Amazon uncovered a North Korean IT infiltrator by correlating subtle behavioral telemetry with location-aware security controls, demonstrating how insider threat detection increasingly depends on granular signals rather than overt policy violations. The individual, hired through standard remote processes, claimed to be U.S.-based but consistently exhibited abnormal keystroke latency during active system use.

Internal security teams identified a persistent 110-millisecond delay between keystrokes and system response, far higher than expected for a domestic connection, prompting deeper network and behavioural analysis. Further investigation revealed the employee was operating through layered proxies and remote-control infrastructure to mask their true location, a tactic commonly associated with North Korean revenue-generation and espionage operations. The case underscores how large enterprises can detect nation-state infiltration by combining endpoint telemetry, behavioural baselining, and network intelligence.

Key Points:

Link: Amazon Exposes North Korean IT Infiltrator Through Keystroke Latency Analysis

Water Saci Malware Targets Industrial Environments: Trend Micro details Water Saci, a sophisticated malware framework abusing legitimate tools to persist in enterprise and industrial networks, highlighting risks to critical infrastructure security. Link

Cisco Customers Hit by China-Linked Zero-Day Attacks: Researchers warn that a China-nexus APT is exploiting previously unknown Cisco vulnerabilities, enabling espionage and lateral movement across enterprise networks. Link

Fortinet Flaws Actively Exploited in the Wild: SecurityWeek reports active exploitation of newly disclosed Fortinet vulnerabilities, prompting urgent patching as attackers target exposed firewall and VPN appliances. Link

WordPress Plugin Bug Enables Full Site Takeover: A critical flaw in a popular WordPress automotive plugin allows unauthenticated attackers to seize control of affected sites, raising concerns for supply-chain risk. Link

KimWulf Botnet Hijacks 1.8 Million Devices: The KimWulf botnet has rapidly expanded by exploiting weak credentials and unpatched systems, amassing a massive pool of compromised devices for DDoS and malware delivery. Link

Malicious Chrome Extensions Spotlighted: Researchers uncover browser extensions abusing permissions to harvest data and inject ads, underscoring persistent risks in official extension marketplaces. Link

AI Phone Farm Floods TikTok With Fake Influencers: A breach exposed an a16z-backed phone farm operation generating AI-driven influencer accounts to manipulate TikTok engagement at scale. Link

LKQ Confirms Oracle EBS Breach: Auto parts giant LKQ disclosed a breach of its Oracle E-Business Suite environment, raising concerns over ERP system security. Link

UK Foreign Office Hacked by China-Linked Actors: The UK government confirms a China-linked cyber intrusion targeting Foreign Office systems, escalating diplomatic and security tensions. Link

Pornhub Extorted After Data Theft: Hackers are extorting Pornhub following the theft of premium user activity data, highlighting risks around sensitive consumer information. Link

700Credit Breach Impacts Millions: Credit-check provider 700Credit reports a breach affecting up to 5.6 million individuals, exposing personal and financial data. Link

Askul Loses 740,000 Records in RansomHouse Attack: Japanese retailer Askul confirms a ransomware-related data theft impacting hundreds of thousands of customer records. Link

France Arrests Hacker Over Interior Ministry Breach: French authorities arrested a suspect accused of infiltrating Interior Ministry systems, marking a rare public attribution in a sensitive government cyber case. Link

ResidentBat Android Spyware Targets Belarus: New research exposes ResidentBat spyware, allegedly linked to Belarusian security services, used to surveil activists and journalists via Android devices. Link

China-Linked APT LongNoseGoblin Expands Targeting: The LongNoseGoblin APT is intensifying cyber-espionage campaigns against Asian governments, using custom malware and living-off-the-land techniques. Link

Crypto Hacks Drive Billions in Losses: Chainalysis reports that cryptocurrency hacking and theft continue to rise, with attackers rapidly laundering stolen funds through mixers and cross-chain bridges. Link

Cryptomining Campaign Targets AWS EC2 and ECS: Amazon details an active cryptomining campaign abusing exposed cloud credentials and misconfigurations to monetize compromised AWS workloads. Link

Spyware Used Against Belarusian Journalist: Rights groups reveal spyware infections on a Belarusian journalist’s devices, highlighting continued digital repression and surveillance abuses. Link

CISA Adds Three Exploited Bugs to KEV Catalog: U.S. CISA adds three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, urging agencies to remediate immediately. Link

Russia-Linked Hackers Abuse Microsoft 365: Analysts warn that Russian-linked threat actors are leveraging Microsoft 365 features for phishing, persistence, and covert data exfiltration. Link

EU Fines X €140M Over Blue Check Practices: EU regulators fine X for deceptive blue checkmark practices and transparency failures, reinforcing tougher platform accountability rules. Link

FBI Seizes Crypto Laundering Hub E-Note: U.S. authorities seized E-Note, a crypto laundering service allegedly run by a Russian administrator, dealing a blow to cybercrime financing. Link

TikTok Accused of Unlawful Tracking: Privacy group noyb alleges TikTok illegally tracks users’ shopping behavior and dating app usage, potentially violating EU data protection law. Link

U.S. Seeks Input on Deepfake Sentencing: The U.S. Sentencing Commission is soliciting feedback on criminal penalties related to deepfake abuse, signaling tougher enforcement ahead. Link:

Trump Signs NDAA With Cyber Command Provisions: The newly signed NDAA includes measures strengthening U.S. Cyber Command authorities and cyber defense posture. Link

Summary of Chainalysis 2026 Crypto Crime Report: The forthcoming Chainalysis 2026 Crypto Crime Report outlines evolving trends in cryptocurrency-related crime across 2025, revealing that over $3.4 billion in crypto was stolen, driven largely by a record $2.02 billion in thefts attributed to North Korean threat actors - including the historic $1.5 billion ByBit exchange hack. Link to report.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected]

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.