In the shadowy corners of the internet, botnets are evolving into digital monsters. The AIRASHI botnet, fueled by zero-day vulnerabilities in Cambium Networks cnPilot routers, has unleashed a staggering 1-3 Tbps DDoS attack capacity, posing a dire threat to network stability. Google has flagged TRIPLESTRENGTH, a malicious actor infiltrating cloud environments to mine cryptocurrency while orchestrating ransomware attacks on on-premise systems. In another vein, a surge in stolen card data was reported in 2024, with hundreds of millions of records for sale. Read on for more.
01
Threat actors are exploiting zero-day vulnerabilities in Cambium Networks cnPilot routers to deploy the AIRASHI botnet, resulting in stable 1-3 Tbps DDoS attack capacity.
02
Google identified a threat actor called TRIPLESTRENGTH, which targets cloud environments for cryptojacking and on-premise ransomware attacks.
03
The cookie sandwich technique is a new attack method that allows hackers to bypass the HttpOnly flag and access sensitive cookies, posing a threat of data theft and session hijacking for vulnerable web applications.
04
AMD has confirmed a microcode-related security vulnerability in some of its processors, which could potentially allow unauthorized microcode to be loaded and manipulated.
05
The phishing kit Tycoon 2FA has evolved with advanced tactics to bypass MFA and evade detection, posing a significant threat to organizations.
06
Cisco released software updates to fix a critical security flaw (CVE-2025-20156) in Meeting Management, which could allow a remote attacker to gain administrator privileges.
07
A new report noted a rise in stolen card data, in 2024, with 269 million records available across dark and clear web platforms. 2024 also witnessed 11,000 e-commerce sites fall victim to Magecart attacks.
08
NCC Group’s latest report revealed that December 2024 saw the highest-ever monthly volume (574) of global ransomware attacks. FunkSec emerged as the most active ransomware threat actor.
09
The U.K education sector is a prime target for cyberattacks, with 73% of institutions experiencing at least one attack in the past five years, as per new ESET research.
10
AppSec firm DryRun Security raised $8.7 million in a seed funding round from LiveOak Ventures, Work-Bench, and Cannage Capital.
