Falco – Real-Time Threat Detection for Linux and Containers
(Monday May 19, 2025)
O2 VoLTE: locating any customer with a phone call
(Sunday May 18, 2025)
Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge.
Frida 17 is out
(Sunday May 18, 2025)
Stateful Connection With Spoofed Source IP — NetImpostor
(Saturday May 17, 2025)
This blog reviews the technique for establishing a full stateful TCP connection with a spoofed source IP address from the same subnet using ARP poisoning. The tool introduced in this blog…
[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
(Saturday May 17, 2025)
Beware! A threat actor could steal the titles of your private (and draft) WordPress posts!
(Friday May 16, 2025)
Weekly Update 452
(Friday May 16, 2025)
Skitnet(Bossnet) Malware Analysis
(Friday May 16, 2025)
You need to enable JavaScript to run this app.
Announcing the Official Parity Release of Volatility 3!
(Friday May 16, 2025)
The Volatility Team is very proud and excited to announce the first official release of Volatility 3! This release not only replaces Volatility 2 for modern investigations, but it also introduces many new and exciting features! In this blog post we document many of these new features, give a quick tour of Volatility 3 itself, and provide links to many resources that will help analysts get up to speed on bleeding-edge memory forensics techniques and capabilities. With this official release of Volatility 3, Volatility 2 is now deprecated, and the GitHub repository has been archived.
The Future is Coming Faster than You Think
(Friday May 16, 2025)
At Cisco, we are building the core infrastructure of the AI era. As
new solutions like Codex exemplify, the future of AI will be agentic.
We envision a future where billions of AI agents are working together
harmoniously on our behalf.
New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
(Friday May 16, 2025)
Prescription for disaster: Sensitive patient data leaked in Ascension breach
(Friday May 16, 2025)
Ascension, one of the largest private healthcare companies in the
United States, has confirmed that the personal data of some 437,329
patients has been exposed following an attack by cybercriminals. Read
more in my article on the Fortra blog.
Top 10 Best Practices for Effective Data Protection
(Friday May 16, 2025)
Data is the lifeblood of productivity, and protecting sensitive data
is more critical than ever. With cyber threats evolving rapidly and
data privacy regulations tightening, organizations must stay vigilant
and proactive to safeguard their most valuable assets. But how do you
build an effective data protection framework? In this article, we'll
explore data protection best practices from meeting
Salt Security Partners With Wiz, Combines Cloud and API Security
(Friday May 16, 2025)
Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
(Friday May 16, 2025)
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
(Friday May 16, 2025)
Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance
(Friday May 16, 2025)
Commit Stomping - Manipulating Git Histories to Obscure the Truth
(Thursday May 15, 2025)
Manipulating Git Histories to Obscure the Truth
Breachforums Boss to Pay $700k in Healthcare Breach
(Thursday May 15, 2025)
Welcoming the Malaysian Government to Have I Been Pwned
(Thursday May 15, 2025)
(National Cyber Coordination and Command Centre of the National Cyber
Security Agency) in Malaysia now has full access to query all their
government domains via API, and monitor them
Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
(Thursday May 15, 2025)
How the Microsoft Secure Future Initiative brings Zero Trust to life
(Thursday May 15, 2025)
Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428) - watchTowr Labs
(Thursday May 15, 2025)
Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
(Thursday May 15, 2025)
Pen Testing for Compliance Only? It's Time to Change Your Approach
(Thursday May 15, 2025)
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
(Thursday May 15, 2025)
5 BCDR Essentials for Effective Ransomware Defense
(Thursday May 15, 2025)
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
(Thursday May 15, 2025)
Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
(Thursday May 15, 2025)
Cybersecurity researchers have discovered a malicious package named
"os-info-checker-es6" that disguises itself as an operating system
information utility to stealthily drop a next-stage payload onto
compromised systems. "This campaign employs clever Unicode-based
steganography to hide its initial malicious code and utilizes a Google
Calendar event short link as a dynamic dropper for its final
Smashing Security podcast #417: Hello, Pervert! – Sextortion scams and Discord disasters
(Wednesday May 14, 2025)
Updates to Cisco’s Executive Leadership Team
(Wednesday May 14, 2025)
With the announcement of Scott Herren's retirement, Mark Patterson
will step into the role as Cisco’s Chief Financial Officer on day
one of fiscal year 2026. Jeetu Patel has also been promoted to
President and Chief Product Officer.
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
(Wednesday May 14, 2025)
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
(Wednesday May 14, 2025)
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
(Wednesday May 14, 2025)
A Chinese-language, Telegram-based marketplace called Xinbi Guarantee
has facilitated no less than $8.4 billion in transactions since 2022,
making it the second major black market to be exposed after HuiOne
Guarantee. According to a report published by blockchain analytics
firm Elliptic, merchants on the marketplace have been found to peddle
technology, personal data, and money laundering
Integrate LDAP into Keycloak to modernize rather than delete it
(Wednesday May 14, 2025)
Learn how to extend your existing LDAP infrastructure using Keycloak—without replatforming. This guide covers integration strategies, SSO, MFA, and identity federation best practices.
CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users
(Wednesday May 14, 2025)
A new global phishing threat called "Meta Mirage" has been uncovered,
targeting businesses using Meta's Business Suite. This campaign
specifically aims at hijacking high-value accounts, including those
managing advertising and official brand pages. Cybersecurity
researchers at CTM360 revealed that attackers behind Meta Mirage
impersonate official Meta communications, tricking users into handing
[CVE-2025-47916] Invision Community <= 5.0.6 (customCss) Remote Code Execution
(Wednesday May 14, 2025)
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Patch Tuesday, May 2025 Edition
(Wednesday May 14, 2025)
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
(Wednesday May 14, 2025)
A cyber espionage group known as Earth Ammit has been linked to two
related but distinct campaigns from 2023 to 2024 targeting various
entities in Taiwan and South Korea, including military, satellite,
heavy industry, media, technology, software services, and healthcare
sectors. Cybersecurity firm Trend Micro said the first wave, codenamed
VENOM, mainly targeted software service providers, while
ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience
(Wednesday May 14, 2025)
Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
(Wednesday May 14, 2025)
Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
(Wednesday May 14, 2025)
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
(Wednesday May 14, 2025)
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
(Wednesday May 14, 2025)
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
(Wednesday May 14, 2025)
Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)
(Wednesday May 14, 2025)
The AI Fix #50: AI brings dead man back for killer’s trial, and the judge loves it
(Tuesday May 13, 2025)
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
(Tuesday May 13, 2025)
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
(Tuesday May 13, 2025)
AI Agents: Transformative or Turbulent?
(Tuesday May 13, 2025)
Described as revolutionary and disruptive, AI agents are the new
cornerstone of innovation in 2025. But as with any technology standing
on the cutting edge, this evolution isn’t without its trade-offs.
Will this new blend of intelligence and autonomy really introduce a
new era of efficiency? Or does the ability for AI Agents to act […]
The post .
Two years’ jail for down-on-his-luck man who sold ransomware online
(Tuesday May 13, 2025)
Deepfake Defense in the Age of AI
(Tuesday May 13, 2025)
The cybersecurity landscape has been dramatically reshaped by the
advent of generative AI. Attackers now leverage large language models
(LLMs) to impersonate trusted individuals and automate these social
engineering tactics at scale. Let’s review the status of these
rising attacks, what’s fueling them, and how to actually prevent,
not detect, them. The Most Powerful Person on the
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
(Tuesday May 13, 2025)
The North Korea-linked threat actor known as Konni APT has been
attributed to a phishing campaign targeting government entities in
Ukraine, indicating the threat actor's targeting beyond Russia.
Enterprise security firm Proofpoint said the end goal of the campaign
is to collect intelligence on the "trajectory of the Russian
invasion." "The group's interest in Ukraine follows historical
targeting
Exploring CNAPP Options for Cloud Security in 2025
(Tuesday May 13, 2025)
How Compliance Training Software Protects Your Business from Risk
(Tuesday May 13, 2025)
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
(Tuesday May 13, 2025)
Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers
(Tuesday May 13, 2025)
High Court to decide if information from encrypted app legally obtained
(Monday May 12, 2025)
The High Court will today consider whether information gathered from
encrypted messaging on an app known as AN0M, which was secretly
controlled by the FBI and the Australian Federal Police, was legally
obtained.
Marbled Dust leverages zero-day in Output Messenger for regional espionage
(Monday May 12, 2025)
Statistical Analysis to Detect Uncommon Code
(Monday May 12, 2025)
ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
(Monday May 12, 2025)
⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
(Monday May 12, 2025)
How I ruined my vacation by reverse engineering WSC
(Monday May 12, 2025)
SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths
(Monday May 12, 2025)
SUDO_KILLER is a Bash script that audits sudo configurations on
Unix-like systems, identifying misconfigurations and vulnerabilities
for potential privilege escalation.
The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
(Monday May 12, 2025)
Detecting leaked credentials is only half the battle. The real
challenge—and often the neglected half of the equation—is what
happens after detection. New research from GitGuardian's State of
Secrets Sprawl 2025 report reveals a disturbing trend: the vast
majority of exposed company secrets discovered in public repositories
remain valid for years after detection, creating an expanding attack
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
(Monday May 12, 2025)
One-Click RCE in ASUS’s Preinstalled Driver Software
(Sunday May 11, 2025)
One-Click RCE in ASUS’s Preinstalled Driver Software Part Two of this series on ASUS will be dropping within a week, yes it somehow manages to get worse
Introduction This story begins with a conversation about new PC parts.
After ignoring the advice from my friend, I bought a new ASUS motherboard for my PC. I was a little concerned about having a BIOS that would by default silently install software into my OS in the background.
Weekly Update 451
(Saturday May 10, 2025)
The Have I Been Pwned Alpine Grand Tour is upon us! Ive often joked
that work is always either sitting at my desk at home in isolation or
on the other side of the world, and so it is with this trip. As weve
done with
Exploiting DLL Search Order Hijacking in Microsoft Edge’s Trusted Directory: A Red Team Tactic
(Saturday May 10, 2025)
Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection
(Saturday May 10, 2025)
Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data
(Saturday May 10, 2025)
Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources
(Friday May 09, 2025)
Unit 42 details a new malware obfuscation technique where threat actors hide malware in bitmap resources within .NET applications. These deliver payloads like Agent Tesla or XLoader. Unit 42 details a new malware obfuscation technique where threat actors hide malware in bitmap resources within .NET applications. These deliver payloads like Agent Tesla or XLoader.
BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation
(Friday May 09, 2025)
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
(Friday May 09, 2025)
The North Korean threat actors behind the Contagious Interview
campaign have been observed using updated versions of a cross-platform
malware called OtterCookie with capabilities to steal credentials from
web browsers and other files. NTT Security Holdings, which detailed
the new findings, said the attackers have "actively and continuously"
updated the malware, introducing versions v3 and v4 in
WatchGuard transitions new CEO
(Friday May 09, 2025)
WatchGuard® Technologies, a provider of unified cybersecurity for
managed service providers (MSPs), today announced a planned leadership
transition. After a decade of impactful leadership, Chief Executive
Officer (CEO) Prakash Panjwani will transition out of his operational
role, continuing to serve on the Board of Directors and as a strategic
advisor to the company. Vats Srivatsan, […]
The post .
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
(Friday May 09, 2025)
Cybersecurity researchers are warning of a new campaign that's
targeting Portuguese-speaking users in Brazil with trial versions of
commercial remote monitoring and management (RMM) software since
January 2025. "The spam message uses the Brazilian electronic invoice
system, NF-e, as a lure to entice users into clicking hyperlinks and
accessing malicious content hosted in Dropbox," Cisco Talos
LockBit ransomware gang breached, secrets exposed
(Friday May 09, 2025)
Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
(Friday May 09, 2025)
Beyond Vulnerability Management – Can You CVE What I CVE?
(Friday May 09, 2025)
The Vulnerability Treadmill The reactive nature of vulnerability
management, combined with delays from policy and process, strains
security teams. Capacity is limited and patching everything
immediately is a struggle. Our Vulnerability Operation Center (VOC)
dataset analysis identified 1,337,797 unique findings (security
issues) across 68,500 unique customer assets. 32,585 of them were
distinct
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
(Friday May 09, 2025)
What Should You Consider When Choosing an AI Penetration Testing Company?
(Friday May 09, 2025)
Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump
(Friday May 09, 2025)
