Author: Staff Writer

Top Highlights A new global botnet campaign emerged in November, exploiting DNS misconfigurations and hijacked MikroTik routers to facilitate a widespread malspam operation using over 13,000 compromised devices as open proxies, complicating detection. Attackers sent spoofed emails with malicious ZIP archives containing obfuscated JavaScript that, when executed, launched PowerShell routines connecting to a Russian-linked C2 server for payload delivery. The campaign bypassed email security filters by abusing poorly configured SPF records, enabling malicious emails to impersonate legitimate domains and evade DKIM, SPF, and DMARC checks. The malware establishes persistence through scheduled tasks and uses legitimate DNS infrastructure and network services,…

Essential Insights The FBI issued an alert warning about malicious actors creating spoofed versions of the official IC3 website to steal personal info and commit fraud. Users can be deceived by slight alterations in domain names or top-level domains, making fake sites appear legitimate. To avoid scams, always access the IC3 site directly via www.ic3.gov, and verify it ends with [.]gov, avoiding suspicious links or ads. The FBI emphasizes that IC3 never requests payment for fund recovery and does not operate social media accounts, encouraging reporting of any incidents. The Issue The FBI issued a warning about malicious actors creating…

Quick Takeaways Fortra released patches for a critical CVE-2025-10035 vulnerability in GoAnywhere MFT, allowing potential command injection and remote code execution via deserialization issues. The flaw affects the application’s license servlet and can be exploited by forging license responses, especially if the Admin Console is publicly accessible. Despite no known active exploits or public exploit code, experts warn the vulnerability poses a significant threat given the product’s history and critical nature. Fortra recommends updating to patched versions, restricting Admin Console access, and monitoring logs for suspicious activity to mitigate risk. Problem Explained Fortra recently released security patches addressing a severe…

Summary Points Token Validation Flaw: A severe vulnerability (CVE-2025-55241) in Microsoft Entra ID allows attackers to impersonate any user, including Global Administrators, across tenants, scoring 10.0 on the CVSS scale. Exploitation and Impact: This flaw permits attackers to bypass multi-factor authentication, access sensitive data, and gain full control of Azure resources, potentially compromising entire tenants without leaving logs. Legacy API Issues: The problem arises from inadequate validation in the deprecated Azure AD Graph API and flaws in service-to-service tokens, enabling unauthorized cross-tenant access. Urgent Migration Needed: Microsoft urges users to transition to the newer Microsoft Graph API before the deprecated…

Fast Facts BlackLock, a highly sophisticated ransomware group founded as “El Dorado” in March 2024 and rebranded in September, targets multiple industries worldwide with cross-platform capabilities across Windows, Linux, and VMware ESXi. Utilizing Go programming, it employs advanced cryptography like ChaCha20 and ECDH for unique file encryption, making data recovery extremely difficult without attacker decryption tools. The ransomware operates as a Ransomware-as-a-Service (RaaS), actively recruiting Russian-speaking affiliates via cybercrime forums, and employs network propagation via SMB protocols for lateral movement. It uses stealthy methods such as WMI shellcode execution, targets data destruction (VSS, Recycle Bin) to prevent recovery, and leaves…

Essential Insights Managing Non-Human Identities (NHIs)—including machine identities like passwords and tokens—is crucial for cost-effective security, helping organizations prevent breaches while staying within budget. A holistic NHI management approach—covering discovery, classification, automation, and regular audits—reduces risks, improves compliance, and enhances operational efficiency. Implementing best practices such as lifecycle management, automation, and robust policy frameworks helps bridge security gaps, especially in complex cloud and multi-cloud environments. Leveraging advanced tools like AI, blockchain, and continuous learning, alongside external resources, enables organizations to adapt proactively, ensuring budget-friendly, resilient security postures. The Issue The article, authored by Alison Mack and reported via the Security…

Fast Facts A cyberattack on a check-in system provider disrupted electronic check-ins at several European airports, causing delays and operational challenges. The attack primarily affected Collins Aerospace’s software, impacting multiple airports including Brussels, Berlin, and Heathrow, though airline and airport operations remained largely unaffected initially. Experts suggest the attack could be linked to hackers, criminal groups, or state actors, highlighting vulnerabilities in the aviation sector’s reliance on third-party digital systems. The incident underscores the growing cybersecurity threats in aviation, emphasizing the need for stronger safeguards against supply chain vulnerabilities and digital system attacks. Underlying Problem On Saturday, a sophisticated cyberattack…

Essential Insights A cyberattack disrupted check-in systems at several European airports, especially Brussels, causing cancellations and delays, with Boeing’s Collins Aerospace software being affected. Brussels Airport canceled nearly 140 flights on Monday, as the outage hindered the delivery of a secure software update, forcing manual check-ins and backup measures. The cyberattack, suspected to be from hackers or cybercriminals, did not impact aviation safety or air traffic control according to EU officials. Airlines and airports are actively managing the situation with increased staff, alternative check-in methods, and ongoing recovery efforts, but disruptions are expected to continue. Underlying Problem The recent cyberattack…

Summary Points Cyberattack Disrupts Flights: A cyberattack affecting check-in systems at several European airports caused numerous cancellations and delays, particularly at Brussels Airport. Brussels Airport’s Impact: Nearly 140 flights were canceled for Monday, with ongoing manual check-in processes leading to continued disruptions. Software Provider Complications: The incident involved Collins Aerospace, a U.S.-based company, which admitted to a cyber-related disruption affecting only check-in systems. Unclear Origins: The origins of the attack remain unknown, with potential suspects ranging from hackers to criminal organizations, but aviation safety and traffic control remain unaffected. [gptA technology journalist, write a short news story divided in two…

Quick Takeaways Recent insights reveal covert alliances among ransomware groups like Conti, LockBit, and Evil Corp, with shared infrastructure and code reuse, complicating threat attribution. The rise of AI-powered phishing platforms is enabling widespread, automated, and convincing social engineering attacks, raising the difficulty for defenders to detect malicious campaigns. Several critical vulnerabilities—affecting Jenkins, W-Fi protocols, Greenshot, Kubernetes, Linux kernels, and enterprise tools—require immediate patches to mitigate high-severity exploits and supply chain threats. Major data breaches at financial, luxury, and automotive sectors, alongside law enforcement arrests of hacker groups like Scattered Spider, highlight ongoing risks from insider threats, supply chain vulnerabilities,…