Cybersecurity Center

Cybersecurity News

  • Enterprise Credentials at Risk – Same Old, Same Old? (Friday November 07, 2025)
    Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web (HackerNews)
  • Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts (Friday November 07, 2025)
    Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments. The approach is designed to tackle a common practice called review bombing, where online users intentionally post negative user reviews in an (HackerNews)
  • Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities (Friday November 07, 2025)
    Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex," said it does not attempt to hide its malicious functionality. The extension was uploaded on (HackerNews)
  • Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine (Thursday November 06, 2025)
    A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned. "InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link (HackerNews)
  • Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 (Thursday November 06, 2025)
    Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service (HackerNews)
  • From Tabletop to Turnkey: Building Cyber Resilience in Financial Services (Thursday November 06, 2025)
    Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in (HackerNews)
  • ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More (Thursday November 06, 2025)
    Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political leverage. (HackerNews)
  • Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response (Thursday November 06, 2025)
    Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative (HackerNews)
  • Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection (Thursday November 06, 2025)
    The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine. "This hidden environment, with its lightweight (HackerNews)
  • SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach (Thursday November 06, 2025)
    SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a (HackerNews)
  • Cloudflare Scrubs Aisuru Botnet from Top Domains List (Thursday November 06, 2025)
    For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru's overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company's domain name system (DNS) service. (KrebsOnSecurity)
  • Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly (Wednesday November 05, 2025)
    Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is written in VB Script and interacts with Gemini's API to request specific VBScript obfuscation and (HackerNews)
  • Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data (Wednesday November 05, 2025)
    Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI's GPT-4o and GPT-5 models. OpenAI has (HackerNews)
  • Securing the Open Android Ecosystem with Samsung Knox (Wednesday November 05, 2025)
    Raise your hand if you’ve heard the myth, “Android isn’t secure.” Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking its full potential. The truth is, with work happening everywhere, every device connected to your (HackerNews)
  • Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions (Wednesday November 05, 2025)
    A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the (HackerNews)
  • U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud (Wednesday November 05, 2025)
    The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of (HackerNews)
  • Why SOC Burnout Can Be Avoided: Practical Steps (Wednesday November 05, 2025)
    Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’t through working harder, but through working smarter, together. Here are three practical steps every SOC can (HackerNews)
  • CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence (Wednesday November 05, 2025)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to (HackerNews)
  • A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces (Tuesday November 04, 2025)
    The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators' (HackerNews)
  • European Authorities Dismantle €600 Million Crypto Fraud Network in Global Sweep (Tuesday November 04, 2025)
    Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on charges of involvement in (HackerNews)
  • Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks (Tuesday November 04, 2025)
    Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli's (HackerNews)
  • Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed (Tuesday November 04, 2025)
    Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News. Following responsible disclosure in March (HackerNews)
  • Ransomware Defense Using the Wazuh Open Source Platform (Tuesday November 04, 2025)
    Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide. A ransomware attack typically begins when the malware infiltrates a system through various vectors such as (HackerNews)
  • Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors (Tuesday November 04, 2025)
    Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs obfs4 for (HackerNews)
  • Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit (Tuesday November 04, 2025)
    Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption. The list of vulnerabilities is as follows - CVE-2025-43429 - A buffer overflow (HackerNews)
  • U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks (Tuesday November 04, 2025)
    Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical (HackerNews)
  • Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel (Tuesday November 04, 2025)
    Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised (HackerNews)
  • Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive (Monday November 03, 2025)
    Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to (HackerNews)
  • Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks (Monday November 03, 2025)
    Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the (HackerNews)
  • ⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More (Monday November 03, 2025)
    Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test. (HackerNews)
  • The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations (Monday November 03, 2025)
    Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the (HackerNews)
  • Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data (Monday November 03, 2025)
    Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment (HackerNews)
  • New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea (Monday November 03, 2025)
    The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션 (HackerNews)
  • Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody (Sunday November 02, 2025)
    A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus." (KrebsOnSecurity)
  • ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability (Saturday November 01, 2025)
    The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an (HackerNews)
  • OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically (Friday October 31, 2025)
    OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix security vulnerabilities at (HackerNews)
  • Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack (Friday October 31, 2025)
    A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation. "Airstalk misuses the AirWatch API for mobile device management (MDM), which is now (HackerNews)
  • China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats (Friday October 31, 2025)
    A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf said in a (HackerNews)
  • China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems (Friday October 31, 2025)
    The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it (HackerNews)
  • The MSP Cybersecurity Readiness Guide: Turning Security into Growth (Friday October 31, 2025)
    MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves. This shift represents a major growth opportunity. By delivering advanced cybersecurity and compliance (HackerNews)
  • CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers (Friday October 31, 2025)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security (HackerNews)
  • Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery (Friday October 31, 2025)
    Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft's VS Code Marketplace and Open VSX (HackerNews)
  • CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks (Friday October 31, 2025)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain (HackerNews)
  • A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do (Friday October 31, 2025)
    A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same office, file sharing is enabled through an old protocol called SMB version one. It’s fast and (HackerNews)
  • Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month (Thursday October 30, 2025)
    Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing scams before they could even be sent. In (HackerNews)
  • Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks (Thursday October 30, 2025)
    The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for (HackerNews)
  • New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL (Thursday October 30, 2025)
    A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed," Pino said in a (HackerNews)
  • The Death of the Security Checkbox: BAS Is the Power Behind Real Defense (Thursday October 30, 2025)
    Security doesn’t fail at the point of breach. It fails at the point of impact.  That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When a new exploit drops, scanners scour the internet in minutes. Once attackers gain a foothold, (HackerNews)
  • ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising (Thursday October 30, 2025)
    The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s making headlines. (HackerNews)
  • PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs (Thursday October 30, 2025)
    Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first (HackerNews)
  • Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices (Wednesday October 29, 2025)
    Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report (HackerNews)
  • New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts (Wednesday October 29, 2025)
    Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT and Perplexity. The technique has been (HackerNews)
  • Aisuru Botnet Shifts from DDoS to Residential Proxies (Wednesday October 29, 2025)
    Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users. (KrebsOnSecurity)
  • Canada Fines Cybercrime Friendly Cryptomus $176M (Wednesday October 22, 2025)
    Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada's anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus's Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there. (KrebsOnSecurity)
  • Email Bombs Exploit Lax Authentication in Zendesk (Friday October 17, 2025)
    Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. (KrebsOnSecurity)
  • Patch Tuesday, October 2025 ‘End of 10’ Edition (Tuesday October 14, 2025)
    Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options. (KrebsOnSecurity)
  • DDoS Botnet Aisuru Blankets US ISPs in Record DDoS (Friday October 10, 2025)
    The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second. (KrebsOnSecurity)
  • ShinyHunters Wage Broad Corporate Extortion Spree (Tuesday October 07, 2025)
    A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat. (KrebsOnSecurity)
  • Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms (Wednesday September 24, 2025)
    U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States. (KrebsOnSecurity)
  • Self-Replicating Worm Hits 180+ Software Packages (Tuesday September 16, 2025)
    At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.