Cybercriminals move deeper into networks, hiding in edge infrastructure
Attack activity is moving toward infrastructure outside endpoint visibility. Proxy networks support a wide range of operations, edge devices serve as initial access points, …
Lumma Stealer Malware-as-a-Service operation disrupted
A coordinated action by US, European and Japanese authorities and tech companies like Microsoft and Cloudflare has disrupted the infrastructure behind Lumma Stealer, the most …
Law enforcement takes down proxy botnets used by criminals
US and Dutch law enforcement, with the help of Lumen Technologies researchers, have disrupted 5socks and Anyproxy, two proxy-for-rent services that were used by criminals for …
Juniper enterprise routers backdoored via “magic packet” malware
A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the …
FBI forced Flax Typhoon to abandon its botnet
A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director …
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made …
New SOHO router malware aims for cloud accounts, internal company resources
Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, …
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day …
Lumen Data Protect defends critical business data from corruption
Lumen is introducing Lumen Data Protect, a service for companies battling the growing risks associated with data corruption and security failure. Lumen Data Protect is an …
Qakbot: The trojan that just won’t go away
Qakbot (aka Qbot) – banking malware-turned-malware/ransomware distribution network – has been first observed in 2007 and is active to this day. The neverending …
Business-grade routers compromised in low-key attack campaign
An unknown threat actor has discreetly compromised business-grade DrayTek routers in Europe, Latin and North America, equipping them with a remote access trojan (dubbed …
Multi-platform Chaos malware threatens to live up to its name
Chaos, new multipurpose malware written in the Go programming language, is spreading across the world. “We are seeing a complex malware that has quadrupled in size in just two …
Featured news
Resources
Don't miss
- Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
- Acrobat Reader zero-day exploited in the wild for many months
- AI agent intent is a starting point, not a security strategy
- Asqav: Open-source SDK for AI agent governance
- BlueHammer: Windows zero-day exploit leaked