British military drops basic training to fast track recruitment of ‘cyber warriors’
The British government is dropping the traditional fitness and weapons training for specialist cyber military recruits in order to address a cyber skills shortage within His Majesty’s Armed Forces, including in its arm for offensive operations in the National Cyber Force. The new pipeline will see up to 50 recruits accelerated into existing vacancies with either the Royal Navy or the Royal Air Force by the end of this year. The British Army will join the recruitment drive in 2026. The recruits will complete only four weeks of basic training — reduced from the 10 weeks normally required by the Royal Navy and RAF — before they spend three months learning military cyber skills at the Defence Academy in Shrivenham, Oxfordshire.
Crimelords and spies for rogue states are working together, says Google
Google says the the world’s lawmakers must take action against the increasing links between criminal and state-sponsored cyber activity. In a fresh report published today, the company’s Threat Intelligence Group listed a range of recommendations to help fend off the threat presented by cyber spies in the “Big Four” – Russia, China, Iran, and North Korea – as they deepen their ties with cybercriminals. It said governments must designate cybersecurity as a national security priority where it isn’t already, and lawmakers should be properly incentivizing the implementation of best practices, especially in critical infrastructure. The report did not explicitly link these arguments to any given events, but it highlighted the number of attacks targeting healthcare and the unfolding economic costs.
Huge Christmas data breach – 14 million shipping records leaked, putting shoppers at risk
Nobody is safe from data breaches, and something as simple as ordering a parcel from a reputable company can put you at risk. This is exactly the case for 14 million unlucky shoppers, as an open instance was discovered unsecured online. Researchers at CyberNews found the instance originated from an unprotected AWS bucket which belonged to Hipshipper – an international logistic and shipping company that works with sellers on both eBay and Amazon, offering delivery and returns to over 150 countries. The researchers discovered the open instance in December 2024, and the leak was only closed in January 2025, so was open for at least a month – here’s what we know.
US woman faces years in federal prison for running laptop farm for N Korean IT workers
A 48-year-old woman from Arizona has pleaded guilty to charges related to a criminal scheme which saw North Korean IT workers employed remotely by hundreds of US companies. Christian Marie Chapman, of Litchfield Park, Arizona, is said to have helped generate over US $17 million for North Korea after over 300 US companies unwittingly hired staff believing them to be US citizens. Chapman was arrested in May 2024, and charged alongside Ukrainian Oleksandr Didenko (27), for helping three unidentified foreign nationals, in a sophisticated fraud scheme that saw skilled IT workers from North Korea and elsewhere secure remote IT positions within US businesses.
Financially motivated hackers are helping their espionage counterparts and vice versa
There’s a growing collaboration between hacking groups engaging in espionage on behalf of nation-states and those seeking financial gains through ransomware and other forms of cybercrime, researchers noted this week. There has always been some level of overlap between these two groups, but it has become more pronounced in recent years. On Tuesday, the Google-owned Mandiant security firm said the uptick comes amid tighter purse strings and as a means for concealing nation-state-sponsored espionage by making it blend in with financially motivated cyberattacks.
Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Attackers are finding more and more ways to post malicious projects to Hugging Face and other repositories for open source artificial intelligence (AI) models, while dodging the sites’ security checks. The escalating problem underscores the need for companies pursuing internal AI projects to have robust mechanisms to detect security flaws and malicious code within their supply chains. Hugging Face’s automated checks, for example, recently failed to detect malicious code in two AI models hosted on the repository, according to a Feb. 3 analysis published by software supply chain security firm ReversingLabs. The threat actor used a common vector — data files using the Pickle format — with a new technique, dubbed “NullifAI,” to evade detection.
