Connect with us

Infosecurity

Ukraine warns media outlets have become ‘priority targets’ for Russian hackers

Published

on

Ukrainian media priority targets

A new front in the information war

For four years, Ukraine’s media has operated under fire — literally. Now, the threats are multiplying in cyberspace. The country’s domestic security agency, the SBU, issued a stark warning: Ukrainian media outlets have become “one of the priority targets” for Russian hackers.

The shift is not subtle. Hackers linked to Russia are no longer just going after government databases or energy grids. They are going after the news. And they are doing it with a mix of digital assaults and old-fashioned propaganda, all while Russian missiles keep hitting actual newsrooms.

Volodymyr Karastelyov, head of the SBU’s cyber department, detailed two previously unreported attacks on Ukrainian television broadcasters. He stopped short of naming specific Russian groups, but the pattern is clear: disrupt the signal, break the trust, and sow chaos.

DDoS attack on a national TV channel

Earlier this year, an unnamed nationwide television channel came under a massive distributed denial-of-service (DDoS) attack. The assault lasted three hours. At its peak, the botnet — a network of hijacked devices — was hitting the broadcaster with up to 200,000 requests per minute.

The goal was simple: knock the channel offline. It failed. Karastelyov said the attack was repelled before it could achieve its objective. But the scale alone is a warning. This was not a small operation. It was a coordinated attempt to silence a major outlet in real time, during a war where every minute of coverage matters.

Phishing and platform takeover attempts

Another incident, which occurred last year, was even more insidious. Russian hackers targeted one of Ukraine’s leading television groups. They did not just want to crash the system. They wanted to own it.

According to the SBU, the attackers launched a phishing campaign against the broadcaster’s information systems. At the same time, they tried to slip in through connected infrastructure — a classic multi-vector approach. Their aim: seize control of the platform and publish propaganda disguised as legitimate Ukrainian content.

That attack was also contained. But the fact that it happened at all underscores a troubling reality. Hackers are not just trying to break things. They are trying to hijack the narrative.

Over 200 successful cyberattacks on media since the invasion

These two incidents are just the tip of the iceberg. Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) reported last year that Russian hackers had carried out more than 200 successful cyberattacks against Ukrainian media organizations since the full-scale invasion began.

The tactics are varied and brutal:

  • Phishing campaigns targeting journalists and editors
  • DDoS attacks to knock sites and broadcasts offline
  • Website defacements to spread disinformation
  • Destructive malware that wipes data and cripples systems
  • Unauthorized publication of fake stories on compromised platforms

The SBU itself says it has “neutralized” more than 16,000 cyberattacks and cyber incidents since Russia’s full-scale invasion four years ago. Those targets include government agencies, financial institutions, defense organizations — and, increasingly, media outlets.

Physical strikes on newsrooms continue

The cyberwar is not happening in a vacuum. Ukrainian media organizations have also sustained repeated physical damage from Russian missile and drone strikes. In fact, the two forms of attack often complement each other: cripple the digital infrastructure, then hit the physical one.

The National Union of Journalists of Ukraine documented 80 incidents in the first half of this year alone. These include destroyed or damaged editorial offices, wrecked broadcasting infrastructure, and journalists coming under fire while reporting.

This week, the office of Ukraine’s Channel 5 was damaged for the second time during the war. A strike on Monday hit the television studio, destroying part of the station’s filming equipment and heavily damaging the newsroom. The attack came as Russia launched 68 missiles and nearly 400 drones at Ukraine in a single night.

The message is unmistakable: Ukrainian media is under siege from every direction. The hackers try to silence them online. The missiles try to silence them on the ground. So far, neither has succeeded.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Infosecurity

GhostApproval: The Symlink Flaw That Turns AI Coding Assistants Into Rubber Stamps

Published

on

GhostApproval flaw

The rubber stamp nobody asked for

Six of the most popular AI coding assistants share a dangerous design flaw. Researchers at Wiz have shown that a malicious repository can trick these tools into approving edits that overwrite sensitive files on a developer’s machine. In the worst case, that opens the door to remote code execution.

Wiz calls the vulnerability GhostApproval. It affects Amazon Q Developer, Anthropic’s Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. The common thread? Symbolic links — symlinks — that make one file path secretly resolve to another.

The attack is elegantly simple. A repository contains a symlink disguised as an innocent file — say, project_settings.json. That symlink actually points at the developer’s SSH keys. When the developer asks the assistant to “set up the workspace” or follow the README, the agent follows the link and writes attacker-supplied content into the real target. The developer sees a harmless filename in the approval dialog and clicks “Yes.” They just handed over passwordless remote access.

Wiz published a proof of concept on July 7. The research team argues that the design effectively bypasses informed consent: the approval prompt shows only the harmless filename, not the real destination. So a developer approves an edit they cannot actually see.

For more on how rogue prompts can hijack coding agents, read our earlier piece on Agentjacking attacks against AI coding agents.

Who fixed it, who didn’t, and who argued

Wiz reported GhostApproval to all six vendors in early 2026. The responses were anything but uniform.

Amazon, Google, and Cursor treated it as a vulnerability and shipped fixes. Cursor even issued CVE-2026-50549 for the flaw.

Augment and Windsurf acknowledged the reports but, as of publication, have gone silent. No patches. Their users remain potentially exposed.

Anthropic took a different stance. The company disputed that Claude Code’s behavior is a vulnerability at all. Its argument: a user who trusts a directory and approves an edit owns that decision. Anthropic considers the scenario “outside our threat model.”

That disagreement gets at the heart of the issue. Wiz frames GhostApproval less as a collection of isolated bugs and more as a design question the industry has yet to settle: should an AI coding tool shield users from a deceptive workspace, or leave that judgment to the developer?

What developers should do now

The practical advice from Wiz is clear. Vendors should resolve symlinks before asking for approval and flag any write that lands outside the project directory.

Until then, developers using Augment or Windsurf should watch for updates — and think twice before approving edits from untrusted repositories. Even the most polished approval dialog is useless if it shows you a lie.

If you’re curious about related risks, check our guide on WhatsApp HD photo sending for a completely different kind of file-handling gotcha.

Continue Reading

Infosecurity

5,800 Arrested, $293 Million Seized: Inside the Chinese-Funded Interpol Cybercrime Sweep

Published

on

Interpol cybercrime crackdown

The Numbers Are Staggering

More than 5,800 people arrested. Nearly $300 million in illicit assets intercepted. Over 15,000 suspects identified. These are the headline results from Operation First Light 2026, a sprawling global anti-fraud campaign coordinated by Interpol and funded by China’s Ministry of Public Security.

The operational phase ran from January 15 to April 30, 2026, involving law enforcement agencies from 97 countries and territories. It was backed by regional partners including Aseanapol, the Gulf Cooperation Council’s GGCPol, and Europol. The scale alone makes it one of the largest coordinated cybercrime crackdowns in recent memory.

What Operation First Light 2026 Actually Targeted

This wasn’t a vague sweep. The operation zeroed in on specific crime types: social engineering scams, romance fraud, business email compromise (BEC) schemes, and the money laundering networks that enable them. These are the scams that empty bank accounts and ruin lives — often targeting the elderly, the lonely, and small businesses.

According to an Interpol statement released on July 9, investigators analyzed 152,808 individual fraud and scam cases. Of those, 23,715 were solved thanks to the operation. That’s a resolution rate of roughly 15.5% — not perfect, but significant for crimes that often cross a dozen jurisdictions before lunch.

Fake Cops, Real Money: The Eswatini Case

One of the most audacious schemes uncovered happened in Eswatini, the small Southern African nation. Authorities there raided a criminal network running illegal online gambling, money laundering, and an elaborate impersonation scam. The twist? The scammers posed as Brazil’s Federal Police — complete with fake uniforms, signage, and a realistic replica of a Brazilian police station.

“Posing as Brazil’s Federal Police via video call, the scammers deceived their targets into believing they were victims of a crime, tricking them into transferring funds for ‘safekeeping,’ which were then stolen,” Interpol said. Eswatini police seized 240 electronic devices, foreign currency, and the entire fake station setup.

How the Operation Worked on the Ground

On-the-ground operations took place in Brazil, Eswatini, Macao (China), Oman, Palau, Singapore, and Thailand. But the real work was digital. Investigators blocked or froze 31,014 bank accounts and numerous cryptocurrency wallets. They also issued 99 Interpol Notices and Diffusions — international alerts that can freeze suspects’ travel and flag them globally.

A critical tool was Interpol’s Global Rapid Intervention of Payments (I-GRIP), a stop-payment mechanism that allows authorities to quickly block illicit financial flows — both fiat currency and virtual assets. In a world where scammers can move millions in minutes, I-GRIP is the digital equivalent of a roadblock.

China’s Role: Funding and Focus

China’s Ministry of Public Security provided the funding for this Interpol cybercrime crackdown. That’s notable. Beijing has been increasingly active in international policing efforts, particularly around fraud that originates from or targets Chinese citizens. But this operation was global in scope, not limited to any one region.

The funding relationship raises questions for some observers about influence and data sharing. Interpol maintains that operational decisions remain independent. Still, China’s growing financial footprint in global law enforcement is a trend worth watching.

Why This Matters Beyond the Headlines

Cybercrime is exploding. The African continent, in particular, has seen a rapid rise in digital fraud, as Interpol itself has warned. Operations like First Light 2026 show that international cooperation can produce tangible results — arrests, asset seizures, and frozen accounts. But 5,800 arrests against 15,606 identified suspects means there are still nearly 10,000 people out there, likely already planning their next scam.

For the average person, the takeaway is simple: social engineering scams are getting more sophisticated. The Eswatini case — complete with fake police stations and video calls — is a reminder that trust is a weapon. Verify before you transfer. Hang up and call back on an official number. And if someone claiming to be law enforcement asks for money? It’s almost certainly a lie.

Interpol says the operation identified over 142,000 victims globally. That’s 142,000 people who lost money, trust, or both. The global anti-fraud operation may have stopped $293 million from disappearing, but the human cost is far higher.

Continue Reading

Infosecurity

A Chasm at the Top: 75% of CISOs Say Executives Don’t Understand the Cyber Risks Employees Face

Published

on

CISO executive cybersecurity gap

The Numbers Are Stark: A Leadership Disconnect

More than three-quarters of cybersecurity chiefs believe the executives they report to simply do not grasp the real-world dangers their employees face online. That is the headline finding from a new report by MetaCompliance, released July 9 and based on a survey of over 200 CISOs across Europe. Specifically, 78% said C-level leaders lack a full understanding of the cybersecurity risks tied to everyday employee behavior.

This disconnect comes at a particularly dangerous moment. Workers are being hammered by phishing attacks, and the rapid rise of generative AI has given attackers powerful new tools to craft convincing scams. The result? A growing tension between the security teams on the front lines and the boardroom above them.

Why the Boardroom Gap Matters Now More Than Ever

It is not just a matter of bruised egos. This CISO executive cybersecurity gap has real consequences. According to the survey, 79% of CISOs said executive support for security awareness initiatives fades over time. Initial enthusiasm for a new training program or a security push evaporates, leaving cybersecurity leaders to fight evolving threats with dwindling backing from above.

That lack of sustained support makes it far harder to protect the organization. Employees remain the weakest link, and the threats are getting smarter. AI-based social engineering attacks have become increasingly sophisticated and scalable. As James Mackay, CEO of MetaCompliance, put it: “Attackers are no longer relying on obvious scams or poorly written phishing emails. They can now create highly convincing impersonation attempts, social engineering attacks and fraudulent communications at scale.”

Mackay added that the situation demands something more than a one-off training session. “Human cyber risk is no longer just an awareness issue or a training issue; it is a strategic business risk,” he said. “But our research shows that many CISOs are still trying to drive change without consistent senior support, clear ownership or a shared understanding of the risk across the business.”

Confidence Is Dropping — and AI Is a Big Reason Why

The survey reveals that half of CISOs now feel less confident in their organization’s cyber resilience than they did just 12 months ago. The primary culprit? The rise of highly sophisticated, AI-driven attacks. These are not the clumsy phishing emails of yesteryear. Modern attacks use large language models (LLMs) and AI agents to mimic real colleagues, vendors, or executives with startling accuracy.

This erosion of confidence is a red flag for any organization. When the person responsible for security starts to doubt the company’s defenses, the entire posture is weaker. And the problem is compounded by internal fragmentation.

Fragmented Policies and Siloed Thinking

Another reason CISOs are struggling, according to the report, is a lack of joined-up thinking across the business. Different departments often operate under different security policies, creating gaps and inconsistencies. One team might have strict access controls, while another takes a lax approach. This inconsistency can lead directly to data loss or a full-blown incident.

The rise of generative AI in the workplace has only deepened this chaos. A worrying 40% of the CISOs surveyed said they fear employees are sharing sensitive information with public generative AI platforms like ChatGPT. This kind of shadow use can result in serious data breaches or privacy violations, and it often happens without the knowledge of the IT or security team.

What Needs to Change: Sustained Executive Backing

Fixing this problem is not about buying a new tool or running another phishing simulation. It requires a fundamental shift in how the board views cybersecurity. The CISO can no longer be a lone voice in the wilderness. Executives need to treat human cyber risk as a core business risk — one that demands ongoing attention, not just a quarterly check-in.

Mackay summed it up bluntly: “If leadership support fades after the initial push, organisations are left exposed. Building resilience against AI-enabled threats requires sustained executive backing, better stakeholder alignment and a more intelligent, behaviour-led approach to managing human cyber risk.”

For CISOs, the takeaway is clear. Bridging the CISO executive cybersecurity gap is not optional; it is survival. Without a shared understanding at the top, even the best security strategy will eventually fall apart. And with AI-powered social engineering growing more convincing by the day, the cost of that disconnect is only going to rise.

Continue Reading

Trending