INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enforcement agencies...

NAXSI Security Vulnerabilities

NAXSI is an open source maintained Web Application Firewall WAF for NGINX. A security vulnerability exists in NAXSI 1.3 and earlier versions that stems from allowing bypass of WAF IgnoreIP IgnoreCIDR when a malicious IP matches a rule...

Integer overflow

Integer underflow in grubnetrecvip4packets; A malicious crafted IP packet can lead to an integer underflow in grubnetrecvip4packets function on rsm-totallen value. Under certain circumstances the totallen value may end up wrapping around to a small integer number which will be used in memory...

F5 Networks BIG-IP : GRUB2 vulnerability (K000132893)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000132893 advisory. - Integer underflow in grubnetrecvip4packets; A malicious crafted IP packet can lead to an integer underflow in...

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch FCEB organization where CISA observed suspected advanced persistent threat APT activity. In the course of incident response activities, CISA determined that cyber...

Fake Proof-of-Concepts used to lure security professionals

Researchers from the Leiden University published a paper detailing how cybercriminals are using fake Proof-of-Concepts PoCs to install malware on researchers' systems. The researchers found these fake PoCs on a platform where security professionals would usually expect to find them--the public co...

Analyzing Attack Data and Trends Targeting Ukrainian Domains

As we continue to monitor the cyber situation in Ukraine, the data we are seeing shows some interesting trends. Not only has the volume of attacks continued rising throughout the war in Ukraine, the types of attacks have been varied. A common tactic of cyber criminals is to run automated exploit...

Server-Side Request Forgery (SSRF)

ssrf-agent is vulnerable to server-side request forgery SSRF. The vulnerability exists due to an insufficient validation check in 'defaultIpChecker' function which allows an attacker to inject malicious ip address...

Geo-Recon - An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts. Setup This tool is compactible with: Any Linux Operating System Debian, Ubuntu, CentOS Termux Linux Setup git clone https://github.com/radioactivetobi/geo-recon.git cd geo-recon chmod +x...

How To Protect Your Kubernetes Cluster with Wallarm – Running in Production Mode – part 3 of 3

The previous two blog articles in this series describe how to set up Wallarm Ingress controller and configure it so that it can properly allow or block traffic from trusted or suspicious/malicious IP addresses. This is essential to the functionality of Wallarm’s Ingress controller but it isn’t...

Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to ou...

Server Side Request Forgery (SSRF)

Wordpress is vulnerable to local server side request forgery SSRF attacks. The attacks are possible because the application ignores octal and hexadecimal IP address formats for intranet address, allowing attackers to escape the SSRF protection mechanism through malicious IP addresses...

DNS SOHO Router Pharming Attack Takes 300,000 Routers

More than 300,000 small office and home office routers, most in Europe and Asia, were compromised in a campaign that started in mid-December, continuing a rash of security incidents involving home and small business networking equipment. Researchers at Team Cymru published a report today on the...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices Advisory ID: cisco-sa-20110223-telepresence-cts Revision 1.0 For Public Release 2011 February 23 1600 +---------------------------------------------------------...

SmartDefense DShield Storm Center: Share Malicious IP Addresses with Other Organizations

Storm Centers collect logging information about attacks, provided voluntarily by organization from all around the world. Storm Centers compare and present reports on real-time threats to network security. The SmartDefense Storm Center Module enables information flow between the network Storm...