Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA

There is a temporary lull in Russia's hybrid war against Ukraine, but both fire and cyber operations continue. The US is providing cyber assistance to Ukraine in its fight against Russia. A recent report by Symantec reveals that the Chinese APT group Cicada has widened its targeting in recent espionage activities. Phony e-commerce sites are using Android malware to steal banking credentials. The Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its exploited catalog, including the Spring4Shell vulnerability and Apple zero-days. The US Treasury has sanctioned Russia-based Hydra, the world's largest darknet market, and ransomware-enabling virtual currency exchange Garantex. A list of the most common passwords for 2022 has been released, with "123456" being the most popular. Experts warn that using such easily guessable passwords can lead to security breaches.