UNIT 31

We found a 1-click RCE chain on a ship's navigation system. We published 4 CVEs. Zero authentication required. Full control over autopilot, AIS, GPS, and engine systems. 700+ vessels exposed on the internet. Many with no authentication at all. UNIT 13 discovered this during a maritime penetration test and worked with the SignalK team on responsible disclosure. Patches are live, but the attack chain shows how quickly "minor" bugs become critical when they're on safety-critical infrastructure. This discovery and analysis were led by Unit 13’s Tasos Meletlidis, who identified the issue, validated the attack path, and turned it into a clear, technical write-up for defenders. The full technical breakdown—code analysis, 6 exploitation methods, and attack flow—is now on our blog. If you're running SignalK Server: update to v2.19.1 immediately. Read the complete research: https://lnkd.in/digqP99U #maritimesecurity #Unit13 #vulnerabilityresearch #ThreatScene

What does it take to defend a nation against modern cyber threats? Every year, the Hellenic National Defence General Staff (ΓΕΕΘΑ) brings that question to life through PANOPTIS, Greece’s flagship national cyber defence exercise. #PANOPTIS is not just another drill. It brings together hundreds of cybersecurity professionals from defence units, the public sector, academia, and industry to test national readiness against real attack scenarios that simulate the complexity of today’s threat landscape. This year, ThreatScene was honoured to contribute. We were invited to design and deliver a full maritime OT cyber incident scenario for the exercise. And we did it pro bono, as part of our commitment to supporting Greece’s cyber defence ecosystem with specialised knowledge and real-world expertise. Here is what our scenario challenged participants to handle: ↳ Initial compromise: A malicious USB device infected the workstation of a frigate’s control-room operator, installing malware quietly and establishing hidden access. ↳ Intrusion and escalation: Attackers used the backdoor to take control of the administrator’s machine, escalate privileges, and scan for targets inside the OT network. ↳ Targeted OT attack: The adversaries reached the ship’s pump-control systems, causing operational disruption and prompting the crew to detect anomalies under pressure. ↳ Investigation and recovery: Teams analysed logs, traced attacker movement across OT-connected systems, identified techniques and tools, assessed operational impact, and prioritised the restoration of safe function. Scenarios like this are difficult. But they are essential. They build national resilience in environments where a single compromised device can jeopardise safety, operations, and human lives. Why PANOPTIS matters, now more than ever: ↳ National exercises reveal real gaps and strengthen response capabilities. ↳ They help operators and engineers understand the true behaviour of OT-focused adversaries. ↳ They ensure that when an attack comes, Greece has trained teams ready to respond with precision. We are proud to have contributed to PANOPTIS 2025. Proud to see #ΓΕΕΘΑ lead initiatives of such scale and significance. And proud to support our country with the same dedication we bring to every critical engagement. A stronger national cyber defence requires realistic training. And ThreatScene will continue to contribute wherever we can. #CyberSecurity #OTSecurity #MaritimeSecurity #ThreatScene #NationalDefense #PANOPTIS2025

Most cyberattacks don’t start with malware. They start with a message. The latest edition of The Threat Brief dives deep into Social Engineering 2025: The Hidden Breach Behind Every Breach. We explore how attackers now use AI, human trust, and real-time manipulation to bypass even the strongest defences. Inside this issue: • How social engineering tactics have evolved in 2025 • Why AI-powered deception makes fraud harder to detect • The top human and process gaps attackers exploit • A 30-day practical action plan for leaders to strengthen controls 👉 Explore the full report and see why every major breach today starts with a conversation, not a code exploit. #CyberSecurity #ThreatScene #TheThreatBrief #SocialEngineering

Meet Giorgos Gavriiloglou When an incident strikes, minutes decide the outcome. That’s where Giorgos comes in. As our new Incident Response Manager at UNIT 31, he brings years of experience leading SOCs, managing crises, and building response playbooks that turn chaos into order. At ThreatScene, Giorgos will: - Lead and mentor our incident response team - Guide organisations through the critical first hours of an incident, from first alert to complete recovery - Bridge technical teams and executives with clear, actionable communication - Advise clients on remediation and resilience strategies - Innovate processes that raise response speed and maturity Giorgos knows what it means to face high-stakes intrusions and to guide organisations safely through them. We’re proud to strengthen Unit 31 with his expertise. Welcome to ThreatScene, Giorgo. #ThreatScene #Unit31 #IncidentResponse #CyberSecurity #Resilience #BlueTeam