CyberSecurity Updates

28 Oct

Aisuru Botnet Shifts from DDoS to Residential Proxies

Information, Insights

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts say a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade…

Read More
24 Oct

Hackers Target Perplexity Comet Browser Users

Information, News

Shortly after AI search engine company Perplexity launched its Comet AI browser, threat actors attempted to capitalize on it by luring users to fraudulent domains and fake applications, threat intelligence firm BforeAI reports. Launched in July, Comet is a Chromium-based browser that integrates Perplexity’s AI assistant, offering support for automating tasks, organizing emails, and researching the web. Beginning August, BforeAI observed an increase in fraudulent domains promoting an executable version of the browser available for…

Read More
24 Oct

Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287

Attacks, Insights, Malware

Microsoft released an update to address a critical remote code execution vulnerability impacting Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025), CVE-2025-59287, that a prior update did not fully mitigate.  CISA strongly urges organizations to implement Microsoft’s updated Windows Server Update Service (WSUS) Remote Code Execution Vulnerability guidance, 1 or risk an unauthenticated actor achieving remote code execution with system privileges. Immediate actions for organizations with affected products are:…

Read More
22 Oct

Canada Fines Cybercrime Friendly Cryptomus $176M

Information, Insights

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there. On October 16, the Financial…

Read More
21 Oct

CISA Releases 10 Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released 10 Industrial Control Systems (ICS) advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-294-01 Rockwell Automation 1783-NATR ICSA-25-294-02 Rockwell Automation Compact GuardLogix 5370 ICSA-25-294-03 Siemens SIMATIC S7-1200 CPU V1/V2 Devices ICSA-25-294-04 Siemens RUGGEDCOM ROS Devices ICSA-25-294-05 CloudEdge Online Cameras and App ICSA-25-294-06 Raisecomm RAX701-GC Series ICSMA-25-294-01 Oxford Nanopore Technologies MinKNOW ICSA-25-035-07 Schneider Electric Pro-Face GP-Pro EX and Remote HMI (Update A) ICSA-24-354-07 Schneider Electric Modicon Controllers…

Read More
17 Oct

Email Bombs Exploit Lax Authentication in Zendesk

Information, Insights

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession, each bearing the name of different…

Read More
16 Oct

AISLE Emerges From Stealth With AI-Based Reasoning System to Remediate Vulnerabilities on the Fly

Information, News

AISLE has emerged from stealth with a new AI-based cyber reasoning system (CRS). The term CRS originates from DARPA’s Cyber Grand Challenge, held in 2016 and designed for research into systems able to detect, exploit, and patch software vulnerabilities in real time. Since that Challenge, AI-driven software has become mainstream, and AISLE’s new CRS is described as an “AI-native cyber reasoning system that autonomously identifies, triages and remediates with verification both known and zero-day application…

Read More
15 Oct

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

Attacks, Insights, Malware

Today, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly released updates from F5.  A nation-state affiliated cyber threat actor has compromised F5 systems and exfiltrated data, including portions of the BIG-IP proprietary source code and vulnerability information, which provides the actor with a technical advantage…

Read More
14 Oct

Patch Tuesday, October 2025 ‘End of 10’ Edition

Information, Insights

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you’re running a Windows 10 PC and you’re unable or unwilling to migrate to Windows 11, read on for other options. The first zero-day bug addressed this month…

Read More
10 Oct

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

Information, Insights

The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of…

Read More