Train Hacker Arrested, PamDOORa Backdoor, New CISA Director Frontrunner

U.S. authorities have apprehended a suspect allegedly responsible for compromising rail signaling systems, marking a rare enforcement action against attacks on transportation networks. The individual's scheme involved exploiting insecure remote maintenance interfaces, raising concerns about the resilience of critical infrastructure against cyber‑physical threats.

Security researchers have uncovered a sophisticated backdoor, named PamDOORa, targeting Linux‑based servers commonly used in cloud and data‑center environments. The implant leverages a supply‑chain compromise of a widely‑used open‑source library to gain persistent, privileged access, enabling attackers to exfiltrate data or deploy additional payloads. Organizations are urged to audit their software dependencies and apply patches promptly.

In parallel, the White House released a directive urging federal agencies to implement a 72‑hour patch cycle for critical vulnerabilities, reflecting a shift toward faster remediation in the face of escalating exploits. Meanwhile, a newly identified malware family abuses the Windows Phone Link feature to intercept one‑time passwords (OTPs) sent via SMS, posing a risk to mobile‑centric authentication workflows.

Overseas, a state‑sponsored espionage campaign has been observed targeting the unmanned aerial vehicle (UAV) supply chain across Eurasian nations, seeking to harvest proprietary designs and flight control data. The operation, attributed to an advanced persistent threat (APT) group, underscores the strategic importance of aerospace assets. Amid these developments, sources close to the matter indicate that a former senior cyber official is the leading candidate to become the next Director of the Cybersecurity and Infrastructure Security Agency (CISA). The roundup draws on reporting from SecurityWeek.