A London court has sentenced 47‑year‑old Zhimin Qian, also known as Yadi Zhang, to 11 years and 8 months in prison for laundering cryptocurrency tied to what investigators describe as China’s largest investment Ponzi scheme. The ruling caps a seven‑year, multi‑jurisdictional probe that culminated in the seizure of 61,000 BTC—the UK’s biggest crypto confiscation to … Read more
Security researchers at Quokka report that multiple digital photo frames built on the Uhale platform (part of the ZEASN ecosystem, now Whale TV) automatically download and execute malicious components after first power-on. The behavior turns consumer gadgets into botnet nodes and potential pivot points for attacks on home and enterprise networks. How the attack chain … Read more
Russian national Alexey Olegovich Volkov—known online as chubaka.kor and nets—has pleaded guilty to selling initial access used by the Yanluowang ransomware group. According to U.S. court filings, between July 2021 and November 2022 his access enabled attacks on at least eight U.S. companies, leading to system encryption and ransom demands. Initial Access Brokers: How Ransomware … Read more
Three critical vulnerabilities in the OCI reference runtime runC—widely used by Docker, containerd, CRI‑O, and Kubernetes—could let attackers bypass container isolation and write to the host filesystem as root. Tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, the issues undermine one of the core trust boundaries in cloud‑native environments. What happened: three CVEs in the runC container … Read more
Google Threat Intelligence warns that attackers are actively exploiting CVE-2025-12480, a critical vulnerability in Gladinet Triofox that allows unauthenticated remote code execution (RCE) with SYSTEM privileges. Rated CVSS 9.1, the flaw stems from a logic error in access control: the application over‑trusts requests believed to originate from localhost, letting adversaries bypass authentication and reach administrative … Read more
ASUS has released an emergency firmware update to remediate CVE-2025-59367, a critical authentication bypass in several DSL router models. If exposed to the internet, a remote attacker could gain full administrative control without a password. Users are urged to patch immediately. What happened: critical authentication bypass in ASUS DSL routers According to ASUS, affected devices … Read more
The FBI has reportedly sought information on the operator of archive.today (also known as archive.is, archive.ph and others), one of the web’s largest snapshot archives used to preserve webpages, bypass paywalls, and view content without visiting the original site. According to 404 Media, on October 30, 2025, the Bureau served domain registrar Tucows with a … Read more
Amazon Threat Intelligence has documented a large-scale campaign abusing two critical 0‑day vulnerabilities: CVE-2025-5777 (Citrix Bleed 2) affecting NetScaler ADC/Gateway and CVE-2025-20337 in Cisco Identity Services Engine (ISE). Data from the Amazon MadPot honeypot network indicates attackers probed and exploited both flaws well before public disclosure and vendor patches, widening the real-world exposure window. Timeline … Read more
Security researchers at Veracode reported a malicious npm package, @acitons/artifact, masquerading as the legitimate @actions/artifact and targeting GitHub Actions environments. Shortly after the disclosure, GitHub confirmed the activity was a controlled Red Team exercise designed to test internal security processes, not a live compromise of GitHub systems. How the npm typosquat worked: postinstall hook and … Read more
Logitech has notified the U.S. Securities and Exchange Commission (SEC) of an incident involving unauthorized access to company data, later published online by the Clop extortion group. The company emphasized that operations, manufacturing, and products were not impacted, and business functions continue to run normally. Independent incident response specialists were engaged immediately after signs of … Read more
