Tag: network
-
Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023
The U.S. government and its allies said hackers have been exploiting the newly identified bug in Cisco networking gear around the world for years, and urged organizations to patch. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/26/cisco-says-hackers-have-been-exploiting-a-critical-bug-to-break-into-big-customer-networks-since-2023/
-
Phishing”‘Led Agent Tesla Campaign Uses Process Hollowing and Anti”‘Analysis to Evade Detection
Agent Tesla continues to cement its status as one of the most persistent remote access trojans (RATs) in the global threat landscape. Known for its data”‘stealing capabilities and extensive distribution network, this malware remains a weapon of choice for low”‘skilled cybercriminals seeking sophisticated results. The latest variant follows a multi”‘stage delivery sequence involving several fileless…
-
Wireshark 4.6.4 Released to Patch Multiple Security Vulnerabilities
Wireshark has released version 4.6.4, delivering security and stability fixes that address several denial”‘of”‘service risks and multiple crashes in protocol dissectors and tools. The update is recommended for all users, especially analysts working with untrusted capture files or live traffic from diverse protocols and devices. Wireshark is a widely used network protocol analyzer that helps…
-
OpenAI Confirms Chinese Hackers Used ChatGPT in Cyberattack Campaign
OpenAI has confirmed that Chinese-linked operators misused ChatGPT as part of a broader campaign that blended cyber operations, online harassment, and covert influence tactics, according to its latest threat report “Disrupting malicious uses of AI.” While the models were not used to write exploits or break into networks directly, they were repeatedly abused to plan…
-
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries
Tags: access, api, apt, china, cloud, communications, cyber, cyberespionage, data, defense, endpoint, espionage, google, government, group, hacker, infrastructure, intelligence, linux, mandiant, monitoring, network, phone, radius, service, spy, theft, threat, vpnHow Mandiant found it: The campaign came to light during a Mandiant Threat Defense investigation, when analysts flagged unusual activity on a CentOS server. A binary named xapt, designed to masquerade as the apt package manager on Debian-based Linux systems, had already escalated to root and was running shell commands to confirm its access level,…
-
Insights into Claude Code Security: A New Pattern of Intelligent Attack and Defense
On February 20, 2026, AI company Anthropic released a new code security tool called Claude Code Security. This release coincided with the highly sensitive period of global capital markets to AI technology subverting the traditional software industry, which quickly triggered violent fluctuations in the capital market and caused the fall of stock prices of major…The…
-
Wireshark 4.6.4 resolves dissector flaws, plugin compatibility issue
Packet inspection remains a routine activity across enterprise networks, incident response workflows, and malware investigations. Continuous use places long-term stability and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/wireshark-4-6-4-released/
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
Steaelite RAT Drives Surge in Double Extortion Attacks on Enterprises
A newly surfaced Remote Access Trojan (RAT) named Stealer is rapidly gaining traction across cybercrime networks, fueling a fresh wave of double-extortion incidents against enterprise targets. It offers features such as HVNC (Hidden Virtual Network Computing) monitoring and banking application bypass capabilities once reserved for advanced, custom-built malware teams. Steaelite’s marketing strategy mirrors that of commercial malware projects. The developer has actively…
-
Google Disrupts Chinese Hacker Network Behind 53 Telecom, Gov’t Breaches
Tags: breach, china, cyber, espionage, google, government, group, hacker, infrastructure, intelligence, mandiant, network, threatGoogle and its partners have disrupted a major Chinese state-linked cyber espionage campaign that breached at least 53 telecommunications and government entities across 42 countries on four continents. The operation, led by Google Threat Intelligence Group (GTIG) alongside Mandiant and industry partners, dismantled the infrastructure of a suspected People’s Republic of China (PRC) nexus group…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
NDSS 2025 type++: Prohibiting Type Confusion With Inline Type Information
Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Nicolas Badoux (EPFL), Flavio Toffalini (Ruhr-Universität Bochum, EPFL), Yuseok Jeon (UNIST), Mathias Payer (EPFL) PAPER type++: Prohibiting Type Confusion with Inline Type Information Type confusion, or bad casting, is a common C++ attack vector. Such vulnerabilities cause a program to interpret an object as…
-
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Tags: access, advisory, attack, authentication, cisa, cisco, cve, cyber, cybersecurity, exploit, flaw, government, infrastructure, intelligence, mitigation, network, risk, software, threat, update, vulnerability, zero-dayExploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks. Key takeaways: CVE-2026-20127 is an Authentication Bypass Vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. Patches have been released and no workarounds are currently available. Exploitation in the…
-
Beyond the Perimeter: Anti Data Exfiltration is the New Cybersecurity Standard
We all know the old >>castle and moat<< approach to network security is failing. BlackFog CEO Darren Williams sat down with Alan Shimel to talk about why traditional data loss prevention (DLP) struggles in today's hybrid environments. The reality is that legacy DLP requires far too much manual data classification and relies on a network..…
-
NDSS 2025 On Borrowed Time Preventing Static Side-Channel Analysis
Tags: attack, conference, control, data, exploit, Internet, network, side-channel, technology, threatSession 13C: Side Channels 2 Authors, Creators & Presenters: Robert Dumitru (Ruhr University Bochum and The University of Adelaide), Thorben Moos (UCLouvain), Andrew Wabnitz (Defence Science and Technology Group), Yuval Yarom (Ruhr University Bochum) PAPER On Borrowed Time — Preventing Static Side-Channel Analysis In recent years a new class of side-channel attacks has emerged. Instead…
-
mquire: Linux memory forensics without external dependencies
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production systems and must be sourced from external repositories, which quickly become outdated when systems receive updates. If you’ve ever tried to analyze a memory dump only…
-
Querying the free DNSBLs via Oracle? Move to Spamhaus Technology’s free Data Query Service
If you’re using the free DNS Blocklists (DNSBLs) through the Public Mirrors while running on Oracle’s network, you’ll need to make a few small adjustments to your email setup. These changes are simple to apply, but if you don’t take action, you risk having some – or even all – of your email blocked after…
-
Blue Teaming Construction Insights from 2025 Threat Landscape Observations
In 2025, AI has evolved from being a tool that merely enhances the efficiency of attacks to becoming an integral component embedded within the execution phase of cyber operations. In the future, AI may even emerge as a pivotal enabler for attack activities. During the initial attack phase, AI technology has significantly reduced the difficulty of…The…
-
That Time a Software Engineer Had Dominion Over 7000 Robot Vacuums
Cleaning house may be onerous, but vulnerable robot vacuums around the world could be marshalled into a surveillance network, one software engineer discovered. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/that-time-a-software-engineer-had-dominion-over-7000-robot-vacuums/
-
Windows 11 KB5077241 update improves BitLocker, adds Sysmon tool
Microsoft has released the KB5077241 optional cumulative update for Windows 11, which comes with 29 changes, including improvements to BitLocker, a new network speed test tool, and native System Monitor (Sysmon) functionality. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077241-update-improves-bitlocker-adds-sysmon-tool/
-
NDSS 2025 RadSee: See Your Handwriting Through Walls Using FMCW Rada
Authors, Creators & Presenters: Shichen Zhang (Michigan State University), Qijun Wang (Michigan State University), Maolin Gan (Michigan State University), Zhichao Cao (Michigan State University), Huacheng Zeng (Michigan State University) PAPER RadSee: See Your Handwriting Through Walls Using FMCW Radar This paper aims to design and implement a radio device capable of detecting a person’s handwriting…
-
Romanian Hacker Extradited to US Admits Hacking Oregon State Network
Catalin Dragomir admits to hacking an Oregon government office and selling network access. Read more on the $250k fraud case and his 2026 sentencing. First seen on hackread.com Jump to article: hackread.com/romanian-hacker-extradited-us-hacking-oregon-state/
-
International operation dismantles fraud network, Euro400,000 seized
A coordinated international operation supported by Eurojust dismantled a fraudulent call centre operating from three offices and targeting citizens throughout Europe. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/eurojust-international-action-fraudulent-call-centre-takedown/
-
CrowdStrike says attackers are moving through networks in under 30 minutes
The average time from intrusion to network movement in 2025 was 29 minutes, a 65% increase in speed from the year prior. First seen on cyberscoop.com Jump to article: cyberscoop.com/crowdstrike-annual-global-threat-report-attack-breakout-time/
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
Moving From Anomalies to Connections in Fraud Defense
Shared Network Intelligence Adds Ecosystem Visibility to AI Models. Fraudsters collaborate, but most banks still detect fraud alone. This imbalance has defined fraud prevention for years. Now CISOs and fraud practitioners are rethinking their approach using network intelligence signals. Network intelligence shifts the lens by focusing on relationships across banks. First seen on govinfosecurity.com Jump…