In September 2025, a U.S. civilian federal agency became the victim of a highly targeted network perimeter attack involving a compromised Cisco Firepower firewall running Adaptive Security Appliance (ASA) software. According to a joint advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC), the incident centered … Read more
Law enforcement agencies from 21 countries have taken coordinated action against the global market for DDoS-for-hire services, seizing 53 domains, arresting four alleged operators of illegal platforms and issuing more than 75,000 warnings to users of so‑called booter and stresser services. This new phase of Operation PowerOFF, led by Europol, marks one of the most … Read more
The online advertising ecosystem is entering a new phase of escalation. As threat actors increasingly rely on generative AI to mass‑produce deceptive and malicious ads, Google is responding with its own large AI models. According to the company’s latest Ads Safety report for 2025, the deployment of Gemini has led to record‑level disruption of scam … Read more
File Transfer Protocol (FTP) is more than 50 years old, yet it continues to be widely used on the public internet. According to a new study by Censys, about 6 million systems are currently exposing FTP services online, and nearly half of them show no signs of encryption, leaving credentials and data at serious risk. … Read more
A sophisticated cross-chain attack against DeFi protocol KelpDAO has led to the theft of approximately $290 million in rsETH tokens, making it one of the largest liquid restaking exploits to date. The incident, detected on 18 April 2026, disrupted major lending protocols including Aave, Compound and Euler and has raised renewed concerns about the security … Read more
The U.S. National Institute of Standards and Technology (NIST) has announced a fundamental shift in how the National Vulnerability Database (NVD) will operate. Starting in April 2026, NVD will provide full analytical “enrichment” only for prioritized CVE records, while all other vulnerabilities will remain in the database with minimal data and a new “Not Scheduled” … Read more
Spanish law enforcement has carried out a large-scale operation against online piracy, shutting down Tu Manga Online (TMO), also known as ZonaTMO—one of the most visited Spanish-language pirate manga platforms. Operating since 2014 and attracting millions of unique users each month, the site has been taken offline, and four individuals allegedly linked to the project … Read more
A wave of destructive cyberattacks against Venezuela’s energy and utilities sector in late 2025 and early 2026 has been linked to a previously unknown data-wiping tool dubbed Lotus Wiper. According to research by Kaspersky, this malware does not encrypt data or demand ransom. Instead, it is engineered to permanently destroy systems, pointing to a non-financial, … Read more
A new Internet Protocol Version 8 (IPv8) Internet-Draft published on the Internet Engineering Task Force (IETF) website has triggered active discussion in the networking and cybersecurity communities. The draft proposes a shift in addressing format and network architecture compared with IPv4 and IPv6, while early analysis suggests that substantial portions of the text were likely … Read more
Security researchers have identified a critical architectural flaw in the Model Context Protocol (MCP), a standard used to connect large language models (LLMs) to external tools and services. The weakness, rooted in the official Anthropic MCP SDK, can be exploited for remote code execution (RCE), creating a systemic risk across the AI and LLM supply … Read more
