Posts

The Hacker News - Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures. "Built for from The Hacker News https://thehackernews.com/2026/04/masjesu-botnet-emerges-as-ddos-for-hire.html
Post a Comment
Read more

The Hacker News - APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro from The Hacker News https://thehackernews.com/2026/04/apt28-deploys-prismex-malware-in.html
Post a Comment
Read more

Black Hills InfoSec - Getting Started In Pentesting – Advice From The BHIS Pentest Lead

Image
Advice about getting started in pentesting from the BHIS pentest lead, including a learning path and why you should go all in on offensive security skills. The post Getting Started In Pentesting – Advice From The BHIS Pentest Lead appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/getting-started-in-pentesting/
Post a Comment
Read more

KnowBe4 - Voice Phishing is a Growing Social Engineering Threat

Image
Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives. from Human Risk Management Blog https://blog.knowbe4.com/voice-phishing-is-a-growing-social-engineering-threat
Post a Comment
Read more

The Hacker News - Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.  The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and from The Hacker News https://thehackernews.com/2026/04/shrinking-iam-attack-surface-through.html
Post a Comment
Read more

Schneier - Python Supply-Chain Compromise

This is news : A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without requiring any explicit import of the litellm module. There are a lot of really boring things we need to do to help secure all of these critical libraries: SBOMs, SLSA, SigStore. But we have to do them. from Schneier on Security https://www.schneier.com/blog/archives/2026/04/python-supply-chain-compromise.html
Post a Comment
Read more

The Hacker News - Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike,& from The Hacker News https://thehackernews.com/2026/04/anthropics-claude-mythos-finds.html
Post a Comment
Read more