Security News

Analysis using Gephi with DShield Sensor Data, (Wed, Jan 7th)

I&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;m always looking for new ways of manipulating the data captured by my DShield sensor [1]. This time I used Gephi [2] and Graphiz [3] a popular and powerful tool for visualizing and exploring relationships between nodes, to examine the relationship between the source IP, filename and which sensor got a copy of the file. I queried the past 30 days of data stored in my ELK [4] database in Kibana using ES|QL [5][6] to query and export the data and import the result into Gephi. 

Attackers Exploit Zero-Day in End-of-Life D-Link Routers

Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands.

Phishers Exploit Office 365 Users Who Let Their Guard Down

Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind spot. Join us for a deep-dive

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and

DDoSia Powers Affiliate-Driven Hacktivist Attacks

Pro-Russian group NoName057(16) uses a custom denial-of-service tool to mobilize volunteers and disrupt government, media, and institutional sites tied to Ukraine and the West.

Cyberattacks Likely Part of Military Operation in Venezuela

Cyber's role in the US raid on Venezuela remains a question, though President Trump alluded to "certain expertise" in shutting down the power grid in Caracas.

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been

Lack of MFA Is Common Thread in Vast Cloud Credential Heist

An emerging threat actor that goes by "Zestix" used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises.

A phishing campaign with QR codes rendered using an HTML table, (Wed, Jan 7th)

Malicious use of QR codes has long been ubiquitous, both in the real world as well as in electronic communication. This is hardly surprising given that a scan of a QR code can lead one to a phishing page as easily as clicking a link in an e-mail.

ISC Stormcast For Wednesday, January 7th, 2026 https://isc.sans.edu/podcastdetail/9756, (Wed, Jan 7th)

Scattered Lapsus$ Hunters Snared in Cyber Researcher Honeypot

Scattered Lapsus$ Hunters, also known as ShinyHunters, were drawn in using a realistic, yet mostly fake, dataset.

ClickFix Campaign Serves Up Fake Blue Screen of Death

Threat actors are using the social engineering technique and a legitimate Microsoft tool to deploy the DCRat remote access Trojan against targets in the hospitality sector.

Tool Review: Tailsnitch, (Tue, Jan 6th)

In yesterday&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s podcast, I mentioned "tailsnitch", a new tool to audit Tailscale configurations. Tailscale is an easy-to-use overlay to Wireguard. It is probably best compared to STUN servers in VoIP in that it allows devices behind NAT to connect directly to each other. Tailscale just helps negotiate the setup, and once the connection is established, data will flow directly between the connected devices. I personally use it to provide remote assistance to family members, and it has worked great for this purpose. Tailscale uses a "Freemium" model. For my use case, I do not need to pay, but if you have multiple users or a large number of devices, you may need to pay a monthly fee. There are also a few features that are only available to paid accounts.

ISC Stormcast For Tuesday, January 6th, 2026 https://isc.sans.edu/podcastdetail/9754, (Tue, Jan 6th)

Startup Trends Shaking Up Browsers, SOC Automation, AppSec

These startups reimagined browser security, pioneered application security for AI-generated code, and are building consensus on agentic vs. human costs.

Advisor360 Gets a Handle on Shadow AI via Automation

With employees looking for the benefits of artificial intelligence, a fintech company stepped up controls with automation.

CISOs Face a Tighter Insurance Market in 2026

Insured entities are becoming more sophisticated in their views on how cyber policies fit into their broader risk management plans.

Critical 'MongoBleed' Bug Under Attack, Patch Now

A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.

US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity

Two US citizens pleaded guilty to working as ALPHV/BlackCat ransomware affiliates in 2023, and both were previously employed by prominent security firms.