Skip to main content

IoT & Mobile Security

Microsoft Stops Stunning Record 5.72Tbps DDoS; Best Defense

Microsoft Stops Stunning Record 5.72Tbps DDoS; Best Defense

Microsoft’s automated defenses shrugged off a jaw‑dropping 5.72 Tbps DDoS (almost 3.64 billion pps), keeping services running — but the IoT botnet behind it shows how default settings and underprotected devices still make the internet ripe for even bigger attacks.

Analyst 207
Hacktivist-Driven DDoS Stunning Surge Alarms Public Sector

Hacktivist-Driven DDoS Stunning Surge Alarms Public Sector

Imagine a city more threatened by a flood of malicious internet traffic than a broken water main — last year denial-of-service attacks, many driven by hacktivists, made up about 60% of public-sector incidents, knocking out services and eroding trust without stealing a byte. With billions of poorly secured IoT devices and cheap DDoS-for-hire markets, even small groups can weaponize networks to silence government portals and disrupt daily life.

Analyst 207
Xi Jinping Exclusive: Damaging Joke on Xiaomi Backdoors

Xi Jinping Exclusive: Damaging Joke on Xiaomi Backdoors

Xi Jinpings offhand joke about Xiaomi backdoors — met with a laugh from South Koreas president — turned a light moment into a diplomatic ripple, reigniting real doubts about device security and supply‑chain vulnerabilities.

Analyst 207
Automated Botnet Attacks Exclusive: Critical PHP, IoT Surge

Automated Botnet Attacks Exclusive: Critical PHP, IoT Surge

Think of the internet as a house with unlocked doors—automated botnets are testing every handle, exploiting PHP flaws, IoT devices, and cloud misconfigurations to swell their ranks. If you run servers or smart devices, patch, change defaults, and lock things down now.

Analyst 207
Dimly lit server room with spotlight on a lone, vulnerable server surrounded by tangled cables and wires.

PHP Servers: Exclusive Critical IoT Attack Alert

Who else has the keys to your server? A sharp rise in attacks using simple PHP web shells is turning unpatched apps, unsecured IoT devices, and misconfigured cloud gateways into cheap, scalable footholds for persistent intruders.

Analyst 207
DDoS Botnet Aisuru Sparks Severe, Stunning ISP Outages

DDoS Botnet Aisuru Sparks Severe, Stunning ISP Outages

Imagine fighting a storm when most of the clouds are over your own house — that’s the Aisuru DDoS. A near‑record 30 trillion bps flood from hijacked home IoT devices clustered on AT&T, Comcast and Verizon networks forced ISPs to choose between cutting off millions with blunt defenses or chasing slow, costly surgical fixes.

Analyst 207
Dark cityscape with glowing laptop and shattered screens, overlaid with a vast network of interconnected lines resembling a…

Aisuru Botnet Blankets US ISPs in Record DDoS

Imagine a DDoS so huge it’s powered by the smart gadgets in your own living room — the Aisuru botnet corralled compromised IoT devices across AT&T, Comcast and Verizon to unleash nearly 30 trillion bits per second. That surge forced ISPs into an impossible choice—risk network collapse or sever millions of customers—so defenders had to rely on slow, surgical fixes instead of blunt blocks.

Analyst 207
Smishing via Cellular Routers: Stunning Risk, Top Fixes

Smishing via Cellular Routers: Stunning Risk, Top Fixes

Think your router couldn’t text? Belgian users are being targeted by smishing that hijacks Milesight cellular routers to send phishing SMS from devices on their own networks — check for firmware updates, change default passwords, and disable any SMS features you don’t use.

Analyst 207
Android remote access trojan: Exclusive Risky Threat

Android remote access trojan: Exclusive Risky Threat

“If you can see nothing, they can take everything” — Klopatra is a stealthy new Android remote-access trojan that quietly hijacks phones to steal banking credentials, intercept one-time codes, and automate fraudulent transactions. Stay vigilant: only install apps from trusted stores, scrutinize accessibility and overlay permissions, and push behavioral mobile security and out-of-band authentication to blunt these targeted, modular attacks.

Analyst 207
EV charging infrastructure Critical Risk: Must-Fix Leak

EV charging infrastructure Critical Risk: Must-Fix Leak

An EV charging provider warned some customers that a third‑party security incident may have exposed names and email addresses — a reminder that the clean‑tech convenience we love can still leave personal data vulnerable. Stay alert for phishing, enable MFA where you can, and expect the industry to tighten vendor security as it responds.

Analyst 207
hardcoded secrets: Stunning Risky Mobile Crisis

hardcoded secrets: Stunning Risky Mobile Crisis

One in three Android apps — and over half of iOS apps — are leaking sensitive data through insecure APIs and hardcoded secrets, putting your personal info and company systems at risk. Luckily, with smarter developer practices, better tooling and a few simple precautions, we can close those easy doors before attackers walk through.

Analyst 207
SnakeDisk worm: Stunning Risky Thai-Targeted Threat

SnakeDisk worm: Stunning Risky Thai-Targeted Threat

A China-aligned group called Mustang Panda has paired an updated TONESHELL backdoor with a USB worm named SnakeDisk that only activates for Thailand-based devices to drop a persistent Yokai backdoor — a surgical, geographically targeted campaign that ups the stakes for anyone who plugs in removable media. Stay cautious with USB drives and tighten removable-media policies: this is a reminder that one careless plug can invite long-term access.

Analyst 207
smart laundry machines: Shocking Risky Failure Exposes

smart laundry machines: Shocking Risky Failure Exposes

A jailbreak of smart laundry machines left 1,200 students hauling their laundry off campus after payments and cycles failed while management refused to cover alternate costs. The fiasco mixes everyday inconvenience with cybersecurity and contract headaches — and shows why campuses must demand better security and backup plans.

Analyst 207
Jaguar Land Rover Exclusive: Risky Security Lessons

Jaguar Land Rover Exclusive: Risky Security Lessons

Jaguar Land Rover’s recent IT outage shows connected cars are as vulnerable as any network — learn simple, practical steps to protect your vehicle, your data and your peace of mind. From timely software updates to stronger passwords and safer dealer practices, here’s what owners, fleets and dealers should do now.

Analyst 207
Copeland refrigeration controllers: Stunning Risky Flaws

Copeland refrigeration controllers: Stunning Risky Flaws

Imagine a stranger on the internet able to warm your supermarket freezers — Frostbyte10 exposes thousands of Copeland refrigeration controllers to attacks that could spoil food, ruin vaccines and cripple supply chains. Patches and mitigations exist, but grocers and cold‑chain operators need to act fast to isolate, update and secure vulnerable units before losses mount.

Analyst 207
restaurant robots: Shocking Security Risks Exposed

restaurant robots: Shocking Security Risks Exposed

A researcher known for probing McDonald’s systems found Pudu Robotics left administrative controls wide open, letting attackers redirect delivery bots and issue arbitrary commands. Restaurants, hotels and regulators need to act now to secure these ubiquitous machines before misuse causes safety, privacy or reputational harm.

Analyst 207
distributed denial-of-service: Stunning RapperBot Victory

distributed denial-of-service: Stunning RapperBot Victory

Imagine a single rented botnet wreaking havoc with roughly 370,000 DDoS attacks—this summer’s RapperBot takedown shows how powerful public‑private teamwork can be, but also why insecure IoT devices keep making these threats inevitable.

Analyst 207
Lenovo Webcam Vulnerability: Stunning BadUSB Threat

Lenovo Webcam Vulnerability: Stunning BadUSB Threat

Researchers have discovered that some Lenovo webcams on Linux can be turned into BadUSB devices that inject keystrokes remotely — a chilling reminder that hardware, not just software, can be weaponized. This wake-up call means users and manufacturers alike must take hardware security seriously before trusting everyday devices.

Analyst 207
IoT security standards: Must-Have Best Defenses

IoT security standards: Must-Have Best Defenses

As IoT devices weave into our homes and critical systems, securing their initial provisioning is essential—NIST SP 1800-36 offers practical, actionable guidance to harden credential issuance and reduce breaches. By adopting its best practices for strong device identity, secure bootstrapping, and lifecycle management, manufacturers, integrators, and users can close a major attack vector and restore trust in connected tech.

Analyst 207
cryptojacking websites: Must-Have Guide to Best Defenses

cryptojacking websites: Must-Have Guide to Best Defenses

Imagine visiting a harmless site and unknowingly lending your device’s power to hidden crypto miners — over 3,500 legitimate webpages were recently found doing just that. Stay alert: update your browser, use trusted blockers, and check for unexplained slowdowns to protect your performance, privacy, and battery life.

Analyst 207
Retail cybersecurity threats: Essential Best Defenses

Retail cybersecurity threats: Essential Best Defenses

Retailers are now prime targets for attacks on payment systems, customer data, and supply chains — this guide explains why the risk is rising and gives practical, prioritized defenses you can implement now to protect revenue, reputation, and customers.

Analyst 207
Mobile Security: Stunning Must-Have Best Defenses

Mobile Security: Stunning Must-Have Best Defenses

Our phones hold more than photos—they can unlock secrets and national risks. Simple, practical protections like built-in encryption, hardware-backed MFA, device management, and hands-on training can stop attacks before they spread.

Analyst 207
IoT Must-Have: Best Secure Provisioning Guide

IoT Must-Have: Best Secure Provisioning Guide

Don’t let insecure device setup turn your smart home into someone else’s playground — this practical guide walks you through NIST-backed provisioning tips like hardware roots of trust, authenticated onboarding, unique credentials, and secure OTA updates to keep devices safe from day one. Follow these doable steps and simple UX fixes to make secure setup the easy, default choice for manufacturers and users alike.

Analyst 207
IoT Open House: Implementing SP 1800-36 and Future Outlook

IoT Open House: Implementing SP 1800-36 and Future Outlook

Discover how the groundbreaking SP 1800-36 standard is transforming IoT security by ensuring trusted credential provisioning, protecting everything from your smart home to critical infrastructure against remote threats.

Analyst 207