Saturday, Jun 28, 2025 // (IG): BB // GITHUB // SN R&D
China is Alleged to Have Broken RSA Encryption - China Achieves Modest Quantum Factoring Milestone
Bottom Line Up Front (BLUF): Chinese researchers used a D-Wave quantum annealer to factor a 22-bit RSA integer—the largest quantum-annealing-based factoring to date, but far from any threat to real-world encryption. This represents legitimate incremental progress in quantum optimization techniques, not a breakthrough that endangers current cryptographic systems.
Analyst Comments: This achievement demonstrates continued progress in quantum computing applications but does not constitute a cryptographic threat. The 22-bit integer factored is trivially small—any smartphone could factor it in seconds. Modern RSA uses 2048-bit or larger keys, representing a computational gap of approximately 2^2026 times more difficult. The research uses quantum annealing (optimization) rather than the gate-based quantum computing required for Shor's algorithm. While organizations should continue post-quantum cryptography (PQC) planning as part of long-term cybersecurity strategy, there is no immediate urgency based on this research.
FROM THE MEDIA: The breakthrough, if authentic, would mean the ability to decrypt data previously thought to be safe for decades. The report references a study that claims the use of quantum algorithms, potentially Shor’s algorithm or a variant, to factor large semiprime numbers that are fundamental to RSA. Global cybersecurity experts are urging caution, noting that more technical evidence is needed to confirm the achievement. Nevertheless, the claim has reignited calls for a rapid pivot to quantum-resistant cryptographic standards.
READ THE STORY: Earth
Weaponized DeepSeek AI Installers Used to Deploy Malware in Targeted Cyber Espionage Campaigns
Bottom Line Up Front (BLUF): Cybersecurity researchers have discovered that threat actors are weaponizing DeepSeek AI installers to deliver malware, including remote access trojans (RATs), in targeted attacks. The malicious installers are distributed via phishing and third-party sites, primarily targeting users in the government, education, and tech sectors.
Analyst Comments: The weaponization of AI software like DeepSeek shows how attackers exploit the trust in emerging technologies to carry out espionage. This mirrors a broader trend where legitimate-seeming AI tools are repackaged with backdoors to infiltrate sensitive networks. Using AI-brand lures could make attacks more complicated to detect, especially as the public interest in generative AI grows. Organizations should treat unofficial AI tool downloads as high-risk and consider network-based controls to block potentially compromised installations.
FROM THE MEDIA: These installers, modified by unknown threat actors, have been spread via phishing campaigns and unverified third-party websites. Upon execution, the installer drops a payload—often a remote access trojan (RAT)—that allows attackers to gain persistent access to the victim’s machine. The campaign appears to target government, academic, and tech research users, raising concerns over potential state-backed cyber-espionage objectives. Users are advised only to download AI tools from verified sources and implement endpoint monitoring to detect unauthorized installer activity.
READ THE STORY: GBhackers
Broadcom Warns of State-Sponsored IP Theft Targeting Its AI Chip Technology
Bottom Line Up Front (BLUF): Broadcom has warned about suspected state-sponsored cyberattacks aimed at stealing intellectual property related to its advanced AI chip technology. The company works with U.S. government agencies to investigate the incidents and safeguard its designs.
Analyst Comments: As AI chips become critical to national defense, economic competitiveness, and digital infrastructure, state-backed threat actors are intensifying industrial espionage campaigns. Broadcom’s cooperation with U.S. authorities suggests broader supply chain security concerns and may lead to tighter export controls, further straining U.S.-China tech relations.
FROM THE MEDIA: The company did not specify the nation behind the attacks but acknowledged that the intrusions were highly targeted and persistent. These incidents come amid heightened geopolitical scrutiny over semiconductors, especially as U.S. chipmakers face mounting cyber pressure from foreign intelligence units. Broadcom has increased its internal security measures and is working with the FBI and CISA to investigate and mitigate the threat.
READ THE STORY: The Register
Threat Actors Exploit Windows Task Scheduler for Stealthy Malware Persistence and Privilege Escalation
Bottom Line Up Front (BLUF): Cybercriminals and APT groups abuse Windows Task Scheduler to maintain persistence, escalate privileges, and execute malware covertly. Recent campaigns demonstrate how built-in Windows functionality is weaponized to bypass security controls and evade detection.
Analyst Comments: The exploitation of native tools like Task Scheduler reflects the ongoing trend of “living off the land” tactics, where attackers avoid detection by using legitimate system utilities. This approach complicates endpoint monitoring and challenges traditional antivirus and SIEM tools. Organizations must enhance behavioral analytics, implement strict privilege management, and monitor scheduled tasks for anomalies to defend against stealthy persistence techniques.
FROM THE MEDIA: Threat actors create or manipulate scheduled tasks to run malware at startup, in response to triggers, or on recurring schedules. The Task Scheduler is sometimes used with DLL side-loading or PowerShell scripts to deliver second-stage payloads. Financially motivated attackers and nation-state actors have adopted this technique due to its low detection profile and compatibility with Windows environments. The report urges defenders to audit task definitions and enable logging of scheduled task activity to detect suspicious use.
READ THE STORY: GBhackers
Chinese APT ‘Silver Fox’ Uses Fake Job Offers to Deploy Malware in Targeted Cyber-Espionage Campaign
Bottom Line Up Front (BLUF): A Chinese state-aligned threat group dubbed Silver Fox is using fake job recruitment emails as lures to deliver malware to professionals in the tech and defense sectors. The malware, embedded in malicious documents, establishes persistent access for espionage.
Analyst Comments: Silver Fox’s use of fake employment offers a sophisticated social engineering tactic to exploit trust and curiosity among high-value individuals. This mirrors recent trends where APTs target individuals rather than institutions, aiming to bypass hardened perimeters. The campaign underscores China’s continued interest in acquiring foreign defense and technology IP via cyber means. Organizations should train employees to be skeptical of unsolicited job outreach and enforce secure document-handling policies.
FROM THE MEDIA: The attackers send convincing fake job offers via email or LinkedIn, often mimicking major global firms. Attached documents contain embedded malware, which deploys backdoors allowing data exfiltration and remote control. The malware includes anti-analysis features and persistence mechanisms. Cybersecurity researchers attribute the campaign to a broader Chinese espionage strategy focused on economic and military advantage through human-targeted cyber operations.
READ THE STORY: THN
United Natural Foods Reports Cyberattack Impacting Q4 Operations and Financial Results
Bottom Line Up Front (BLUF): United Natural Foods Inc. (UNFI) disclosed that a recent cyberattack disrupted operations and will negatively impact its Q4 earnings. The incident, which took place in early June 2025, affected order processing and distribution center operations across multiple regions.
Analyst Comments: During a key financial reporting period, the timing suggests a potentially strategic or ransomware-motivated attack aimed at maximizing business disruption. UNFI’s situation reflects broader sector-wide logistics and food supply risks, where even short outages can cause ripple effects. Expect increased scrutiny of supply chain cyber resilience and possible regulatory focus if disruptions become systemic.
FROM THE MEDIA: UNFI experienced a cyberattack in early June 2025 that caused significant operational delays. The company stated the incident disrupted the processing of orders and affected distribution centers, forcing it to implement manual workarounds to continue deliveries. In a regulatory filing, UNFI said it expects a “negative impact on profitability” for the fourth quarter as a result. While the company has not confirmed the nature of the attack (e.g., ransomware), its investigation is ongoing and key systems are being restored. UNFI is one of the largest wholesale distributors of natural and organic foods in the U.S., servicing thousands of retail locations.
READ THE STORY: The Record
German Regulator Pressures Apple and Google to Remove Chinese AI App DeepSeek Over Privacy and Security Concerns
Bottom Line Up Front (BLUF): Germany’s Federal Commissioner for Data Protection urges Apple and Google to remove the Chinese AI chatbot DeepSeek from their app stores, citing concerns over user data being processed in China. The move reflects growing European scrutiny of Chinese AI apps amid rising data sovereignty and national security concerns.
Analyst Comments: With large language models capable of collecting vast personal and behavioral data, regulators fear potential misuse or access by foreign governments. If the request gains traction, it could set a precedent for wider EU restrictions on AI apps from authoritarian regimes, adding further tension to the ongoing global tech rivalry. It may also pressure U.S. tech giants to align more closely with European data protection norms.
FROM THE MEDIA: Germany’s data protection authority has publicly called on Apple and Google to delist the Chinese-developed AI chatbot DeepSeek from their platforms. The regulator raised concerns that the app transmits personal data to servers in China, potentially making it accessible to the Chinese government under local surveillance laws. DeepSeek, developed by a Shanghai-based AI company, markets itself as an advanced conversational assistant. The request follows broader EU concerns around Chinese tech influence, mirroring past scrutiny of TikTok and Huawei. Apple and Google have not yet commented on whether they will comply with the removal request.
READ THE STORY: Redhot Cyber
Facebook’s New AI Tool Raises Privacy Concerns by Requesting User Photos to Improve Recognition Models
Bottom Line Up Front (BLUF): Facebook has launched a new AI-powered tool that requests users to voluntarily upload personal photos to help improve its facial recognition models. Privacy experts are raising concerns over the implications for biometric data collection, storage, and potential misuse.
Analyst Comments: The program’s voluntary nature does not eliminate concerns over consent, long-term data retention, or the potential for model reuse beyond its original scope. This move may invite regulatory attention, especially in regions with stringent data protection laws like the EU. It also underscores the growing tension between AI advancement and individual privacy.
FROM THE MEDIA: Facebook has introduced a new feature inviting users to contribute photos of themselves to help train facial recognition algorithms. The company states that the tool is part of an initiative to improve AI accuracy in identifying faces across diverse demographics. While Facebook claims the data will be handled securely and only used for research and model training, critics warn that the platform’s historical misuse of user data justifies skepticism. Cybersecurity and digital rights groups have voiced concerns over transparency, data control, and the risk of future repurposing of the collected imagery.
READ THE STORY: THN
Microsoft Retires Iconic Blue Screen of Death in Favor of New Black Error Screen
Bottom Line Up Front (BLUF): Microsoft officially replaces the decades-old Blue Screen of Death (BSOD) with a Black Screen of Death in its latest Windows updates. The change is part of a broader visual refresh and system-level improvements introduced in Windows 11 and beyond.
Analyst Comments: While largely cosmetic, this shift symbolizes Microsoft’s effort to modernize the user experience, even during system failures. However, the BSOD has long served as a diagnostic touchpoint for cybersecurity and IT professionals. As visual cues change, backend error codes and logging must remain consistent or improve to aid in forensics and recovery. The black screen may also reduce visual panic for users, but troubleshooting clarity must not be sacrificed.
FROM THE MEDIA: Microsoft has officially retired the Blue Screen of Death—a long-standing symbol of critical system crashes—and replaced it with a black variant in newer Windows builds. This change aligns with other aesthetic updates introduced in Windows 11, including dark mode enhancements. The traditional BSOD, introduced in Windows 3.0, was known for displaying stop codes and crash dumps crucial for debugging. Microsoft assures users that the new black screen retains the same technical detail for diagnostics, though the visual shift marks the end of an era for longtime Windows users and admins.
READ THE STORY: GBhackers
PACER Filing System Targeted in Ongoing Cyberattack, Disrupting U.S. Federal Court Access
Bottom Line Up Front (BLUF): The U.S. federal court’s PACER (Public Access to Court Electronic Records) system is under active cyberattack, causing significant disruptions to public access and court operations. The Administrative Office of the U.S. Courts has confirmed the attack and is working with cybersecurity agencies to mitigate it.
Analyst Comments: The targeting of PACER highlights the increasing vulnerability of judicial and legal infrastructure in the U.S. Such attacks can disrupt access to public records, delay legal proceedings, and potentially expose sensitive legal filings. While attribution is pending, the nature and timing suggest either a financially motivated ransomware operation or a state-sponsored effort to undermine public trust in judicial transparency. Expect heightened federal scrutiny and possibly a re-evaluation of digital safeguards within the U.S. legal system.
FROM THE MEDIA: PACER, which hosts public court filings and records, was reportedly targeted as part of a broader campaign affecting U.S. court IT systems. Officials stated that while internal case-filing and processing systems remain operational, public access has been significantly impacted. The judiciary works with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) to contain the threat and investigate the intrusion. No data breach has been confirmed as of this writing.
READ THE STORY: The Record
Items of interest
U.S. to Halt Public Access to Hurricane Satellite Data Over Cybersecurity Concerns
Bottom Line Up Front (BLUF): The U.S. government has announced it will restrict public access to specific satellite data used in hurricane tracking, citing cybersecurity and national security risks. The move could impact global weather forecasting models and research efforts that rely on this data.
Analyst Comments: While the decision aims to protect critical space-based infrastructure from potential exploitation, it raises concerns about transparency, international collaboration, and the accuracy of public weather forecasting. Restricting satellite data may hinder the ability of academic institutions, foreign meteorological agencies, and even U.S. emergency responders to model storm behavior effectively. This shift reflects the increasing overlap between cybersecurity and climate infrastructure as satellite networks become more integrated and potentially vulnerable to cyber threats.
FROM THE MEDIA: The U.S. government will stop sharing certain types of real-time satellite data used to track hurricanes, specifically citing concerns about foreign threat actors exploiting the information or targeting the systems that produce it. Agencies did not specify which data streams would be affected, but experts warn the change could disrupt global weather modeling efforts that rely on U.S. satellite feeds. Some scientists and forecasters argue that cutting off access could delay early warnings in vulnerable regions. The decision follows a broader trend of securing national space assets against espionage and cyberattack risks.
READ THE STORY: The Register
Pentagon Halts Critical Hurricane Satellite Data (Video)
FROM THE MEDIA: The Pentagon’s termination of DMSP data during hurricane season, without a tested and available replacement, creates a critical intelligence blind spot in storm forecasting. Despite official reassurances, experts emphasize the real threat of reduced microwave imagery, especially for rapidly intensifying storms. The episode highlights the urgent need for more transparent, secure, well-planned transitions in essential weather infrastructure.
What is hyperspectral imaging: use cases, capabilities, and benefits? (Video)
FROM THE MEDIA: If you’ve ever wondered what Hyperspectral imaging actually is and how it’s different from the current market imaging capabilities, Pixxel is here to help! Watch this quick guide to understand hyperspectral imaging, its use cases, and its benefits.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.