Technology

Iran-linked hackers disrupt operations at US critical infrastructure sites

Source

Ars Technica

Published

Apr 8, 2026

TL;DR

AI Generated

Iran-linked hackers are disrupting operations at US critical infrastructure sites, targeting programmable logic controllers (PLCs) in various sectors like government services, waste water systems, and energy. The attacks have caused operational disruption and financial loss since at least March 2026. The hackers are focusing on PLCs made by Rockwell Automation/Allen-Bradley, with thousands of exposed devices identified in the US. The attacks are facilitated through a Windows engineering workstation running the Rockwell tool chain, posing a significant threat to industrial settings. Multiple government agencies have issued an urgent warning about this advanced persistent threat group's activities.

Read Full Article

Dozens of Red Hat packages backdoored through its official NPM channel

Red Hat's official NPM accounts were compromised, leading to the distribution of a malicious worm that steals sensitive credentials across machines. The attack targeted the @redhat-cloud-services channel, a trusted source for Red Hat packages, affecting over 30 packages. The malware collects credentials during the npm install process and spreads by republishing infected packages to other accounts. Organizations are advised to consider systems that installed the affected packages as potentially compromised, as the payload executes during installation, not runtime use. The malware encrypts and sends credentials through web requests, with a fallback option to publish data to compromised GitHub repositories.

Ars Technica•

2 days ago

Botnet of more than 17 million devices dismantled

Authorities in the Netherlands dismantled a botnet consisting of over 17 million devices managed by 200 servers, following a report from a security researcher. The botnet's host infrastructure was traced back to the Netherlands and was taken offline due to criminal activities. The botnet was associated with ASOCKS, a Russian company offering residential proxy services used for illicit purposes like DDoS attacks and phishing. The National Cyber Security Center confirmed the takedown, emphasizing the risks posed by residential proxies in cybercrime activities.

Ars Technica•

5 days ago

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

A developer added hidden instructions to a Java testing app, jqwik, to sabotage projects performed by AI coding agents, sparking controversy over "vibe coding." The update included a prompt injection that could potentially delete all jqwik tests and code without warning or opt-out. The addition exploited an AI attack that could lead to the deletion of work product by vulnerable coding agents. While some developers didn't object to excluding their apps from AI use, concerns were raised about the ethics and potential destructive impact of the hidden instructions. The aggressive nature of the probe and its potential consequences on human operators downstream were highlighted.

Ars Technica•

5 days ago

Websites have a new way to spy on visitors: Analyzing their SSD activity

Websites are now using a new technique called FROST to spy on visitors by analyzing their solid-state drive (SSD) activity, allowing them to monitor other sites the visitor is viewing and open apps on their devices. This technique exploits a side channel, measuring the timing of I/O operations on the SSD to determine open websites and apps without any interaction needed from the visitor. FROST operates exclusively in the browser using JavaScript to interact with the OPFS, a storage space allocated for a specific site. This method highlights the increasing attack surface of web browsers due to their evolution into complex platforms capable of running sophisticated applications.

Ars Technica•

6 days ago

Dozens of Red Hat packages backdoored through its official NPM channel

Ars Technica•

2 days ago

Botnet of more than 17 million devices dismantled

Ars Technica•

5 days ago

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Ars Technica•

5 days ago

Websites have a new way to spy on visitors: Analyzing their SSD activity

Ars Technica•

6 days ago

Iran-linked hackers disrupt operations at US critical infrastructure sites

TL;DR

Similar Articles

Dozens of Red Hat packages backdoored through its official NPM channel

Botnet of more than 17 million devices dismantled

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Websites have a new way to spy on visitors: Analyzing their SSD activity

We use cookies

Iran-linked hackers disrupt operations at US critical infrastructure sites

TL;DR

Similar Articles

Dozens of Red Hat packages backdoored through its official NPM channel

Botnet of more than 17 million devices dismantled

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Websites have a new way to spy on visitors: Analyzing their SSD activity