DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Oct 10, 2025Ravie LakshmananRansomware / Data Theft Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that...
Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries
Oct 10, 2025Ravie LakshmananSaaS Security / Threat Intelligence A threat actor known as Storm-2657 has been observed hijacking employee accounts...
WhatsApp Worm Targets Brazilian Banking Customers
Counter Threat Unit™ (CTU) researchers are investigating multiple incidents in an ongoing campaign targeting users of the WhatsApp messaging platform....
The Psychology of Security: Why Users Resist Better Authentication
Understanding the Human Mind Behind the 70% Who Feel Overwhelmed by Password Management Let me start with a story that...
What is CAA? Understanding Certificate Authority Authorization
Key Takeaways A CAA record defines which Certificate Authorities can issue SSL/TLS certificates for your domain. It prevents unauthorized certificate...
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini October 10, 2025 U.S. Cybersecurity and Infrastructure Security...
RondoDox Botnet targets 56 flaws across 30+ device types worldwide
RondoDox Botnet targets 56 flaws across 30+ device types worldwide Pierluigi Paganini October 10, 2025 RondoDox botnet exploits 56 known...
Multimodal AI, A Whole New Social Engineering Playground for Hackers
Multimodal AI is the shiny new toy in the enterprise tech stack. Its multiple input streams help it produce outputs...
Red Pilling of Politics – Court Strikes Down California Law on Political Deepfakes
In The Matrix, (the first Matrix) Morpheus tells Neo, “You have to understand, most of these people are not ready...
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
Oct 10, 2025Ravie LakshmananVulnerability / Network Security Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical...
The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and...
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Oct 10, 2025Ravie LakshmananCybercrime / Malware Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm...
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
Oct 10, 2025Ravie LakshmananVulnerability / Zero-Day Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security...
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
Oct 10, 2025Ravie LakshmananVulnerability / Threat Intelligence Dozens of organizations may have been impacted following the zero-day exploitation of a...
