Archive

General * Brian Krebs looks at the DNS activity of the Aisuru botnet, it's C2 dominating Cloudflare's top-sites (by DNS request) metrics. * https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/ * Cisco Call-Centre-in-a-Box (Cisco Unified Contact Center Express (Unified CCX)) Unauthenticated Remote Code Execution (RCE) (CVSS9.8) It's

General * Actively exploited WordPress email plugin 'Post SMTP', can be used to read WordPress password-reset emails, enabling account takeover. * https://www.wordfence.com/blog/2025/11/400000-wordpress-sites-affected-by-account-takeover-vulnerability-in-post-smtp-wordpress-plugin/ * https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-post-smtp-to-hijack-admin-accounts/ * Google's Threat Intelligence Group (GTIG) on attacker use of AI tools. Yes

General * SpecterOps seem to have really accelerated since adding OpenGraph support to BloodHound (Both CE & Enterprise). Now you can collect and import file-share permissions into BloodHound. * https://specterops.io/blog/2025/10/30/sharehound-an-opengraph-collector-for-network-shares/ * https://github.com/p0dalirius/sharehound * Library of OpenGraph integrations: https://bloodhound.specterops.io/opengraph/library

General * Interesting blend of Cyber and Physical - installing Remote Monitoring and Management (RMM) tools, to take over transport dispatch (inc. phone), and steal the physical goods. * https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics * (Bloomberg) https://archive.is/WjTQ3 * https://www.bleepingcomputer.com/news/security/hackers-use-rmm-tools-to-breach-freighters-and-steal-cargo-shipments/ * https://www.cybe

General * Quick lessons from BlackBasta's breach (data exfil and ransomware) of UK Business Process Outsourcer (BPO) Capita, based up the UK Information Commissioner's Office (ICO). * https://blog.bushidotoken.net/2025/10/lessons-from-blackbasta-ransomware.html * https://ico.org.uk/media2/pv5nhks4/capita-plc-and-cpsl-monetary-penalty-notice.pdf * There's a "

General * Useful tool, to make sure you've located (and thus patched) all of your WSUS * https://github.com/mubix/Find-WSUS * Exec phishing through LinkedIn - it's got all the usual ingredients, Google open-redirect, intermediary bouncer, bot-protection (Turnstile), and finishes with Attacker-in-the-Middle Microsoft sign-in page. * https://pushsecurity.

General * Unpatched bug (DoS) in Chrome's rendering engine (Blink), inherited by all Chromium-based browsers, including Edge. Browser isolation doesn't help! * https://brash.run/ * https://www.theregister.com/2025/10/29/brash_dos_attack_crashes_chromium/ * Windows 11 Administrator Protection available in preview (original blog post from

General * More on the incidents (Collins Aerospace / RTX) that caused chaos in European airports back in September. Appears they were hit by two gangs at once (the second data leak - by Everest - is a real clanger) * https://www.hudsonrock.com/blog/5532 * https://www.irishtimes.com/ireland/2025/

General * Interesting side-effect of phishing-resistant authentication (e.g. Passkeys). Twitter domain name will be migrating to X, so old passkeys will stop working (they're tied to a specific domain-name). * https://www.bleepingcomputer.com/news/security/x-re-enroll-2fa-security-keys-by-november-10-or-get-locked-out/ * https://www.theregister.com/2025/10/27/x_passkey_reset/ * Ransomware stats

General * Jubair/Flowers from Scattered Spider appear in court over TfL hack * https://www.bbc.com/news/articles/cj97ekz07ezo * Recent WSUS vulnerability is being exploited * https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/ * https://www.cybersecuritydive.com/news/hackers-exploiting-critical-vulnerability-windows-server-update-service/803810/ * https://www.itnews.com.au/news/windows-server-update-services-bug-explo