2026 Feed

Scattered Lapsus$ Hunters, also known as ShinyHunters, were drawn in using a realistic, yet mostly fake, dataset.

ClickFix Campaign Serves Up Fake Blue Screen of Death

darkreading Jan 06, 2026 Feed

Threat actors are using the social engineering technique and a legitimate Microsoft tool to deploy the DCRat remote access Trojan against targets in the hospitality sector.

Startup Trends Shaking Up Browsers, SOC Automation, AppSec

darkreading Jan 06, 2026 Feed

In 2025, these startups have reimagined browser security, pioneered application security for AI-generated code, and are building consensus on agentic vs. human costs.

Advisor360 Gets a Handle on Shadow AI via Automation

darkreading Jan 06, 2026 Feed

With employees looking for the benefits of artificial intelligence, a FinTech company stepped up controls with automation.

UK government admits years of cyber policy have failed, announces reset

cyware Jan 06, 2026 Government

The current system of accountability has left much of the British government vulnerable to cyberattacks, according to a new Government Cyber Action Plan, with responsibilities for risk “unclear at all levels.”