#network-layer-attacks
#network-layer-attacks

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.

fromwww.theguardian.com

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

DevOps

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

Careers

fromEntrepreneur

1 day ago

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.

Germany news

fromThe Local Germany

20 hours ago

Germany blames Russia for Signal phishing attacks on MPs

Germany blames Russia for phishing attacks targeting lawmakers and officials via the Signal messaging app.

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.

fromwww.theguardian.com

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

DevOps

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

fromThe Local Germany

16 hours ago

As phishing attacks hit Germany - how secure is Signal messenging app?

Signal, a secure messaging app, faces phishing attacks linked to Russian groups, raising concerns about its security despite its end-to-end encryption.

DevOps

fromTechRepublic

2 years ago

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.

Privacy professionals

fromArs Technica

Why are top university websites serving porn? It comes down to shoddy housekeeping.

Universities often neglect DNS record maintenance, leading to hijacked subdomains that can appear in search results.

Business intelligence

How Physical Security Data Is Supporting Public Safety Challenges

Physical security data is primarily used for officer safety, situational awareness, and responding to public safety emergencies.

Cisco advances path to quantum network with universal switch | Computer Weekly

Cisco's Universal Quantum Switch addresses the challenge of connecting quantum systems by routing quantum information while preserving it, a significant advancement in quantum networking.

Science

Remote teams

fromWRAL.com

One Tech Tip: Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but poses privacy and security risks in public spaces.

UK politics

fromwww.bbc.com

Proxy attacks in UK a real and growing concern, says PM

The UK government is increasingly concerned about hostile states using proxies for attacks, particularly against the Jewish community.

Deliverability

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

#artificial-intelligence

Artificial intelligence

How Should Effective AI Red Teams Operate?

fromWIRED

Artificial intelligence

5 AI Models Tried to Scam Me. Some of Them Were Scary Good

fromFortune

Information security

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Artificial intelligence

How Should Effective AI Red Teams Operate?

AI-specific red teaming is essential for organizations to understand and mitigate risks associated with AI tools.

Artificial intelligence

fromWIRED

5 AI Models Tried to Scam Me. Some of Them Were Scary Good

Artificial intelligence is increasingly capable of executing sophisticated social engineering attacks, as demonstrated by the DeepSeek-V3 model.

fromFortune

more#artificial-intelligence

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.

EU data protection

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.

Privacy professionals

Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting Engineering Software

A new Lua-based malware, fast16, predates Stuxnet and targets high-precision calculation software for cyber sabotage.

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.

1 day ago

Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting Engineering Software

A new Lua-based malware, fast16, predates Stuxnet and targets high-precision calculation software for cyber sabotage.

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.

Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks

Centralized governance and remote infrastructure are essential for secure Model Context Protocol deployments, addressing risks like prompt injection and supply chain attacks.

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.

Remote Desktop security beefed up with hard-to-read messages

Microsoft's Remote Desktop update has a bug preventing security warnings from displaying correctly for some users.

fromIT Brew

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.

1 day ago

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.

#ai

Information security

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

Information security

Microsoft is using Mythos to detect vulnerabilities

fromComputerworld

Information security

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

fromInfoWorld

Information security

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

from24/7 Wall St.

5 Cybersecurity Stocks Most Likely to Benefit as AI Threats Drive Budget Increases in 2026

AI surpasses most humans in finding software flaws, prompting a defensive coalition to enhance cybersecurity.

Claude Mythos Finds 271 Firefox Vulnerabilities

Claude Mythos AI model identified 271 vulnerabilities in Firefox, leading to the release of version 150 with multiple patches.

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

Microsoft is using Mythos to detect vulnerabilities

Microsoft integrates AI into cybersecurity to enhance vulnerability detection and prevention during software development.

fromComputerworld

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.

fromInfoWorld

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.

from24/7 Wall St.

5 Cybersecurity Stocks Most Likely to Benefit as AI Threats Drive Budget Increases in 2026

AI surpasses most humans in finding software flaws, prompting a defensive coalition to enhance cybersecurity.

Claude Mythos Finds 271 Firefox Vulnerabilities

Claude Mythos AI model identified 271 vulnerabilities in Firefox, leading to the release of version 150 with multiple patches.

The Top 8 Enterprise VPN Solutions

Secure remote connections are critical for businesses to prevent data breaches, with enterprise VPN solutions being a top priority.

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem.

Information security

Attackers could disable all of a city's public EV chargers

Rented IoT infrastructure prioritizes user convenience over security, exposing them to denial of service attacks and vulnerabilities.

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity SSRF vulnerability in LMDeploy is actively exploited, allowing attackers to access sensitive data and internal networks.

14,000 routers are infected by malware that's highly resistant to takedowns

A 14,000-device botnet called KadNap primarily compromises unpatched Asus routers to create a takedown-resistant proxy network for cybercrime using peer-to-peer Kademlia architecture.

Evasive Masjesu DDoS Botnet Targets IoT Devices

Masjesu is a botnet targeting IoT devices for DDoS attacks, active since 2023 and primarily advertised on Telegram.

Roam Research

fromArs Technica

14,000 routers are infected by malware that's highly resistant to takedowns

A 14,000-device botnet called KadNap primarily compromises unpatched Asus routers to create a takedown-resistant proxy network for cybercrime using peer-to-peer Kademlia architecture.

Evasive Masjesu DDoS Botnet Targets IoT Devices

Masjesu is a botnet targeting IoT devices for DDoS attacks, active since 2023 and primarily advertised on Telegram.

Now, even ransomware is using post-quantum cryptography

Kyber's use of PQC key-exchange algorithms serves more as a marketing tactic than a practical security measure against imminent quantum threats.

DR-DOS rises again - rebuilt from scratch, not open source

The long-dormant DR-DOS.com website is alive again, and DR-DOS 9.0 is in development. There have been six preliminary releases so far this year. The current work-in-progress version is version 9.0.291. This is not the same OS as the DOS-compatible OS that Digital Research developed back in the 1980s, working on the basis of its multitasking multiuser Concurrent DOS OS.

Software development

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

A Mirai botnet exploits a command injection vulnerability in discontinued D-Link routers, posing risks to connected devices.

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

Information security

fromZero Day Initiative

Zero Day Initiative - CVE-2026-33824: Remote Code Execution in Windows IKEv2

Detection of attacks exploiting this vulnerability requires monitoring specific UDP ports and correlating IKE packets in sequence.

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

fromZDNET

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.

After Bluesky, Mastodon Targeted in DDoS Attack

Mastodon experienced a major DDoS attack, causing significant outages, shortly after a similar attack on Bluesky.

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

fromSitePoint Forums | Web Development & Design Community

Why Your OpenClaw Setup is a "Malicious Insider" in Waiting

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

#cyber-security

Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly

Local infrastructure in the UK is vulnerable to cyber attacks, risking severe disruption to essential services and public safety.

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.

Nation states responsible for 'nationally significant' cyber attacks against UK, says NCSC chief | Computer Weekly

The UK faces increased cyber security threats from hostile states and AI advancements, with an average of four significant attacks weekly.

Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly

Local infrastructure in the UK is vulnerable to cyber attacks, risking severe disruption to essential services and public safety.

Sans Institute preps live systems for Nato cyber exercise | Computer Weekly

The Sans Institute is providing a real operational cyber range for the NATO Locked Shields exercise to enhance cyber security training and readiness.

Nation states responsible for 'nationally significant' cyber attacks against UK, says NCSC chief | Computer Weekly

The UK faces increased cyber security threats from hostile states and AI advancements, with an average of four significant attacks weekly.

more#cyber-security

fromTNW | Anthropic

Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.

fromWIRED

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

AI tools have enabled unskilled hackers to execute sophisticated cybercrime operations, resulting in significant financial theft.

fromTechCrunch

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Angelo Martino pleaded guilty to aiding cybercriminals in ransomware extortion, betraying clients and facing up to 20 years in prison.

fromTechCrunch

Mastodon says its flagship server was hit by a DDoS attack | TechCrunch

Mastodon's flagship server experienced a DDoS attack, causing significant outages and instability, but countermeasures were implemented to restore access.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.

#fortinet

Information security

Critical Fortinet sandbox bugs allow auth bypass and RCE

Information security

Fortinet Patches Critical FortiSandbox Vulnerabilities

Information security

Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Information security

Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

3 weeks ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

Information security

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.

Cisco warns of two more SD-WAN bugs under active attack

Cisco confirms active exploitation of two new vulnerabilities in Catalyst SD-WAN Manager, requiring immediate patching to prevent file overwriting and privilege escalation attacks.

Cisco Catalyst SD-WAN users targeted in series of cyber attacks | Computer Weekly

UK and Five Eyes agencies warn of active threat campaigns targeting Cisco Catalyst SD-WAN products, requiring immediate investigation and patching of critical authentication bypass vulnerabilities.