Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
Squid Proxy Bug Exposes Cleartext HTTP Requests
A newly discovered bug, dubbed Squidbleed, has been found in the popular Squid web proxy, allowing attackers to intercept sensitive HTTP requests and steal valuable credentials. This 20-year-old vulnerability, traced back to a 1997 FTP-parsing change, still affects Squid's default configuration.
Ransomware Gang Disables Security Software with GentleKiller Framework
Meet GentleKiller, a sneaky framework that helps ransomware gangs disable security software by targeting over 400 processes across 48 security products at the kernel level, allowing them to run unchecked. This sinister tool uses a "bring your own vulnerable driver" technique to terminate protections and clear the way for ransomware attacks.
London Hydro Data Breach Exposes Customer Information
London Hydro recently suffered a data breach that may have compromised personal info for over 160,000 of its customers in and around London, Ontario, leaving many with unanswered questions about the security of their data. The utility company has started notifying affected customers and is investigating the incident.
Threat Actors Monetize Stolen Credentials with Searchable Underground Services
Cybercriminals are cashing in on stolen credentials with a new breed of underground services that allow buyers to search and purchase specific, verified login details. This emerging market acts as a middleman between hackers who steal sensitive info and those who want to use it to take over accounts.
Google Tightens Android App Verification Rules Ahead of Sept. 30 Deadline
Get ready for a safer app experience on Android! As of September 30, 2026, Google will start enforcing developer verification, blocking installs of unverified apps on certified phones in Brazil, Indonesia, Singapore, and Thailand.
Unpatchable Apple BootROM Flaw Targets A12, A13 Chips
A newly discovered Apple BootROM flaw affecting A12 and A13 chips poses a lifelong security risk to affected devices, as the issue is embedded in unchangeable code that can't be fixed with a simple software update. This vulnerability, known as usbliter8, is a complex combination of hardware and firmware flaws that creates a pathway to compromise the boot chain on impacted Apple systems.
Malicious Google Ads Deliver CastleStealer via New OXLOADER Malware
Beware of malicious Google ads that can deliver CastleStealer via the new OXLOADER malware, which has shown impressive engineering skills and is worth keeping an eye on. Victims are tricked into downloading fake Node.js versions through ads masquerading as legitimate sources.
FortiBleed Campaign Exposes 80K Targets Worldwide
A massive cybersecurity threat, dubbed FortiBleed, has exposed over 80,000 Fortinet FortiGate devices worldwide, with alarming ease, by exploiting weak passwords and reused credentials. The US Cybersecurity agency is urging affected customers to secure their appliances immediately to prevent a potential breach.
Legacy Infrastructure Exposes AI Agents to Hijacking Risks
Legacy infrastructure can put your AI agents at risk of hijacking, as seen with CVE-2025-24813, a remote code execution flaw that lets attackers turn a routine server compromise into a full takeover. An unpatched Internet-facing Apache Tomcat server is all it takes to expose your enterprise to this threat.
Brazil Probes Hack of Emergency Alert System After Rogue Alert
A bogus emergency alert sent shockwaves across Brazil, pinging mobile devices in multiple states with a mysterious message reading "Alerta extremo - Defesa Civil:misantropi4". The authorities are now scrambling to investigate the hack, with SEDEC and Federal Police on the case.
Microsoft Links North Korea to Mastra AI Supply Chain Compromise
Microsoft has uncovered a massive supply chain attack on the npm registry, where over 140 packages were compromised, and has linked the operation with high confidence to Sapphire Sleet, a notorious North Korean state actor known for targeting the financial sector. This large-scale attack highlights the growing threat of North Korean hacking groups.
Healthcare Organization Backpedals on Phishing Test Targeting Staff Burnout
Newfoundland and Labrador Health Services is hitting the brakes on a well-intentioned but misguided phishing test that left staff feeling frustrated and burnt out. The healthcare organization has apologized and pledged to review its approach after sending employees a fake email offering an extra paid day off.
Klue Breach Exposes Cybersecurity Firms to OAuth Token Abuse
A single compromised credential led to a massive security breach at Klue, allowing an unauthorized actor to exploit OAuth tokens and gain access to sensitive customer data on third-party platforms like Salesforce. This incident highlights the growing threat of OAuth token abuse and the need for robust cybersecurity measures.
Canada's Spy Agency Neutralizes Foreign Botnets with Landmark Warrant
In a groundbreaking move, Canada's spy agency, CSIS, has successfully neutralized two foreign-run botnets operating on Canadian soil, thanks to a landmark warrant that allowed them to access and shut down infected devices. This pioneering threat-reduction tactic marks a major win in the fight against botnet threats.
Gizmodo Readers Targeted by ClickFix Malware After Account Compromise
If your Gizmodo account was compromised, be aware that you may have been targeted by the ClickFix malware, which showed up as suspicious prompts after the breach. Stay vigilant and take immediate action to protect your online security!
UK Information Commissioner Resigns Amid Workplace Misconduct Probe
UK Information Commissioner John Edwards has resigned amid allegations of workplace misconduct, including the use of vulgar and highly sexualized language towards staff, which he initially dismissed as misplaced humour. His resignation comes after an internal HR investigation concluded there was a case to answer, with evidence revealing a disturbing pattern of behaviour.
NCSC Warns Fortinet Customers of Credential Theft Fallout
A massive database of 75,000 stolen credentials, including usernames, email addresses, and passwords, has been discovered, putting organisations like Oracle, Spotify, and AT&T at risk. The leak, dubbed "FortiBleed," affects customers in 194 countries and over 21,000 domains, with nearly half of all internet-accessible Fortinet firewalls potentially exposed.
AryStinger Malware Infects 4,300 Routers in Global Reconnaissance Network
Meet AryStinger, a sneaky new malware that's hijacked over 4,300 home routers worldwide, transforming them into a covert network for spying and proxying - and the numbers are still climbing. This cunning malware lets hackers scan the internet, tunnel traffic, and run secret commands, all while hiding their digital tracks.
INTERPOL Warns of Rising Cybercrime in Asia-Pacific
Cybercriminals are wreaking havoc in Asia-Pacific, using cutting-edge tactics like AI and ransomware to scam and steal on a massive scale. Phishing is the region's most costly and widespread crime, with a third of countries reporting over 10,000 cases in just 15 months.
Australia Urged to Rapidly Develop Cheap Drone Interceptors
In a chilling display of modern warfare, Russia's 900-strong drone assault on Ukraine in 2026 has sounded alarm bells - will Australia be prepared to counter the threat of cheap, destructive drones? Shahed-class drones, with their 50kg high-explosive warheads, have proven capable of devastating effects, from leveling apartment blocks to crippling critical infrastructure.
Australia Weighs AI Training Plan to Lure Tech Firms, Compensate Creators
Australia is courting AI companies to train their models Down Under, and a new proposal aims to sweeten the deal by offering a special permit that not only provides legal certainty but also fairly compensates local creators for their work. The plan could keep these tech firms - and their lucrative investments - in Australia, rather than sending them overseas.
China's Aging Submarine Force Displays Enduring Presence
China's aging submarine force is still making waves, with its lone Xia-class SSBN, launched 45 years ago, remaining remarkably afloat - and even serving as a classroom - despite being written off as nearly retired for decades.
AryStinger Botnet Exploits Flaws in Thousands of D-Link Routers
Meet AryStinger, a sneaky botnet that's hijacked over 4,000 outdated D-Link routers worldwide, turning them into a powerful tool for hackers to carry out stealthy scans and attacks. This malware mastermind breaks down massive tasks into tiny chunks, distributing them across its zombie network for lightning-fast execution.
Prinz Eugen Ransomware Targets Critical Files in Hands-On Attacks
Meet Prinz Eugen, a sneaky ransomware that uses hands-on tactics to target critical files, evading detection by deliberately leaving no ransom note behind. Its operators use stolen RDP credentials and remote monitoring tools to manually infiltrate and take control of systems.