Tag: detection

‘Zero Disco’ campaign hits legacy Cisco switches with fileless rootkit payloads

Oct 17, 2025 3:07 PM

Tags: access, cisco, cloud, cve, data, detection, edr, exploit, infection, network, switch, tool

Effects beyond one-time infection: According to Trend Micro, the campaign affected specific Cisco families, including 9400, 9300, and legacy 3750G switches. Affected organizations face more than a one-off compromise as infected switches can provide attackers a long-term, stealthy platform for lateral movement, data interception, or further payload delivery.Parts of the exploit are fileless or volatile,…
F5 Security Incident Advisory

Oct 17, 2025 9:09 AM

Tags: access, advisory, application-security, attack, authentication, awareness, backdoor, best-practice, breach, china, cisa, compliance, control, corporate, cve, cvss, cybersecurity, data, data-breach, defense, detection, dos, endpoint, espionage, exploit, finance, flaw, government, group, guide, hacker, Hardware, identity, infrastructure, Internet, Intruder, malicious, malware, mitigation, monitoring, network, phishing, PurpleTeam, radius, rce, remote-code-execution, risk, risk-assessment, security-incident, service, software, strategy, technology, theft, threat, training, unauthorized, update, vulnerability, zero-day, zero-trust

Executive SummaryOn October 15, 2025, F5 Networks publicly disclosed a serious security breach involving a nation-state threat actor. The intruders maintained long-term, persistent access to F5’s internal systems”, specifically the BIG-IP product development environment and engineering knowledge management platforms. F5 first detected unauthorized activity on August 9, 2025, but delayed public disclosure until mid-October as directed by…
SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025

Oct 17, 2025 5:07 AM

Tags: ai, attack, cloud, data, detection, edr, gartner, google, risk, saas, siem, soar, startup, technology, threat, vulnerability

Vaguely magical and quadranty thing (Gemini) It’s not every day you get to reflect on a journey that started as an odd “googley” startup and culminates in a shiny Leaders placement on a Gartner Magic Quadrant for SIEM 2025 (MQ). When I joined Chronicle in the summer of 2019″Š”, “Ša name now rolled into the broader Google…
F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now

Oct 17, 2025 12:07 AM

Tags: access, attack, breach, cisa, cloud, crowdstrike, cve, cvss, cyber, cybersecurity, data, data-breach, detection, edr, endpoint, exploit, government, Hardware, infrastructure, intelligence, Internet, kubernetes, malicious, mitigation, monitoring, network, risk, software, supply-chain, technology, theft, threat, tool, update, vulnerability, vulnerability-management

Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation, it’s a gamble. You don’t build a fire extinguisher while the house is burning. You find every spark before it becomes the next inferno. Key takeaways: F5’s BIG-IP is used to secure everything from government agencies to critical infrastructure. …
F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now

Oct 17, 2025 12:07 AM

Tags: access, attack, breach, cisa, cloud, crowdstrike, cve, cvss, cyber, cybersecurity, data, data-breach, detection, edr, endpoint, exploit, government, Hardware, infrastructure, intelligence, Internet, kubernetes, malicious, mitigation, monitoring, network, risk, software, supply-chain, technology, theft, threat, tool, update, vulnerability, vulnerability-management

Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation, it’s a gamble. You don’t build a fire extinguisher while the house is burning. You find every spark before it becomes the next inferno. Key takeaways: F5’s BIG-IP is used to secure everything from government agencies to critical infrastructure. …
CISOs brace for an “AI vs. AI” fight

Oct 16, 2025 10:07 PM

Tags: ai, attack, automation, awareness, ciso, computer, conference, cyber, data, defense, detection, email, exploit, extortion, india, psychology, ransomware, social-engineering, technology, theft, threat, training, vulnerability

CSO reporting paints an unsettling picture of what’s already happening. Autonomous AI agents are learning to execute full attack chains, from reconnaissance and exploitation to evasion and data theft, without human direction. Researchers have documented AI models used to generate extortion emails, launch ransomware, and discover new vulnerabilities in minutes. As one expert put it, attackers…
Vier Fragen entscheiden über mehr Cyber-Resilienz

Oct 16, 2025 11:07 AM

Tags: ai, cyber, detection, resilience

Die Mehrheit der Unternehmen weltweit setzt inzwischen Lösungen zum Schutz ihrer Endpunkte ein. Branchenweit wird dafür mit ähnlichen Schlagwörtern wie ‘KI-gestützt”, ‘Next-Gen” oder ‘integriert” um Aufmerksamkeit gebuhlt. Doch es bestehen erhebliche Unterschiede, insbesondere wenn Unternehmen von reiner Prävention zu strategischer und ganzheitlicher Detection & Response übergehen, um die Resilienz zu stärken. Dass Resilienz ein Top-Thema…
Phishing training needs a new hook, here’s how to rethink your approach

Oct 16, 2025 10:07 AM

Tags: ai, attack, authentication, computer, cybersecurity, detection, metric, mfa, mobile, phishing, risk, threat, training, vulnerability

Phishing training offers minimal benefits: Grant Ho, assistant professor of computer science at The University of Chicago collaborated with UC San Diego and UC San Diego Health to evaluate the efficacy of annual training and embedded phishing training. In their research, they analyzed how approximately 20,000 employees at UCSD Health handled simulated phishing campaigns across…
LevelBlue Announces Plans to Acquire XDR Provider Cybereason

Oct 16, 2025 6:07 AM

Tags: detection, edr

The deal, which builds on LevelBlue’s recent acquisition of Trustwave and Aon, aims to provide customers with a broad portfolio of extended detection and response (XDR), managed detection and response (MDR), and forensic services. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/levelblue-acquires-xdr-provider-cybereason
A View from the C-suite: Aligning AI security to the NIST RMF FireTail Blog

Oct 16, 2025 12:08 AM

Tags: access, ai, attack, breach, csf, cybersecurity, data, data-breach, defense, detection, framework, governance, grc, guide, incident response, infrastructure, injection, jobs, LLM, malicious, nist, RedTeam, risk, risk-management, strategy, supply-chain, theft, tool, vulnerability

Oct 15, 2025 – Jeremy Snyder – In 2025, the AI race is surging ahead and the pressure to innovate is intense. For years, the NIST Cybersecurity Framework (CSF) has been our trusted guide for managing risk. It consists of five principles: identify, protect, detect, respond, and recover. But with the rise of AI revolutionizing…
Source code and vulnerability info stolen from F5 Networks

Oct 15, 2025 11:14 PM

Tags: access, apt, attack, automation, best-practice, breach, ceo, ciso, control, credentials, crowdstrike, cybercrime, data, data-breach, detection, edr, endpoint, exploit, group, guide, incident response, infrastructure, intelligence, mitigation, monitoring, network, programming, risk, sans, software, threat, tool, update, vulnerability

F5 mitigations: IT and security leaders should make sure F5 servers, software, and clients have the latest patches. In addition, F5 has added automated hardening checks to the F5 iHealth Diagnostics Tool, and also suggests admins refer to its threat hunting guide to strengthen monitoring, and its best practices guides for hardening F5 systems.As a…
Source code and vulnerability info stolen from F5 Networks

Oct 15, 2025 11:14 PM

Tags: access, apt, attack, automation, best-practice, breach, ceo, ciso, control, credentials, crowdstrike, cybercrime, data, data-breach, detection, edr, endpoint, exploit, group, guide, incident response, infrastructure, intelligence, mitigation, monitoring, network, programming, risk, sans, software, threat, tool, update, vulnerability

F5 mitigations: IT and security leaders should make sure F5 servers, software, and clients have the latest patches. In addition, F5 has added automated hardening checks to the F5 iHealth Diagnostics Tool, and also suggests admins refer to its threat hunting guide to strengthen monitoring, and its best practices guides for hardening F5 systems.As a…
How to spot dark web threats on your network using NDR

Oct 15, 2025 4:54 PM

Tags: ai, dark-web, detection, network, threat

Dark web activity can hide in plain sight within everyday network traffic. Corelight’s NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats across your network. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-to-spot-dark-web-threats-on-your-network-using-ndr/
How to spot dark web threats on your network using NDR

Oct 15, 2025 4:54 PM

Tags: ai, dark-web, detection, network, threat

Dark web activity can hide in plain sight within everyday network traffic. Corelight’s NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats across your network. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-to-spot-dark-web-threats-on-your-network-using-ndr/
Flax Typhoon exploited ArcGIS to gain long-term access

Oct 15, 2025 3:54 PM

Tags: access, ai, attack, backup, ciso, control, data, data-breach, detection, encryption, endpoint, espionage, exploit, government, group, india, infrastructure, intelligence, kev, least-privilege, macOS, malicious, monitoring, network, password, risk, sbom, service, software, supply-chain, threat, unauthorized, update, windows

Who is at risk?: In the first documented case confirmed by ArcGIS, where the malicious SOE was used, ReliaQuest identified that the password for the ArcGIS portal administrator account was a leet password of unknown origin, suggesting that the attacker had access to the administrative account and was able to reset the password.”Any organization that…
Flax Typhoon exploited ArcGIS to gain long-term access

Oct 15, 2025 3:54 PM

Tags: access, ai, attack, backup, ciso, control, data, data-breach, detection, encryption, endpoint, espionage, exploit, government, group, india, infrastructure, intelligence, kev, least-privilege, macOS, malicious, monitoring, network, password, risk, sbom, service, software, supply-chain, threat, unauthorized, update, windows

Who is at risk?: In the first documented case confirmed by ArcGIS, where the malicious SOE was used, ReliaQuest identified that the password for the ArcGIS portal administrator account was a leet password of unknown origin, suggesting that the attacker had access to the administrative account and was able to reset the password.”Any organization that…
PHASR von Bitdefender als Standalone-Lösung verfügbar

Oct 15, 2025 3:54 PM

Tags: attack, cyberattack, detection, endpoint, ransomware

Die Proactive-Hardening and Attack-Surface-Reduction (PHASR) von Bitdefender ist ab sofort weltweit auch als Standalone-Lösung verfügbar. Damit steht die präventive Sicherheitstechnologie und branchenweit erste Endpoint-Sicherheitslösung, die dynamische, verhaltensbasierte Sicherheitshärtung mit Echtzeit-Informationen zu Bedrohungen kombiniert, um Ransomware- und LOTL-Angriffe (Living-off-the-Land) proaktiv zu stoppen, allen Unternehmen und Organisationen zur Verfügung. Ganz gleich, welche Endpoint-Protection (EPP)- oder Endpoint-Detection-and-Response (EDR)-Plattformen…
PHASR von Bitdefender als Standalone-Lösung verfügbar

Oct 15, 2025 3:54 PM

Tags: attack, cyberattack, detection, endpoint, ransomware

Die Proactive-Hardening and Attack-Surface-Reduction (PHASR) von Bitdefender ist ab sofort weltweit auch als Standalone-Lösung verfügbar. Damit steht die präventive Sicherheitstechnologie und branchenweit erste Endpoint-Sicherheitslösung, die dynamische, verhaltensbasierte Sicherheitshärtung mit Echtzeit-Informationen zu Bedrohungen kombiniert, um Ransomware- und LOTL-Angriffe (Living-off-the-Land) proaktiv zu stoppen, allen Unternehmen und Organisationen zur Verfügung. Ganz gleich, welche Endpoint-Protection (EPP)- oder Endpoint-Detection-and-Response (EDR)-Plattformen…
Introducing MAESTRO: A framework for securing generative and agentic AI

Oct 15, 2025 2:54 PM

Tags: ai, api, attack, banking, business, cloud, compliance, container, control, data, detection, endpoint, fintech, framework, fraud, GDPR, governance, identity, infrastructure, injection, kubernetes, LLM, malicious, mitre, monitoring, network, nist, PCI, radius, risk, saas, service, supply-chain, threat, tool, unauthorized

System boundary: MAESTRO reviews focus on models, AI agents, data flows, CI/CD pipelines, supporting tools and third-party APIs. Broader IT security hygiene (patching, identity governance, endpoint protection) is assumed to be managed by existing programs.Assumptions: organizations have the security baseline configurations and compliance, such as ISO 27XXX, in place. MAESTRO builds on these baselines and…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
Beyond the checklist: Building adaptive GRC frameworks for agentic AI

Oct 15, 2025 1:54 PM

Tags: access, ai, breach, ciso, cloud, compliance, control, crime, data, detection, endpoint, finance, framework, fraud, governance, grc, international, metric, monitoring, nist, risk, risk-management, strategy, supply-chain, switch

Autonomous agent drift First, I experienced an autonomous agent drift that nearly caused a severe financial and reputational crisis. We deployed a sophisticated agent tasked with optimizing our cloud spending and resource allocation across three regions, giving it a high degree of autonomy. Its original mandate was clear, but after three weeks of self-learning and…
Roll your own bot detection: server-side detection (part 2)

Oct 15, 2025 11:54 AM

Tags: detection, login

This is the second part of our series on building a lightweight, vendor-free anti-bot system to protect your login endpoint. In Part 1, we focused on the client side: we designed a fingerprinting script that collects various signals from the browser, obfuscates the code, encrypts the payload, and injects it First seen on securityboulevard.com Jump…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

Oct 15, 2025 10:54 AM

Tags: android, antivirus, api, banking, cyber, data, detection, github, india, infection, malicious, malware, rat, threat

The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
Maltrail: Open-source malicious traffic detection system

Oct 15, 2025 7:54 AM

Tags: detection, malicious, network, open-source

Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
Maltrail: Open-source malicious traffic detection system

Oct 15, 2025 7:54 AM

Tags: detection, malicious, network, open-source

Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
Maltrail: Open-source malicious traffic detection system

Oct 15, 2025 7:54 AM

Tags: detection, malicious, network, open-source

Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
The Defensive Gap: Why Modern SOCs Are Losing Ground and How to Close It

Oct 14, 2025 8:24 PM

Tags: breach, detection, intelligence, service, siem, soc, threat

Despite continued investments in SIEMs, threat intelligence platforms, and managed detection services, many Security Operations Centers (SOCs) remain in a defensive position. SOCs are reactive, overstretched, and underprepared. High-profile breaches continue to grab headlines, but they are only what is visible. The reality is that SOC teams are overwhelmed by alert fatigue, organizational friction, and..…