Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Substack Discloses B ...

 Data Breach News

Data accessed in October 2025 went undetected until February, affecting subscribers across the newsletter platform with no evidence of misuse yet identified. Substack disclosed a security breach that exposed user email addresses, phone numbers and internal metadata to unauthorized third parties, revealing the incident   show more ...

occurred four months before the company detected the compromise. CEO Chris Best notified users Tuesday that attackers accessed the data in October 2025, though Substack only identified evidence of the breach on February 3. "I'm incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here," Best wrote in the notification sent to affected users. The breach allowed an unauthorized third party to access limited user data without permission through a vulnerability in Substack's systems. The company confirmed that credit card numbers, passwords and financial information were not accessed during the incident, limiting exposure to contact information and unspecified internal metadata. Substack's Breach Detection Delay a Concern The four-month detection gap raises questions about Substack's security monitoring capabilities and incident response procedures. Modern security frameworks typically emphasize rapid threat detection, with leading organizations aiming to identify breaches within days or hours rather than months. The extended dwell time—the period attackers maintained access before detection—gave threat actors ample opportunity to exfiltrate data undetected. Substack claims it has fixed the vulnerability that enabled the breach but provided no technical details about the nature of the flaw or how attackers exploited it. The company stated it is conducting a full investigation and taking steps to improve systems and processes to prevent future incidents. Best urged users to exercise caution with emails or text messages they receive, warning that exposed contact information could enable phishing attacks or social engineering campaigns. While Substack claims no evidence of data misuse exists, the four-month gap between compromise and detection means attackers had significant time to leverage stolen information. The notification's vague language about "other internal metadata" leaves users uncertain about the full scope of exposed information. Internal metadata could include account creation dates, IP addresses, subscription lists, payment history or other details that, when combined with email addresses and phone numbers, create comprehensive user profiles valuable to attackers. Substack Breach Impact Newsletter platforms like Substack represent attractive targets for threat actors because they aggregate contact information for engaged audiences across diverse topics. Compromised email lists enable targeted phishing campaigns, while phone numbers facilitate smishing attacks—phishing via text message—that many users find less suspicious than email-based attempts. The breach affects Substack's reputation as the platform competes for writers and subscribers against established players and emerging alternatives. Trust forms the foundation of newsletter platforms, where creators depend on reliable infrastructure to maintain relationships with paying subscribers. Substack has not disclosed how many users were affected, whether the company will offer identity protection services, or if it has notified law enforcement about the breach. The company also has not confirmed whether it will face regulatory scrutiny under data protection laws in jurisdictions where affected users reside. Users should remain vigilant for suspicious communications, enable two-factor authentication where available, and monitor accounts for unauthorized activity following the disclosure. Also read: EU Data Breach Notifications Surge as GDPR Changes Loom

image for Russian Cyberattacks ...

 Cyber News

With the Milan-Cortina Winter Olympics just hours from opening, Russian cyberattacks have forced Italian authorities into a full-scale security response that blends digital defence with boots on the ground. Italy confirmed this week that it successfully thwarted a coordinated wave of cyber incidents targeting   show more ...

government infrastructure and Olympic-linked sites, exposing how global sporting events are now frontline targets in geopolitical conflict. Italian Foreign Minister Antonio Tajani revealed that the Russian cyberattacks hit around 120 websites, including Italy’s foreign ministry offices abroad and several Winter Olympics-related locations, such as hotels in Cortina d’Ampezzo. While officials insist the attacks were “effectively neutralised,” the timing sends a clear message: cyber operations are now as much a part of Olympic security planning as physical threats. Russian Cyberattacks and the Olympics: A Political Signal According to Tajani, the attacks began with foreign ministry offices, including Italy’s embassy in Washington, before spreading to Olympic-linked infrastructure. A Russian hacker group known as Noname057 claimed responsibility, framing the Russian cyberattacks as retaliation for Italy’s political support for Ukraine. In a statement shared on Telegram, the group warned that Italy’s “pro-Ukrainian course” would be met with DDoS attacks—described provocatively as “missiles”—against Italian websites. While AFP could not independently verify the group’s identity, cybersecurity analysts noted that the tactics and messaging align with previous operations attributed to the same network. DDoS attacks may seem unsophisticated compared to advanced espionage campaigns, but their impact during high-profile events like the Olympics is strategic. Disrupting hotel websites, travel systems, or government portals creates confusion, undermines confidence, and grabs headlines—all without crossing into kinetic conflict. Digital Threats Meet Physical Security Lockdown Italy’s response to the Russian cyberattacks has been layered and aggressive. More than 6,000 police officers and nearly 2,000 military personnel have been deployed across Olympic venues stretching from Milan to the Dolomites. Snipers, bomb disposal units, counterterrorism teams, and even skiing police are now part of the security landscape. The defence ministry has added drones, radars, aircraft, and over 170 vehicles, underlining how cyber threats are now treated as triggers for broader security escalation. Milan, hosting the opening ceremony at San Siro stadium, is under particular scrutiny, with global leaders—including US Vice President JD Vance—expected to attend. The International Olympic Committee, however, stuck to its long-standing position. “We don’t comment on security,” IOC communications director Mark Adams said, a response that feels increasingly outdated in an era where Russian cyberattacks are openly claimed and politically framed. ICE Controversy Adds Fuel to a Tense Atmosphere Cybersecurity is not the only issue complicating Winter Olympic 2026 preparations. The presence of US Immigration and Customs Enforcement (ICE) officials in Italy has sparked political backlash and public protests. Milan Mayor Giuseppe Sala went as far as to say ICE agents were “not welcome,” calling the agency “a militia that kills.” Italy’s interior minister Matteo Piantedosi pushed back hard, clarifying that ICE’s Homeland Security Investigations unit would operate strictly within US diplomatic missions and have no enforcement powers. Still, the optics matter—especially as Russian cyberattacks amplify fears of foreign interference and sovereignty breaches. Even symbolic gestures have changed. A US hospitality venue originally called “Ice House” was quietly renamed “Winter House,” highlighting how sensitive the political climate has become.

image for Critical n8n Vulnera ...

 Firewall Daily

A newly disclosed critical vulnerability,  tracked as CVE-2026-25049, in the workflow automation platform n8n, allows authenticated users to execute arbitrary system commands on the underlying server by exploiting weaknesses in the platform’s expression evaluation mechanism. With a CVSS score of 9.4, the issue is   show more ...

classified as critical and poses a high risk to affected systems.  The CVE-2026-25049 vulnerability is the result of insufficient input sanitization in n8n’s expression handling logic. Researchers found that the flaw effectively bypasses security controls introduced to mitigate CVE-2025-68613, an earlier critical vulnerability with a CVSS score of 9.9 that was patched in December 2025. Despite those fixes, additional exploitation paths remained undiscovered until now.  Bypass of Previous Security Fixes for CVE-2026-25049 Vulnerability  According to an advisory released Wednesday by n8n maintainers, the issue was uncovered during follow-up analysis after the earlier disclosure. The maintainers stated, “Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613.”  They further warned that “an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.”  The vulnerability is described as an “Expression Escape Vulnerability Leading to RCE,” reflecting its ability to break out of an n8n expression sandbox and reach the host operating system. The advisory was published under GitHub Security Advisory GHSA-6cqr-8cfr-67f8 and applies to the n8n package distributed via npm.  Affected Versions and Mitigation Guidance  The CVE-2026-25049 vulnerability affects all n8n versions earlier than 1.123.17 and 2.5.2. The issue has been fully patched in versions 1.123.17 and 2.5.2, and users are advised to upgrade immediately to these or later releases to remediate the risk.  For organizations unable to upgrade right away, the advisory outlines temporary workarounds. These include restricting workflow creation and modification permissions to fully trusted users and deploying n8n in a hardened environment with limited operating system privileges and constrained network access.   However, n8n’s maintainers emphasized that these measures do not fully resolve the vulnerability and should only be considered short-term mitigations.  From a severity standpoint, n8n has adopted CVSS 4.0 as the primary scoring system for its advisories, while continuing to provide CVSS 3.1 vector strings for compatibility. Under CVSS 3.1, CVE-2026-25049 carries the vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The CVSS 4.0 metrics similarly rate the issue as critical, citing low attack complexity, network-based exploitation, low required privileges, and high impact to confidentiality, integrity, and availability.  Researcher Insights and Potential Impact Although no specific Common Weakness Enumerations (CWEs) have been assigned, the real-world implications of exploiting this n8n vulnerability are severe. A successful attack could allow threat actors to compromise the server, steal credentials, exfiltrate sensitive data, and install persistent backdoors to maintain long-term access.  The vulnerability was discovered with contributions from as many as ten security researchers. Those credited include Fatih Çelik, who also reported CVE-2025-68613, as well as Endor Labs’ Cris Staicu, Pillar Security’s Eilon Cohen, SecureLayer7’s Sandeep Kamble, and several independent researchers.  In a technical deep dive covering both CVE-2025-68613 and CVE-2026-25049, Çelik stated that “they could be considered the same vulnerability, as the second one is just a bypass for the initial fix.” He explained that both issues allow attackers to escape the n8n expression sandbox mechanism and circumvent security checks designed to prevent command execution. 

image for AI-Coded Moltbook Pl ...

 Cyber Essentials

Viral social network "Moltbook" built entirely by artificial intelligence leaked authentication tokens, private messages and user emails through missing security controls in production environment. Wiz Security discovered a critical vulnerability in Moltbook, a viral social network for AI agents, that exposed   show more ...

1.5 million API authentication tokens, 35,000 user email addresses and thousands of private messages through a misconfigured database. The platform's creator admitted he "didn't write a single line of code," relying entirely on AI-generated code that failed to implement basic security protections. The vulnerability stemmed from an exposed Supabase API key in client-side JavaScript that granted unauthenticated read and write access to Moltbook's entire production database. Researchers discovered the flaw within minutes of examining the platform's publicly accessible code bundles, demonstrating how easily attackers could compromise the system. "When properly configured with Row Level Security, the public API key is safe to expose—it acts like a project identifier," explained Gal Nagli, Wiz's head of threat exposure. "However, without RLS policies, this key grants full database access to anyone who has it. In Moltbook's implementation, this critical line of defense was missing." What's Moltbook Moltbook launched January 28, as a Reddit-like platform where autonomous AI agents could post content, vote and interact with each other. The concept attracted significant attention from technology influencers, including former Tesla AI director Andrej Karpathy, who called it "the most incredible sci-fi takeoff-adjacent thing" he had seen recently. The viral attention drove massive traffic within hours of launch. However, the platform's backend relied on Supabase, a popular open-source Firebase alternative providing hosted PostgreSQL databases with REST APIs. Supabase became especially popular with "vibe-coded" applications—projects built rapidly using AI code generation tools—due to its ease of setup. The service requires developers to enable Row Level Security policies to prevent unauthorized database access, but Moltbook's AI-generated code omitted this critical configuration. Wiz researchers examined the client-side JavaScript bundles loaded automatically when users visited Moltbook's website. Modern web applications bundle configuration values into static JavaScript files, which can inadvertently expose sensitive credentials when developers fail to implement proper security practices. What and How Data was Leaking The exposed data included approximately 4.75 million database records. Beyond the 1.5 million API authentication tokens that would allow complete agent impersonation, researchers discovered 35,000 email addresses of platform users and an additional 29,631 early access signup emails. The platform claimed 1.5 million registered agents, but the database revealed only 17,000 human owners—an 88:1 ratio. More concerning, 4,060 private direct message conversations between agents were fully accessible without encryption or access controls. Some conversations contained plaintext OpenAI API keys and other third-party credentials that users shared under the assumption of privacy. This demonstrated how a single platform misconfiguration can expose credentials for entirely unrelated services. The vulnerability extended beyond read access. Even after Moltbook deployed an initial fix blocking read access to sensitive tables, write access to public tables remained open. Wiz researchers confirmed they could successfully modify existing posts on the platform, introducing risks of content manipulation and prompt injection attacks. Wiz used GraphQL introspection—a method for exploring server data schemas—to map the complete database structure. Unlike properly secured implementations that would return errors or empty arrays for unauthorized queries, Moltbook's database responded as if researchers were authenticated administrators, immediately providing sensitive authentication tokens including API keys of the platform's top AI agents. Matt Schlicht, CEO of Octane AI and Moltbook's creator, publicly stated his development approach: "I didn't write a single line of code for Moltbook. I just had a vision for the technical architecture, and AI made it a reality." This "vibe coding" practice prioritizes speed and intent over engineering rigor, but the Moltbook breach demonstrates the dangerous security oversights that can result. Wiz followed responsible disclosure practices after discovering the vulnerability January 31. The company contacted Moltbook's maintainer and the platform deployed its first fix securing sensitive tables within a couple of hours. Additional fixes addressing exposed data, blocking write access and securing remaining tables followed over the next few hours, with final remediation completed by February 1. "As AI continues to lower the barrier to building software, more builders with bold ideas but limited security experience will ship applications that handle real users and real data," Nagli concluded. "That's a powerful shift." The breach revealed that anyone could register unlimited agents through simple loops with no rate limiting, and users could post content disguised as AI agents via basic POST requests. The platform lacked mechanisms to verify whether "agents" were actually autonomous AI or simply humans with scripts. Also read: How “Unseeable Prompt Injections” Threaten AI Agents

image for What the Incognito M ...

 Cyber News

The 30-year prison sentence handed to Rui-Siang Lin, the operator of the infamous Incognito Market, is more than just another darknet takedown story. Lin, who ran Incognito Market under the alias “Pharaoh,” oversaw one of the largest online narcotics operations in history, generating more than $105 million in   show more ...

illegal drug sales worldwide before its collapse in March 2024. Platforms like Incognito Market are not clever experiments in decentralization. They are industrial-scale criminal enterprises, and their architects will be treated as such. How Incognito Market Became a Global Narcotics Hub Launched in October 2020, Incognito Market was designed to look and feel like a legitimate e-commerce platform, only its products were heroin, cocaine, methamphetamine, MDMA, LSD, ketamine, and counterfeit prescription drugs. Accessible through the Tor browser, the dark web marketplace allowed anyone with basic technical knowledge to buy illegal narcotics from around the globe. At its peak, Incognito Market supported over 400,000 buyer accounts, more than 1,800 vendors, and facilitated 640,000 drug transactions. Over 1,000 kilograms of cocaine, 1,000 kilograms of methamphetamine, and fentanyl-laced pills were likely sold, the authorities said. This was not a fringe operation—it was a global supply chain built on code, crypto, and calculated harm. Also read: “Incognito Market” Operator Arrested for Running $100M Narcotics Marketplace “Pharaoh” and the Business of Digital Drug Trafficking Operating as “Pharaoh,” Lin exercised total control over Incognito Market. Vendors paid an entry fee and a 5% commission on every sale, creating a steady revenue stream that funded servers, staff, and Lin’s personal profit—more than $6 million by prosecutors’ estimates. The marketplace had a very professional-looking modus operandi from branding, customer service, vendor ratings, and even its own internal financial system—the Incognito Bank—which allowed users to deposit cryptocurrency and transact anonymously. The system was designed to remove trust from human relationships and replace it with platform-controlled infrastructure. This was not chaos. It was corporate-style crime. Fentanyl, Fake Oxycodone, and Real Deaths In January 2022, Lin explicitly allowed opiate sales on Incognito Market, a decision that proved deadly. Listings advertised “authentic” oxycodone, but laboratory tests later revealed fentanyl instead. In September 2022, a 27-year-old man from Arkansas died after consuming pills purchased through the platform. This is where the myth of victimless cybercrime collapsed. Incognito Market did not just move drugs—it amplified the opioid crisis and directly contributed to loss of life. U.S. Attorney Jay Clayton stated that Lin’s actions caused misery for more than 470,000 users and their families, a figure that shows the human cost behind the transactions. Exit Scam, Extortion, and the Final Collapse When Incognito Market shut down in March 2024, Lin didn’t disappear quietly. He stole at least $1 million in user deposits and attempted to extort buyers and vendors, threatening to expose their identities and crypto addresses. His message was blunt: “YES, THIS IS AN EXTORTION!!!” It was a fittingly brazen end to an operation built on manipulation and fear. Judge Colleen McMahon called Incognito Market the most serious drug case she had seen in nearly three decades, labeling Lin a “drug kingpin.” The message from law enforcement is unmistakable: dark web platforms, cryptocurrency, and blockchain are not shields against justice.

image for US FDA Reissues Cybe ...

 Firewall Daily

The US Food and Drug Administration (FDA) has reissued its final guidance on medical device cybersecurity to reflect the agency’s transition from the Quality System Regulation (QSR) to the Quality System Management Regulation (QMSR). The updated FDA cybersecurity guidance was published on 4 February, just two days   show more ...

after the QMSR officially took effect. The revision updates regulatory references throughout the document and aligns cybersecurity expectations with the new quality system framework under 21 CFR Part 820, which now incorporates ISO 13485 by reference.  According to the agency, the FDA cybersecurity guidance revisions were made under Level 2 guidance procedures. “Revisions issued [were] under Level 2 guidance procedures (21 CFR 10.115(g)(4)), including revisions to align with the amendments to 21 CFR 820 (the Quality Management System Regulation (QMSR)),” the FDA stated. The agency added that the updated document supersedes the final guidance titled Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, which was published in June last year.  Throughout the revised FDA cybersecurity guidance, references to the former QSR have been replaced with references to the QMSR. The agency also updated the guidance to consistently reference ISO 13485, reflecting its central role in the new regulatory structure designed to harmonize US requirements with those of other global regulatory authorities.  QMSR Framework Reshapes FDA Cybersecurity Guidance and Quality System Expectations  The QMSR became effective on 2 February and amended the device's current good manufacturing practice (CGMP) requirements under 21 CFR Part 820. These CGMP requirements were first authorized under section 520(f) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) and initially codified in 1978. Significant revisions followed in 1996, when the FDA added design controls and sought closer alignment with international standards, including ISO 9001 and the early versions of ISO 13485.  With the QMSR, the FDA formally incorporated by reference ISO 13485:2016, Medical devices – Quality management systems – Requirements for regulatory purposes, as well as Clause 3 of ISO 9000:2015, which covers quality management system fundamentals and vocabulary. The agency stated that this approach promotes consistency in quality system requirements across global markets while reducing regulatory burden on manufacturers.  The QMSR applies to finished device manufacturers intending to commercially distribute medical devices in the United States. A finished device, as defined in 21 CFR 820.3(a), includes any device or accessory suitable for use or capable of functioning, regardless of whether it is packaged, labeled, or sterilized. Certain components, such as blood tubing and diagnostic x-ray components, are considered finished devices when they function as accessories and are therefore subject to QMSR requirements.  Although some devices are exempt from CGMP requirements under classification regulations in 21 CFR Parts 862 through 892, those exemptions do not eliminate obligations related to complaint handling or recordkeeping. In addition, devices manufactured under an investigational device exemption are not exempt from design and development requirements under 21 CFR 820.10(c) of the QMSR or the corresponding ISO 13485 provisions.  FDA Cybersecurity Guidance Emphasizes QMSR-Based Design, Risk, and Inspection Changes  The revised FDA cybersecurity guidance reiterates that documentation outputs demonstrating adherence to the QMSR can be used to address cybersecurity risks and provide reasonable assurance of safety and effectiveness. The agency directs sponsors to specific ISO 13485 clauses to support this approach. For example, the FDA noted that “21 CFR 820.10(c) requires that for all classes of devices automated with software, a manufacturer must comply with the requirements in Design and Development, Clause 7.3 and its subclauses of ISO 13485.”  The guidance highlights ISO 13485 Subclause 7.3.7, which requires design and development validation to ensure that a product is capable of meeting requirements for its specified application or intended use. “Design and development validation includes validation of device software,” the agency stated. The FDA also pointed to Subclause 7.1 of ISO 13485, which specifies that organizations must document one or more processes for risk management in product realization, an expectation closely tied to cybersecurity risk controls.  As part of the update, the FDA removed a substantial section from the prior guidance that referenced former QSR design control provisions, including requirements under 21 CFR 820.30(c) and (d) related to design inputs and design outputs. Those provisions are no longer cited in the updated FDA cybersecurity guidance. The transition to QMSR also introduced changes to FDA inspection practices. Beginning on 2 February, the agency stopped using the Quality System Inspection Technique (QSIT) and began conducting inspections under the updated Inspection of Medical Device Manufacturers Compliance Program: 7382.850. At the same time, the FDA discontinued use of Compliance Programs 7382.845 and 7383.001, which previously governed device manufacturer and PMA-related inspections. 

image for SIEM Rules for detec ...

 Business

Over the past two months researchers have reported three vulnerabilities that can be exploited to bypass authentication in Fortinet products using the FortiCloud SSO mechanism. The first two – CVE-2025-59718 and CVE-2025-59719 – were found by the company’s experts during a code audit (although CVE-2025-59718 has   show more ...

already made it into CISA’s Known Exploited Vulnerabilities Catalog), while the third – CVE-2026-24858 – was identified directly during an investigation of unauthorized activity on devices. These vulnerabilities allow attackers with a FortiCloud account to log into various companies’ FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb accounts if the SSO feature is enabled on the given device. To protect companies that use both our Kaspersky Unified Monitoring and Analysis Platform and Fortinet devices, we’ve created a set of correlation rules that help detect this malicious activity. The rules are already available for customers to download from Kaspersky SIEM repository; the package name is: [OOTB] FortiCloud SSO abuse package – ENG. Contents of the FortiCloud SSO abuse package The package includes three groups of rules. They’re used to monitor the following: Indicators of compromise: source IP addresses, usernames, creation of a new account with specific names; critical administrator actions, such as logging in from a new IP address, creating a new account, logging in via SSO, logging in from a public IP address, exporting device configuration; suspicious activity: configuration export or account creation immediately after a suspicious login. Rules marked “(info)” may potentially generate false positives, as events critical for monitoring authentication bypass attempts may be entirely legitimate. To reduce false positives, add IP addresses or accounts associated with legitimate administrative activity to the exceptions. As new attack reports emerge, we plan to supplement the rules marked with “IOC” with new information. Additional recommendations We also recommend using rules from the FortiCloud SSO abuse package for retrospective analysis or threat hunting. Recommended analysis period: starting from December 2025. For the detection rules to work correctly, you need to ensure that events from Fortinet devices are received in full and normalized correctly. We also recommend configuring data in the “Extra” field when normalizing events, as this field contains additional information that may need investigating. Learn more about our Kaspersky Unified Monitoring and Analysis Platform at on the official solution page.

 Feed

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that

 Feed

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX

 Feed

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less

 Feed

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a widening

 Feed

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of the month. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we

 Feed

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The

 AI

Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about - especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we learn how trust -   show more ...

once cracked - can be almost impossible to fully restore. Elsewhere, the spotlight turns to insider threat in the age of AI, after a senior US cybersecurity official uploads sensitive government material into the public version of ChatGPT. Oops. All this, and much more, in episode 453 of Smashing Security with cybersecurity veteran Graham Cluley and special guest Tricia Howard.

2026-02
Aggregator history
Thursday, February 05
SUN
MON
TUE
WED
THU
FRI
SAT
FebruaryMarch