A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers.
In total, the crew compromised at least 70 organizations, and maintained access to several of these for months.
“While this group might be pursuing espionage objectives, its methods, targets and scale of operations are alarming, with potential long-term consequences for national security and key services,” Palo Alto Networks’ Unit 42 cyber sleuths said in research published on Wednesday.
Successful break-ins included five national police or border control entities, one nation’s parliament, a senior elected official, and national telecommunications companies. The spies also broke into systems belonging to three ministries of finance and other government agencies.
“Palo Alto Networks Unit 42 confirmed that the threat actor successfully accessed and exfiltrated sensitive data from victim email servers,” Unit 42 Director of National Security Programs Pete Renals told The Register. “This included financial negotiations and contracts, banking and account information, and critical military-related operational updates.”
Renals said the cyber investigation team is not attributing the digital intrusions to a specific Asian country.
The Cybersecurity and Infrastructure Security Agency is aware of the hacking group identified as TGR-STA-1030 by Palo Alto Networks
Unit 42 tracks the new group as TGR-STA-1030, and said they also observed the spies conducting “active reconnaissance” against 155 governments across the Americas, Europe, Asia, and Africa between November and December 2025. The researchers also documented a “concerted focus” on Germany in July 2025, during which the snoops initiated connections to over 490 IP addresses hosting government infrastructure.
While Renals declined to provide details about specific reconnaissance targets in the US, “more broadly across the board, we saw the actor routinely focus on ministries of finance, economy, defense, foreign affairs and commerce,” he said.
The FBI did not respond to our requests for comment, but the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that it is also tracking this cyber-espionage crew.
“The Cybersecurity and Infrastructure Security Agency is aware of the hacking group identified as TGR-STA-1030 by Palo Alto Networks,” a CISA spokesperson told The Register. “We are working with our government, industry, and international partners to rapidly detect and mitigate any exploitation of the vulnerabilities identified in the report.”
The cyberspies use phishing emails and known vulnerabilities in Microsoft Exchange, SAP, and Atlassian products to gain initial access to victim organizations.
In February 2025, Unit 42 spotted phishing campaigns targeting European governments and using lures related to ministry or department reorganization that included links to malicious files hosted on mega[.]nz. The threat hunters note that one Estonian government entity also observed this campaign and uploaded a related ZIP archive to VirusTotal’s malware repository.
The Estonian filename translates to “Changes to the organizational structure of the Police and Border Guard Board.”
Unit 42 analyzed the archive’s contents and found it contained a malware loader with the original name “DiaoYu.exe.” This translates to fishing – or phishing in this context. While most loaders check for dozens of antivirus products, this one only checks for five: Kaspersky, Avira, Bitdefender, SentinelOne, and Symantec.
This gives the malware a minimal code footprint and could be a means to help it avoid being detected by security filters.
The investigation also uncovered a new Linux kernel rootkit called ShadowGuard, believed to be unique to this particular nation-state group. It’s a stealthy Extended Berkeley Packet Filter (eBPF) backdoor that hides process information, directories, and files at the kernel level, which makes it very difficult to detect.
TGR-STA-1030 also used real-world geopolitical events in its campaigns, including the US government shutdown that began in October 2025 – during which Unit 42 observed the spies scanning government infrastructure across North, Central, and South America.
In another case, the researchers say in August 2025, Czech President Petr Pavel privately met with the Dalai Lama during a trip to India, and in the following weeks, the snoop crew began scanning Czech infrastructure across the army, police, parliament, and ministries of interior, finance, and foreign affairs.
Additionally, soon after January 3, when an American military operation captured Venezuelan President Nicolás Maduro and his wife, the snoops conducted “extensive reconnaissance activities targeting at least 140 government-owned IP addresses,” according to Unit 42.
This new nation-state group “remains an active threat to government and critical infrastructure worldwide,” the researchers said. ®
The Oregon supreme court has ruled that a large number of criminal cases across the state must be dismissed due to a severe shortage of public defenders, a major decision that attorneys say will impact more than 1,400 pending cases.
The problem has been years in the making and has become a significant constitutional crisis, as people charged with crimes are routinely unable to fight their cases as they wait weeks, months or sometimes years for the state to appoint them lawyers. The attorney shortage – due in part to the increasing difficulty of recruiting attorneys for the low-salary, high-caseload jobs – has meant that people have had cases hanging over them for extended periods of time, impacting their housing, employment and families, advocates say.
Oregon’s highest court ruled on Thursday that dismissals are required if the state has failed to provide counsel within 60 days after arraignment for a misdemeanor and within 90 days for a felony. State data on unrepresented defendants showed that as of this week, more than 1,400 active cases fall in that category, including hundreds of people who have been waiting more than a year for an attorney.
The ruling dictates that the cases be dismissed without prejudice, meaning prosecutors can re-file charges. The court said charges can be brought again “when the state is able to provide the counsel to which a defendant is entitled”. The ruling also said dismissal isn’t required if during the 60- or 90-day period the defendant failed to appear in court for a required hearing.
The case originated with a man named Allen Rex Roberts, who was charged with unauthorized use of a vehicle and possession of a stolen car in August 2021. The charges were dismissed in October 2022 because of the state’s failure to appoint him a lawyer, but in April 2024, prosecutors re-indicted Roberts on the same charges. For the next year, Roberts repeatedly returned to court for hearings where he was supposed to be appointed counsel, but each time no attorney was available. Eventually, his case was again dismissed due to a lack of attorneys.
The right to counsel is enshrined in the Oregon and US constitutions, and the shortage of attorneys has led to mass violations of those fundamental rights and pushed the criminal legal system to the brink, advocates say. The vast majority of defendants in the state are indigent and cannot afford a private attorney.
“Many folks who are eligible for dismissal after the court’s opinion today have been facing the criminal justice system without assistance for months or years,” said Jessica Snyder, a lawyer who co-wrote an amicus brief in the case on behalf of the federal public defenders in Oregon. “The harm is great. It has led to individuals losing their housing, losing contact with their children because of no-contact orders, [and] losing the opportunity to preserve evidence in their criminal case.”
Some defendants would have been able to quickly resolve their cases if they simply could afford a private attorney, Snyder noted.
“The toll is also psychological. A lot of clients talked about the despair they felt coming back to court over and over again without someone to help them, how confused they felt, how the court wouldn’t listen to their concerns or prosecutors wouldn’t help them navigate the system,” said Snyder.
A previous court ruling dictated that the state must release defendants from jail within seven days of appearing in court if they aren’t appointed an attorney. That means the more than 1,400 cases impacted by Thursday’s ruling mostly involve defendants who are already out of custody.
The attorney shortage is a systemic and statewide problem in Oregon, and the causes are complex, with criminal defense lawyers noting the state has long underfunded public defense, leaving few public defenders overwhelmed with massive caseloads. A backlog of cases during the pandemic and increasing time required to review materials like body-camera footage and digital evidence has further strained the system, advocates say.
Nadia Dahab, a Portland-based attorney who argued the Roberts case, said she hoped the ruling would force the state to pursue a “solution that recognizes the importance of access to counsel for people charged with a crime and allocates the resources necessary to make sure the public defense system adequately protects them”.
“Roberts,” she added, “is one of thousands, and the harms he suffered through the arrest warrant when the state recharged him and through the impact of having to take off work to go to court every month – those are very exemplary of what lots of others are facing.”
Oregon’s department of justice had argued against blanket dismissals in the Roberts case.
Dan Rayfield, the state attorney general, said in a statement on Thursday that the state’s legislature had stepped up to increase investments, and, he said, “Oregonians deserve solutions”. He continued: ‘Too many are being left without legal representation – some sitting in jail, others stuck in limbo outside of custody, unable to move their cases forward. That is not acceptable for public safety.”
Rayfield said the state respects the supreme court’s decision to “set clear limits on how long someone can go without counsel” and he expected the Oregon Public Defense Commission (OPDC), the agency that oversees the public defense system, to meet the standards established by the court and “take responsibility for ensuring people are represented”.
The OPDC said in a statement it was assessing the decision and that the commission had made progress in reducing the number of unrepresented individuals and would “continue to address the crisis with urgency and transparency”. The statement noted that there were 2,494 people without an attorney at the end of January, down 37% from the year prior.
“We will collaborate with our partners in the criminal justice community to respond to this ruling and build on this progress while protecting defendants’ rights and public safety,” the statement said.
The public defender crisis was exacerbated last year as Oregon abandoned a policy effort to decriminalize drugs, leading to a surge in arrests for possession that further burdened attorneys and clogged up the courts.
The Metropolitan Public Defenders, which represents indigent defendants in Portland and the surrounding region, said in a statement that increasing the number of public defenders alone would not solve the crisis, and urged for more reforms that would reduce the volume of cases in the system: “Oregon needs more community-based resources, and the system needs more … alternatives to prosecution and incarceration.”
Image:Nancy Guthrie needs daily medication and has a pacemaker. Pic: Pima County Sheriff
Blood belonging to Ms Guthrie – whose daughter Savannah Guthrie is co-anchor of the Today show – was found in the porch area.
Her family have released a video pleading with whoever might have her to get in touch and provide proof she is alive.
The FBI said on Thursday that no further contact had been made since the ransom note was sent – as it also announced a $50,000 (£37,000) reward.
Local sheriff Chris Nanos told reporters the case was being treated as kidnapping but said they hadn’t yet identified any suspects.
However, he said he believes Ms Guthrie – who needs daily medication – “is still out there”.
There were several cameras at her home including a doorbell cam, and one detected movement at 2.12am, but the sheriff said they hadn’t been able to retrieve the footage.
Image:Ms Guthrie disappeared from her home in Tuscon. Pic: Reuters
Ms Guthrie’s pacemaker app also disconnected from her phone at 2.28am, the sheriff added.
The ransom note gave a 5pm deadline (midnight UK time) on Thursday for payment to be made, and a second deadline on Monday, said lead FBI agent Heith Janke.
Mr Janke urged the perpetrator to change course and let Ms Guthrie go.
“This is an 84-year-old grandma that needs vital medication for her well-being. You still have the time to do the right thing before this becomes a much worse scenario for you. Please return Nancy home,” he urged.
Image:Pima County Sheriff Chris Nanos said there are no suspects so far. Pic: Reuters
‘We need to know she’s alive’
The huge publicity over the case in the US has also caught Donald Trump’s attention.
The president said on Truth Social that he had spoken to Savannah Guthrie and directed all federal law enforcement to be available.
NBC host’s emotional plea to mum’s kidnapper
The Guthrie family’s video, recorded with FBI assistance, spoke directly to the kidnapper.
It urged: “We are ready to talk… We need to know without a doubt that she is alive and that you have her. We want to hear from you, and we are ready to listen. Please reach out to us.”
Spotify
This content is provided by Spotify, which may be using cookies and other technologies.
To show you this content, we need your permission to use cookies.
You can use the buttons below to amend your preferences to enable Spotify cookies or to allow those cookies just once.
You can change your settings at any time via the Privacy Options.
Unfortunately we have been unable to verify if you have consented to Spotify cookies.
To view this content you can use the button below to allow Spotify cookies for this session only.
Flanked by her sister and brother, a tearful Savannah Guthrie added: “Her health, her heart, is fragile. She lives in constant pain. She is without any medicine. She needs it to survive, she needs it not to suffer.
“Mummy, if you are hearing this, you are a strong woman. You are God’s precious daughter.”
The amount demanded in the note has not been disclosed and FBI agent Mr Janke said any decision on whether to pay is “ultimately decided by the family”.
He added that agents had also arrested a “total imposter” on Thursday morning who had sent a ransom note and was looking to profit from the case.
Domestic partners using chemical and biological toxins to harm or kill victims has increased over the past five years, according to a new Department of Homeland Security (DHS) intelligence bulletin distributed to law enforcement and public safety partners.
The January assessment, prepared by the DHS Intelligence Division within the Countering Weapons of Mass Destruction Office, identifies the worrying trend which officials say makes it challenging for detection, investigation and prosecution because symptoms can mimic natural illness.
DHS said in the bulletin that it has “moderate confidence” that domestic partners are increasingly using chemical and biological toxins — including cyanide and ricin — to harm or kill spouses or partners, based on reporting over the last five years.
The judgment is supported by law enforcement reporting, medical facility data and documented cases spanning multiple states and years.
Chemical and biological toxins used by domestic partners to harm or kill victims have increased over the past five years, according to a DHS bulletin.(iStock)
“These cases often initially present as natural illness,” the report states, noting that many toxins cause delayed or nonspecific symptoms that complicate medical diagnosis and can obscure criminal intent, delaying intervention and increasing the risk of serious harm or death.
The intelligence bulletin also highlights recent incidents showing the threat posed by the domestic use of chemical and biological toxins.
In one example, a Colorado dentist was convicted of first-degree murder after gradually poisoning his wife with a mix of arsenic, cyanide and tetrahydrozoline, a medication commonly found in eye drops.
Arsenic was added to his wife’s protein shakes. She went to the hospital three times in 10 days with symptoms including dizziness and headaches before her condition deteriorated and she died.
Antifreeze, fentanyl, insulin and cyanide are among the substances chosen for accessibility and ability to mimic natural illness, officials said.
Police reported that the dentist purchased a variety of poisons prior to her death.
The document states that similar incidents involving toxic substances in domestic settings have been reported in other states, underscoring persistent public safety risks and challenges for first responders.
According to DHS, domestic partner attacks involving chemical or biological toxins show a pattern in the choice of substances used to harm victims.
Substances used most include antifreeze, eye drops containing tetrahydrozoline, fentanyl, cyanide, thallium, colchicine, veterinary barbiturates and insulin.
There’s been an increase in domestic partners using chemical and biological toxins to harm or kill their significant others in recent years, according to DHS officials.(NYC Special Narcotics Prosecutor’s Office and Celal Gunes/Anadolu Agency via Getty Images)
The bulletin also says these are often chosen for their accessibility and their ability to mimic natural illness, complicating detection and investigation.
The report also warns that the intentional or accidental use of chemical or biological toxins in homes or public spaces can pose risks beyond the intended target.
Poisons and toxic agents may contaminate air, surfaces or water, exposing children, neighbors, bystanders and first responders to secondary harm.
Emergency personnel may unknowingly enter contaminated environments without proper protective equipment, increasing the risk of secondary exposure and hindering response and investigation efforts.
“If the trend of using chemical or biological toxins to kill or harm continues, we may see an increase in fatalities and long-term health consequences for survivors,” the bulletin states, adding that demand for specialized training, equipment and forensic expertise is likely to grow.
DHS has called for increased coordination, awareness and improved detection and response capabilities to address this evolving form of domestic partner violence.
Emma Bussey is a breaking news writer for Fox News Digital. Before joining Fox, she worked at The Telegraph with the U.S. overnight team, across desks including foreign, politics, news, sport and culture.
One of Australia’s most notorious crime figures has had his final drug conviction charge withdrawn after a lengthy court battle, AAP reports.
Tony Mokbel, 60, will walk from Melbourne’s supreme court on Friday a free man after a lengthy battle to overturn his drug convictions in the aftermath of the Lawyer X scandal.
He won his appeal last year, with judges ordering he face a re-trial over alleged offending in 2005, dubbed the Orbital charge and relating to alleged MDMA trafficking.
Tony Mokbel leaves the supreme court of Victoria in Melbourne. Photograph: Joel Carrett/AAP
Mokbel argued his drug convictions were tainted as he was represented by barrister-turned-informer Nicola Gobbo, known as Lawyer X.
A judicial registrar urged prosecutors to progress their case at a directions hearing in December, and decide whether to order a re-trial for the charge or dismiss it all together.
On Friday, prosecutor David Glynn announced the case against him would be discontinued.
Mokbel is expected to walk out of court to awaiting media shortly.
Key events
Josh Taylor
Nearly half of Roblox users go through age checks
Gaming platform Roblox says over 45% of its 144m global daily active users have completed an age check on the platform, with 60% of users in Australia, New Zealand and the Netherlands going through the checks since the platform began implementing age assurance late last year.
The shift to age checks came after a Guardian Australia investigation documented a week of virtual sexual harassment and violence on Roblox experienced by a user with a profile set up as an eight-year-old.
Photograph: Ramil Sitdikov/Reuters
The checks launched in Australia, NZ and the Netherlands in December, and globally in January. Once an age check is done, users are be assigned to one of six age groups – under 9, 9-12, 13-15, 16-17, 18-20 or 21+.
Those who do not go through age checks can still use the platform, but cannot use features such as chat.
Roblox said on Friday its age checks revealed the ages of its user base to be:
Under 13: 35% Ages 13-17: 38% Ages 18+: 27%
Jonathan Barrett
News Corp offsets advertising hit with higher prices
News Corp’s global stable of mastheads have suffered a hit to their advertising, with revenue falling $US13m during the last financial quarter, according to earnings released in the US.
The division, which includes the Australian, the Daily Telegraph and the Herald Sun as well as mastheads in the US and UK, was able to partially offset the weak global advertising conditions by raising subscription and cover prices.
The overall business, however, was once again lifted higher by the strong performance of REA Group, the owner of realestate.com.au.
Photograph: Bloomberg/Getty Images
The Murdoch family-controlled company has a majority stake in REA, which has benefited from continued strength in Australian property listings, and the ability of the portal to charge premium prices due to its market dominance.
News Corp reported US$2.36bn in overall revenue during the December quarter, up 6% from a year earlier, with strong contributions from the digital real estate portal, book publishing units and Dow Jones information unit.
Its Australian chief executive, Robert Thomson, released an upbeat assessment of the potential for more revenue deals with artificial intelligence firms.
He said:
What is the point of acquiring cutting-edge semiconductors if they are being deployed to repurpose gormless, factless, feckless content sets?
We do believe an increasing number of insightful companies understand this content contradiction and will indeed pay a premium for our premium content.
News Corp reported an increase in digital subscriptions for its Australian mastheads, rising from 979,000 to 999,000 over the past year, according to internal figures.
Tony Mokbel clears final legal hurdle
One of Australia’s most notorious crime figures has had his final drug conviction charge withdrawn after a lengthy court battle, AAP reports.
Tony Mokbel, 60, will walk from Melbourne’s supreme court on Friday a free man after a lengthy battle to overturn his drug convictions in the aftermath of the Lawyer X scandal.
He won his appeal last year, with judges ordering he face a re-trial over alleged offending in 2005, dubbed the Orbital charge and relating to alleged MDMA trafficking.
Tony Mokbel leaves the supreme court of Victoria in Melbourne. Photograph: Joel Carrett/AAP
Mokbel argued his drug convictions were tainted as he was represented by barrister-turned-informer Nicola Gobbo, known as Lawyer X.
A judicial registrar urged prosecutors to progress their case at a directions hearing in December, and decide whether to order a re-trial for the charge or dismiss it all together.
On Friday, prosecutor David Glynn announced the case against him would be discontinued.
Mokbel is expected to walk out of court to awaiting media shortly.
Rideshare driver in court over allegations of sexual assaulting passenger
A rideshare driver will face court after allegedly sexually assaulting a woman during a short early morning trip, AAP reports.
Police said the woman got into the rideshare vehicle in the inner-Melbourne suburb of Collingwood about 5am on 25 January.
The driver, a 44-year-old man, allegedly sexually assaulted her before dropping her at South Yarra, a short distance away. The woman, who has not been identified, reported the matter at a police station.
Detectives arrested the driver on Thursday and charged him with one count of rape and two counts of sexual assault.
Queensland man charged over alleged threats to federal parliamentarians
The Australian federal police (AFP) said the man, 39, allegedly posted the threatening messages on the social media site X in December. Officers executed a search warrant at a unit in Woodridge that month, seizing swords, axes and electronic files.
Police will allege in court they found records of the threats on social media on the man’s mobile phone and desktop computer.
He has been charged with one count of using a carriage service to menace, harass or cause offense, which carries a maximum penalty of five years in jail.
He was granted conditional bail and will appear in court later today.
49ers will face Rams in historic NFL showdown in Melbourne
The first ever regular-season NFL clash to be held in Australia is on its way to the Melbourne Cricket Ground this year, and will feature a historic clash between the San Francisco 49ers and Los Angeles Rams, AAP reports.
The NFL announced on Thursday the MCG would host one of nine international games in 2026 across four continents, seven countries and eight stadiums, with Melbourne joining London (three games), Mexico City, Rio de Janeiro, Munich, Madrid and Paris as hosts.
The NFL said the match, the date and time of which has yet to be announced, would be staged in partnership with the Victorian state government and Visit Victoria.
It was already known that the two-time Super Bowl winners, the Rams, would be the home team for the Melbourne clash, but the 49ers are also another storied franchise with five world championship triumphs to their name.
Andrew Messenger
Adani donated $600,000 to Liberal National party before 2024 state election using federal ‘loophole’
Adani donated more than $600,000 to the Liberal National party of Queensland before the 2024 state election, making it the party’s largest single federal donor.
But the donations were not disclosed for a year, with the Greens blaming a loophole in federal electoral funding laws that allowed it to not disclose it in real time.
Queensland law requires “real time disclosure” for state-level donations, typically within seven days, but as little as 24 hours for donations made in the week before election day.
The donations were disclosed through the Australian Electoral Commission on Monday 2 February 2026 – but not through the state-level disclosure system. They represent four of the top five largest donations to the party reported in the 2024-25 federal disclosures, behind only a $200,000 donation by the Morris Family Trust.
Greens state MP Michael Berkman said the party had “exploit[ed] a gaping loophole in our donation laws”.
Read more here:
NSW man charged after Nazi symbols allegedly displayed on bin
A NSW man has been charged after allegedly displaying Nazi symbols in the state’s Hunter region.
NSW police began an investigation on 31 January, following reports Nazi symbols were allegedly displayed on a council issued bin in Cessnock.
Following inquiries, a 44-year-old man was issued a notice to appear at court, for the charge of knowingly displaying by public act a Nazi symbol without excuse.
He is due to face Cessnock local court on 19 March.
Minister says everyone needs to be ‘vigilant’ about social cohesion after alleged bombing attempt in Perth
Malarndirri McCarthy, the minister for Indigenous Australians, said First Nations people have felt “very scared”, “angry” and a “bit confused” after an alleged attempted bombing at an Invasion Day protest in Perth.
Police charged a 31-year-old man with terrorism on Thursday over the alleged attempted bombing, accusing the man of accessing “pro-white” material online and claiming the actions were motivated by “hate and racism”.
McCarthy spoke to RN Breakfast, saying the whole country had work to do when it came to social cohesion, adding the episode could have received “far more attention” from the media and political leaders from other parties. She said:
Each and every one of us need to be vigilant about what we can do. … Every single one of us needs to be vigilant and also report what needs to be reported to authorities.
We are very conscious of the different views in Australia, but that’s what makes Australia a beautiful place. We can have different views, but we should show them respectfully and have those debates respectfully.
Malarndirri McCarthy. Photograph: Mick Tsikas/AAP
RBA governor to face questions from MPs after latest cash rate rise
The Reserve Bank governor will face renewed questioning over the role the federal government played in driving up inflation and forcing the central bank to lift mortgage rates for the first time in more than two years, AAP reports.
Michele Bullock, her deputy, Andrew Hauser, and other senior central bank officials will report to Parliament House in Canberra on Friday for their regular grilling by a committee of Labor, Liberal and crossbench MPs.
Since the Reserve Bank lifted the benchmark borrowing rate to 3.85% on Tuesday, opposition MPs have bombarded the treasurer, Jim Chalmers, with accusations rising government spending is at fault for the resurgence in inflation.
Health minister says surge in ebikes a ‘real emergency’
The health minister, Mark Butler, says the spate of dangerous ebike riding is a “real emergency” after a group of riders swarmed the Sydney Harbour Bridge during peak-hour traffic.
NSW police are investigating after about 40 people travelled along the bridge’s main deck, where cycling is prohibited, before turning around and riding through the Sydney CBD. No arrests or charges have been laid by police.
Butler spoke to Channel Seven’s Sunrise program this morning, saying:
This is a real emergency … This has got to be the subject of strong action by all governments. It’s one of those problems that really sort of creeped up during Covid and has just exploded.
People are talking to me about it all the time, it’s driving them absolutely to distraction.
He said having different laws in different states surrounding ebikes was a “real menace”, saying it was time to get “sensible” about this stuff.
The health minister, Mark Butler. Photograph: Hilary Wardhaugh/Getty Images
Albanese set to sign ‘watershed’ security treaty with Indonesia during visit to Jakarta
Anthony Albanese has flown to Jakarta where he will meet with the Indonesian president, Prabowo Subianto, to sign a “watershed” security treaty, AAP reports.
The details of the Australia-Indonesia Treaty on Common Security, announced last November, have remained largely hidden. Penny Wong is joining Albanese and will meet with her Indonesian counterpart, Sugiono, during the visit.
Anthony Albanese, left, walks with Indonesia’s minister of investment and downstreaming, Rosan Roeslani, in Jakarta. Photograph: Achmad Ibrahim/AP
Albanese’s trip will be his fifth as prime minister, and second since his re-election in 2025, opting to make Indonesia the first country he visited after retaining office.
“This treaty is a proud moment in the shared history of Australia and Indonesia,” the prime minister told parliament before his departure on Thursday.
It will ensure that we work together to shape a better future, securing our shared place in the world, so that we can secure the best outcome for those we serve here at home.
Australian Strategic Policy Institute senior analyst Gatra Priyandita said the agreement could be seen as a positive step in the context of the broader bilateral relationship.
Good morning
Good morning, and happy Friday. Nick Visser here to take you through the day’s news.
Australia will soon sign a “watershed” security pact with Indonesia, with the prime minister, Anthony Albanese, in Jakarta to meet with his Indonesian counterpart, Prabowo Subianto. Indonesia has long upheld a foreign policy of non-alignment to avoid being entangled in conflicts.
The Reserve Bank governor, Michelle Bullock, and her deputy will report to Parliament House today for their regular grilling from MPs. Bullock will face renewed questions over the role the federal government plays in inflation. The cash rate currently sits at 3.85% after a hike of .25 basis points.
A man was charged after allegedly displaying Nazi symbols in the Hunter region of NSW. Police officials said they began an investigation last month after reports the symbols were allegedly displayed on a council-issued bin in the area.
We’ll bring you developments throughout the day. Stick with us.
White House press secretary Karoline Leavitt said murders in major U.S. cities plunged to their lowest level since at least 1900 as federal arrests, gang takedowns and deportations surged under President Donald Trump’s promise to “restore law and order.”
Speaking to reporters at Thursday’s briefing, Leavitt said newly released data shows Trump is “delivering overwhelmingly on his promise.”
“A study from the Council on Criminal Justice (CCJ) shows that the murder rate across America’s largest cities plummeted in 2025 to its lowest level since at least 1900,” she said. “Let me repeat to put this in perspective, this marks the largest single-year drop in murders in recorded history.”
“This dramatic decline is what happens when a president secures the border, fully mobilizes federal law enforcement to arrest violent criminals and aggressively deport the worst of the worst illegal aliens from our country,” she added.
White House press secretary Karoline Leavitt says murders plunged to historic lows as Trump ramped up arrests, deportations and gang crackdowns, citing new crime data.(Getty Images)
According to the CCJ’s report, nationwide homicide data released later this year could show killings in 2025 falling to roughly 4.0 per 100,000 residents – the lowest rate ever recorded in law enforcement or public health data dating back to 1900 and the largest single-year percentage drop on record.
The report found homicides fell 21% from 2024 to 2025 in the 35 cities that reported data, amounting to 922 fewer killings. Thirty-one of those cities saw declines, with Denver, Washington, D.C., and Omaha, Nebraska, each posting drops of around 40%.
Other major crimes also fell sharply in the cities studied.
The White House says murders plunged to historic lows as Trump ramped up arrests, deportations and gang crackdowns, citing new crime data.(Alex Brandon/The Associated Press)
Robbery declined 23%, carjackings dropped 43% in cities that reported that data, aggravated assaults fell 9%, and motor vehicle theft decreased 27%.
CCJ cautioned that its findings are based on a limited group of cities and preliminary police data that could change, and said the report documents crime trends rather than proving that any single policy caused the declines.
“The numbers don’t lie,” Leavitt said. “Under President Trump in 2025, the FBI increased violent crime arrests by 100% compared to the prior year. The FBI also conducted more than 67,000 arrests from Inauguration Day 2025 to Jan. 20, 2026, which is 197% more arrests than the same period previously.”
She also highlighted a drop in crime in Washington, D.C., saying as of last week, homicides were down 62% and motor vehicle theft down 53%.
Leavitt argued that the drop in crime is the direct result of Trump’s leadership and willingness to empower law enforcement, rejecting media skepticism and saying rising violence under Democratic leadership was the product of deliberate policy choices.
“It’s a choice to put violent criminals ahead of innocent Americans, a choice to force us all to live in fear because of soft on crime, liberal politicians, prosecutors and judges who lack the basic willingness to do their jobs and put dangerous people behind bars,” Leavitt said.
Greg Wehner is a breaking news reporter for Fox News Digital.
Story tips and ideas can be sent to Greg.Wehner@Fox.com and on Twitter @GregWehner.
Spain’s Ministry of Science (Ministerio de Ciencia) announced a partial shutdown of its IT systems, affecting several citizen- and company-facing services.
Ministerio de Ciencia, Innovación y Universidades is the Spanish government body responsible for science policy, research, innovation, and higher education.
Among others, it maintains administrative systems used by researchers, universities, and students that handle high-value, sensitive information.
The Ministry stated that the decision was in reaction to a “technical incident,” but did not provide additional details. However, a threat actor is claiming an attack on the institution’s systems and published data samples as proof of the breach.
“As a result of a technical incident currently under assessment, the electronic headquarters of the Ministry of Science, Innovation and Universities has been partially closed,” reads an announcement on the main page of the ministry’s website.
“All ongoing administrative procedures are suspended, while safeguarding the rights and legitimate interests of all persons affected by this temporary closure.”
Notice on the Ministry’s website Source: BleepingComputer
To mitigate the impact of the disruption, the Ministry will extend all deadlines for affected procedures, in accordance with Article 32 of Law 39/2015.
A threat actor using the alias ‘GordonFreeman’ from the Half-Life game title offered to the highest bidder data allegedly stolen from the Spanish ministry.
The alleged hacker leaked on underground forums data samples that include personal records, email addresses, enrollment applications, and screenshots of documents and other official paperwork.
The threat actor states that they breached Spain’s Ministry of Science by exploiting a critical Insecure Direct Object Reference (IDOR) vulnerability that gave them valid credentials for “full- admin-level access.”
It’s worth noting that the forum where the information appeared is now offline, and the data has not appeared on alternative platforms yet.
The leaked images appear legitimate, although BleepingComputer has no way to confirm their authenticity or any of the attacker’s other claims. We have contacted Ministerio de Ciencia about these allegations, but a statement wasn’t immediately available.
Meanwhile, Spanish media outlets report that a ministry spokesperson confirmed that the IT systems disruption is related to a cyberattack.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
The 10th edition of the ICC Men’s Cricket World Cup will be held from Saturday to March 8 against a backdrop of a diplomatic standoff and rising tensions among South Asian neighbours.
The 30-day tournament will feature 55 matches across eight venues, five in India and three in Sri Lanka.
The T20 format is a fast form of cricket compared with One Day Internationals (ODIs). The teams have 20 overs per side with matches lasting about three to four hours. The format rewards power hitting and aggression, and momentum can change in a few deliveries.
Here is everything you need to know about the tournament:
Where are the games being played?
The tournament will open in Colombo, Sri Lanka, at the Sinhalese Sports Club Cricket Ground on Saturday with Pakistan taking on the Netherlands. The final is scheduled to be held at the Narendra Modi Stadium in Ahmedabad, India, on March 8.
Pakistan, who won the tournament in 2009, has asked the International Cricket Council (ICC) to play all its World Cup matches in Sri Lanka rather than in India, citing security concerns. This arrangement mirrors previous ICC decisions that allowed India to play matches hosted by Pakistan at neutral venues.
Other hosting cities include New Delhi, Mumbai, Chennai and Kolkata in India and Kandy in Sri Lanka.
(Al Jazeera)
Which teams have qualified?
Twenty teams will take part in the tournament:
Afghanistan
Australia – 2021 champions
Canada
England – 2010 and 2022 champions
India – 2007 and 2024 champions
Ireland
Italy – making their debut
Namibia
Nepal
Netherlands
New Zealand
Oman
Pakistan – 2009 champions
Scotland
South Africa
Sri Lanka – 2014 champions
United Arab Emirates
United States
West Indies – 2012 and 2016 champions
Zimbabwe
Notably missing from this list is Bangladesh, which was removed from the tournament after its cricket board, citing government security concerns about playing in India, requested that its matches be relocated. The ICC rejected the request and invited Scotland to replace them.
This will be the first time Bangladesh will miss a men’s T20 World Cup.
In protest, Pakistan’s government said it will not take the field against India in their scheduled Group A fixture on February 15.
The decision comes amid heightened tensions after Mohsin Naqvi, Pakistan’s interior minister and chairman of the Pakistan Cricket Board, accused India of involvement in attacks in Balochistan last week that, according to authorities, killed at least 31 civilians, 17 security personnel and 145 fighters.
(Al Jazeera)
Who are the previous winners?
India won the inaugural title in 2007, defeating Pakistan in South Africa.
In 2009, Pakistan won the title. England followed in 2010, and the West Indies emerged as the tournament’s first multiple winners after securing titles in 2012 and 2016.
Sri Lanka claimed the title in 2014 while Australia added their name to the list in 2021. England secured their second title in 2022 before India became a two-time champion with victory in 2024, joining the West Indies and England among the most successful teams in the competition’s history.
No team have won the trophy consecutively.
(Al Jazeera)
Match schedule
The 20 teams are split into four groups, and each team will compete against the others in their group for a total of 40 matches.
The top two teams from each group will progress to the Super 8 stage, where they will be split into two groups of four. The top two teams from each group will move on to the semifinals, leading to the final on March 8.
(Al Jazeera)
How much is the prize money?
The ICC has not yet revealed the prize money for the 2026 tournament, but in 2024, the ICC allocated a pool of $11.25m in prize money with the winners receiving $2.45m, the highest prize money in the tournament’s history.
Rohit Sharma of India lifts the ICC Men’s T20 Cricket World Cup trophy at the Kensington Oval on June 29, 2024, in Bridgetown, Barbados [Gareth Copley/Getty Images]
Two California teens were arrested in connection with an Arizona home invasion tied to a $66 million cryptocurrency plot that happened the same day Nancy Guthrie was last seen before disappearing from her Tucson home, about two hours away.
Authorities have not said if the two cases are connected in any way, but the cases do share some bizarre similarities.
The teens, who are not being identified by Fox News Digital because they are both under the age of 18, allegedly posed as delivery drivers to gain access to the Scottsdale home on Jan. 31 before forcing their way inside and duct-taping and assaulting two homeowners inside.
The teenagers had met recently and were extorted by individuals known only as “Red” and “8,” court documents state. They were allegedly sent from California with $1,000 to purchase supplies for disguises, restraints and burglary tools.
Two California teenagers who allegedly posed as delivery drivers conducted a home invasion in Arizona in an effort to steal $66 million in cryptocurrency, police said. (Getty Images)
During the home invasion, one of the victims denied having the cryptocurrency, authorities said. An adult son in the home was able to call police from another room. When officers arrived, the teenagers fled but were later caught and arrested.
One of the teen’s mothers contacted law authorities in California to report text messages on his phone discussing him dressing up in a delivery uniform and committing a burglary, court documents said. The messages contained a home address in Scottsdale, authorities said.
Authorities in California contacted the Scottsdale Police Department (SPD) to notify them of a possible burglary. The SPD received that information after the home invasions happened.
Both teens face several felony charges, including burglary, aggravated assault and kidnapping. They were reportedly in possession of a 3D-printed gun, though police said it contained no ammunition and its functionality remains unknown.
Savannah Guthrie and her mother Nancy Guthrie are pictured Thursday, June 15, 2023.(Nathan Congleton/NBC via Getty Images)
The home invasion happened in Scottsdale, located about two hours north of Tucson, where investigators are trying to piece together what happened to Nancy Guthrie, mother of ‘Today’ co-host Savannah Guthrie.
Nancy Guthrie, 84, was last seen at home at around 9:30 p.m. on Jan. 31, according to the Pima County Sheriff’s Department. Investigators believed Gutherie was kidnapped or abducted. Her blood was found on her porch during the investigation, authorities said Thursday.
TMZ reported receiving a possible ransom note that demanded millions of dollars in cryptocurrency be sent to a specific bitcoin address. The note allegedly contained a deadline. The note TMZ received reportedly contained “an element of ‘or else’.”
The note lists two deadlines, the latter of which TMZ said is “much more serious.” The first deadline was 5 p.m. Thursday, the FBI confirmed. The second deadline is Monday.
Australian-born presenter, Savannah Guthrie poses alongside her mother Nancy Guthrie during a production break whilst hosting NBC’s “Today Show” live from Australia at Sydney Opera House on May 4, 2015 in Sydney, Australia inset over a residential Tucson road on Feb. 4, 2025. (Don Arnold/WireImage; Michael Ruiz/Fox News Digital)
“TMZ Live” hosts Harvey Levin and Charles Latibeaudiere said the alleged ransom note was sent to their newsroom and lists demands that change with each deadline. The hosts noted something is “triggered” at each time limit.
Though TMZ did not specify what was in the letter, the outlet reported the second deadline is “much more serious.” The Guthrie family posted a video on social media Wednesday afternoon, about 24 hours before the first deadline, pleading with captors to communicate with them and ensure Nancy Guthrie’s safe return.
In addition, a California man is facing criminal charges after allegedly demanding bitcoin payments from the Guthrie family. Derrick Callella, 42, a resident of the Los Angeles suburb of Hawthorne, is charged with transmitting a ransom demand related to a kidnapped person, and anonymous interstate communications intended to harass or threaten.
Court documents allege a Tucson TV station received a ransom demand via its online tip portal on Monday requesting payment in bitcoin. After the family released a public plea video on Wednesday, Guthrie’s daughter and son-in-law each received texts demanding confirmation of payment, according to the criminal complaint.
Authorities claim the texts were traced to an email account belonging to Callella, and IP address records showed they were sent from his house. He allegedly admitted to investigators that he sent the texts and called the family to follow up, leading authorities to obtain an arrest warrant.
The earlier ransom note sent to the TV station has not been directly linked to the texts, according to court documents. Fox News Digital has reached out to the FBI and the Scottsdale Police Department.
Fox News Digital’s Adam Sabes and Michael Ruiz contributed to this report.
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the “Autonomous SOC” and suggested a future where algorithms replaced analysts.
That future has not arrived. We have not seen mass layoffs or empty security operations centers. We have instead seen the emergence of a practical reality. The deployment of AI in the SOC has not removed the human element. It has instead redefined how they are spending their time.
We now understand that the value of AI is not in replacing the operator. It is in solving the math problem of defense. Infrastructure complexity scales exponentially while headcount scales linearly. This mismatch previously forced teams to make statistical compromises and sample alerts rather than solving them. Agentic AI corrects this imbalance. It decouples investigation capacity from human availability and fundamentally alters the daily workflow of the security operations team.
Redefining Triage and Investigation: Automated Context at Scale
Alert triage currently functions as a filter. SOC analysts review basic telemetry to decide if an alert warrants a full investigation. This manual gatekeeping creates a bottleneck where low-fidelity signals are ignored to preserve bandwidth. Now imagine if an alert that comes in as low severity and is pushed down the priority queue ends up being a real threat. This is where missed alerts lead to breaches.
Agentic AI changes triage by adding a machine layer that investigates every alert, regardless of severity, with human-level accuracy before it reaches the analyst. It pulls disjointed telemetry from EDR, identity, email, cloud, SaaS, and network tools into a unified context. The system performs the initial analysis and correlation and redetermines the severity, instantly pushing that low-severity alert to the top. This enables the analyst to concentrate on detecting malicious actors concealed within the noise.
The human operator no longer spends time gathering IP reputation or verifying user locations. Their role shifts to reviewing the verdict provided by the system. This ensures that 100% of alerts receive a full investigation as soon as they arrive. Zero dwell time for every alert. The forced tradeoff of ignoring low-fidelity signals disappears because the cost of investigation is significantly lower with AI SOC agents.
Impact on Detection Engineering: Visualizing the Noise
Effective detection engineering requires feedback loops that manual SOCs struggle to provide. Analysts often close false positives without detailed documentation, which leaves detection engineers blind to which rules generate the most operational waste.
An AI-driven architecture creates a structured feedback loop for detection logic. Because the system investigates every alert, it aggregates data on which rules consistently produce false positives. It identifies specific detection logic that requires tuning and provides the evidence needed to modify it.
This visibility allows engineers to surgically prune noisy alerts. They can retire or adjust low-value rules based on empirical data rather than anecdotal complaints. The SOC becomes cleaner over time as the AI highlights exactly where the noise lives.
Threat hunting is often limited by the technical barrier of query languages. Analysts must translate a hypothesis into complex syntax like SPL or KQL. This friction reduces the frequency of proactive hunts.
AI removes this syntax barrier. It enables natural language interaction with security data. An analyst can ask semantic questions about the environment. A query such as “show me all lateral movement attempts from unmanaged devices in the last 24 hours” translates instantly into the necessary database queries.
This capability democratizes threat hunting. Senior analysts can execute complex hypotheses faster. Junior analysts can participate in hunting operations without needing years of query language experience. The focus remains on the investigative theory rather than the mechanics of data retrieval.
Why Organizations Choose Prophet Security
What we’ve found from Prophet Security customers is that successful deployment of Agentic AI in a live environment hinges on several critical standards: Depth, Accuracy, Transparency, Adaptability, and Workflow Integration. These are the foundational pillars essential for human operators to trust the AI system’s judgment and operationalize it. Without excelling in these areas, AI adoption will falter, as the human team will lack confidence in its verdicts.
Depth requires the system to replicate the cognitive workflow of a Tier 1-3 analyst. Basic automation checks a file hash and stops. Agentic AI must go further. It must pivot across identity providers, EDR, and network logs to build a complete picture. It must understand the nuance of internal business logic to investigate with the same breadth and rigor as a human expert.
Accuracy is the measure of utility. The system must reliably distinguish between benign administrative tasks and genuine threats. High fidelity ensures that analysts can rely on the system’s verdicts without constant re-verification. Not surprisingly, depth of investigation and accuracy go hand-in-hand. Prophet Security’s accuracy is consistently above 98%, including where it counts the most: identifying true positives.
Transparency and explainability are the ultimate test of trust. AI builds trust by providing transparency into its operations, detailing the queries run against data sources, the specific data retrieved, and the logical conclusions drawn. Prophet Security enforces a “Glass Box” standard that meticulously documents and exposes every query, data point, and logic step used to determine whether the alert is a true positive or benign.
Adaptability refers to how well the AI system ingests feedback and guidance, and other organizational-specific context to improve its accuracy. The AI system should effectively mold around your environment and its unique security needs and risk tolerance. Prophet Security has built a Guidance system that enables a human-on-the-loop model where analysts provide feedback and organizational context to customize the AI’s investigation and response logic to their needs.
Workflow Integration is crucial. Tools must not only integrate with your existing technology stack but also seamlessly fit into your current security operations workflows. A solution that demands a complete overhaul of existing systems or clashes with your established security tool implementation will be unusable from the start. Prophet Security understands this necessity, as the platform was developed by former SOC analysts from leading firms like Mandiant, Red Canary, and Expel. We’ve prioritized integration quality to ensure a seamless experience and immediate value for every security team.
To learn more about Prophet Security and see why teams trust Prophet AI to triage, investigate, and respond to all of their alerts, request a demo today.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
