Latest Internet & Cybersecurity News
China-linked Webworm targets European government organizations using Discord and Microsoft Graph
A China-backed threat actor known as Webworm is targeting government organizations across Europe and abusing unusual command-and-control channels, including Discord and Microsoft Graph. The campaign highlights how attackers continue to blend in with legitimate cloud and collaboration services to evade detection .
Human factors remain a major cybersecurity weak point in global life sciences
A SANS podcast discussion with Kevin Jones focuses on how people remain the weakest link in a global life sciences company’s security posture. The episode emphasizes that even strong technical controls can be undermined by phishing, misconfigurations, and everyday human error .
Cisco hosts a busy calendar of cybersecurity and networking events
Cisco’s event listing shows multiple conferences and symposia taking place this week, including regional gatherings focused on networking, security, and operational technology. These events are often where vendors and practitioners share threat intelligence, defensive guidance, and product updates .
Cloud collaboration platforms remain attractive to advanced attackers
The Webworm campaign shows that adversaries are increasingly using mainstream services as covert infrastructure rather than relying only on traditional malware hosting. Security teams should monitor for suspicious API use, unusual OAuth activity, and data flows to commonly trusted platforms .
European public-sector organizations face sustained espionage pressure
The targeting described in the Dark Reading report underscores the continued interest of state-backed actors in government networks and sensitive public data. Such campaigns typically prioritize long dwell times, stealth, and credential harvesting over immediate disruption .
Abuse of Microsoft Graph signals a shift toward living-off-the-land tradecraft
Using Microsoft Graph as part of command-and-control suggests attackers are trying to hide malicious traffic inside legitimate enterprise cloud activity. Defenders may need to expand detection logic beyond endpoint alerts to include identity, API, and SaaS telemetry .
Discord continues to appear in threat actor infrastructure
The report notes that Webworm is also leveraging Discord, reinforcing a broader trend of attackers abusing communication platforms for staging or command traffic. Because these services are widely trusted and frequently used, blocking them outright is often impractical, making behavioral detection more important .
Security awareness is still critical in highly regulated industries
The SANS discussion on life sciences points to the operational challenge of securing globally distributed teams and supply chains. In industries handling sensitive intellectual property and regulated data, user education and process discipline remain essential controls alongside technology .
Threat hunting must account for legitimate cloud service misuse
Attackers increasingly blend malicious operations into normal enterprise cloud usage, complicating traditional perimeter-based security. The Webworm activity is a reminder that defenders should hunt for anomalous identities, token abuse, and service-to-service communication patterns .
Industry forums continue to play a major role in sharing cyber defense practices
Cisco’s event schedule reflects how conferences and symposiums remain a key venue for security professionals to compare notes on emerging threats. In a fast-moving threat landscape, these exchanges can help organizations update detections, harden configurations, and prioritize investments .