This week, we set up a new Slack workspace for DShield.org. This workspace replaces the old workspace we originally configured back in 2016 or 2017. The workspace was originally configured as a free workspace to support the DShield.org community. Over…
Tag: EN
Bad sushi: China-nexus phishers shift to residential proxies
Earlier this year, Spamhaus researchers observed a major shift in phishing targeting Japan. Starting in April, a China-nexus threat actor began using residential proxy networks to send phishing emails instead of subnets at China Telecom and China Unicom. This blog…
Crypto Agility for Developers: Build Agile Encryption Now
In 2025, software development is evolving rapidly with the rise of Vibe Coding and Agentic AI, but so is the cryptographic landscape that underpins these systems. As quantum computing moves closer to practical applicability and encryption standards become outdated, one…
NDSS 2025 – Workshop on Binary Analysis Research (BAR) 2025, Keynote II
Authors, Creators & Presenters: Dr. Heng Yin PhD, Professor, Department of Computer Science and Engineering, University of California, Riverside Workshop on Binary Analysis Research (BAR) 2025, co-located with the Network and Distributed System Security (NDSS) Symposium 2025 Our thanks to…
AI Chatbot Truth Terminal Becomes Crypto Millionaire, Now Seeks Legal Rights
Truth Terminal is an AI chatbot created in 2024 by New Zealand-based performance artist Andy Ayrey that has become a cryptocurrency millionaire, amassed nearly 250,000 social media followers, and is now pushing for legal recognition as an independent entity.…
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv. “This backdoor features functionalities relying on the installation of two eBPF…
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS…
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
A threat actor with ties to the Democratic People’s Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the…
Many IT leaders click phishing links, and some don’t report them
A new survey shines light on the security practices and AI fears of IT leaders and their subordinates. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Many IT leaders click phishing links, and…
Words as Weapons: What 300K Prompt Injection Attacks Taught Us About AI Security
The AI revolution has transformed how organizations operate, yet beneath the excitement of chatbots and autonomous agents lies a security crisis that most technology leaders are only beginning to comprehend…. The post Words as Weapons: What 300K Prompt Injection Attacks…
What is antivirus software?
<p>Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of <a href=”https://www.techtarget.com/searchsecurity/definition/malware”>malware</a> from computers, networks and other devices. Often included as part of a security package, antivirus software can also…
Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign
The tech giant attributed the attacks to Vanilla Tempest, also known as Vice Spider and Vice Society. The post Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Extortion and ransomware drive over half of cyberattacks
In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. The post Extortion and ransomware drive over half of cyberattacks appeared first on Microsoft…
New Rootkit Campaign Exploits Cisco SNMP Flaw to Gain Persistence
Trend Micro have reported a campaign exploiting a flaw in Cisco SNMP to install Linux rootkits on devices This article has been indexed from www.infosecurity-magazine.com Read the original article: New Rootkit Campaign Exploits Cisco SNMP Flaw to Gain Persistence
New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware
Written by: Mark Magee, Jose Hernandez, Bavi Sadayappan, Jessa Valdez Since late 2023, Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) have tracked UNC5142, a financially motivated threat actor that abuses the blockchain to facilitate the distribution of information…
DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains
Written by: Blas Kojusner, Robert Wallace, Joseph Dobson Google Threat Intelligence Group (GTIG) has observed the North Korea (DPRK) threat actor UNC5342 using ‘EtherHiding’ to deliver malware and facilitate cryptocurrency theft, the first time GTIG has observed a nation-state actor…
F5 Hit by ‘Nation-State’ Cyberattack
The intrusion affected F5’s BIG-IP product development environment and engineering knowledge management platforms. The post F5 Hit by ‘Nation-State’ Cyberattack appeared first on TechRepublic. This article has been indexed from Security Archives – TechRepublic Read the original article: F5 Hit…
One Republican Now Controls a Huge Chunk of US Election Infrastructure
Former GOP operative Scott Leiendecker just bought Dominion Voting Systems, giving him ownership of voting systems used in 27 states. Election experts have concerns. This article has been indexed from Security Latest Read the original article: One Republican Now Controls…
China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack
China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT…
New Phishing Attack Uses Basic Auth URLs to Trick Users and Steal Login Credentials
Early October 2025 witnessed the resurgence of a retro phishing technique that exploits legacy Basic Authentication URLs to deceive users into divulging sensitive credentials. Threat actors crafted links in the format https://username:password@domain.com, embedding a trusted institution’s domain in the username…