By summy 0 Comment

CyberSecurity Knuggets

Cybersecurity Knuggets

Mar 01, 2026

Email 1:

Subject: Best infosec-related long reads for the week of 2/21/26

Hi,

Happy Saturday morning! Metacurity is pleased to share our weekly digest featuring the best infosec long reads you may have missed in our daily news. Here are some key highlights:

  • The largest recent cyberattack on Poland’s energy infrastructure in late 2025 was attributed with high confidence to Russian state-linked groups such as Sandworm/Electrum and FSB-linked clusters like Static Tundra, showing a blurring between sabotage and espionage.

  • A study on China’s use of geo-blocking reveals that over half of Chinese government websites are inaccessible from abroad, representing “reverse censorship” justified under cybersecurity and political stability rationales.

  • Russia’s Luch spy satellites have maneuvered next to Western commercial and military satellites in geostationary orbit since 2014, raising fears of espionage and interference, with Luch-1 recently moved to graveyard orbit and Luch-2 continuing similar activity.

  • To combat geopolitical fragmentation of global threat intelligence sharing, adopting secure provenance methods can verify how threat data is produced and validated, enabling resilient cooperation amid national bans and sovereignty concerns.

  • An investigation uncovered UK-registered crypto exchanges using a fictional CEO front portrayed by stock footage to move billions on behalf of Iran’s IRGC, involving persons linked to the operation via social media and domain registrations.

We hope you find these long reads insightful! For full access to archives and special content, consider upgrading your Metacurity subscription.

Best regards,

Cynthia B Brumfield

info@metacurity.com

Email 2:

Subject: 🚨WK 09: GRIDTIDE’s 42-Nation Spy Campaign, $20M ATM Heists, North Korean Hackers Launder $150M and more..

Hello,

Here’s your weekly cybersecurity briefing covering major recent developments:

  • Google disrupted GRIDTIDE, a Chinese state-nexus espionage campaign (UNC2814) active since 2017, targeting telcos and governments in 42 countries using a novel backdoor that hid command-and-control within Google Sheets API traffic.

  • Criminals infected ATMs with malware enabling a $20 million coordinated cash-out across 50 locations in under two hours, exploiting ATM software and network weaknesses.

  • Researchers warn Chinese group Volt Typhoon remains embedded in US utilities, with persistent, likely undetected access to critical infrastructure.

  • Cisco’s SD-WAN critical zero-day vulnerability has been exploited since 2023 to gain root access on over 15,000 devices globally; urgent patches needed.

  • Microsoft alerted to a RAT campaign via trojanized gaming optimization tools infecting about 50,000 PCs worldwide.

Other key incidents include:

  • A phishing campaign using Anthropic’s Claude AI targeted Mexican officials, leading to sensitive data theft.

  • Tactical ransomware attacks on medical device maker UFP Technologies and semiconductor firm Advantest.

  • Legal action: Russian man accused of extorting Conti ransomware gang; Greek court sentences ‘Predator’ spyware operators.

  • US Government directives oppose foreign data sovereignty laws; Treasury sanctions crypto mixer laundering $150 million for North Korean hackers.

  • Privacy insights: UK’s Automated Vehicles Act includes strict data protection; EU Toolbox links supply chain cybersecurity with privacy for connected vehicles.

Stay informed and help build cybersecurity resilience by reading the full briefing.

Best,

The Cybersecurity Club Team

team@thecybersecurity.club

Stay Well!

summy
summy