Cyber Attack

The Russian state-linked Sandworm hacking group has been identified as responsible for what is described as the “largest cyberattack” targeting Poland’s power system in the last week of December 2025. Although the attack was detected and neutralized without causing any disruption, experts have linked this activity to a new variant of “wiper” malware deployed by the threat actor. Details of the DynoWiper attack and malware According to a report by ESET, the attack was the work of Sandworm, which used a previously undocumented wiper malware called DynoWiper (also known as Win32/KillFiles.NMO). The attribution to Sandworm is based on similarities with the group’s previous activities, especially in the context of the Russian invasion of Ukraine. ...

DXS International, a technology supplier to England’s National Health Service (NHS), has officially confirmed a cyber-attack on its systems. The incident, which was discovered on December 14, affected the company’s office servers. In a filing to the London Stock Exchange on December 18, DXS International stated that the attack had a “minimal impact on the company’s services” and emphasized that “front-line clinical services remain unaffected and operational.” The company does not currently anticipate an adverse financial impact as a result of the incident. ...

The cyber threat landscape targeting Chinese-speaking users has intensified with the detection of multiple malware campaigns. Two recent reports highlight the sophistication of threat actors using the Gh0st RAT remote access trojan, a malware known for its versatility. One of the campaigns involves the threat actor known as Dragon Breath (also APT-Q-27 or Golden Eye), which uses a multi-phase loader called RONINGLOADER to deliver a modified variant of Gh0st RAT. Simultaneously, another series of large-scale phishing campaigns have been distributing the same malware. ...