Insights

24 Feb

Celebrating Two Years of CSF 2.0!

Insights

Mr. Stephen Quinn joined the National Institute of Standards and Technology (NIST) in 2004 and serves as a senior computer scientist in the Information Technology Laboratory (ITL). Mr. Quinn is the lead author for Integrating NIST risk management project work within the paradigm of Enterprise Risk Management (ERM). He is also program manager for the National Checklist Program and the National Online Informative Reference (OLIR) programs at NIST.  He is a co-originator of the NIST…

Read More
20 Feb

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Information, Insights

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and then acts as a relay between the target and the legitimate site — forwarding the victim’s username, password and multi-factor…

Read More
11 Feb

Kimwolf Botnet Swamps Anonymity Network I2P

Information, Insights

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers. Kimwolf is a botnet that surfaced in late 2025 and quickly infected millions…

Read More
10 Feb

Patch Tuesday, February 2026 Edition

Information, Insights

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein a single click on a malicious link can quietly bypass Windows protections and run attacker-controlled content without warning or consent dialogs. CVE-2026-21510 affects all currently…

Read More
10 Feb

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps

Attacks, Insights, Malware

The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team (CERT Polska’s) Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders.  In December 2025, a malicious cyber actor(s) targeted and compromised operational technology (OT) and industrial control systems (ICS) in Poland’s Energy Sector—specifically renewable energy plants, a combined heat and power plant, and a manufacturing sector company—in a cyber incident. The malicious cyber activity…

Read More
02 Feb

Please Don’t Feed the Scattered Lapsus ShinyHunters

Data Breaches, Information, Insights

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims reportedly are paying — perhaps as much to contain the stolen data as to stop the escalating personal attacks. But a top SLSH expert warns that engaging…

Read More
28 Jan

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

Attacks, Insights, Malware

Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [Common Weakness Enumeration (CWE)-288: Authentication Bypass Using an Alternate Path or Channel] allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other users in FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer, if FortiCloud single sign on (SSO) is enabled on devices.1 Users are vulnerable to CVE-2026-24858 even if they updated Fortinet devices to address previously disclosed FortiCloud SSO…

Read More
27 Jan

Celebrating Data Privacy Week with NIST’s Privacy Engineering Program

Insights

Credit: NIST Grab your party hats – it’s Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration of this week, the NIST Privacy Engineering Program is reflecting on recent work and looking ahead to what’s coming in the new year. Throughout 2026, we plan to continue collaborating…

Read More
26 Jan

Who Operates the Badbox 2.0 Botnet?

Information, Insights

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now…

Read More
20 Jan

Kimwolf Botnet Lurking in Corporate, Govt. Networks

Information, Insights

A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks. Image: Shutterstock, @Elzicon. Kimwolf…

Read More