The University of Twente, together with the Jheronimus Academy of Data Science (JADS), is leading a project aimed at strengthening supply chains against cyberattacks. The project titled "Digital Resilience in Supply Chains" (DReSC) uses data-driven methods to identify vulnerabilities, develop solutions, and better understand how to cultivate a culture of security in supply chains. With careful risk assessment and real-life experiments, DReSC will delve into how suggested interventions can reduce cyber risks.

The latest annual report by the Office of the Director of National Intelligence (ODNI) emphasizes that China is the biggest cyber threat to the US government, private sector, and critical infrastructure networks. The US Cybersecurity and Infrastructure Security Agency (CISA) and US government partners have noticed a worrying trend of the People's Republic of China (PRC) nation-state cyber actors targeting US critical infrastructure for disruption. Many critical infrastructure owners and operators are small businesses or rely on small business service providers and vendors.

Classic and novel stealth techniques helped "DuneQuixote" remain hidden for at least a year. The threat actor behind the campaign spied on a Middle Eastern government organization. Before researchers reached the attack, at least 30 infections had been recorded against other organizations, mostly around the Middle East. Experts say cyberattackers have improved their stealth across the board. The DuneQuixote campaign has two malware droppers and two payloads. One of the droppers mimics the Total Commander, combining legitimate and malicious components.

Google recently rolled back a release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. According to Mozilla, the issue was related to reCaptcha's dark mode detection routine for Firefox in Windows. Mozilla noted that the script attempted to modify a div's background color using "document.body.removeChild", but as the script was loaded in the HTML head, the DOM had not loaded yet and "document.body" was not available, causing the script error.

According to the 2023 Norton Cyber Safety Insights Report, more than one in every four adults worldwide has been the victim of an online dating or romance scam. The US Federal Trade Commission (FTC) reported that romance scam victims increased from 11,000 in 2016 to 70,000 in 2022, leading to a total loss of about $1.3 billion. In 2023, romance scam victims lost $652.5 million, and investment scam victims lost $4.57 billion, according to the Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) report.

Google announced that over 400 million Google accounts have authenticated users over the past two years through passkeys. Passkeys involve a cryptographic key pair, with a private key stored on the device and a public key shared with the app or website. Since this key pair combination is unique, the user's passkey will only work on the website or app for which it was created. Therefore, the user cannot be tricked into signing in to a malicious look-alike website.

According to security researchers at Censys, the recently uncovered cyberespionage campaign named ArcaneDoor, which involves hacked Cisco firewalls, may be the work of a Chinese threat actor. The researchers noted that when it investigated the actor-controlled IPs provided by Talos and cross-referenced them with other certificate indicators, they discovered compelling data suggesting the potential involvement of an actor based in China, including links to multiple major Chinese networks and the presence of Chinese-developed anti-censorship software.