FISA

In June 2025, Albania once again found itself under a digital siege—this time, the Municipality of Tirana became the epicenter of a coordinated cyberattack that disrupted local government services, leaked sensitive data, and reignited tensions in an already volatile geopolitical landscape. But what really happened behind the screens? Who was responsible—and why? More importantly, what does this mean for the future of municipal cybersecurity? Let’s break it down.  What Exactly Happened? Timeline of the Incident June 20–21, 2025 : The official website and online services of the Tirana Municipality were taken offline. June 22 : Parents were unable to register their children for kindergartens or nurseries via the "E-Fëmijët" portal, which is part of the city's digital public service infrastructure. Following Days : Investigators uncovered traces of a malicious tool designed to wipe data and disable core systems . The Malware Used: Display10 Wiper According t...

Source: Mashable Security researchers recently uncovered a massive archive of exposed credentials that includes over sixteen billion passwords [1]. This compilation is not the result of a single security breach. Instead, it brings together logs from years of malware infections that quietly harvested login data from millions of infected systems. The files were discovered on an open instance of a cloud hosting platform, making them briefly accessible to anyone who knew where to look. The leak includes credentials linked to well-known platforms such as Google, Microsoft, and Netflix. However, these companies were not breached. Rather, the data comes from users who had stored their passwords in browsers or files that were compromised by infostealer malware [1]. What makes this leak especially dangerous is the potential for automated attacks. Cybercriminals can use the data in credential stuffing campaigns, trying known username and password combinations across countless websites. Since man...

 As the world watches the escalating military conflict between Israel and Iran, another war is unfolding — one without bombs or missiles, but with malware, surveillance, and data destruction. In recent weeks, the digital battlefield has become a critical front in this long-standing rivalry, exposing not only the technical prowess of both nations but also the global implications of modern cyberwarfare. A New Front in an Old Conflict The physical war erupted in mid-June 2025 with Israeli strikes on Iranian military and nuclear sites, followed by Iranian retaliatory missile launches. But even as a fragile ceasefire came into effect on June 26, the cyber dimension of the conflict intensified, revealing a sophisticated, ongoing digital confrontation. Cyberattacks now accompany kinetic strikes, amplifying their impact and extending the battlefield into financial systems, infrastructure, surveillance networks, and even civilian homes. Israel’s Digital Offensive: Precision and Impact Israe...

  In the rapidly evolving world of industrial IoT (IIoT), the integration of AI-driven decision-making into operational technology (OT) systems has created the impression of tighter control, smarter response times and predictive efficiency. This feeling of having control might actually be a risky illusion. Autonomous systems are now responsible for critical infrastructure: smart grids, manufacturing lines and water treatment facilities, all relying on interconnected sensors and AI for autonomous decision-making. But as the layers of automation deepen, so too does the complexity, making it increasingly difficult to understand or audit decisions made by machines. As more layers of automation are added, the number of interconnected components – think of sensors, AI algorithms, communication network, and control systems- grows exponentially. Each new layer introduces more variables, dependencies and potential points of failure. AI models themselves often operate as “black boxes,” makin...

  Two newly discovered and interconnected Linux vulnerabilities — CVE-2025-6018 and CVE-2025-6019 — enable unprivileged attackers to escalate privileges to root across major Linux distributions. Affecting millions of systems globally, these flaws represent a severe and urgent security threat requiring immediate action.  Overview of the Vulnerability Chain The vulnerability chain, uncovered by the Qualys Threat Research Unit , hinges on two distinct but related flaws that when exploited in sequence, allow full root access: CVE-2025-6018 — A misconfiguration in the Pluggable Authentication Modules (PAM) on SUSE-based systems allows SSH users to be misclassified as local “active” users. CVE-2025-6019 — A flaw in the libblockdev library, accessible via the udisks daemon , grants root privileges to users in an “allow_active” context. Together, they form a dangerous privilege escalation chain, easily exploitable on systems with default configurations.  CVE-202...

AI-powered coding assistants like GitHub’s Copilot, Cursor AI and ChatGPT have swiftly transitioned from intriguing gadgets to indispensable sidekicks for modern developers. A   recent survey by Stack Overflow   revealed that over 76% of developers now rely on these assistants, with more than 80% reporting significant productivity improvements by using AI code generators & augmented code editors. These “virtual teammates” simplify complex tasks, streamline development workflows, and significantly accelerate project timelines. But with every innovation comes new risks. AI coding assistants occasionally generate what’s known as “hallucinations”, confident recommendations for software packages that simply don’t exist.   A recent study  by researchers from the University of Texas at San Antonio, the University of Oklahoma, & Virginia Tech found that open-source LLMs generated hallucinated packages at alarmingly high rates — around 21.7% on average — compared...

  Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck , which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute JavaScript code. The cybersecurity company has given the technique an alternate name JSFireTruck owing to the profanity involved. "Multiple websites have been identified with injected malicious JavaScript that uses JSFireTruck obfuscation, which is composed primarily of the symbols [, ], +, $, {, and }," security researchers Hardik Shah, Brad Duncan, and Pranay Kumar Chhaparwal said . "The code's obfuscation hides its true purpose, hindering analysis."   Further analysis has determined that the injected code is designed to check the website ref...