U.S. government Archives

AppWizard

March 25, 2026

FBI warns of Russian, Iranian cyber activity involving messaging platforms

The FBI issued alerts regarding cyber campaigns by Russian and Iranian actors targeting messaging platforms. Russian intelligence services are reportedly infiltrating applications like Signal, leading to unauthorized access of thousands of accounts of U.S. government officials, military personnel, political figures, and journalists. Russian operatives are using phishing messages disguised as support notifications to trick users into providing verification codes or account PINs, potentially allowing attackers to take over accounts. Once compromised, attackers can access messages, contact lists, and launch further phishing attempts. The advisory emphasizes that while Signal is targeted, similar tactics can affect any messaging app. In a separate alert, the FBI highlighted Iran’s Ministry of Intelligence and Security (MOIS) using Telegram to distribute malware aimed at Iranian dissidents and journalists, enabling them to steal sensitive information. This malware often disguises itself as legitimate software and connects to Telegram bots for remote access and data exfiltration. The FBI linked these activities to the Handala Hack group, which claimed responsibility for a recent attack on medical device manufacturer Stryker. The malware can be introduced through social media by hackers posing as technical support. Experts note that the use of Telegram for cyber compromises is increasing, as it helps malicious actors avoid detection by blending their traffic with trusted platforms.

AppWizard

March 23, 2026

FBI Warns of Russian Hackers Targeting Messaging Apps – The Advocate-Messenger

The FBI has issued a warning about phishing campaigns conducted by cyber actors linked to the Russian Intelligence Services (RIS), which target commercial messaging applications (CMAs). These actors have compromised numerous individual accounts, focusing on individuals with significant intelligence value, such as U.S. government officials and journalists, without breaching the encryption of the applications. The campaigns have allowed unauthorized access to private messages, contact lists, and the ability to send deceptive messages. Users of CMAs, especially Signal, are particularly targeted. The phishing tactics involve disguising messages as communications from automated CMA support, leading victims to click malicious links or provide sensitive information. To mitigate risks, users are advised to enhance their cybersecurity measures, remain vigilant, and follow best practices such as scrutinizing links, verifying group chats, and reporting suspicious activity to the Internet Crime Complaint Center or local authorities.

AppWizard

March 23, 2026

Russian hackers hijack thousands of ‘high intelligence’ messaging app accounts, FBI warns

Hackers linked to Russian intelligence are targeting high-profile users of popular messaging applications, according to a warning from the FBI and CISA. The primary targets include U.S. government officials, military personnel, political figures, and journalists. The attackers compromise accounts to access messages and contact lists, allowing for further phishing attempts. Signal users are particularly at risk, though techniques can extend to WhatsApp and Telegram. The hackers use social engineering tactics, impersonating official support accounts to trick users into revealing sensitive information. The FBI and CISA advise users to be cautious of unexpected messages and suspicious links. Victims are encouraged to report incidents to the Internet Crime Complaint Center (IC3).

AppWizard

March 22, 2026

Russian hackers hack messengers, Signal and WhatsApp under attack

Hackers with ties to Russian intelligence have intensified efforts against users of messaging platforms like Signal, infiltrating thousands of accounts, as reported by the FBI and CISA. The main targets include current and former U.S. government officials, military personnel, political figures, and journalists. The hackers used advanced techniques to bypass security, tricking users into revealing security codes through sophisticated phishing campaigns. Signal confirmed that their encryption and infrastructure remain secure despite these attacks. This rise in cyber threats is part of a broader trend involving increased activities from pro-Iranian and Russian hackers targeting the U.S. and its allies.

AppWizard

March 22, 2026

Russian Intelligence targets American messaging app users, FBI says

FBI Director Kash Patel revealed that hackers linked to Russian intelligence are targeting the messaging accounts of high-profile U.S. individuals, including current and former government officials, military personnel, political figures, and journalists. The FBI has identified these cyber actors, who have gained unauthorized access to thousands of accounts globally, allowing them to view private messages, send impersonating messages, and conduct phishing attempts. The campaign specifically targets users of commercial messaging applications like Signal, which has been blocked in Russia due to alleged legal violations. Dutch intelligence agencies reported that Russian hackers are also engaged in a global cyber campaign against WhatsApp and Signal accounts, using phishing tactics to access sensitive information. Signal acknowledged recent targeted phishing attacks leading to account takeovers. Since Russia's invasion of Ukraine, its cyber operations have increasingly focused on disruptive tactics against Western allies.

AppWizard

March 21, 2026

Cyber actors linked to Russia target messaging app users, FBI warns

The United States has issued a warning about cyber actors linked to Russian intelligence targeting users of commercial messaging applications, particularly Signal, compromising thousands of accounts worldwide. The FBI and CISA released a public service announcement detailing the operation's focus on individuals of “high intelligence value,” including U.S. government officials, military personnel, political figures, and journalists. Attackers have not breached the encryption of these platforms but manipulate users into disclosing credentials or linking devices. Russian intelligence-linked actors often pose as official support accounts, creating urgency to obtain security codes. Dutch intelligence agencies also reported a similar campaign targeting Signal and WhatsApp accounts of dignitaries and military personnel. Users are urged to be cautious of suspicious messages and to avoid sharing personal information. Signal reaffirmed that its encryption remains intact, emphasizing that vulnerabilities arise from user behavior rather than technical flaws in the application itself.

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

AppWizard

December 21, 2025

TikTok is being sold to US investors: Here’s what it means for Android users

TikTok has signed a deal to establish a joint venture primarily controlled by American investors, set to close on January 22, 2026. U.S. investors will gain full control over TikTok's algorithm and decision-making processes. The joint venture will involve partial ownership transfer to firms including Oracle Corporation, Silver Lake, and MGX. The agreement follows an Executive Order by President Trump on September 25, 2025, mandating that the U.S. joint venture be majority owned by American investors and governed by a majority-American board of directors. The deal aims to address concerns about the influence of TikTok's algorithm on public opinion and will ensure U.S. user data is stored in a secure cloud environment managed by Oracle. There are uncertainties regarding potential Chinese government intervention and compliance with congressional stipulations.

Winsage

November 17, 2025

Windows 10 update failure, autonomous AI cyberattack, Feds fumble Cisco patches

Microsoft has acknowledged an issue with the Windows 10 KB5068781 extended security update, which is failing to apply after installation for users with corporate licenses, resulting in a rollback. A group of hackers believed to be backed by China executed a large-scale cyberattack using Claude Code AI, targeting 30 organizations across various sectors. The Cybersecurity and Infrastructure Security Agency (CISA) reported that U.S. government agencies are struggling to patch critical vulnerabilities in Cisco devices amid the “Arcane Door” hacking campaign. Five individuals pleaded guilty to charges related to helping North Korean IT workers infiltrate 136 companies in the U.S. from September 2019 to November 2022. Port Alliance, a Russian port operator, reported disruptions due to a DDoS cyberattack targeting its operations related to coal and mineral fertilizer exports. DoorDash experienced a data breach on October 25, potentially affecting personal details of customers, Dashers, and merchants across the U.S. and Canada, traced back to a social engineering scam. North Korean hackers are using JSON storage services to host and deliver malware, approaching victims with job offers on platforms like LinkedIn. Jaguar Land Rover reported a financial impact of £196 million (0 million) from a cyberattack in September that forced production halts and compromised data.

Tech Optimizer

November 5, 2025

pgEdge Announces CloudNativePG Integration, Simplifying Postgres on Kubernetes

pgEdge has released new Container Images and an updated Helm chart to improve the deployment of pgEdge on Kubernetes, integrating with CloudNativePG, an open source Kubernetes operator for managing PostgreSQL clusters. The new pgEdge Postgres Container Images support Postgres versions 16 through 18 and are available in two flavors: Minimal and Standard. The updated Helm chart simplifies the management of distributed Postgres architectures, supporting flexible deployment options, automatic failover, and configuration for multi-cluster environments. The releases are designed to enhance operational efficiency and are available on GitHub.