Tag: network
-
2M Devices at Risk as Kimwolf Botnet Abuses Proxy Networks
The Kimwolf botnet is abusing residential proxies to spread through consumer devices, putting roughly two million systems at risk worldwide. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/2m-devices-at-risk-as-kimwolf-botnet-abuses-proxy-networks/
-
Kimwolf botnet leverages residential proxies to hijack 2M+ Android devices
The Kimwolf botnet has infected over 2 million Android devices, spreading mainly through residential proxy networks, researchers say. The Kimwolf botnet has compromised more than 2 million Android devices, spreading primarily via residential proxy networks, according to cybersecurity firm Synthient. Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8…
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
Crimson Collective Claims Alleged Breach of Brightspeed Fiber Network
A threat actor group operating under the name >>Crimson Collective
-
Multiple Flaws in QNAP Tools Allow Attackers to Steal Sensitive Data
QNAP has released a security advisory addressing multiple vulnerabilities in its License Center application. If left unpatched, these flaws could allow attackers to steal sensitive information, crash system processes, or modify memory on affected Network Attached Storage (NAS) devices. The security update, released on January 3, 2026, resolves two distinct issues affecting License Center version…
-
Palo Alto Networks Eyes $400M Acquisition of Koi Security
A high-profile acquisition by a global cybersecurity leader could help signal renewed confidence in Israeli cyber startups. The post Palo Alto Networks Eyes $400M Acquisition of Koi Security appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-palo-alto-koi-security-deal/
-
Cybersecurity firm turns tables on threat actors with decoy data trap
Evidence of real breach remains thin: Despite Resecurity’s detailed account, the threat actors have not backed up their original claims with additional verifiable evidence. After posting the screenshots, no substantiated leaks of internal systems or actual client data have appeared. Independent analysis by various cybersecurity researchers supports Resecurity’s assertion that no production assets were compromised.On…
-
Cybersecurity firm turns tables on threat actors with decoy data trap
Evidence of real breach remains thin: Despite Resecurity’s detailed account, the threat actors have not backed up their original claims with additional verifiable evidence. After posting the screenshots, no substantiated leaks of internal systems or actual client data have appeared. Independent analysis by various cybersecurity researchers supports Resecurity’s assertion that no production assets were compromised.On…
-
Time to restore America’s cyberspace security system
China’s campaign to break into our critical infrastructure and federal government networks is persistent and growing. Beijing is stealing information while also planting tools and maintaining access in key systems, giving it the option to pressure the United States in the future. Russia also continues to test our critical infrastructure with increasingly sophisticated operations, support…
-
VVS Stealer, a new python malware steals Discord credentials
VVS Stealer is a Python-based malware that steals Discord credentials and tokens and has been sold on Telegram since at least April 2025. Palo Alto Networks researchers uncovered VVS Stealer, a Python-based malware that steals Discord credentials and tokens and has been sold on Telegram since at least April 2025. VVS Stealer uses the source…
-
New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that’s capable of harvesting Discord credentials and tokens.The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42.”VVS stealer’s code…
-
NDSS 2025 A New PPML Paradigm For Quantized Models
Session 7D: ML Security Authors, Creators & Presenters: Tianpei Lu (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Bingsheng Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Xiaoyuan Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Kui Ren (The State Key Laboratory of Blockchain…
-
NDSS 2025 DLBox: New Model Training Framework For Protecting Training Data
Session 7D: ML Security Authors, Creators & Presenters: Jaewon Hur (Seoul National University), Juheon Yi (Nokia Bell Labs, Cambridge, UK), Cheolwoo Myung (Seoul National University), Sangyun Kim (Seoul National University), Youngki Lee (Seoul National University), Byoungyoung Lee (Seoul National University) PAPER DLBox: New Model Training Framework For Protecting Training Data Sharing training data for deep…
-
NDSS 2025 Understanding Data Importance In Machine Learning Attacks
Session 7D: ML Security Authors, Creators & Presenters: Rui Wen (CISPA Helmholtz Center for Information Security), Michael Backes (CISPA Helmholtz Center for Information Security), Yang Zhang (CISPA Helmholtz Center for Information Security) PAPER Understanding Data Importance in Machine Learning Attacks: Does Valuable Data Pose Greater Harm? Machine learning has revolutionized numerous domains, playing a crucial…
-
NDSS 2025 AlphaDog: No-Box Camouflage Attacks Via Alpha Channel Oversight
Session 7D: ML Security Authors, Creators & Presenters: Qi Xia (University of Texas at San Antonio), Qian Chen (University of Texas at San Antonio) PAPER AlphaDog: No-Box Camouflage Attacks via Alpha Channel Oversight Traditional black-box adversarial attacks on computer vision models face significant limitations, including intensive querying requirements, time-consuming iterative processes, a lack of universality,…
-
Cisco XDR in 30: Turning Security Signals Into Confident Action
How network-led Cisco XDR helps teams see threats clearly and respond faster First seen on theregister.com Jump to article: www.theregister.com/2026/01/02/cisco-xdr-in-30/
-
NDSS 2025 “¢ Decentralized Infrastructure For Sharing Trusted Encrypted Facts And Nothing More
Session 7C: Secure Protocols Authors, Creators & Presenters: Sofia Celi (Brave Software), Alex Davidson (NOVA LINCS & Universidade NOVA de Lisboa), Hamed Haddadi (Imperial College London & Brave Software), Gonçalo Pestana (Hashmatter), Joe Rowell (Information Security Group, Royal Holloway, University of London) PAPER DiStefano: Decentralized Infrastructure for Sharing Trusted Encrypted Facts and Nothing More We…
-
NDSS 2025 Impact Tracing: Identifying The Culprit Of Misinformation In Encrypted Messaging Systems
Session 7C: Secure Protocols Authors, Creators & Presenters: Zhongming Wang (Chongqing University), Tao Xiang (Chongqing University), Xiaoguo Li (Chongqing University), Biwen Chen (Chongqing University), Guomin Yang (Singapore Management University), Chuan Ma (Chongqing University), Robert H. Deng (Singapore Management University) PAPER Impact Tracing: Identifying the Culprit of Misinformation in Encrypted Messaging Systems Encrypted messaging systems obstruct…
-
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
MongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 (MongoBleed), was disclosed right after Christmas, an unwelcome “gift” for the cybersecurity community, impacting MongoDB Server deployments that use zlib network compression. MongoDB is a popular open-source NoSQL database used to store and manage data…
-
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation
Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, updateCloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
-
NSFOCUS Monthly APT Insights November 2025
Regional APT Threat Situation In November 2025, the global threat hunting system of Fuying Lab detected a total of 28 APT attack activities. These activities were primarily concentrated in regions including South Asia and East Asia, with a smaller portion also found in Eastern Europe and Middle East. Some organizations remain unattributed to known APT…The…
-
New Open-Source C2 Framework AdaptixC2 Debuts With Improved Stability and Speed
The open-source community has received a major update with the release of AdaptixC2 Version 1.0. This new version brings significant enhancements to the Command and Control (C2) framework, with a focus on network stability, user interface (UI) performance, and operational speed. The most notable technical improvement in Version 1.0 is the complete overhaul of the…
-
NDSS 2025 PQConnect: Automated Post-Quantum End-To-End Tunnels
Session 7C: Secure Protocols Authors, Creators & Presenters: Daniel J. Bernstein (University of Illinois at Chicago and Academia Sinica), Tanja Lange (Eindhoven University of Technology amd Academia Sinica), Jonathan Levin (Academia Sinica and Eindhoven University of Technology), Bo-Yin Yang (Academia Sinica) PAPER PQConnect: Automated Post-Quantum End-to-End Tunnels This paper introduces PQConnect, a post-quantum end-to-end tunneling…
-
Palo Alto Networks Allies with Google to Secure AI
Palo Alto Networks will significantly expand the scope of the cybersecurity offerings it makes available on Google Cloud in the New Year while at the same time making greater use of cloud infrastructure and artificial intelligence (AI) technologies provided by Google across its portfolio. Specifically, Palo Alto Networks will make its Prisma AIRS platform for..…
-
NDSS 2025 Distributed Function Secret Sharing And Applications
Session 7C: Secure Protocols Authors, Creators & Presenters: Pengzhi Xing (University of Electronic Science and Technology of China), Hongwei Li (University of Electronic Science and Technology of China), Meng Hao (Singapore Management University), Hanxiao Chen (University of Electronic Science and Technology of China), Jia Hu (University of Electronic Science and Technology of China), Dongxiao Liu…
-
European Space Agency confirms breach of “external servers”
The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as “unclassified” information on collaborative engineering activities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/european-space-agency-confirms-breach-of-external-servers/
-
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
-
MongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847)
Security researchers have released an open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting multiple MongoDB versions. The MongoBleed Detector, developed by Neo23x0, provides incident responders with an offline analysis capability to scan MongoDB logs for exploitation indicators without requiring network connectivity or additional agents. MongoBleed…