• 2025 saw 47.1 million DDoS attacks, a 236% rise since 2023. • Cloudflare mitigated 5,376 attacks per hour, 3,925 network‑layer, 1,451 HTTP. • Network‑layer attacks tripled to 34.
• CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) today issuedBin
• Executive Summary This investigation unveils a new cyberespionage group that Unit 42 tracks as TGR-STA-1030. • We refer to the group’s activity as the Shadow Campaigns. • We asse
• Introduction Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, a
• Today, we are releasing new research on detecting backdoors in open-weight language models. • Our research highlights several key properties of language model backdoors, laying t
• Treat AI agents as semi‑autonomous users, enforcing rules at identity, tool, data, and output boundaries. • Assign narrow job scopes and run agents under user‑level identities, l
• Threat Research Center Insights Opinions Why Smart People Fall For Phishing Attacks By:Ria Bhatia Ria Bhatia Published:February 3, 2026 Categories:Business Email CompromiseCyberc
• OT & ICs bridge digital and physical, powering critical infrastructure like nuclear plants and water systems. • Rising attacks target OT/ICS, demanding robust threat awareness an
• UPD 11.02.2026: added recommendations on how to use the Notepad++ supply chain attack rules package in our SIEM system. • Introduction On February 2, 2026, the developers of Note
• Scattered Lapsus ShinyHunters (SLSH) uses harassment, threats, even swatting to extort firms. • They notify journalists and regulators, amplifying pressure beyond typical ransomw
• Iconics Suite SCADA system vulnerable (CVE-2025-0921) allows privilege escalation via unnecessary file system operations. • Exploitation can corrupt critical binaries, leading to
• CVE-2024-54529: type confusion in CoreAudio’s com.apple.audio.audiohald Mach service, causing crashes. • Exploitation involved manipulating Mach messages to fetch wrong HALS_Obje
• In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-f
• Threat Research Center Insights Opinions Understanding the Russian Cyberthreat to the 2026 Winter Olympics By:Justin Moore Justin Moore Published:January 29, 2026 Categories:Cybe
• UPD 30.01.2026: Added technical details about the attack chain and more IoCs. • On January 20, a supply chain attack has occurred, with the infected software being the eScan anti
• CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) is calling on cri
• WhatsApp introduces Rust-based security layer to protect billions of users from malware threats. • The new media consistency library, written in Rust, runs on devices and browser
• Ported Synapse Matrix homeserver to Cloudflare Workers, creating a fully serverless architecture. • Eliminated heavy operational costs: no VPS, PostgreSQL tuning, Redis, reverse
• CVE-2025-8088: critical path traversal flaw in WinRAR allows arbitrary file writes via ADS. • Exploited by state-backed actors from Russia, China and financially motivated groups
• Data Privacy Week celebrates global awareness, led by the National Cybersecurity Alliance. • NIST’s Privacy Engineering Program plans 2026 privacy risk management guidelines. • P
• AI reshapes espionage, intensifying global intelligence rivalry and prompting new defensive strategies. • China’s tech surge fuels new espionage tactics and countermeasures, resh
• HoneyMyte upgraded CoolClient backdoor with new features, enhancing persistence and stealth. • The group deployed multiple browser login data stealers across recent campaigns. •
• Kimwolf botnet, 2M infected devices, compromised Badbox 2.0 control panel screenshot. • Badbox 2.0: China-based botnet on Android TV streaming boxes, over ten million devices, us
• Article inaccessible; requires JavaScript to load content. • Unable to verify authenticity of threat intel data. • No actionable insights provided due to technical barrier. • Sug
• Open Source software drives global innovation, research, and economic growth, worth $8.8 trillion. • Without Open Source, companies would spend 3.5× more on software, highlightin
• A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. • The goal of this feature is to replace User Account Control (UAC) with a mo
• CTA founded in 2014, uniting Palo Alto, Fortinet, McAfee, and Symantec for shared threat intelligence. • Shifted industry from proprietary intel to collaborative defense, raising
• CISA releases first product categories list for post‑quantum cryptography (PQC) adoption. • List identifies hardware and software that support or will support PQC standards. • De
• Reconnaissance is often ignored, yet it’s essential for protecting networks. • Know your environment: attackers excel at mapping assets, from Windows 7 machines to smart fridges.
• Attackers embed a benign page that calls an LLM API to generate malicious JavaScript in real time. • Prompt engineering bypasses AI safety guardrails, producing polymorphic phish
• 76 unique 0‑day vulnerabilities discovered across three days, totaling $1,047,000 in rewards. • Fuzzware.io clinched Master of Pwn with 28 points, outperforming rivals like Team
• Kimwolf botnet has infected over 2 million IoT devices, enabling massive DDoS attacks. • It scans local networks of compromised systems to spread to additional vulnerable devices
Azure Private Endpoints can unintentionally expose resources to DoS attacks. Attack vectors include accidental admin deployments, vendor setups, and malicious actors. Over 5% of Az
• VoidLink showcases AI-generated malware capable of crafting polymorphic code. • The malware leverages generative models to evade traditional signature-based detection. • Checkpoi
• Unable to access threat intel report due to JavaScript requirement, preventing data retrieval. • Checkpoint Research site blocked without JavaScript, limiting threat intelligence
• Threat Research Center Insights Anatomy of an Attack Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering By:Randy Stone Randy Stone Published:January 16
• With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland conte
• Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. • One effect of this change
• CISA, UK NCSC, FBI Unveil Principles to Combat Cyber Risks in OT WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA), United Kingdom’s National Cyber
• Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. • Eight of the vulnerabilities earned Microsof
• Executive Summary On Dec. • 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive hea
• Executive Summary We identified vulnerabilities in three open-source artificial intelligence/machine learning (AI/ML) Python libraries published by Apple, Salesforce and NVIDIA o
• Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android T
• CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the succe
• Threat Research Center Insights General Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk By:Kate MiddaghMichael Spisak Kate Middagh Michael Spisak Published:
• The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. • The vulnerability at issue has been exploited for months alrea
• KrebsOnSecurity.com celebrates its 16th anniversary today! • A huge ’thank you’ to all of our readers - newcomers, long-timers and drive-by critics alike. • Your engagement this
• Overview of the attacks In mid-2025, we identified a malicious driver file on computer systems in Asia. • The driver file is signed with an old, stolen, or leaked digital certifi
• Table of Contents Statistics across all threats Selected industries Diversity of detected malicious objects Main threat sources Threat categories Malicious objects used for initi
• Introduction The Evasive Panda APT group (also known as Bronze Highland, Daggerfly, and StormBamboo) has been active since 2012, targeting multiple industries with sophisticated,
• A SIEM is a complex system offering broad and flexible threat detection capabilities. • Due to its complexity, its effectiveness heavily depends on how it is configured and what
• The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum o
• CISA Releases Dynamic New Guide for Stadium and Arena Owners to Fortify Operations, Mitigate Vulnerabilities and Elevate Emergency Preparedness WASHINGTON - Today, the Cybersecur
• Opening Doors to the Future: CISA Announces Participation in the CyberCorps® Scholarship for Service (SFS) WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agenc
• Direct navigation - the act of visiting a website by manually typing a domain name in a web browser - has never been riskier: A new study finds the vast majority of ‘parked’ doma
• Official websites use .govA.govwebsite belongs to an official government organization in the United States. • Secure .gov websites use HTTPSAlock(LockA locked padlock) orhttps://
• While on Project Zero, we aim for our research to be leading-edge, our blog design was ⦠not so much. • We welcome readers to our shiny new blog! • For the occasion, we asked me
• Preface Hello from the future! • This is a blogpost I originally drafted in early 2017. • I wrote what I intended to be the first half of this post (about escaping from the VM to
• This post was originally written in 2016 for the Project Zero blog. • However, in the end it was published separately in the journal PoC||GTFO issue #13 as well as in the second
• Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. • Thanks to a lead from Meta, these samples came to the attention of Googl