BRONZE BUTLER exploits Japanese asset management software vulnerability – Sophos News
In mid-2025, Counter Threat Unit™ (CTU) researchers observed a sophisticated BRONZE BUTLER campaign that exploited a zero-day vulnerability in Motex LANSCOPE Endpoint Manager to...
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
Nov 01, 2025Ravie LakshmananArtificial Intelligence / Vulnerability
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE...
Phundamental or pholly? – Sophos News
On paper, it sounds so simple: you prepare for the real thing by running simulations. After all, the same principle applies to countless disciplines:...
BlueNoroff’s latest campaigns: GhostCall and GhostHire
Introduction
Primarily focused on financial gain since its appearance, BlueNoroff (aka. Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444) has adopted new infiltration strategies...
Identifying “research” and bug bounty related scans?
This week, I noticed some new HTTP request headers that I had not seen before:
X-Request-Purpose: Research
and
X-Hackerone-Research: plusultra
X-Bugcrowd-Ninja: plusultra
X-Bug-Hunter: true
The purpose of these headers appears...
Aisuru Botnet Shifts from DDoS to Residential Proxies – Krebs on Security
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative...
