A recent US and UK jointly-released cybersecurity advisory highlights serious vulnerabilities in the Bluvoyix platform from Bluspark Global, one of the pilot’s vendors. These vulnerabilities might allow bad actors to take full control of the infrastructure. This botched breach represents a serious risk for how the data of customers and their future shipments is handled, information vital to myriad shippers who count on the platform. Further, several operations against not only government entities but critical infrastructure and private sectors of the economy serve as ongoing reminders of this constantly changing threat landscape.
All the vulnerabilities in Bluvoyix are tracked as CVE-2026-22236 to CVE-2026-22240. They put the platform at risk of malicious exploitation, putting sensitive information in danger. Bluspark Global’s platform is integral for shippers managing their supply chain data, making the discovery of these vulnerabilities alarming for both the company and its clients.
Operation Nomad Leopard Targets Government Entities
Operation Nomad Leopard is an advanced cyber campaign, highly focused on government organisations in Afghanistan. Spear-phishing attacks are the primary means this operation employs to gain initial access to targets’ networks. It smartly uses phony government forms as red herrings. This tactic is used to deploy a backdoor, FALSECUB, which allows attackers to persist on compromised systems.
FALSECUB is mainly distributed through an ISO image file, which is hosted on GitHub. This distribution method makes the detection of and prevention efforts even more difficult. This approach leverages well-known platforms to deliver harmful payloads. Consequently, organizations have a hard time distinguishing helpful content from harmful content.
“These emails look like legitimate contacts from companies that use Zendesk to communicate with their customers, and are a spam tactic known as relay spam.” – Zendesk
As this operation spreads, fears over security posture of state institutions in fragile areas is on the rise. This has been ever more the case in light of increasing geopolitical tensions.
Emerging Cyber Threats from South Korea and China
Among them, one particularly interesting threat actor is Larva-25012. This group distributes proxyware through a malicious Notepad++ installer, primarily targeting South Koreans. This strategy draws attention to the increasing trend of cybercriminals using trusted software as a delivery mechanism for malicious tools.
This moves in parallel with a report that has found that China Unicom is home to almost half of all known command-and-control (C2) servers worldwide. Following closely are Alibaba Cloud and Tencent, who have a big part in this ecosystem. The campaign was initially discovered in late December 2025, removing the veil of surprise and showing that these kinds of operations are long-planned and highly-coordinated.
“Across Chinese hosting environments, a small number of large telecom and cloud providers account for the majority of observed command-and-control activity, supporting everything from commodity malware and IoT botnets to phishing operations and state-linked tooling.” – Hunt.io
Given the current concentration of C2 infrastructure, alarm bells should predict the cyber armageddon if these platforms are attacked en masse. This exposure illustrates an urgent need for every industry to reassess their approach to cybersecurity.
Regulatory Developments and Cryptocurrency Scams
In response to growing threats, the European Commission has unveiled a Cybersecurity Act. This piece of legislation will help mitigate these risks in the EU’s ICT supply chain, particularly those that come from third-country suppliers of an alarming level of cybersecurity threat. Through this legislation, the European Commission wishes to make sure that products and services sold to EU consumers are thoroughly tested for security.
“The new Cybersecurity Act aims to reduce risks in the EU’s ICT supply chain from third-country suppliers with cybersecurity concerns.” – European Commission
The revised act should lay out the overall intent to define a complete, multilayered approach rooted in harmonized, proportionate, and risk-based approaches. Additionally, the Directive empowers EU member states to act in a more coordinated manner in identifying risks across all critical sectors. Simultaneously, it considers the economic ramifications and market supply forces at play.
Scams have skyrocketed by increasingly wider margins, with nearly half of all cryptocurrency transactions having been a scam. In just 2025, bad actors netted upwards of $14 billion in crypto. We see scams getting more industrialized by the day. Today, they’re leveraging cutting-edge technology like phishing-as-a-service, AI-generated deepfakes, and sophisticated money laundering operations.
“Major scam operations became increasingly industrialized, with sophisticated infrastructure, including phishing-as-a-service tools, AI-generated deepfakes, and professional money laundering networks.” – Chainalysis
This disturbing development calls for a strong regulatory response. We must educate the public in order to truly fight back against the increasing tide of these scams.
Security Research Insights
In August, security researcher Eaton Zveare gained national attention for finding security holes in industry platforms used by automotive companies. His discoveries serve to highlight the rather modest time commitment needed to uncover dangerous vulnerabilities in systems or frameworks used by millions of everyday people.
“The time investment required to find the necessary vulnerabilities was small compared to the impact of this exploit.” – Eaton Zveare
These lessons underscore the need for industry-wide proactive security measures and ongoing vulnerability assessments among industries deeply dependent on technology.