Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for The Hidden Cost of V ...

 Features

Striving for digital transformation, organizations are innovating at an incredibly fast pace. They deploy new applications, services, and platforms daily, creating great opportunities for growth and efficiency. However, this speedy transformation comes with a significant, often overlooked, consequence: an accumulated   show more ...

massive vulnerability backlog. This ever-expanding list of unpatched software flaws, system misconfigurations, and coding errors is a silent drain on an organization's most valuable resources.  For many IT and security teams, the vulnerability backlog is a source of constant pressure and a seemingly unwinnable battle. As soon as they deploy one batch of patches, a new wave of critical vulnerabilities is disclosed.   This reactive cybersecurity approach is both unsustainable and incredibly costly. The true price of a vulnerability backlog extends far beyond the person-hours spent on patching. It manifests as operational friction, stifled innovation, employee burnout, and a persistent, elevated risk of a catastrophic cyberattack.   To truly secure the modern enterprise, leaders must look beyond traditional scanning and patching cycles and embrace a new, proactive paradigm for vulnerability management.  The Anatomy of a Swelling Vulnerability Backlog A vulnerability backlog is the aggregate of all known but unaddressed security weaknesses within an organization’s IT environment. These weaknesses can range from critical flaws in open-source libraries and commercial software to misconfigured cloud services and insecure code pushed during quick development cycles.  There are three principal reasons the backlog grows incessantly:  The sheer volume of newly discovered vulnerabilities, numbering in the tens of thousands each year The complexity of modern, hybrid environments, where assets are spread across on-premises data centers and multiple cloud providers The monumental challenge of tracking and patching every critical vulnerability The growing mountain of security weaknesses creates a form of vulnerability debt. It accumulates when you defer patching due to operational constraints, resource limitations, or the fear of breaking critical applications.  The longer a vulnerability remains unpatched, the more time attackers have to develop exploits and launch attacks and turn even a low-priority issue into a full-blown crisis.  The True, Multifaceted Cost of Inaction  The costs associated with a large vulnerability backlog are both direct and indirect, affecting your organization’s financial health, operational agility, and human capital.  Financial and Operational Drains  The most obvious cost is the direct expense of remediation. That includes the salaries of security professionals who spend countless hours identifying, prioritizing, and deploying patches.  However, the indirect costs are often far greater. Developer productivity plummets when teams are constantly pulled away from building new features to address security issues. It affects the time-to-market for new products and services, handing an advantage to more agile competitors.  In case of a breach from an unpatched vulnerability, the financial fallout can be devastating. It can encompass everything from regulatory fines and legal fees to customer compensation and a drop in stock value.  The Human Toll  Beyond the financial and operational impact is the human cost. When security teams drown in a sea of alerts, alert fatigue is unavoidable. And with it, missed critical warnings amidst the terrible alert noise, too.  The constant pressure and the feeling of being perpetually behind contribute to high levels of stress and burnout, resulting in the high turnover of skilled security talent. And here is your vicious cycle: experienced professionals leave; the remaining team is stretched even thinner; and the backlog continues to grow.  This state can also strain the relationship between security, development, and operations teams, preventing the collaboration necessary for a healthy DevSecOps culture.  From a Reactive to a Proactive Protection  Instead of “How can we patch faster?”, the more effective question is, “How can we neutralize security risk before we patch vulnerabilities?”.  The answer lies in moving from a predominantly reactive posture revolving around patching and response to a proactive one centered around mitigation. A robust patchless mitigation platform can effectively shield your organization’s environment from exploitation, regardless of the length of your patching cycles.  For instance, Virsec provides powerful compensating controls that prevent malicious actors from exploiting a vulnerability even if it is there and unpatched.  This approach decouples cybersecurity protection from the act of patching. It gives teams the breathing room to remediate vulnerabilities in a planned, methodical way without leaving critical systems exposed to immediate threats.  Applying these mitigation controls at scale is where the smart application of artificial intelligence becomes essential. AI-driven security tools can automate burdensome tasks in security operations centers (SOCs) and security teams.  As an illustration, Virsec’s OTTOGUARD.AI leverages agentic AI to improve security operations’ efficiency in the following way:  AI agents autonomously deploy and configure security probes to determine which code and software to trust. They integrate with your existing cybersecurity tool stack to analyze telemetry, assess your risk environment, and identify assets that can be protected immediately (without patching). They then interface with IT service management platforms, such as ServiceNow, presenting human experts with validated remediation and patching solutions for the remaining issues. Human experts have the final word, reviewing the suggested solutions and deciding whether to act on them. Foster a Culture of Shared Responsibility  Technology alone is not a panacea. The most effective vulnerability management programs stand on a strong security culture that breaks down silos between development, security, and operations.  Hence, before anything else, strive to build this culture of collaboration and unified goals. It will inevitably instill a sense of shared responsibility for your organization’s security posture and motivate every individual to be a proactive guardian against threats.  Final Thoughts  By combining proactive protection with AI-driven automation and a culture of shared responsibility, organizations can begin to tame their vulnerability backlogs.  This multi-layered approach helps you reduce the risk of a breach, frees up valuable resources, accelerates innovation, and builds a more resilient and future-proof enterprise.  Its goal is to transform security from a cost center and a source of friction into a true business enabler. Because that's what cybersecurity really is: an essential business enabler that makes it possible for organizations to innovate with confidence in an increasingly complex digital world. 

image for U.S., UK, Australia ...

 Cyber News

U.S., Australian and UK officials today announced sanctions against Media Land, a Russian bulletproof hosting (BPH) provider, citing Media Land’s “role in supporting ransomware operations and other forms of cybercrime.” “These so-called bulletproof hosting service providers like Media Land provide   show more ...

cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries,” stated U.S. Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “Today’s trilateral action with Australia and the United Kingdom, in coordination with law enforcement partners, demonstrates our collective commitment to combatting cybercrime and protecting our citizens.” UK Foreign Secretary Yvette Cooper added, “Cyber criminals think that they can act in the shadows, targeting hard working British people and ruining livelihoods with impunity. But they are mistaken – together with our allies, we are exposing their dark networks and going after those responsible.” Today’s announcements came from the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC), Australia’s Department of Foreign Affairs and Trade, and the UK’s Foreign Commonwealth and Development Office. OFAC and the FBI also designated three members of Media Land’s leadership team and three of its sister companies. In the U.S., OFAC sanctions require blocking and mandatory reporting of all property and interests of the designated persons and entities and prohibit all transactions involving any property or interests of designated or blocked persons. BPH service providers offer access to specialized servers and infrastructure designed to evade detection and disruption by law enforcement. Russian Bulletproof Hosting Provider and Individuals Sanctioned Media Land LLC, headquartered in St. Petersburg, Russia, has provided BPH services to criminal marketplaces and ransomware actors, including “prolific ransomware actors such as LockBit, BlackSuit, and Play,” the U.S. statement alleges. Media Land infrastructure has also been used in DDoS attacks, the U.S. says. Media Land, ML Cloud (a Media Land sister company), Aleksandr Volosovik (general director of Media Land who has allegedly advertised the business on cybercrime forums under the alias “Yalishanda”), and Kirill Zatolokin (a Media Land employee allegedly responsible for collecting payment and coordinating with cyber actors) were designated by OFAC for their cyber activities. The UK alleges that Volosovik “has been active in the cyber underground since at least 2010, and is known to have worked with some of the most notorious cyber criminal groups, including Evil Corp, LockBit and Black Basta.” Yulia Pankova was designated by OFAC for allegedly assisting Volosovik with legal issues and finances. Also designated are Media Land Technology (MLT) and Data Center Kirishi (DC Kirishi), fully-owned subsidiaries of Media Land. U.S. and UK Sanction Alleged Aeza Entities OFAC and the UK also designated Hypercore Ltd., an alleged front company of Aeza Group LLC, a BPH service provider designated by OFAC earlier this year, and two additional individuals and entities that have allegedly led, materially supported, or acted for Aeza Group. OFAC said that after its designations of Aeza Group and its leadership on July 1, 2025, “Aeza leadership initiated a rebranding strategy focusing on removing any connections between Aeza and their new technical infrastructure. OFAC’s designations today serve as a reminder that OFAC will take all possible steps to counter sanctions evasion activity by malicious cyber actors and their enablers.” Maksim Vladimirovich Makarov, allegedly the new director of Aeza, and Ilya Vladislavovich Zakirov, who allegedly helped establish new companies and payment methods to obfuscate Aeza’s activity, were also designated. Smart Digital Ideas DOO and Datavice MCHJ – Serbian and Uzbek companies allegedly utilized by Aeza to evade sanctions and set up technical infrastructure not publicly associated with the Aeza brand – were also designated. Five Eyes Guidance for Defending Against BPH Providers Also today, the U.S. and other “Five Eyes” countries issued guidance for defending against risks from bulletproof hosting providers. “Organizations with unprotected or misconfigured systems remain at high risk of compromise, as malicious actors leverage BPH infrastructure for activities such as ransomware, phishing, malware delivery, and denial-of-service (DoS) attacks,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated in announcing the guidance. “BPH providers pose a significant threat to the resilience and security of critical systems and services.” Included in the guidance are recommendations for a “nuanced approach to dynamically filter ASNs, IP ranges, or individual IP addresses to effectively reduce the risk of compromise from BPH provider-enabled activity.”

image for Europol Traces $55 M ...

 Cyber News

In a major cross-border operation targeting the financial backbone of digital piracy, Europol has successfully tracked down cryptocurrency valued at approximately $55 million (over €47 million) linked to a network of illicit streaming and intellectual property (IP) infringement services. The revelation comes from   show more ...

Europol's "Intellectual Property Crime Cyber-Patrol Week," an intensive five-day operation held between November 10 and 14 in collaboration with the European Union Intellectual Property Office (EUIPO) and the Spanish National Police (Policía Nacional). The Crypto Counter-Strategy The operation’s core focus was confronting the growing trend of digital criminals abandoning traditional banking methods in favor of cryptocurrency payments. Illicit service operators incorrectly believe crypto offers a shield of anonymity, but investigators successfully turned this method against them. The key innovation in the cyber-patrol was a sophisticated counter-strategy: investigators made cryptocurrency purchases of the illegal services themselves. This step allowed them to lift the veil on the illicit actors, identify the associated crypto accounts, and trace the flow of funds. "This approach allows to hit ‘pirates’ ... where it hurts them the most: their money," Europol stated. By identifying, tracing, and successfully shutting down these crypto accounts, authorities aim for a direct hit on the criminal revenue stream—a method deemed vital for protecting global economies and creators. Also read: Europol and Law Enforcement Crack Down on Multimillion-Euro Phishing Gang Massive Scope of the Crackdown on Digital Piracy The coordinated effort, involving 30 investigators in Alicante, Spain, utilized advanced Open-Source Intelligence Techniques (OSINT) and cutting-edge online investigative tools. The resulting disruption has been substantial: 69 sites were identified and targeted. 25 illicit IPTV services were immediately referred to partnering crypto service providers and major exchanges for disruption. The 69 targeted sites alone are estimated to draw a combined traffic of over 11.8 million annual visitors, highlighting the sheer scale of the digital black market being addressed. While the operation resulted in immediate action, investigations on 44 additional sites remain ongoing by both public and private entities, signaling a sustained campaign against these revenue-generating piracy models. Also read: Europol Issues Public Alert: ‘We Will Never Call You’ as Phone and App Scams Surge

image for MI5 Issues Spy Alert ...

 Espionage

Two headhunters named Amanda Qiu and Shirly Shen appeared on LinkedIn offering lucrative freelance work authoring geopolitical consultancy reports, but MI5 now confirms they served as fronts for China's Ministry of State Security conducting recruitment operations targeting British parliamentarians, staffers, and   show more ...

officials with access to sensitive government information. On Tuesday, Britain's domestic intelligence service issued an espionage alert to MPs, Peers, and Parliamentary staff warning that Chinese intelligence officers are attempting to recruit individuals through professional networking sites in what Security Minister Dan Jarvis characterized as a "covert and calculated attempt by China to interfere with our sovereign affairs". House of Commons Speaker Lindsay Hoyle circulated the MI5 alert warning that Chinese state actors were "relentless" in their efforts to interfere with parliamentary processes and influence activity at Westminster. The alert named two specific LinkedIn profiles believed to be conducting outreach at scale on behalf of Beijing's intelligence apparatus. Social Engineering Route MI5 assessed that the Ministry of State Security was using websites like LinkedIn to build relationships with parliamentarians to collect sensitive information on the UK for strategic advantage. The fake headhunter profiles offered consulting opportunities while actually intending to lay groundwork for long-term relationships that could be exploited for intelligence collection. Security Minister Jarvis told Parliament that targets extended beyond parliamentary staff to include economists, think tank consultants, and government officials. "This government's first duty is to keep the country safe, which is why I've announced new action to give security officials the powers and tools they need to help disrupt and deter foreign espionage activity wherever they find it," Jarvis stated. The minister said the espionage alerts represent one of the main tools used to undermine spies' ability to operate, with the public exposure intended to disrupt ongoing recruitment operations and warn potential targets. Pattern of Hostile Activity Jarvis noted the LinkedIn recruitment attempts build on a pattern of hostile activity from China, citing Beijing-linked actors targeting parliamentary emails in 2021 and attempted foreign interference activity by Christine Lee in 2022. Lee, a London-based lawyer, was accused by MI5 of facilitating covert donations to British parties and legislators on behalf of foreign nationals coordinating with the Chinese Communist Party's United Front Work Department. The alert arrives weeks after prosecutors abruptly abandoned a case against two British men charged with spying on MPs for Beijing. Christopher Cash, a former parliamentary researcher, and Christopher Berry, an academic, faced charges under the Official Secrets Act 1911 but prosecutors claimed the government's evidence was missing a critical element. That critical element was the government's refusal to call China an "enemy" or "national security threat," which prosecutors said meant they had no option but to collapse the case since the 1911 Act requires information passed on to be useful to an enemy. New Counter-Espionage Action Plan The government announced a comprehensive Counter Political Interference and Espionage Action Plan to disrupt and deter state-sponsored spying. Intelligence services will deliver security briefings for political parties and issue new guidance to election candidates helping them recognize, resist, and report suspicious activity. Authorities will work with professional networking sites to make them more hostile operating environments for spies, while new Elections Bill provisions will tighten rules on political donations. Jarvis added the government will continue taking further action against China-based actors involved in malicious cyber activity against the UK and allies. The government committed £170 million to renew sovereign and encrypted technology that civil servants use to safeguard sensitive work. An additional £130 million will fund projects including building Counter Terrorism Policing's ability to enforce the National Security Act and supporting the National Cyber Security Centre's work with critical businesses to protect intellectual property. Jarvis also informed Parliament that the government completed removal of surveillance equipment manufactured by companies subject to China's National Intelligence Law from all sensitive sites operated worldwide by the British government. "As a country with a long and proud history of trading around the world, it's in our interests to continue to seek an economic relationship with China, but this government will always challenge countries whenever they undermine our democratic way of life," Jarvis declared. The National Security Act provides government power to prosecute those engaging in espionage activity, with offenses including obtaining protected information, assisting a foreign intelligence service, and obtaining material benefit from a foreign intelligence service. The government recently introduced the Cyber Security and Resilience Bill to help protect organizations from cyber threats posed by states like China. Also read: ENISA and European Commission Launch €36 Million EU Cybersecurity Reserve to Strengthen Digital Resilience

image for DoorDash Confirms Cy ...

 Cyber News

American Food delivery platform DoorDash has disclosed a DoorDash cybersecurity incident after an unauthorized third party accessed certain user information through a targeted social engineering attack. The company confirmed that the DoorDash data breach affected an unspecified number of users but clarified that no   show more ...

sensitive or financial information was accessed. According to DoorDash’s public statement, the incident began when a company employee was manipulated into granting access through a social engineering scam. This reflects a rising trend where attackers exploit human behavior rather than system weaknesses, posing significant risks even to companies with mature cybersecurity programs. DoorDash Cybersecurity Incident: Social Engineering Identified as the Root Cause The company revealed that threat actors did not rely on malware or exploit software vulnerabilities. Instead, they used deceptive tactics to influence an employee and gain initial access. This form of attack continues to challenge organizations, as technical security controls often cannot prevent human error. DoorDash stated that its response team quickly identified the data breach, shut down unauthorized access, and initiated an internal investigation. The company has also referred the matter to law enforcement. What Information Was Accessed in DoorDash Data Breach DoorDash confirmed that some users, spanning consumers, Dashers, and merchants, were impacted. The type of user information accessed varied and may have included: First and last name Phone number Email address Physical address The company emphasized that no sensitive information such as Social Security numbers, government-issued IDs, driver’s license details, bank information, or payment card data was compromised in DoorDash cybersecurity incident. DoorDash added that it has no evidence of fraud, identity theft, or misuse of the accessed information. DoorDash Response and Security Enhancements Following the DoorDash cybersecurity incident, the company implemented several measures to strengthen its cybersecurity posture. These steps include: Deploying new security system enhancements to detect and block similar malicious activities Increasing employee security awareness training focused on social engineering threats Engaging an external cybersecurity firm to assist in the investigation and provide expert guidance Coordinating with law enforcement for ongoing inquiry DoorDash reiterated its commitment to improving user security, stating that it strives to “get 1% better every day” and protect user privacy through continuous improvements. User Notifications and Support The company noted that affected users have been notified where required under applicable laws. To address concerns and questions, DoorDash has set up a dedicated call center available in English and French for users in the U.S., Canada, and international regions. Users seeking more information can contact the hotline using reference code B155060. DoorDash also clarified that customers of Wolt or Deliveroo were not impacted by this incident, as the breach was limited exclusively to DoorDash systems and data. Guidance for Users While no sensitive data was compromised, DoorDash advised users to remain cautious of unsolicited communications requesting personal information. The company warned users to avoid clicking suspicious links or downloading unexpected attachments, as such tactics are commonly used in social engineering attacks. DoorDash stated that users do not need to take any immediate action to protect their accounts, as the compromised information was limited to basic contact details and there is no evidence of misuse.

image for 50,000 CCTVs Hacked ...

 Firewall Daily

A disturbing case of hacking CCTV systems in India has exposed a widespread cybercrime racket through which intimate videos from a maternity ward were stolen and sold online. Police in Gujarat state say the discovery has raised concern for surveillance practices in a country where cameras are routinely placed across   show more ...

public and private spaces.  The case came to light earlier this year when Gujarati media outlets detected several videos on YouTube. These clips, taken inside a maternity hospital, showed pregnant women undergoing medical examinations and receiving injections in their buttocks.   Each video carried a link directing viewers to Telegram channels where longer versions of the footage could be purchased. To protect the privacy of those filmed, the city and the maternity hospital’s name have not been disclosed.   From a Single Hospital Breach to a Nationwide Cybercrime Operation  The hospital director told the BBC that the cameras had been installed “for the safety of doctors” and to guard against false allegations. None of the women seen in the videos has filed police complaints.  Once alerted, investigators uncovered what they described as a massive nationwide cybercrime racket. Police say hackers had infiltrated at least 50,000 CCTV systems throughout India and were selling footage taken from hospitals, schools, residential complexes, offices, malls, and even private homes.   Many of the stolen clips were marketed for prices ranging from 800 to 2,000 rupees, while some Telegram operators reportedly offered live feeds through subscription-based access. According to officers, the case demonstrates how a single CCTV hack can compromise thousands of devices due to weak digital protection.  Arrests, Charges, and the Spread of the Network  Arrests connected to the network have been made since February, spanning Maharashtra, Uttar Pradesh, Gujarat, Delhi, and Uttarakhand. The suspects face charges under laws addressing privacy violations, cyberterrorism, voyeurism, and the publication of obscene material. Police noted that no patient or hospital lodged an official complaint, largely due to fear of exposure and social stigma. Instead, a police officer formally initiated the case to prevent the matter from being dropped.  The breach reflects the widespread vulnerabilities built into India’s surveillance ecosystem. Many CCTV units operate with default passwords such as “Admin123,” practice investigators say aided the hackers. Officers reported that the group used brute-force tools to access networks, enabling them to capture feed from thousands of locations. Specialists advise users to periodically change IP addresses and passwords, conduct routine audits of their systems, and adopt stronger security measures for both home and professional networks.  Growing Concerns About Surveillance and Privacy  The proliferation of CCTV across India, from hospital wards to private apartments, has created a fertile ground for hacking CCTV incidents, exposing sensitive footage, and disproportionately affecting women, who often hesitate to report breaches due to stigma. Despite government efforts to tighten digital security, gaps remain, and this latest breach highlights how quickly insecure systems can be exploited and sensitive data spread online. Platforms like Cyble offer a proactive solution, leveraging AI-native intelligence to monitor dark web activity, detect vulnerabilities, and prevent cybercrime before it impacts victims. Organizations looking to protect their networks and gain real-time threat visibility can schedule a free demo with Cyble to experience how its agentic AI hunts, predicts, and neutralizes threats autonomously, keeping security teams ahead of hackers. 

image for Cloudflare Outage or ...

 Firewall Daily

A major Cloudflare outage struck on 18 November 2025, beginning at 11:20 UTC and spreading across its global network within minutes. Although the issue initially looked like a large-scale Cloudflare cyberattack, it was later confirmed to be an internal configuration error that disrupted company’s core   show more ...

traffic-routing systems. According to Cloudflare, the disruption began when one of the company’s database systems generated incorrect data and published it across the network. The problem stemmed from altered permissions in a ClickHouse database cluster, which inadvertently caused the system to output duplicate rows into a “feature file” used by Cloudflare’s Bot Management module. The feature file, normally stable in size, doubled unexpectedly. Once this oversized file propagated across Cloudflare’s machines, the software responsible for distributing global traffic encountered a hard limit and failed. This internal malfunction translated into widespread HTTP 5xx errors for users trying to reach websites that rely on Cloudflare’s network. A screenshot shared by the company showed the generic error page millions of users saw during the outage. Cloudflare initially suspected that the symptoms resembled a hyper-scale DDoS attack, a concern shaped partly by recent “Aisuru” attack campaigns, raising fears of a potential cyberattack on Cloudflare. The company later clarified that “the issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind.” Once engineers discovered the faulty feature file, they halted its propagation and reinserted an earlier, stable version.  Core traffic began recovering by 14:30 UTC, and Cloudflare reported full restoration of all systems by 17:06 UTC. “Given Cloudflare’s importance in the Internet ecosystem, any outage of any of our systems is unacceptable,” the company wrote, noting that the incident was “deeply painful to every member of our team.”  Why the System Failed During the Cloudflare Outage  The root cause of the Cloudflare outage originated with a permissions change applied at 11:05 UTC. Cloudflare engineers were in the process of improving how distributed queries run in ClickHouse. Historically, internal processes assumed that metadata queries returned results only from the “default” database. The new permissions change allowed these queries to also surface metadata from the underlying “r0” database.  A machine learning–related query, used to build the Bot Management feature configuration file, combined metadata from both locations without filtering database names. The oversight caused the file to double in size as duplicate features were added. Bot Management modules preallocate memory based on a strict feature limit of 200 entries; the malformed file exceeded this threshold, triggering a Rust panic within the proxy system.  Because Cloudflare’s core proxy (called FL, or “Frontline”) touches nearly every request on the network, the failure cascaded quickly. The newer version of the proxy system, FL2, also encountered 5xx errors. Legacy FL systems did not crash, but they produced invalid bot scores, defaulting everything to zero and potentially leading to false positives for customers who blocked bot traffic.  Systems Impacted  The Cloudflare outage disrupted multiple services:  Core CDN and security services returned widespread HTTP 5xx errors.  Turnstile, Cloudflare’s verification system, failed to load, preventing many users from logging into the Cloudflare dashboard.  Workers KV experienced a sharp increase in error rates until engineers applied a bypass patch at 13:04, stabilizing dependent services.  Cloudflare Access experienced authentication failures from the start of the incident. Existing sessions remained valid, but new attempts failed and returned error pages.  Email Security continued processing email but temporarily lost access to an IP reputation source, slightly reducing spam-detection accuracy.  Cloudflare also noted latency spikes across its CDN during the incident as debugging and observability tools consumed excess CPU while attempting to analyze the errors.  Complicating the investigation further, Cloudflare’s external status page briefly went offline, despite being completely hosted outside Cloudflare’s network, adding to internal suspicion that an attacker might be targeting multiple systems simultaneously. This coincidence reinforced early fears of a potential Cloudflare cyberattack, though this theory was later dismissed.  Post-Incident Actions and Next Steps  After restoring service, Cloudflare implemented a series of fixes, strengthening configuration protection, improving kill-switch controls, refining proxy error-handling, and preventing diagnostic tools from overwhelming system resources. The company described the event as its most serious outage since 2019, noting that while it briefly raised concerns about a potential cyberattack on Cloudflare, the root cause was purely internal.   Events like this highlight the value of proactive threat intelligence. Cyble, ranked #1 globally in Cyber Threat Intelligence Technologies on Gartner Peer Insights, provides AI-native, autonomous threat detection and attack-surface visibility. To assess your organization’s exposure and strengthen resilience, book a personized demo or start a free External Threat Assessment today. 

image for ARC Data Sale Scanda ...

 Business News

The ARC Data Sale to U.S. government agencies has come under intense scrutiny following reports of warrantless access to Americans’ travel records. After growing pressure from lawmakers, the Airlines Reporting Corporation (ARC), a data broker collectively owned by major U.S. airlines, has announced it will shut down   show more ...

its Travel Intelligence Program (TIP), a system that allowed federal agencies to search through hundreds of millions of passenger travel records without judicial oversight. Lawmakers Question ARC Data Sale and Warrantless Access Concerns over the ARC Data Sale intensified this week after a bipartisan group of lawmakers sent letters to nine airline CEOs urging them to stop the practice immediately. The letter cited reports that government agencies, including the Department of Homeland Security (DHS), the Internal Revenue Service (IRS), the Securities and Exchange Commission (SEC), and the FBI had been accessing ARC’s travel database without obtaining warrants or court orders. According to the lawmakers, ARC sold access to a system containing approximately 722 million ticket transactions covering 39 months of past and future travel data. This includes bookings made through more than 10,000 U.S.-based travel agencies, popular online travel portals like Expedia, Kayak, and Priceline, and even credit-card reward program bookings. Travel details in this database include a passenger’s name, itinerary, flight numbers, fare details, ticket numbers, and sometimes credit card digits used during the purchase. Documents released through public records requests show that the FBI received travel records from ARC based solely on written requests, bypassing the need for subpoenas. DHS described the database as “an unparalleled intelligence resource.” IRS Admits Policy Violations in Handling Travel Data A central point of concern is the revelation that the IRS accessed ARC’s travel database without conducting a legal review or completing a required Privacy Impact Assessment. Under the E-Government Act of 2002, federal agencies must complete such assessments before procuring systems that collect personal data. In a disclosure to Senator Ron Wyden, the IRS admitted it had purchased ARC’s airline data without meeting these requirements. The agency only completed the privacy assessment after receiving an oversight inquiry in 2025. It also confirmed that it had not initially reviewed whether accessing the travel data constituted a search that required a warrant, despite previous commitments to do so after a 2021 investigation into cell-phone location data purchases. Prospective Surveillance Raises New Privacy Concerns Beyond historical travel data, lawmakers highlighted that ARC’s tools enabled what they termed “prospective surveillance.” Through automated, recurring searches, government agencies could receive alerts the moment a ticket matching specific criteria was booked. This type of forward-looking monitoring typically requires a higher legal threshold and is allowed only in limited circumstances authorized by Congress. Lawmakers argued that buying such capabilities from a data broker like ARC allowed agencies to circumvent the Fourth Amendment, undermining Americans’ constitutional protection against unreasonable searches. Because ARC only captures bookings made through travel agencies, individuals booking directly with airlines do not have their travel data in the system, effectively creating inconsistent privacy protections based solely on how a ticket is purchased. ARC Confirms End of Travel Intelligence Program In a letter sent on Tuesday, ARC CEO Lauri Reishus informed lawmakers that the company would end the Travel Intelligence Program in the coming weeks. The decision follows public and political pressure since September, when media reports first revealed the extent of ARC’s data-sharing arrangements with government agencies. Lawmakers noted that airlines benefit financially when passengers book tickets directly, raising concerns that the surveillance program not only threatened privacy rights but also created potential antitrust implications. As lawmakers push for stronger privacy protections and clearer limits on government surveillance, the ARC data sale case has become a high-profile example of how easily personal travel data can be accessed and shared without passengers’ knowledge.

image for Hacking Black Friday ...

 Tips

Black Friday is an annual bargain hunt that often spirals into chaotic impulse buying. Stores promise incredible discounts of 50–70%, but are those savings really as significant as they seem? In 2025, we’ve got a new ally on our side in the fight for smart spending: artificial intelligence. Here’s how you can   show more ...

use powerful LLMs like ChatGPT and Claude to save money and never fall for a shady seller’s tricks again. Before we enlist AI to help you save, it’s crucial we understand the battlefield. Studies paint a grim picture: a significant portion of those Black Friday “super discounts” are nothing more than a marketing illusion. The tactic is simple and effective: in early October, stores hike up their prices, sometimes by fifty to a hundred percent. Then, when Black Friday finally hits, they “slash” the price by that same 50% and proudly tout the impressive discount on the tag. In reality, you’re just buying the item at its regular price — or sometimes even paying a premium. While the European Union’s Omnibus Directive mandates that retailers display the lowest price from the last 30 days, even this rule is easily skirted. Retailers just hike the price up 30 days before the event, which allows them to technically adhere to the directive while still duping consumers. How LLMs can help you save Artificial intelligence is changing the game. Analysts estimate that in 2024, AI tools helped consumers make a staggering $60 billion in transactions during Cyber Week, and that number is only projected to climb in 2025. Already, one in three U.S. shoppers plans to lean on AI for their shopping needs. As you know, an LLM is immune to emotion; it won’t react to marketing triggers like “2 hours left!” or “only one left in stock!” Instead, the model analyzes huge volumes of data, compares prices, tracks price history, and helps you make rational decisions. In seconds, AI can crawl hundreds of online stores, zeroing in not only on the product you want at the lowest price but also on cheaper alternatives with comparable specs. Modern LLMs can help you figure out if a discount is truly beneficial — or if you’re falling for a scam. Amazon, for example, has already integrated a price-tracking feature into its AI assistant, Rufus, though users have noted that the tool still has some kinks to work out. Using just a few prompts, the AI can factor in your preferences, budget, and past purchases to suggest exactly what you need, cutting through all the marketing noise. Instead of wasting hours poring over spec sheets, just ask the assistant, “What’s the difference between vacuum cleaner A and vacuum cleaner B?” And you get your answer — regardless of whether the seller’s website features a comparison tool. You can use the prompts below for ChatGPT, Claude, or Gemini. Preparing for Black Friday with AI Step 1. Create a wish list Don’t wait for the sales to start; your goal is to gather all the baseline data upfront. Help me create a shopping list for Black Friday. My budget is: [amount]. I'm interested in the following categories: [electronics/clothing/home goods]. Priorities: [performance/quality/brand/price]. Create a structured list with explanations of why each item is worth considering. Step 2. Start tracking prices This is a critical stage. You need to know the real price of an item before the Black Friday marketing hype machine starts rolling. On Amazon, tools like CamelCamelCamel and Keepa can help, and for AliExpress, look at AliPrice and AliTools. Step 3. Analyze price dynamics Collected the price data? Excellent. If you see a sharp price spike in October followed by a corresponding drop in November, you’re looking at the classic scam tactic. But if the data on the charts seems unclear, use the prompt below. The months we used are just examples, so feel free to use your own date ranges. The larger the intervals between the price checks, the higher your chances of catching an unjustified price hike. I'm tracking [product name] on [platform]. Here's the price data: - September: [price] - Early October: [price] - Late October: [price] - Current price: [price] - Advertised discount: [percentage] - Analyze this data. Is this a genuine discount or is the store manipulating prices? When is the best time to buy? Should I wait for Black Friday or buy now? Step 4. Search for alternatives Don’t get fixated on a single product. There may be more advantageous alternatives available. I want to buy [product, model]. My goal is to [what it's needed for]. Budget: [amount]. Find 3–5 alternative products that solve the same problem but might be more cost-effective. Compare them based on features, price, and reviews. Display the results in a table. Experience shows that LLM models are particularly good at comparative analysis, highlighting key differences between similar products. Step 5. Vet the seller and the website Black Friday is an absolute field day for scammers. In the third quarter of 2025 we saw the number of fake online stores skyrocket by 20% compared to the monthly average. Let’s run through the immediate red flags that should raise your suspicions: Domains like .shop, .store, .vip or .top — rarely used by major, established brands Unbelievable discounts of 80–90% on popular items Lack of a secure HTTPS connection, meaning no padlock icon next to the URL in your browser Poorly translated text and/or grammatical errors Finally, just in case, run the following prompt through the AI of your choice to check the store’s legitimacy: I have found [product name] on [URL]. The price is very attractive: [price], which is [percentage]% below the average. How can I verify that this is not a scam? What are the signs of a fake store? What should I pay attention to? Step 6. Compile the all-in-one prompt This is the all-in-one prompt containing all the data you gathered in the previous steps; it works in any LLM: You are an expert in spotting retail price manipulation. Product: [name] Store: [name] Current price: [price] Advertised discount: [percentage]% Stated old price [price] Price history I tracked: [state data for several months] Tasks: 1. Is this a genuine discount or a manipulation? 2. What was the real average price before the alleged sale? 3. Should I buy now, or is the price likely to drop even further? 4. Your verdict: buy / wait / look for alternatives? Note that neural networks’ cybersecurity is still far from perfect: vulnerabilities continue to be discovered within them. Therefore, to shield yourself from phishing and spam links you might accidentally follow, be sure to install a proven and reliable security solution, such as Kaspersky Premium. It’ll keep your Black Friday from turning into a financial Black Monday for both your assets and personal data. Getting local results One of the core issues with global AI models is that they often deliver information that’s not region-specific, or is relevant to a region other than yours. But you can adapt them to your needs with this prompt: You are an AI shopping assistant for [country, city]. All your recommendations must factor in the local market, available stores, and regional platforms ([list of stores, if desired]). State prices in [currency]. Speak [language]. My task is to find [product] at the best price for Black Friday. Which local platforms should I check? What kind of sales are common in [region]? Specialized prompts for each LLM Each LLM has its strengths (also weaknesses). With these in mind, we’ve created prompts that unlock the potential of each language model. For the highest quality results, we recommend utilizing models with a larger number of parameters (usually available via paid subscriptions), and activating deep thinking when submitting your requests. ChatGPT excels at structuring information and generating lists. Here’s a prompt for budget planning: Create a shopping strategy for Black Friday. Budget: [amount] Priority categories: [list] For each category, specify: 1. Average price before discounts 2. Expected discounted price 3. Best time to buy (before/during/after Black Friday) 4. Alternatives Format the results as a table. And here’s a prompt for store comparison: Product: [name and model] Found in stores: - [Store 1]: [price], shipping [terms] - [Store 2]: [price], shipping [terms] - [Store 3]: [price], shipping [terms] Which option is more cost-effective considering the total cost? Analyze the reliability of the stores. Claude is particularly good at analyzing large volumes of text and highlighting key points. Here’s a Claude prompt for analyzing reviews: Here's a selection of reviews for [name] from various platforms: [insert reviews]. Analyze them and highlight: 1. Key advantages (top 3) 2. Key disadvantages (top 3) 3. Who is this product best suited for, and who should avoid it? 4. Are there any alarming issues mentioned? 5. Overall recommendation: is this worth buying? Long-term planning prompt: You're a financial consultant. I'm planning a major purchase: [product] for [price]. My monthly income: [amount]. My savings: [amount]. Should I buy this on Black Friday or should I wait? What alternative saving and purchasing strategies can you offer? Gemini offers seamless integration with the Google ecosystem and provides in-depth capabilities when working with images. Attach a screenshot of the banner or the offer on the website and write the prompt: This is a Black Friday offer. Evaluate: 1. How attractive is this discount? 2. What information should I check additionally? 3. What should I pay attention to in the description? 4. Signs of a possible scam Quick search prompt: Find the best Black Friday 2025 offers in [category]. I'm looking for: [product characteristics] Budget: [amount] Region: [country/city] Show the top-5 options and provide a justification for each choice. Final checklist Use AI to create a wish list, and start tracking prices with tools like CamelCamelCamel, Keepa, or other similar services. Set up convenient price-drop notifications. Analyze the collected price data, find alternative products and stores, and simultaneously verify the sellers’ reliability. Set up a separate credit card for purchases with a spending limit. If possible, get a virtual card and prepare our prompts for quick retail-offer analysis. On the actual sale day, don’t fall for urgency tricks like “last item in stock!”, and make sure you check every “super deal” with your AI assistant and a critical eye. Cross-reference the price history, don’t open suspicious emails, and don’t follow dubious links. If you follow these steps, your Black Friday will result not only in zero losses, but also in genuinely advantageous purchases. What else to read on the topic of AI: Privacy settings in ChatGPT DeepSeek: configuring privacy and deploying a local version The hidden dangers of AI coding New types of attacks on AI-powered assistants and chatbots How phishers and scammers use AI

image for The Cloudflare Outag ...

 A Little Sunshine

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered   show more ...

an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic. At around 6:30 EST/11:30 UTC on Nov. 18, Cloudflare’s status page acknowledged the company was experiencing “an internal service degradation.” After several hours of Cloudflare services coming back up and failing again, many websites behind Cloudflare found they could not migrate away from using the company’s services because the Cloudflare portal was unreachable and/or because they also were getting their domain name system (DNS) services from Cloudflare. However, some customers did manage to pivot their domains away from Cloudflare during the outage. And many of those organizations probably need to take a closer look at their web application firewall (WAF) logs during that time, said Aaron Turner, a faculty member at IANS Research. Turner said Cloudflare’s WAF does a good job filtering out malicious traffic that matches any one of the top ten types of application-layer attacks, including credential stuffing, cross-site scripting, SQL injection, bot attacks and API abuse. But he said this outage might be a good opportunity for Cloudflare customers to better understand how their own app and website defenses may be failing without Cloudflare’s help. “Your developers could have been lazy in the past for SQL injection because Cloudflare stopped that stuff at the edge,” Turner said. “Maybe you didn’t have the best security QA [quality assurance] for certain things because Cloudflare was the control layer to compensate for that.” Turner said one company he’s working with saw a huge increase in log volume and they are still trying to figure out what was “legit malicious” versus just noise. “It looks like there was about an eight hour window when several high-profile sites decided to bypass Cloudflare for the sake of availability,” Turner said. “Many companies have essentially relied on Cloudflare for the OWASP Top Ten [web application vulnerabilities] and a whole range of bot blocking. How much badness could have happened in that window? Any organization that made that decision needs to look closely at any exposed infrastructure to see if they have someone persisting after they’ve switched back to Cloudflare protections.” Turner said some cybercrime groups likely noticed when an online merchant they normally stalk stopped using Cloudflare’s services during the outage. “Let’s say you were an attacker, trying to grind your way into a target, but you felt that Cloudflare was in the way in the past,” he said. “Then you see through DNS changes that the target has eliminated Cloudflare from their web stack due to the outage. You’re now going to launch a whole bunch of new attacks because the protective layer is no longer in place.” Nicole Scott, senior product marketing manager at the McLean, Va. based Replica Cyber, called yesterday’s outage “a free tabletop exercise, whether you meant to run one or not.” “That few-hour window was a live stress test of how your organization routes around its own control plane and shadow IT blossoms under the sunlamp of time pressure,” Scott said in a post on LinkedIn. “Yes, look at the traffic that hit you while protections were weakened. But also look hard at the behavior inside your org.” Scott said organizations seeking security insights from the Cloudflare outage should ask themselves: 1. What was turned off or bypassed (WAF, bot protections, geo blocks), and for how long? 2. What emergency DNS or routing changes were made, and who approved them? 3. Did people shift work to personal devices, home Wi-Fi, or unsanctioned Software-as-a-Service providers to get around the outage? 4. Did anyone stand up new services, tunnels, or vendor accounts “just for now”? 5. Is there a plan to unwind those changes, or are they now permanent workarounds? 6. For the next incident, what’s the intentional fallback plan, instead of decentralized improvisation? In a postmortem published Tuesday evening, Cloudflare said the disruption was not caused, directly or indirectly, by a cyberattack or malicious activity of any kind. “Instead, it was triggered by a change to one of our database systems’ permissions which caused the database to output multiple entries into a ‘feature file’ used by our Bot Management system,” Cloudflare CEO Matthew Prince wrote. “That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.” Cloudflare estimates that roughly 20 percent of websites use its services, and with much of the modern web relying heavily on a handful of other cloud providers including AWS and Azure, even a brief outage at one of these platforms can create a single point of failure for many organizations. Martin Greenfield, CEO at the IT consultancy Quod Orbis, said Tuesday’s outage was another reminder that many organizations may be putting too many of their eggs in one basket. “There are several practical and overdue fixes,” Greenfield advised. “Split your estate. Spread WAF and DDoS protection across multiple zones. Use multi-vendor DNS. Segment applications so a single provider outage doesn’t cascade. And continuously monitor controls to detect single-vendor dependency.”

 Feed

Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute

 Feed

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks. EdgeStepper "redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure

 Feed

Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni, makes use of Now Assist's agent-to-agent discovery to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive

 Feed

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard's STRIKE team. Southeast Asia and European countries are some of the other regions where infections have

 Feed

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky and contributes significantly to the half-trillion-dollar annual cost of cybercrime. Zero Trust fundamentally shifts

 Feed

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025. "The specific flaw exists

 Feed

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. "It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to

2025-11
Aggregator history
Wednesday, November 19
SAT
SUN
MON
TUE
WED
THU
FRI
NovemberDecemberJanuary