cybersecurity

cross-posted from: https://lemmy.sdf.org/post/39439229

Op-ed by Dr. Dave Venable, Chair of the Institute for Strategic Risk and Security (ISRS), and Mykola Volkivskyi, President of the Geneva Center for Diplomacy and Conflict Resolution who previously served as Advisor to the Chairman of the Committee in the Ukrainian Parliament.

Archived

Spain's recent decision to award Huawei a contract worth €12.3 million to manage and store legally authorized wiretaps raises significant concerns about the country's commitment to digital sovereignty. This move jeopardizes Spain’s national security and undermines the trust that is essential for the intelligence-sharing frameworks of the European Union and NATO.

While Huawei has made considerable efforts to demonstrate technical compliance with European standards, the political reality is more complicated: any sensitive system it builds is, by default, subject to exploitation by Beijing. Huawei is subject to China’s 2017 National Intelligence Law and cannot credibly claim complete independence from the Chinese Communist Party’s (CCP’s) security and intelligence apparatus. Despite this, Madrid’s procurement process proceeded as if the controversy around Huawei had no bearing on the domain of sensitive state surveillance networks.

[...]

Spain’s SITEL Contract is Effectively A Security Breach

Spain’s wiretap system, SITEL, functions as the core for Spanish law enforcement and intelligence wiretap activities, storing sensitive data about targets involved in terrorism, organized crime, and even foreign espionage.

Huawei is technically capable of managing such a system, but under China’s 2017 National Intelligence Law, the company is compelled to cooperate with Chinese intelligence services. This creates a constant vulnerability in any critical infrastructure that Huawei or any PRC company operates abroad. However, Spain's procurement process treated Huawei's bid as if it were a neutral supplier.

[...]

Belgium’s State Security Service (VSSE) added Huawei to a watchlist in 2023 due to concerns about potential espionage. The country’s cybersecurity agency later banned Huawei from 5G networks used in critical sectors after detecting unusual data traffic patterns at a Brussels telecom hub.

The “Generation” bribery scandal worsened these concerns. Members of the European Parliament accepted lavish perks from lobbyists linked to Huawei, raising fears that influence operations had penetrated EU regulatory bodies. This incident eroded public trust and showed how corruption scandals can weaken vendor neutrality.

Belgium’s swift and decisive response demonstrates a security-first approach, which should be adopted across the EU and transatlantic alliance. In contrast, Spain’s SITEL contract indicates either a gap in awareness or a willingness to take risks that could affect Europe’s shared security framework.

[...]

The approach to Huawei varies further across Europe. Greece demonstrates how economic dependence can override security concerns — the country chose Huawei as a key provider for its telecommunications infrastructure. Huawei has even offered discounted equipment and “training centers” for Greek engineers to strengthen this relationship further. However, leaked documents in 2024 revealed that Huawei provided perks to Greek officials to secure these contracts.

[...]

Recent patterns emerging from conflict zones further emphasize the urgent need for a unified security policy [in the EU member states]. In Russian-occupied parts of Ukraine, local populations and military operations are increasingly served by unauthorized mobile operators using Russian and potentially Chinese-supplied infrastructure. These networks—established in Crimea, Donbas, and southern Ukraine—are not only illegal under international law but also structurally opaque, enabling surveillance, population control, and disinformation on a large scale. Evidence indicates that Chinese vendors have been involved in providing equipment to these unauthorized operators, either directly or through intermediaries. In Crimea, for example, existing infrastructure was reportedly transformed using Russian intercept technology (SORM), raising concerns that Chinese equipment may have aided these transitions.

[...]

Spain’s Huawei contract highlights a deeper problem: the lack of binding standards to safeguard Europe’s intelligence infrastructure. Procurement policy is a matter of national security. As hybrid threats grow and alliances face unprecedented pressure, EU and NATO leaders must act to address this critical gap. Without enforceable guidelines, the trust that underpins Europe’s security framework is in jeopardy.

Europe’s credibility hinges on its ability to align its intelligence infrastructure with alliance standards; otherwise, it risks increasing strategic division.

We’re glad to announce version 2.14.0 of Vulnerability-Lookup!
This version introduces several new features, enhancements, and fixes.

What's New

New Watchlist View

You can now view your monitored products and their related vulnerabilities directly in the browser, mirroring the structure of email notifications. Authenticated RSS/Atom feeds are available. (#181)

(enable audio in the screencast)

GNA Verification

We added a way to confirm whether a Vulnerability-Lookup instance is officially operated by a GNA. The information is available on the About page. (#179)

Optional CVD Process

The Coordinated Vulnerability Disclosure module can now be disabled if not applicable to your deployment. (#178)

Changes

Other changes include a smoother post-login experience and a fail-safe around ML-Gateway calls for related vulnerabilities. (#170)

Changelog

📂 To explore the full list of changes, visit the changelog on GitHub:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.14.0

🙏 Thank you very much to all the contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Your feedback is always appreciated!

Follow Us on Fediverse/Mastodon

You can follow us on Mastodon and get real time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

ArcaneChat 2.6.0 is on its way to Google Play and f-droid and should be available in the upcoming days, can't wait? for other download options check https://arcanechat.me/

🔮 What's new?

★ More security: chats are now encrypted forever, unencrypted email is received in separated recognizable chats marked with an email envelope icon

★ Cleaner UI: Since chats are always encrypted, padlocks and green checkmark icons are gone. Only "Saved Messages" and "Device Messages" chats keep a green checkmark

★ Now channels owners can set an avatar for their channel and subscribers can leave channels

★ Added Text-To-Speech (TTS) support for in-chat apps

★ You can change the order of your profiles in the profile switcher

★ New enhanced screen for chats and contacts profiles

★ And much more small fixes and improvements!

💜 Help keep ArcaneChat independent and make it even more awesome in the future: https://arcanechat.me/#contribute

A sophisticated Linux malware called Koske, discovered in July 2025, hides malicious code within innocent-looking panda bear JPEG images to deploy cryptocurrency miners and establish persistent system access[^1]. Security researchers at AquaSec believe Koske was developed using artificial intelligence, based on its adaptive behaviors and code structure[^2].

The malware exploits misconfigured JupyterLab instances to gain initial access, then downloads two panda images containing separate payloads - a C-based rootkit and a shell script[^3]. Rather than using steganography, Koske employs polyglot files that function as both valid images and executable scripts[^1].

Once executed, the malware:

• Deploys CPU and GPU-optimized miners for 18 different cryptocurrencies
• Establishes persistence through cron jobs and systemd services
• Uses LD_PRELOAD to hide malicious processes and files
• Manipulates DNS settings and network configurations
• Automatically switches mining pools if one becomes unavailable[^1]

"Impersonation and psychological warfare will be a big thing in the coming years," warns Rem Dudas from Palo Alto Networks, noting how AI enables malware to mimic other threat actors' techniques[^4].

[^1]: BleepingComputer - New Koske Linux malware hides in cute panda images

[^2]: The420 - How Is A "Panda" Becoming a Persistent Threat?

[^3]: Securitricks - AI-Generated Malware in Panda Image Hides Persistent Linux Threat

[^4]: BetaNews - Hackers are using AI and panda images to infect Linux machines

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)