Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Emerging Predator Spyware Technique Enables Zero-Click Compromise

  Intellexa is one of the most controversial and persistent players in the shadowy world of commercial cyber-espionage, even though mounting...

All the recent news you need to know
DDOS Attack
Aisuru Botnet Cloudfare Cyber Attacks DDOS Attack

Aisuru Botnet Unleashes Record 29.7 Tbps DDoS Attack

 

A new record-breaking 29.7 Tbps distributed denial-of-service (DDoS) attack launched via the Aisuru botnet has set a new standard for internet disruption and reinforced that multi-terabit attacks are on track to soon be an everyday event for DDoS defenders. According to Cloudflare’s latest DDoS threats report, Aisuru launched an intense hyper-volumetric DDoS on a network layer with traffic that reached 29.7 Tbps and 14.1 billion packets per second, reaching new heights beyond previous records that topped 22 Tbps. 

The DDoS attack employed a UDP ‘carpet bombing’ technique that targeted 15,000 destination ports every second with random packet components constantly varying so as not to get filtered out at traditional scrubbing centers. Despite these efforts, Cloudflare reports that Aisuru traffic took mere seconds for an autonomous mitigation system to identify and remove. 

Behind the incident is a botnet Cloudflare now estimates at 1 million to 4 million compromised devices, making Aisuru the biggest DDoS botnet in active circulation. Since the start of 2025, Cloudflare has mitigated 2,867 Aisuru incidents, with 1,304 hyper-volumetric attacks in the third quarter alone - a 54% quarter-over-quarter increase that equates to about 14 mega-events a day. Segments of the botnet are openly leased as "chunks", allowing buyers to rent enough power to take down backbone connections or perhaps even national ISPs for mere hundreds or thousands of dollars apiece.

Cloudflare thwarted a total of 8.3 million DDoS attacks in the third quarter of 2025, a 15% increase from the prior quarter and 40% year-over-year, while marking the 2025 year-to-date total at 36.2 million - already 170% of all attacks recorded in 2024 and still one full quarter away. 

About 71% of Q3 attacks were network-layer traffic, which soared 87% QoQ and 95% YoY, while HTTP-layer events fell 41% QoQ and 17% YoY, indicating a strategic swing back to pure bandwidth and transport-layer exhaustion. The extremes are picked up the most: incidents over 100 Mpps jumped 189% QoQ, and those above 1 Tbps increased by 227%, though many ended within 10 minutes, too late for any effective intervention by manual actions or DDoS-on-demand mitigation programs.

Collateral damage continues to escalate as well. KrebsOnSecurity reports Aisuru-driven traffic has already caused severe outages at U.S. internet services not targeted as main victims. Cloudflare data shows Aisuru and actors like it have targeted telecoms, gaming, hosting, and financial services intensely. Information Technology and Services, telecoms, gambling and casinos are among the toughest hit sectors in Q3. 

Geopolitics and societal unrest are increasingly reflected in attack behavior. DDoS traffic against generative AI service providers jumped as high as 347% month-over-month in September, and DDoS attacks on mining, minerals and metals, and autos failed to lag as tensions escalated involving EV tariffs and China and the EU.

Indonesia continues as source number one for DDoS traffic, registering an astonishing 31,900% increase in HTTP DDoS requests since 2021, and there were sharp increases in Q3 2025 for the Maldives, France, and Belgium, reflecting massive protests and worker walkouts. China stayed the most‑targeted country, followed by Turkey and Germany, with the United States climbing to fifth and the Philippines showing the steepest rise within the top 10, underscoring how modern DDoS campaigns now track political flashpoints, public anger, and regulatory fights over AI and trade almost in real time.
Read more »
Virtual Kidnapping
Cyber Crime FBI Hacking Scammers Sensitive Information Virtual Kidnapping

FBI Alerts Public about Scammers Using Altered Online Photos to Stage Fake Kidnappings

 



The Federal Bureau of Investigation has issued a new advisory warning people about a growing extortion tactic in which criminals take photos posted online, manipulate them, and present the edited images as supposed evidence during fake kidnapping attempts. The agency reports that these incidents, often described as virtual kidnappings, are designed to panic the target into paying quickly before verifying the claims.


How the scam begins

The operation usually starts when criminals search social media accounts or any platform where people share personal photos publicly. They collect pictures of individuals, including children, teenagers, and adults, and then edit those images to make it appear as though the person is being held against their will. Scammers may change facial expressions, blur backgrounds, add shadows, or alter body positions to create a sense of danger.

Once they prepare these altered images, they contact a relative or friend of the person in the photo. In most cases, they send a sudden text or place a call claiming a loved one has been kidnapped. The message is crafted to create immediate panic and often includes threats of harm if payment is not made right away.


The role of fake “proof of life”

One recurring tactic is the use of emotionally charged photos or short video clips that appear to show the victim in distress. These materials are presented as proof that the kidnapping is real. However, investigators have observed that the content often contains mistakes that reveal it has been edited. The inconsistencies can range from missing tattoos or scars to unnatural lighting, distorted facial proportions, or visual elements that do not match known photos of the person.

Criminals also try to limit the victim’s ability to examine the images closely. Some use disappearing messages or apps that make screenshots difficult. Others send messages in rapid succession to prevent the victim from taking a moment to reach out to the supposed abducted individual.


Why these scams escalate quickly

Scammers depend on speed and emotional intensity. They frequently insist that any delay will lead to harm, which pressures victims to make decisions without checking whether their loved one is actually safe. In some situations, criminals exploit posts about missing persons by inserting themselves into ongoing searches and providing false updates.

The FBI urges people to be mindful of the information they share online, especially when it involves personal photos, travel details, or locations. The agency recommends that families set up a private code word that can be used during emergencies to confirm identity. Individuals should avoid sharing personal information with unknown callers or strangers while traveling.

If someone receives a threatening call or message, the FBI advises them to stay calm and attempt to contact the alleged victim directly through verified communication channels. People should record or capture any messages, screenshots, phone numbers, images, or audio clips connected to the incident. These materials can help law enforcement determine whether the event is a hoax.

Anyone who believes they have been targeted by a virtual kidnapping attempt is encouraged to submit a report to the FBI’s Internet Crime Complaint Center at IC3.gov. The agency requests detailed information, including phone numbers used by the scammer, payment instructions, message transcripts, and any photos or videos that were provided as supposed evidence.





Read more »
Vetco security lapse
Data Breach IDOR vulnerability pet medical records exposed Petco Petco Vetco leak Vetco Clinics Vetco security lapse

Petco Takes Vetco Clinics Site Offline After Major Data Exposure Leaves Customer Records Accessible Online

 

Pet wellness brand Petco has temporarily taken parts of its Vetco Clinics website offline after a security failure left large amounts of customer information publicly accessible.

TechCrunch notified the company about the exposed Vetco customer and pet data, after which Petco acknowledged the issue in a statement, saying it is investigating the incident at its veterinary services arm. The company declined to share further details.

The lapse meant that anyone online could directly download customer files from the Vetco site without needing an account or login credentials. At least one customer file was publicly visible and had even been indexed by Google, making it searchable.

According to data reviewed by TechCrunch, the exposed records included visit notes, medical histories, prescriptions, vaccination details, and other documents linked to Vetco customers and their pets.

These files contained personal information such as customer names, home addresses, phone numbers and email addresses, along with clinic locations, medical evaluations, diagnoses, test results, treatment details, itemized costs, veterinarian names, signed consent forms, and service dates.

Pet details were also disclosed, including pet names, species, breed, sex, age, date of birth, microchip numbers, medical vitals, and prescription histories.

TechCrunch reported the flaw to Petco on Friday. The company acknowledged the exposure on Tuesday after receiving follow-up communication that included examples of the leaked files.

Petco spokesperson Ventura Olvera told TechCrunch that the company has “implemented, and will continue to implement, additional measures to further strengthen the security of our systems,” though Petco did not provide proof of these measures. Olvera also declined to clarify whether the company has logging tools capable of determining whether the data was accessed or extracted during the exposure.

The vulnerability stems from how Vetco’s website generates downloadable PDFs for customers. Vetco’s portal, petpass.com, gives customers access to their vet records. However, TechCrunch discovered that the PDF-generation page was left publicly accessible without any password protection.

This allowed anyone to retrieve sensitive documents simply by altering the URL to include a customer’s unique identification number. Because Vetco’s customer IDs are sequential, adjusting the number by small increments exposed other customers’ records as well.

By checking ID numbers in increments of 100,000, TechCrunch estimated that the flaw could have exposed information belonging to millions of Petco customers.

The issue is identified as an insecure direct object reference (IDOR), a common security oversight where servers fail to verify whether the requester is authorized to access specific files.

It remains unknown how long the data was publicly exposed, but the record visible on Google dated back to mid-2020.

This marks the third data incident involving Petco in 2025, according to TechCrunch’s reporting.

Earlier in the year, hackers linked to the Scattered Lapsus$ Hunters group reportedly stole a large trove of customer data from a Salesforce-hosted Petco database and sought ransom payments to avoid leaking the data.

In September, Petco disclosed another breach involving a misconfigured software setting that mistakenly made certain files available online. That incident exposed highly sensitive data—including Social Security numbers, driver’s license details, and payment information like credit and debit card numbers.

Olvera did not confirm how many customers were affected by the September breach. Under California law, organizations must publicly report breaches affecting more than 500 state residents.

TechCrunch believes the newly discovered Vetco data exposure is a separate event because Petco had already begun notifying customers about the earlier breach months prior.
Read more »
zero-day
AI Cloud Data GitHub Internet Technology zero-day

700+ Self-hosted Gits Impacted in a Wild Zero-day Exploit


Hackers actively exploit zero-day bug

Threat actors are abusing a zero-day bug in Gogs- a famous self-hosted Git service. The open source project hasn't fixed it yet.

About the attack 

Over 700 incidents have been impacted in these attacks. Wiz researchers described the bug as "accidental" and said the attack happened in July when they were analyzing malware on a compromised system. During the investigation, the experts "identified that the threat actor was leveraging a previously unknown flaw to compromise instances. They “responsibly disclosed this vulnerability to the maintainers."

The team informed Gogs' maintainers about the bug, who are now working on the fix. 

The flaw is known as CVE-2025-8110. It is primarily a bypass of an earlier patched flaw (CVE-2024-55947) that lets authorized users overwrite external repository files. This leads to remote code execution (RCE). 

About Gogs

Gogs is written in Go, it lets users host Git repositories on their cloud infrastructure or servers. It doesn't use GitHub or other third parties. 

Git and Gogs allow symbolic links that work as shortcuts to another file. They can also point to objects outside the repository. The Gogs API also allows file configuration outside the regular Git protocol. 

Patch update 

The previous patch didn't address such symbolic links exploit and this lets threat actors to leverage the flaw and remotely deploy malicious codes. 

While researchers haven't linked the attacks to any particular gang or person, they believe the threat actors are based in Asia.

Other incidents 

Last year, Mandiant found Chinese state-sponsored hackers abusing a critical flaw in F5 through Supershell, and selling the access to impacted UK government agencies, US defense organizations, and others.

Researchers still don't know what threat actors are doing with access to compromised incidents. "In the environments where we have visibility, the malware was removed quickly so we did not see any post-exploitation activity. We don't have visibility into other compromised servers, beyond knowing they're compromised," researchers said.

How to stay safe?

Wiz has advised users to immediately disable open-registration (if not needed) and control internet exposure by shielding self-hosted Git services via VPN. Users should be careful of new repositories with unexpected usage of the PutContents API or random 8-character names. 

For more details, readers can see the full list of indicators published by the researchers.



Read more »
Microsoft
Critical Flaws Critical security flaw CVE CVEs CVSS Cyber Security Fortinet Ivanti Ivanti security flaws Microsoft

December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes

 


While December's Patch Tuesday gave us a lighter release than normal, it arrived with several urgent vulnerabilities that need attention immediately. In all, Microsoft released 57 CVE patches to finish out 2025, including one flaw already under active exploitation and two others that were publicly disclosed. Notably, critical security updates also came from Notepad++, Ivanti, and Fortinet this cycle, making it particularly important for system administrators and enterprise security teams alike. 

The most critical of Microsoft's disclosures this month is CVE-2025-62221, a Windows Cloud Files Mini Filter Driver bug rated 7.8 on the CVSS scale. It allows for privilege escalation: an attacker who has code execution rights can leverage the bug to escalate to full system-level access. Researchers say this kind of bug is exploited on a regular basis in real-world intrusions, and "patching ASAP" is critical. Microsoft hasn't disclosed yet which threat actors are actively exploiting this flaw; however, experts explain that bugs like these "tend to pop up in almost every big compromise and are often used as stepping stones to further breach". 

Another two disclosures from Microsoft were CVE-2025-54100 in PowerShell and CVE-2025-64671, impacting GitHub Copilot for JetBrains. Although these are not confirmed to be exploited, they were publicly disclosed ahead of patching. Graded at 8.4, the Copilot vulnerability would have allowed for remote code execution via malicious cross-prompt injection, provided a user is tricked into opening untrusted files or connecting to compromised servers. Security researchers expect more vulnerabilities of this type to emerge as AI-integrated development tools expand in usage. 

But one of the more ominous developments outside Microsoft belongs to Notepad++. The popular open-source editor pushed out version 8.8.9 to patch a weakness in the way updates were checked for authenticity. Attackers were managing to intercept network traffic from the WinGUp update client, then redirecting users to rogue servers, where malicious files were downloaded instead of legitimate updates. There are reports that threat groups in China were actively testing and exploiting this vulnerability. Indeed, according to the maintainer, "Due to the improper update integrity validation, an adversary was able to manipulate the download"; therefore, users should upgrade as soon as possible. 

Fortinet also patched two critical authentication bypass vulnerabilities, CVE-2025-59718 and CVE-2025-59719, in FortiOS and several related products. The bugs enable hackers to bypass FortiCloud SSO authentication using crafted SAML messages, which only works if SSO has been enabled. Administrators are advised to disable the feature until they can upgrade to patched builds to avoid unauthorized access. Rounding out the disclosures, Ivanti released a fix for CVE-2025-10573, a severe cross-site scripting vulnerability in its Endpoint Manager. The bug allows an attacker to register fake endpoints and inject malicious JavaScript into the administrator dashboard. Viewed, this could serve an attacker full control over the session without credentials. There has been no observed exploitation so far, but researchers warn that it is likely attackers will reverse engineer the fix soon, making for a deployment environment of haste.
Read more »
Vulnerabilities and Exploits
code execution Ivanti EPM Remote Exploit Security flaw Vulnerabilities and Exploits

Ivanti Flags Critical Endpoint Manager Flaw Allowing Remote Code Execution

 

Ivanti is urging customers to quickly patch a critical vulnerability in its Endpoint Manager (EPM) product that could let remote attackers execute arbitrary JavaScript in administrator sessions through low-complexity cross-site scripting (XSS) attacks.The issue, tracked as CVE-2025-10573, affects the EPM web service and can be abused without authentication, but does require some user interaction to trigger.

The flaw stems from how Ivanti EPM handles managed endpoints presented to the primary web service. According to Rapid7 researcher Ryan Emmons, an attacker with unauthenticated access to the EPM web interface can register bogus managed endpoints and inject malicious JavaScript into the administrator dashboard. Once an EPM administrator views a poisoned dashboard widget as part of routine use, the injected code executes in the browser, allowing the attacker to hijack the admin session and act with their privileges.

Patch availability and exposure

Ivanti has released EPM 2024 SU4 SR1 to remediate CVE-2025-10573 and recommends customers install this update as soon as possible. The company stressed that EPM is designed to operate behind perimeter defenses and not be directly exposed to the public internet, which should lower practical risk where deployments follow guidance.However, data from the Shadowserver Foundation shows hundreds of Ivanti EPM instances reachable online, with the highest counts in the United States, Germany, and Japan, significantly increasing potential attack surface for those organizations.

Alongside the critical bug, Ivanti shipped fixes for three other high‑severity vulnerabilities affecting EPM, including CVE-2025-13659 and CVE-2025-13662. These two issues could also enable unauthenticated remote attackers to execute arbitrary code on vulnerable systems under certain conditions. Successful exploitation of the newly disclosed high‑severity flaws requires user interaction and either connecting to an untrusted core server or importing untrusted configuration files, which slightly raises the bar for real-world attacks.

Threat landscape and prior exploitation

Ivanti stated there is currently no evidence that any of the newly patched flaws have been exploited in the wild and credited its responsible disclosure program for bringing them to light. Nonetheless, EPM vulnerabilities have been frequent targets, and U.S. Cybersecurity and Infrastructure Security Agency (CISA) has repeatedly added Ivanti EPM bugs to its catalog of exploited vulnerabilities. In 2024, CISA ordered federal agencies to urgently patch multiple Ivanti EPM issues, including three critical flaws flagged in March and another actively exploited vulnerability mandated for remediation in October.
Read more »
Subscribe to: Comments (Atom)

Featured