Bluesky blames app outage on ‘sophisticated’ DDoS attack
The decentralized social network said the incident began on April 15, when the company received reports of intermittent outages affecting the app.
Aggregator
Ubuntu security advisory (AV26-367)
3 days 18 hours ago
Canadian Centre for Cyber Security
Lamashtu
3 days 18 hours ago
You must login to view this content
cohenido
KRYBIT
3 days 18 hours ago
You must login to view this content
cohenido
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful
3 days 18 hours ago
Hackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to exploit a serious flaw, tracked as CVE-2023-33538 (CVSS score of 8.8), in outdated TP-Link routers, but so far without success. The vulnerability is a command […]
Pierluigi Paganini
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
3 days 18 hours ago
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.
There’s also a shift in how attacks run.
The Hacker News
Не покупайте VPN на год вперёд. Инсайдер раскрыл, почему это может быть ловушкой
3 days 18 hours ago
Пока маркетологи нагнетают страх блокировки платёжек, реальная угроза приходит совсем с другой стороны.
British Scattered Spider hacker pleads guilty to crypto theft charges
3 days 18 hours ago
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. [...]
Sergiu Gatlan
GitHub 上项目的伪造星数
3 days 19 hours ago
在最大的源代码托管平台 GitHub,一个项目的星数曾经是衡量其受欢迎程度的重要指标。因为重要,因此伪造星数或者付费刷星数也日益商业化。卡内基梅隆、北卡州立大学和 Socket 的研究人员在 ICSE 2026 上发表了一项研究,使用工具 StarScout 分析了 20TB GitHub 元数据,涵盖 2019 年到 2024 年 67 亿个事件和 3.26 亿星数,识别了 600 万被怀疑刷的虚假星数,涉及 30.1 万个账户创建的 18,617 个库。付费刷星数在 2024 年急剧恶化,到 7 月 16.66% 有 50 或以上星数的项目涉嫌刷星数。到了 2025 年 1 月,涉嫌刷星数的项目有 90.42% 被官方移除,涉嫌的账号有 57.07% 被关闭。AI 和 LLM(大模型)的项目超过区块链/加密货币,成为刷星数最多的非恶意项目类别。调查发现有几十家网站、以及 Fiverr 卖家和 Telegram 频道提供付费刷星数的服务,价格最低 0.03 美元/星,最高 0.8-0.9 美元/星。清华大学的一项研究发现 QQ 和微信推广群也提供了刷星数的付费服务。
Why the Axios attack proves AI is mandatory for supply chain security
3 days 19 hours ago
Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer scale, the attack’s speed was just as worrisome – a stark […]
The post Why the Axios attack proves AI is mandatory for supply chain security appeared first on CyberScoop.
Greg Otto
New Windows 11 Dev Build Improves Secure Boot Monitoring and Storage Controls
3 days 19 hours ago
Microsoft has released Windows 11 Insider Preview Build 26300.8170 to the Dev Channel, introducing notable improvements to Secure Boot visibility, storage management, and the Feedback Hub experience. The most security-relevant update in this build is a revamped Secure Boot experience within the Windows Security app. Navigating to Windows Security > Device Security > Secure Boot now displays […]
The post New Windows 11 Dev Build Improves Secure Boot Monitoring and Storage Controls appeared first on Cyber Security News.
Abinaya
Свет это прошлый век. В MIT придумали лазер для простреливания Земли насквозь
3 days 19 hours ago
Неуловимые нейтрино наконец заставили лететь ровным строем.
IBM security advisory (AV26-365)
3 days 19 hours ago
Canadian Centre for Cyber Security
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
3 days 19 hours ago
FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices
Orchestrating AI Code Review at scale
3 days 19 hours ago
Learn about how we built a CI-native AI code reviewer using OpenCode that helps our engineers ship better, safer code.
Ryan Skidmore
The AI engineering stack we built internally — on the platform we ship
3 days 19 hours ago
We built our internal AI engineering stack on the same products we ship. That means 20 million requests routed through AI Gateway, 241 billion tokens processed, and inference running on Workers AI, serving more than 3,683 internal users. Here's how we did it.
Ayush Thakur
Building the agentic cloud: everything we launched during Agents Week 2026
3 days 19 hours ago
Agents Week 2026 is a wrap. Let’s take a look at everything we announced, from compute and security to the agent toolbox, platform tools, and the emerging agentic web. Everything we shipped for the agentic cloud.
Ming Lu
Pear
3 days 19 hours ago
You must login to view this content
cohenido
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
3 days 19 hours ago
Key Points The Gentlemen RaaS The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration testers (and other technically skilled actors) to join as affiliates. The RaaS provides affiliates with multi‑OS lockers for Windows, Linux, […]
The post DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy appeared first on Check Point Research.
British Hacker Tyler Buchanan Pleads Guilty to $8M Hacking Scheme in US
3 days 19 hours ago
Tyler Robert Buchanan, a 24-year-old British hacker linked to Scattered Spider, admits to a multi-year US hacking scheme involving at least $8M in crypto theft.
Waqas