Intel Chat: Tomiris cyber-espionage, OpenPLC ScadaBR, NPM manipulates AI scanners & MuddyWater [273]
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community: https://community.limacharlie.com/
For for more information about Cybersecurity Cares, visit https://www.cybersecurity-cares.com/
- The Tomiris cyber-espionage group, which has been under Kaspersky's watch since 2021, has evolved its tactics in a new wave of attacks observed in early 2025. https://www.darkreading.com/cyberattacks-data-breaches/tomiris-unleashes-havoc-new-tools-tactics
Article #2: https://securelist.com/tomiris-new-tools/118143/
- CISA has recently added CVE-2021-26829 to its known exploited vulnerabilities, or KEV catalog, marking it as a confirmed threat based on real world exploitation. https://www.securityweek.com/cisa-warns-of-scadabr-vulnerability-after-hacktivist-ics-attack/
- Researchers at KOI Security have identified a malicious NPM package, which not only performs typical credential stealing behavior, but also includes a new, subtle tactic attempting to manipulate AI-driven security scanners via embedded prompt engineering. https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-scanners
Article #2: https://thehackernews.com/2025/12/iran-linked-hackers-hits-israeli_2.html
- Iranian state sponsored threat group MuddyWater has launched a new wave of cyber espionage attacks targeting Israeli organizations across sectors including academia, civil infrastructure, engineering, technology and utilities. https://thehackernews.com/2025/12/iran-linked-hackers-hits-israeli_2.html
Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.
This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at https://limacharlie.io/