A suspected Chinese threat actor, CL-STA-0049, is lurking in the digital shadows, targeting governments and sectors across Southeast Asia and South America. Armed with the stealthy Squidoor backdoor, this cyber ninja is all about grabbing sensitive info and blending in. Squidoor’s got more tricks up its binary sleeves than a magician at a tech convention!

New Njrat samples are now hijacking Microsoft dev tunnels to connect to C2 servers. Imagine your local service getting a surprise visit from malware! If you’re not using this feature, it’s time to hunt for devtunnels.ms in your DNS logs—because who wants a malware party on their server?

Get ready to dive into the world of Network Monitoring and Threat Detection In-Depth in Baltimore from March 3rd to 8th, 2025. Enhance your skills while keeping the threat level green and your coffee cup full.

Cisco’s free software updates might be the best thing since sliced bread, but remember, they’re just for patching vulnerabilities, not for upgrading your tech to superhero status. For that, you might need a license. Always check Cisco Security Advisories to avoid surprises more shocking than a cat meme.

Cisco APIC reveals its four vulnerabilities, giving us more plot twists than a soap opera. With CVE-2025-20119 leading the drama, an attacker could turn critical system files into a DoS nightmare. Cisco released updates, but no workarounds, leaving everyone on the edge of their seats for the next thrilling episode!

Cybercrime is evolving, and macOS users aren’t off the hook. Enter RustDoor and Koi Stealer, malware that’s not only sneaky but also enjoys long walks on the beach with North Korean APT groups. They’re targeting cryptocurrency job seekers by posing as recruiters. It’s a job offer you can’t refuse—literally! Stay vigilant, folks.

My DShield honeypot has been swamped with password guessing attacks. But it’s the post-guessing shenanigans that really tickle my fancy. One attacker successfully logged in, then pulled a Houdini with a complex command using nohup. Remember, folks: Lockdown those ports, or the cyber baddies might just waltz in for tea.

Join the Internet Storm Center’s Jesse La Grew as he battles cyber threats with a smile. The threat level is green, but the humor level is off the charts! Don’t miss his upcoming class on network monitoring and threat detection in Baltimore.

View CSAF and discover how the PowerFlex 755’s version 16.002.279 and prior might just be a hacker’s dream come true. Yes, sensitive data is being sent via cleartext—because who needs encryption, right? Rockwell Automation suggests upgrading to the latest version, unless you’re into sharing secrets with strangers.

CISA released two ICS advisories on February 25, 2025. Dive into the latest vulnerabilities and exploits that could make your industrial control systems as secure as a screen door on a submarine.

Join Jim Clausing, our Handler on Duty, as he navigates the treacherous waters of network monitoring in Baltimore. With a threat level at a soothing green, it’s the perfect time to dive deep before the digital storm clouds gather. Don’t miss ISC Stormcast on February 25th, 2025, for your cybersecurity weather report!

Palo Alto Networks researchers have uncovered Auto-color, a cunning Linux malware. This mischievous program cleverly evades detection by disguising itself with benign names like “door” and “egg.” It employs advanced techniques to hide its tracks and grants full remote access to attackers. Auto-color is a formidable foe in the cybersecurity landscape.

Ryan Benson’s Unfurl tool just got a snazzy update to v2025.02, now decoding BlueSky URLs faster than you can say “embedded timestamps.” Whether you’re a GUI enthusiast or a command-line purist, Unfurl has you covered. It’s URL parsing magic, now with extra pizzazz!

Join Jim Clausing at the Internet Storm Center as he keeps the threat level at a reassuring green! Don’t miss his upcoming class on Network Monitoring and Threat Detection In-Depth in Baltimore. Who knew network security could be this much fun?

In a rapid cyber drama, LockBit ransomware made its debut in just over two hours, exploiting CVE-2023-22527 on a Windows Confluence server. With tools like Mimikatz and AnyDesk, the threat actor danced through the network, exfiltrating data to MEGA.io. The plot thickened as PDQ Deploy helped spread the encryption chaos.

Wireshark release 4.4.4 tackles one pesky vulnerability and 12 bugs, proving that even software has its own version of spring cleaning.

Who knew AI could have a jailbreak problem? Our investigation into jailbreaking 17 popular GenAI web products reveals some shocking vulnerabilities. Turns out, these apps have more escape routes than a Hollywood heist movie. Despite robust safety measures, LLM jailbreaks are as effective as ever, proving there’s always a way to break free.

In the realm of cybersecurity, we’ve discovered a MitM attack against OpenSSH’s VerifyHostKeyDNS-enabled client. The attack hinges on a clever out-of-memory tactic, allowing a fake server to impersonate a real one while the client is none the wiser. Remember, with great power comes great responsibility—or at least a better firewall.

Andrey Stoykov cracks open Self Stored XSS in version 7.2.2 like a piñata, revealing a vulnerability that lets you add an admin with the name “greater than” symbol. Tested on Ubuntu 22.04, it’s the cybersecurity equivalent of leaving your front door open with a welcome mat that says “Hackers Welcome.”

Python’s official documentation contains textbook example of insecure code (XSS). The CGI module example in Python 3.12 is a classic XSS vulnerability, leaving many developers scratching their heads and questioning if they should read the manual or just wing it. After all, it’s deprecated, but the legacy lives on!