Cybersecurity researchers have uncovered a massive router-based botnet, dubbed RondoDox, that converts compromised devices into nodes within a global proxy network. The botnet enables cybercriminals to route attacks, anonymize traffic, and monetize access to infected routers worldwide.
The Rhysida ransomware gang claims to have breached Maryland’s Department of Transportation, leaking personal data and demanding a $3.3 million ransom. Officials confirmed data loss affecting Maryland Transit Administration systems but said core services remain operational.
Cybersecurity researchers have uncovered a new form of supply chain attack hidden within the npm ecosystem. A malicious npm package was discovered embedding malware inside steganographic QR codes, a technique designed to slip past traditional security defenses. The attack highlights growing risks in opensource software dependencies and developer tools How the Malware Works The compromised…
SIM farms expose how weak KYC and SMS OTP let fraud scale. Raids seized SIM boxes and tens of thousands of cards. Here’s how carriers and brands can actually fix it.
Airports in Copenhagen and Oslo faced unexpected disruptions this weekend after drones were spotted near their airspace. With both airports temporarily halting flights, the incidents highlight growing concerns over drone misuse and the potential risks to aviation, national security, and public safety Drone Disruption in Copenhagen Copenhagen Airport, one of Scandinavia’s busiest hubs, suspended air…
A new malvertising campaign is using deceptive Google Ads mimicking trusted macOS software brands like Homebrew and LogMeIn to deliver potent infostealers such as AMOS and Odyssey. Mac developers and advanced users are being targeted with copy-and-paste terminal commands that install malware under the guise of legitimate apps. This expert breakdown shows how the attack works, what to watch for and how to defend your environment.
A trivial surveillance password created an opening at one of the world’s most prominent institutions. Intruders gained awareness and timed their move because credential policy failed. This analysis delivers the signals, mitigations, and governance disciplines that stop repeats: rotation, MFA, segmentation, PAM for service accounts, and continuous validation for VMS and NVR stacks—without resorting to list spam or generic advice.
Docker Compose CVE-2025-62725 enables path traversal that can overwrite host files from malicious compose artifacts. Update to v2.40.2, restrict sources, and audit caches.
On October 20, 2025, a critical outage at AWS’s US-EAST-1 region triggered a cascading failure that knocked out major apps and services worldwide. This article dissects the root cause, impact, and what organisations must do now to shore up resilience.
BADCANDY continues to compromise exposed Cisco IOS XE devices via CVE-2023-20198. Close the web UI exposure, patch now, rotate credentials, and verify eradication.