Attacks & Vulnerabilities |
US broadband provider Brightspeed investigates breach claims (2 minute read)
Brightspeed, a major fiber broadband provider in the US, is probing claims by the Crimson Collective extortion gang that it stole data on over 1 million customers, including PII, account information, and limited payment details. The company has confirmed an ongoing cybersecurity investigation and promises updates to customers, employees, and authorities. |
Sedgwick Confirms Cyberattack on Government Subsidiary (2 minute read)
Sedgwick says a ransomware-linked cyberattack hit an isolated file transfer system at its Sedgwick Government Solutions unit, which serves US agencies such as DHS and CISA. The firm reports no evidence of access to claims management servers or broader network impact and continues operations while law enforcement and clients are notified. |
VSCode IDE Forks Expose Users to "Recommended Extension" Attacks (3 minute read)
AI-powered IDEs such as Cursor and Windsurf have been exposing users to additional risk by recommending non-existent extensions in the OpenVSX registry. These IDEs are forked from Microsoft VSCode, but cannot use extensions from the official store. However, they are supported by OpenVSX. Researchers from Koi have discovered several recommended extensions that are not available in the OpenVSX marketplace and are vulnerable to attackers claiming namespaces to deliver malicious extensions. |
|
Cybersecurity skills matter more than headcount in the AI era (5 minute read)
ISC2's 2025 Cybersecurity Workforce Study revealed that skills gaps have overtaken headcount as the primary concern, with 95% of 16,029 surveyed professionals reporting at least one skill need and 59% citing critical or significant gaps—increases of 5% and 15% respectively from 2024. Nearly 90% of respondents experienced at least one significant cybersecurity event due to skills shortages, while AI adoption accelerated rapidly, with 28% already integrating AI tools and 69% actively involved in adoption. AI and cloud security were identified as the top critical skills needs at 41% and 36%. Organizations should prioritize capability development over headcount expansion through sustained AI upskilling investments and realistic workload management, as 48% of professionals feel exhausted staying current with threats, while 75% plan to remain with their current employer for one year, but only 66% for two years. |
The Kimwolf Botnet is Stalking Your Local Network (14 minute read)
The Kimwolf botnet infected over 2 million devices worldwide by using residential proxy networks (mainly IPIDEA) to bypass firewalls and directly access devices on internal networks. Two-thirds of these infections came from unsanctioned Android TV boxes sold on major e-commerce platforms, which ship with Android Debug Bridge mode enabled by default. RIT researcher Benjamin Brundage found that attackers exploited a vulnerability allowing DNS records to point to RFC-1918 internal addresses, bypassing domain restrictions and deploying malware on devices behind routers once thought to be secure. In response, IPIDEA released security patches to block internal network access and high-risk ports after receiving Brundage's December 2025 vulnerability report. Users should remove vulnerable Android TV boxes, set up guest Wi-Fi for visitors, and understand that traditional LAN security measures are now dangerously outdated. |
Registry Writes Without Registry Callbacks (5 minute read)
Windows supports mandatory user profiles using an NTUSER.MAN hive file, which, when present in a user's profile, completely replaces the normal NTUSER.DAT hive for HKEY_CURRENT_USER during logon. By crafting and dropping a modified NTUSER.MAN that includes persistence keys, an attacker can ensure those keys are loaded into the user's registry hive without using standard registry APIs, thereby sidestepping EDR products that rely on CmRegisterCallbackEx telemetry. This technique only requires medium-integrity access, works well with roaming or AD-based mandatory profiles, and is primarily detectable through filesystem events and unusual .MAN files or profilePath changes rather than registry logs. |
|
DbgNexum (GitHub Repo)
DbgNexum is a Proof-of-Concept for injecting shellcode using the Windows Debugging API and Shared Memory (File Mapping). It avoids writing and reading remote memory directly, instead using context manipulation to force the target process to load and execute the payload itself. |
Scalekit (Product Launch)
Scalekit provides a modular authentication stack for AI and SaaS apps, securing AI agents and human users with OAuth 2.1, token vaults, and secure tool-calling so agents can safely act in external apps like Gmail, Slack, and Notion. |
Social Analyzer (GitHub Repo)
Social Analyzer is an API, CLI, and Web App for analyzing and finding a person's profile across over 1,000 social media/websites. It includes different analysis and detection modules, and you can choose which modules to use during the investigation process. |
|
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia (9 minute read)
Transparent Tribe (APT36) deployed remote access trojans against Indian governmental, academic, and strategic entities through spear-phishing emails containing weaponized LNK files disguised as PDFs that execute remote HTA scripts via mshta.exe to deliver the final RAT payload. The malware employs adaptive persistence mechanisms based on detected antivirus solutions, with the deployed DLL supporting remote system control, file management, data exfiltration, screenshot capture, and clipboard manipulation capabilities. The campaign demonstrates Transparent Tribe's continuous toolkit evolution, with related activity linking the group to Patchwork APT and the new StreamSpy trojan that uses WebSocket channels for C2 communication to evade HTTP traffic detection. |
Hacktivist deletes white supremacist websites live onstage during hacker conference (4 minute read)
At the Chaos Communication Congress in Hamburg, hacktivist Martha Root live‑deleted three white supremacist platforms - WhiteDate, WhiteChild, and WhiteDeal - after infiltrating them using AI chatbots that passed their racist verification checks. The stunt wiped the sites' servers, exposed serious security lapses and user data patterns, and sparked debate as the outraged administrator decried "cyberterrorism" while activists framed the action as a direct anti‑racist intervention. |
The Sins of Security Vendor Research (4 minute read)
Security vendors often provide valuable research, but also commit "sins" that diminish the value of the research. Security vendors often emphasize fear, uncertainty, and doubt by overdramatizing a risk and then suggesting that the only solution is their product, or ignoring prior research to imply a false sense of novelty for their product. Other research sins may involve statistical sins, such as drawing causations from mere correlation and allowing marketing to pollute the research. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
|
| |
0 Comments