Cybersecurity

Malware hidden in fake Office add-ins targets crypto users

Hackers are using bogus Microsoft Office extensions uploaded to SourceForge to spread malware. Cybersecurity firm Kaspersky has warned that the malware is designed to steal cryptocurrency.

One listing, posing as ‘officepackage,’ contains genuine Office add-ins. However, it also hides ClipBanker — a virus that swaps copied crypto wallet addresses with those belonging to attackers.

The malware tricks users by mimicking legitimate Office add-in pages, complete with download buttons and developer-style layouts. Once installed, ClipBanker monitors the clipboard and replaces wallet addresses without users’ knowledge.

It also gathers IP addresses, usernames, and system data, which it sends to the attackers via Telegram. In some cases, the virus checks for antivirus software or previous infections and self-deletes if detected.

Kaspersky noted that the malicious files are suspiciously small or padded with junk data to appear legitimate. While the primary goal is to steal cryptocurrency, attackers may sell access to infected systems to other malicious actors.

The malware’s interface is in Russian, and most victims so far — over 4,600 — have been located in Russia.

To stay safe, Kaspersky advises downloading software only from trusted sources. The company noted a growing trend of hackers hiding malware in pirated or unofficial software to exploit users chasing free apps.

For more information on these topics, visit diplomacy.edu.

Hydropower infrastructure vulnerable to cyberattacks

Cybersecurity threats to hydropower dams are becoming more frequent and severe, with attacks linked to state-backed actors from Iran, Russia, and elsewhere causing concern worldwide.

Recent incidents, including a major cyberattack on Hydro Quebec in 2023 and a thwarted attempt at Ethiopia’s Grand Renaissance Dam, show how vulnerable critical infrastructure has become.

The integration of Internet of Things (IoT) devices has only heightened these risks, expanding attack surfaces and introducing new vulnerabilities through outdated systems, dispersed equipment, and inconsistent security standards.

In the United States, authorities are growing increasingly alarmed at the lack of coordinated cybersecurity oversight for dams. Senator Ron Wyden, chairing a subcommittee hearing in April 2024, warned that many non-federal hydropower dams have never been audited for cybersecurity.

With only four cybersecurity experts overseeing 2,500 dams, and with outdated rules that only apply to internet-managed sites, he criticised the Federal Energy Regulatory Commission (FERC) for lacking the capacity and tools to safeguard the sector effectively.

Experts from the Idaho National Laboratory and FERC agree that the fragmented regulatory landscape poses a major challenge. Different agencies oversee various parts of dam operations, with no unified framework in place.

Cyberattacks on dams can cause more than just blackouts—they can also trigger devastating floods, disrupt water supplies, and endanger lives.

Calls are growing for Congress to address this vulnerability by improving funding, updating regulations, and implementing a national strategy to protect critical hydropower infrastructure from increasingly sophisticated cyber threats.

For more information on these topics, visit diplomacy.edu.

Adaptive Security raises millions to fight AI scams

OpenAI has made its first move into the cybersecurity space by co-leading a US$43 million Series A funding round for New York-based startup Adaptive Security.

The round was also backed by venture capital firm Andreessen Horowitz, highlighting growing investor interest in solutions aimed at tackling AI-driven threats.

Adaptive Security specialises in simulating social engineering attacks powered by AI, such as fake phone calls, text messages, and emails. These simulations are designed to train employees and identify weak points within an organisation’s defences.

With over 100 customers already on board, the platform is proving to be a timely solution as generative AI continues to fuel increasingly convincing cyber scams.

The funding will be used to scale up the company’s engineering team and enhance its platform to meet growing demand.

As AI-powered threats evolve, Adaptive Security aims to stay ahead of the curve by helping organisations better prepare their staff to recognise and respond to sophisticated digital deception.

For more information on these topics, visit diplomacy.edu.

Apple challenges UK government over encrypted iCloud access order

A British court has confirmed that Apple is engaged in legal proceedings against the UK government concerning a statutory notice linked to iCloud account encryption. The Investigatory Powers Tribunal (IPT), which handles cases involving national security and surveillance, disclosed limited information about the case, lifting previous restrictions on its existence.

The dispute centres on a government-issued Technical Capability Notice (TCN), which, according to reports, required Apple to provide access to encrypted iCloud data for users in the UK. Apple subsequently removed the option for end-to-end encryption on iCloud accounts in the region earlier this year. While the company has not officially confirmed the connection, it has consistently stated it does not create backdoors or master keys for its products.

The government’s position has been to neither confirm nor deny the existence of individual notices. However, in a rare public statement, a government spokesperson clarified that TCNs do not grant direct access to data and must be used in conjunction with appropriate warrants and authorisations. The spokesperson also stated that the notices are designed to support existing investigatory powers, not expand them.

The IPT allowed the basic facts of the case to be released following submissions from media outlets, civil society organisations, and members of the United States Congress. These parties argued that public interest considerations justified disclosure of the case’s existence. The tribunal concluded that confirming the identities of the parties and the general subject matter would not compromise national security or the public interest.

Previous public statements by US officials, including the former President and the current Director of National Intelligence, have acknowledged concerns surrounding the TCN process and its implications for international technology companies. In particular, questions have been raised regarding transparency and oversight of such powers.

Legal academics and members of the intelligence community have also commented on the broader implications of government access to encrypted platforms, with some suggesting that increased openness may be necessary to maintain public trust.

The case remains ongoing. Future proceedings will be determined once both parties have reviewed a private judgment issued by the court. The IPT is expected to issue a procedural timetable following input from both Apple and the UK Home Secretary.

For more information on these topics, visit diplomacy.edu.

Hackers exploit ESET vulnerability to deploy malware, Kaspersky warns

A recently disclosed software vulnerability in ESET security products has been identified as a potential vector for discreet malware installation, according to findings published by the cybersecurity company Kaspersky.

Catalogued as CVE-2024-11859, the flaw permits the execution of a malicious dynamic-link library (DLL) by leveraging ESET’s own antivirus scanning process. If exploited, the technique allows unauthorised code to run silently, bypassing standard system warnings and activity logs.

ESET, headquartered in Slovakia, acknowledged the issue in an advisory and issued a software update addressing the flaw. The company assigned it a medium severity rating, with a Common Vulnerability Scoring System (CVSS) score of 6.8 out of 10. ESET further indicated there is no current evidence that the vulnerability has been actively exploited in operational environments.

Kaspersky attributed the technique to a threat actor group known as ToddyCat, which has been observed since 2020 conducting operations against governmental and defence-related targets. While Kaspersky referenced the use of two specific DLLs in its analysis, ESET reported that it had not received samples of the files and could not independently confirm the attribution.

The malicious tool deployed in this case, named TCDSB by researchers, was disguised as a legitimate Windows DLL and designed to evade monitoring tools. The code appears to be a modified variant of EDRSandBlast, a known framework used to circumvent endpoint detection systems.

Modifications introduced in TCDSB are believed to enable interference with operating system components, suppressing alerts typically generated when new processes are initiated or external files loaded. Kaspersky reported multiple instances of the tool but did not identify affected organisations.

While no specific nation-state connection has been confirmed, ToddyCat has previously been associated with activities targeting institutions in Europe and Asia, as well as digital infrastructure in locations such as Taiwan and Vietnam. Some prior research has linked the group to broader cyber-espionage efforts attributed to Chinese interests.

According to ESET, successful use of the CVE-2024-11859 vulnerability requires existing administrative access to the target system, limiting the attack vector to post-compromise scenarios.

Kaspersky noted that the group employs a range of tunnelling techniques for data exfiltration, including abuse of virtual private networks and cloud services, often maintaining multiple exfiltration routes to ensure persistence even when individual channels are disrupted.

For more information on these topics, visit diplomacy.edu.

Minister urges Indian start-ups to shift focus from ice cream to semiconductors

India’s Commerce Minister Piyush Goyal has sparked controversy by questioning whether Indian start-ups should focus on semiconductor chips instead of gluten-free ice creams and food delivery apps.

Speaking at a start-up conference, he compared India’s consumer internet boom unfavourably with China’s advances in robotics and AI, urging entrepreneurs to pursue more ambitious tech innovations instead of safe lifestyle products.

While acknowledging the position of India as the world’s third-largest start-up ecosystem, Goyal faced pushback from founders who argued consumer apps often evolve into tech pioneers.

Quick-commerce CEO Aadit Palicha noted that companies like Amazon began as consumer platforms before revolutionising cloud computing. However, investors admitted deep-tech struggles for funding, with most capital chasing quick-return ventures instead of long-term hardware or AI projects.

The debate highlights India’s innovation crossroads. Despite having 4,000 deep-tech start-ups, projected to reach 10,000 by 2030, they attracted just 5% of 2023 funding instead of China’s 35%.

Experts suggest the government could help by offering tax incentives instead of criticism, and building research bridges between academia and start-ups to compete globally in advanced technologies

For more information on these topics, visit diplomacy.edu.

Trump moves to prop up struggling coal industry

President Trump is set to sign an executive order designating coal as a critical mineral instead of allowing its continued decline in the energy sector.

The order will force some coal-fired power plants slated for closure to remain operational, with the administration citing rising electricity demand from data centres instead of acknowledging coal’s dwindling competitiveness.

Currently, coal generates just 15% of US electricity instead of its 51% share in 2001, having been overtaken by cheaper natural gas and renewables.

Environmental experts warn coal remains the dirtiest energy source instead of cleaner alternatives, releasing harmful pollutants linked to health issues like heart disease and mercury poisoning. While the order may temporarily slow plant closures, analysts note it won’t reverse coal’s decline.

Solar and wind power now undercut operating costs at nearly all US coal plants instead of being more expensive, as was once the case.

The move could have more impact in steelmaking, where coal is still used instead of newer green steel techniques in most production. However, for power generation, renewables can be deployed faster than new coal plants instead of struggling to meet demand.

The order appears to prioritise political symbolism instead of addressing energy market realities, as even existing coal plants struggle to compete with increasingly affordable clean energy alternatives.

For more information on these topics, visit diplomacy.edu.

FBI and INTERPOL investigate Oracle Health data breach

Oracle Health has reportedly suffered a data breach that compromised sensitive patient information stored by American hospitals.

The cyberattack, discovered in February 2025, involved threat actors using stolen customer credentials to access an old Cerner server that had not yet migrated to the Oracle Cloud. Oracle acquired healthcare tech company Cerner in 2022 for $28.3 billion.

In notifications sent to affected customers, Oracle acknowledged that data had been downloaded by unauthorised users. The FBI is said to be investigating the incident and exploring whether ransom demands are involved. Oracle has yet to publicly comment on the breach.

The news comes amid growing cybersecurity concerns. A recent report from Horizon3.ai revealed that over half of IT professionals delay critical software patches, leaving organisations vulnerable. Meanwhile, OpenAI has boosted its bug bounty rewards to encourage more proactive security research.

In a broader crackdown on cybercrime, INTERPOL recently arrested over 300 suspects in seven African countries for online scams, seizing devices, properties, and other assets linked to more than 5,000 victims.

For more information on these topics, visit diplomacy.edu.

Neptune RAT malware targeting Windows users

A highly advanced malware known as Neptune RAT is making waves in the cybersecurity world, posing a major threat to Windows PC users. Labelled by experts as the ‘most advanced RAT ever,’ it is capable of hijacking systems, stealing cryptocurrency, extracting passwords, and even launching ransomware attacks.

According to cybersecurity firm CYFIRMA, Neptune RAT is being distributed via platforms like GitHub, Telegram and YouTube, and is available as malware-as-a-service, allowing virtually anyone to deploy it for a fee.

Neptune RAT’s feature set is alarmingly broad. It includes a crypto clipper that silently redirects cryptocurrency transactions by replacing wallet addresses with those controlled by the attackers.

It also comes with a password-stealing tool that can extract credentials from over 270 applications, including popular browsers like Chrome. Beyond theft, the malware can spy on users in real-time, disable antivirus tools including Windows Defender, and encrypt files for ransom, making it a formidable threat.

Cybersecurity experts are urging users to avoid clicking on unknown links or downloading suspicious files from platforms where the malware is circulating. In extreme cases, Neptune RAT even includes a data-wiping feature, allowing attackers to destroy all data on a compromised system.

Users are advised to stay cautious online and consider identity theft protection plans that offer financial recovery and insurance should a system replacement become necessary.

For more information on these topics, visit diplomacy.edu.

Dangerous WhatsApp desktop bug prompts update

A critical vulnerability has been discovered in WhatsApp Desktop for Windows, potentially allowing attackers to execute malicious code through deceptive file attachments.

Tracked as CVE-2025-30401, the flaw affects all versions prior to 2.2450.6 and poses a high security risk. The issue arises from a mismatch between how WhatsApp displays attachments and how the system opens them, enabling attackers to disguise executable files as harmless media.

When a user opens an attachment from within WhatsApp, the app displays the file based on its MIME type, such as an image. However, Windows opens the file using its extension, which could be malicious, like .exe.

The inconsistency could lead users to unknowingly launch harmful programs by trusting the attachment’s appearance. Security experts warn the exploit is especially dangerous in group chats, where a single malicious file could target several people at once.

Meta, WhatsApp’s parent company, has released version 2.2450.6 to fix the issue and is urging all users to update immediately.

Security researchers have likened the threat to previous vulnerabilities in the app, including one in 2024 that allowed silent execution of scripts. Given the high severity rating and ease of exploitation, users are advised not to delay updating their software.

For more information on these topics, visit diplomacy.edu.