Critical Zero-Day Router Botnet 'Gayfemboy' Launches Global DDoS Attacks
A dangerous new botnet dubbed 'Gayfemboy' is actively exploiting zero-day vulnerabilities in industrial routers worldwide, creating a massive DDoS attack network. With over 15,000 daily infected nodes targeting victims across multiple countries, experts urge organizations to implement critical security measures.
Ukrainian Hackers Deal Devastating Blow to Major Russian Internet Provider
Ukrainian hackers successfully disrupted operations at Nodex, a St. Petersburg-based internet provider, claiming to have completely wiped their systems. The cyberattack comes as Russia accelerates efforts to isolate its domestic internet, highlighting the evolving digital warfare between the two nations.
Chinese Hackers Target Japan in Long-Running Cyber Espionage Campaign
Japanese authorities reveal MirrorFace, a China-linked threat actor, has conducted sophisticated cyberattacks against critical sectors since 2019. The campaign deployed advanced malware and evasion techniques to target government agencies, think tanks, and technology sectors, highlighting persistent threats to national security.
Critical Vulnerability in KerioControl Firewalls Puts Thousands of Systems at Risk
A dangerous security flaw in GFI KerioControl firewalls allows attackers to remotely execute code and potentially take control of affected systems. Over 23,800 exposed instances are at risk across multiple countries, with active exploitation attempts already detected from Asia.
Critical SonicWall Firewall Vulnerability Requires Immediate Patching
SonicWall has disclosed a high-severity authentication bypass flaw in SonicOS that threatens SSL VPN and SSH management functions. The company has released urgent patches and mitigation guidance for affected firewall models to prevent potential exploitation.
PowerSchool Data Breach Exposes Sensitive Student Records in Major Education Platform Attack
PowerSchool, a leading K-12 education software provider, confirms unauthorized access to its Student Information System resulting in theft of sensitive student and teacher data. The company took the unusual step of paying a ransom in exchange for data deletion, highlighting a shift toward data theft-focused cyberattacks.
Inside the Professional Crime Machine: A Day with Elite Voice Phishing Operators
Modern voice phishing crews operate with military precision, utilizing sophisticated tools and tactics to target wealthy victims. With structured roles and meticulous planning, these cybercriminal enterprises can steal millions through elaborate social engineering schemes.
White House to Launch Smart Device Security Label Program in 2025
The U.S. government is introducing the Cyber Trust Mark program to help consumers identify secure IoT devices through QR code labels. Similar to Energy Star ratings, the initiative will require devices to meet NIST cybersecurity standards and receive certification from approved testing administrators.
Chinese Vessel Suspected in Strategic Taiwan-US Undersea Cable Sabotage
A Chinese-linked cargo ship is under investigation for deliberately damaging a critical undersea internet cable connecting Taiwan and the US, raising regional security concerns. The incident follows similar cases of suspected cable sabotage and comes amid increasing cyberattacks targeting Taiwan's infrastructure.
Critical Security Flaw in Popular WordPress Backup Plugin Threatens Millions of Sites
A severe vulnerability discovered in UpdraftPlus WordPress plugin puts over 3 million websites at risk of code execution attacks. The high-severity flaw affects all versions up to 1.24.11 and requires immediate updating to the patched version.