Critical

China, India-Linked Hackers Both Targeted Same Pakistani Police Force

SecurityWeek
Actively Exploited

Overview

Recent research by SentinelOne reveals that both Chinese and Indian hackers have been targeting the Balochistan Police force in Pakistan for at least two years. This dual approach from rival nations highlights a significant cybersecurity concern for the police, which is responsible for maintaining law and order in a volatile region. The attacks may be aimed at gathering intelligence or disrupting operations, raising alarms about the security of sensitive information within the police force. As the geopolitical tensions between China and India persist, such cyber operations could escalate, posing further risks to national security and public safety in Pakistan. It is crucial for the Balochistan Police to enhance their cybersecurity measures to protect against these persistent threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Balochistan Police force
  • Action Required: Enhance cybersecurity measures, conduct regular security audits, implement intrusion detection systems, and provide cybersecurity training for staff.
  • Timeline: Ongoing since at least 2021

Original Article Summary

Both foes and allies have targeted the Balochistan Police force in Pakistan for at least two years, according to SentinelOne. The post China, India-Linked Hackers Both Targeted Same Pakistani Police Force appeared first on SecurityWeek.

Impact

Balochistan Police force

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since at least 2021

Remediation

Enhance cybersecurity measures, conduct regular security audits, implement intrusion detection systems, and provide cybersecurity training for staff.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to SentinelOne.

Related Coverage

The Replicant in Your Directory: AI Agents and the Identity Security Gap

BleepingComputer

The article discusses how the rise of AI agents is leading to an increase in non-human identities within organizations, complicating the management of identity security. As these AI agents proliferate, companies struggle to track what identities exist, who controls them, and what access privileges they have. This growing complexity creates a larger attack surface for cybercriminals, making it essential for organizations to enhance their visibility and governance over identity management. Failing to do so could leave companies vulnerable to unauthorized access and data breaches. The piece emphasizes the need for stronger identity governance measures as AI continues to evolve and integrate into business operations.

Jul 10, 2026

Anthropic and OpenAI Security Tools Could Fuel Cyber-Attacks, Researchers Warn

Infosecurity Magazine

Researchers at the AI Now Institute have created a proof-of-concept exploit that demonstrates how popular AI tools designed for security could be misused to launch cyber-attacks. These tools, often employed to enhance cybersecurity measures, might inadvertently provide attackers with new methods to bypass defenses. The study raises concerns about the dual-use nature of artificial intelligence in cybersecurity, where the same technologies that protect systems can also be exploited for malicious purposes. This finding is significant as it highlights the need for developers and companies to consider the potential for misuse when creating and implementing AI security tools. As AI continues to integrate into security practices, awareness and proactive measures are crucial to prevent potential exploitation.

Jul 10, 2026

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

The Hacker News

A new remote access trojan (RAT) named MODBEACON has been linked to the Chinese cybercrime group Silver Fox. This malware, which is built using the Rust programming language, employs gRPC streaming for its command-and-control (C2) traffic, making it more challenging to detect and analyze. Researchers from QiAnXin noted that while the group may seem low-tech, they are actively using SEO poisoning techniques to distribute malicious software through fake installers. This development is concerning as it indicates a shift towards more sophisticated methods of malware distribution, potentially impacting users who unknowingly download compromised software. Organizations and individuals should be cautious of suspicious downloads and ensure they have strong cybersecurity measures in place.

Jul 10, 2026

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

The Hacker News

A flaw known as XRING has been discovered in XQUIC, Alibaba's library for QUIC and HTTP/3. This vulnerability allows any remote client to crash servers using a simple sequence of legal traffic, requiring no authentication or malformed packets. The issue stems from a single incorrect variable in the code, and it takes only about 260 bytes of standard QPACK traffic to trigger the crash. As of now, there is no patch available to fix this problem. Researchers have flagged this vulnerability as a significant risk, especially for servers relying on XQUIC for HTTP/3 communication, as it could lead to downtime and service disruption.

Jul 10, 2026

Zimbra urges customers to patch critical web client XSS flaw

BleepingComputer

Zimbra has issued a warning to its customers regarding a serious vulnerability in the Classic Web Client of the Zimbra Collaboration suite. This flaw allows for cross-site scripting (XSS) attacks, which could enable attackers to execute malicious scripts in the context of a user's browser. As a result, users' sensitive information could be compromised. The company is urging all users to apply the necessary patches to protect their systems. This vulnerability is particularly concerning for organizations that rely on Zimbra for communication and collaboration, as it could lead to significant security breaches if left unaddressed.

Jul 10, 2026

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

The Hacker News

A recently exposed hacker server has revealed the inner workings of a cybercrime operation known as WP-SHELLSTORM, which has targeted over 1.4 million WordPress sites. Although not all the sites were successfully hacked, the exposed data included hacking tools, activity logs, and a list of potential targets. The operation highlights how attackers can orchestrate mass website breaches, raising concerns about the security of WordPress sites. Website owners need to ensure their systems are secure to prevent unauthorized access and potential data breaches. This incident serves as a reminder of the ongoing vulnerabilities within popular content management systems like WordPress.

Jul 10, 2026