PlushDaemon, a China-aligned hacking group, has been deploying a new network implant to execute adversary-in-the-middle attacks. Known for hijacking legitimate app updates, they even targeted a South Korean VPN company. Their latest tool, EdgeStepper, redirects DNS traffic, enabling malicious software updates and global cyber espionage.

ANY.RUN highlights how swift clarity, automation, and shared data empower SOC teams to dodge delays and accelerate responses, even when alerts are piling up like laundry on a teenager’s floor.

In the world of AI coding assistants, Cline Bot is like a golden retriever with a secret villain side. Mindgard’s security audit found four serious security issues, including the potential theft of secret keys and unauthorised code execution, turning this helpful assistant into a potential hazard.

Microsoft recently thwarted a colossal DDoS attack on its Azure cloud service, peaking at 15.72 Tbps. While not the largest globally, it’s still a whopper of a cyber assault, powered by the infamous Aisuru botnet. Azure’s epic showdown with this digital juggernaut was worthy of a popcorn-and-soda session!

Cloudflare’s worst outage in six years was caused by a runaway database permissions update. Like a digital version of “Whoops! I did it again,” the update sent their Bot Management system into a spin, crashing the network for 6 hours. CEO Matthew Prince confirmed it wasn’t a cyberattack—just a case of “too much of a…

Malicious actors can exploit default settings in ServiceNow’s Now Assist AI to conduct prompt injection attacks, potentially stealing data and escalating privileges. This “expected behavior” leverages agent discovery for unauthorized actions. Organizations should re-evaluate configurations to mitigate these risks.

Vaping is “everywhere now,” and schools are battling it with vape detectors that trigger alerts more often than a toddler screams for ice cream. Students are getting suspended instead of support, while schools spend on surveillance tech that could be used for mentoring. It’s a smoke-filled comedy of errors, with nicotine starring as the villain.

As 2026 looms, Anthony Young of Bridewell warns of a cybersecurity storm brewing. With cyber threats rising and budgets shrinking, organizations face a double whammy: high-tech attacks and opportunistic mischief fueled by economic strain and digital disaffection. It’s a cybercrime cocktail with a punch stronger than your morning espresso.

SecurityScorecard has discovered that thousands of ASUS WRT routers were compromised in Operation WrtHug, a China-linked threat campaign. Utilizing six legacy vulnerabilities, it aims to build an espionage network. Spoiler alert: Your outdated router might be moonlighting as a secret agent. Time to update or risk starring in a spy thriller.

PlushDaemon hackers are hijacking software updates using a crafty implant called EdgeStepper. They’ve targeted entities from the U.S. to New Zealand since 2018, slipping malware into unsuspecting systems like an unwanted guest at a dinner party. Keep your routers locked up tighter than Fort Knox to avoid unwanted cyber company!

PlushDaemon, a China-aligned threat actor, is using EdgeStepper, a Go-based network backdoor, to stage AitM attacks. By rerouting DNS queries, they’re making software update channels as trustworthy as a used car salesman in a rainstorm. With victims ranging from universities to car companies, EdgeStepper is the latest cyber mischief-maker on the block.

Fortinet announced patches for 17 vulnerabilities, including a FortiWeb zero-day bug, CVE-2025-58034. This OS command injection issue lets authenticated attackers execute arbitrary code. After a recent zero-day, Fortinet suggests updating fast—because nothing says “urgency” like a patch party with a side of panic!

Ransomware surged in Q3 2025, with Akira, Qilin, and INC Ransomware leading the charge. Compromised VPN credentials were the main entry point, making up 48% of breaches. Beazley Security warns businesses to embrace multi-factor authentication and stay vigilant, as zero-day exploits also posed a significant threat to corporate systems.

Operation WrtHug has compromised around 50,000 ASUS routers, targeting end-of-life models primarily in Taiwan and Southeast Asia. Researchers suspect a China-linked cyber espionage campaign exploiting multiple vulnerabilities. The attack shares a playbook with previous Chinese cyber campaigns, leaving users with one clear mantra: patch, patch, patch those routers!

Eurofiber confirms the November 13 hack, revealing that hackers exploited a flaw, stole data, and attempted extortion. The attack affected French customers but spared Belgium, Germany, and the Netherlands. No critical data was compromised, and the company is working with cybersecurity experts to manage the incident’s effects while keeping services running smoothly.

Fortinet patched a new FortiWeb zero-day vulnerability, CVE-2025-58034. Attackers, already exploiting this flaw like kids in a candy store, can execute unauthorized code using crafty HTTP requests. Fortinet encourages upgrading affected versions faster than a cat on a hot tin roof.

Checkmarx and CredShields team up to boost Web3 security, tackling smart contract flaws that have caused DeFi losses of over $2.1 billion in 2025 alone. With this partnership, they aim to redefine enterprise application security for the decentralized era, ensuring organizations can innovate confidently as they venture into blockchain ecosystems.

Microsoft Ignite 2025 was a tech carnival with Microsoft’s Defender stealing the spotlight. New features like Predictive Shielding and Threat Hunting Agents were showcased, promising to outsmart cyber villains. Plus, Microsoft announced Defender’s superhero team-up with GitHub Advanced Security to protect cloud-native apps, leaving hackers quaking in their boots.

Chinese spies have taken to social media like ducks to water, using fake recruitment agents to recruit UK insiders with access to sensitive information. Security Minister Dan Jarvis warns parliamentarians and staff of this covert Chinese effort, proving once again that LinkedIn isn’t just for networking—it’s for espionage too!

Fortinet has flagged a medium-severity security flaw in FortiWeb, CVE-2025-58034, exploited in the wild. It allows authenticated attackers to execute unauthorized code. Fortinet suggests upgrading affected versions. Ironically, this comes after they quietly patched another bug. Is Fortinet playing hide and seek with vulnerabilities? Stay tuned for the next patch surprise!