Tag: IOT

Europol Targets Customers of Smokeloader Pay-Per-Install Botnet
Summary: Law enforcement agencies across the US and Europe have successfully identified customers of the Smokeloader botnet and made five arrests as part of Operation Endgame, which disrupted multiple malware infrastructures. The operation relied on a seized database to connect online identities with actual individuals, leading to collaborations with several suspects.…
Read More
Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
Summary: A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in AWS EC2 instances, allowing attackers to extract sensitive EC2 Metadata, including IAM credentials. This access facilitated privilege escalation and potential exposure of sensitive data across AWS services. F5 Labs discovered the activity, which peaked between March 13 and 25, 2025, highlighting a single threat actor’s systematic approach.…
Read More
Cybersecurity M&A Roundup: 23 Deals Announced in March 2025
Summary: In March 2025, less than two dozen cybersecurity merger and acquisition (M&A) deals were announced. Notable acquisitions included Armis acquiring Otorio, Google Cloud’s billion purchase of Wiz, and Cyber Guru’s acquisition of Mantra. The overall trend indicates a continued consolidation in the cybersecurity sector following a record 405 M&A deals in 2024, according to SecurityWeek’s analysis.…
Read More
Rapperbot Static Analysis for ARM Architecture: DDoS Attack Variants Against Chinese AI Startup DeepSeek
RapperBot is a malware family targeting IoT devices, first observed in June 2022. A recent variant launched a significant DoS attack on the AI startup DeepSeek. The malware, designed for ARM architecture, employs various techniques for obfuscation and managing socket connections. Affected: IoT devices, AI firms

Keypoints :

RapperBot is a malware family specifically targeting Internet of Things (IoT) devices.…
Read More
My book on Cyber Threat Intel, that never quite made it as a book, Chapter 1.1
This content explores the significance of Cyber Threat Intelligence (CTI) in improving organizational security and understanding the threat landscape. It delves into the motivations of various types of threat actors, their tactics, and how to effectively mitigate risks. The goal is to provide a comprehensive guide that enhances awareness and proactive measures against cyber threats.…
Read More
Rapperbot Enhancements and Expansion Strategies Based on Static Analysis Findings
RapperBot is a malware family targeting IoT devices, noted for conducting a large-scale attack against Chinese AI startup DeepSeek. Observed since June 2022, RapperBot has evolved through improved capabilities and malicious strategies, including SSH brute force attacks. The malware is designed to expand its attack surface by leveraging specific vulnerabilities.…
Read More
Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities
Summary: Microsoft’s threat intelligence team has leveraged AI technologies to identify over 20 critical vulnerabilities in widely-used open-source bootloaders such as GRUB2, U-boot, and Barebox, particularly in UEFI Secure Boot systems. These vulnerabilities could enable threat actors to execute arbitrary code, potentially compromising device security and leading to severe malicious activities.…
Read More
Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders
Summary: Microsoft utilized its AI-powered Security Copilot to uncover 20 previously unknown vulnerabilities in GRUB2, U-Boot, and Barebox bootloaders. These vulnerabilities could allow attackers to bypass security mechanisms, including UEFI Secure Boot, potentially allowing for arbitrary code execution. Security updates were released in February 2025 to address these flaws.…
Read More
Raspberry Robin: From Copy Shop Worm to Russian GRU Cyber Tool
Summary: The report highlights the evolution of Raspberry Robin from a basic worm targeting copy shops to a sophisticated initial access broker (IAB) affiliated with notorious cybercriminals and state-sponsored actors. Through extensive NetFlow analysis, nearly 200 command and control domains were identified, revealing significant connections to Russian cyber operations.…
Read More
Pentesting for Biotech: Simulating a Cyberattack on Your Genomic Data
Biotech firms, holding sensitive data such as patient genomes and drug formulas, are prime targets for cyberattacks due to their high value. Cybercriminals can exploit such data for financial gain, leading to risks that include compromised patient safety and legal penalties. Biotech penetration testing is crucial to safeguard against these threats, simulating attacks to identify and mitigate vulnerabilities in systems critical to research and patient data.…
Read More
Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks
The article discusses the ongoing threat posed by Raspberry Robin, a sophisticated initial access broker (IAB) linked to various cybercriminal organizations, particularly those connected to Russia. It highlights recent findings such as the discovery of nearly 200 unique command and control domains, the involvement of Russian GRU’s Unit 29155, and the threat actor’s evolution in attack methodologies.…
Read More
Cloudflare now blocks all unencrypted traffic to its API endpoints
Summary: Cloudflare has ceased all HTTP connections for its API, now requiring secure HTTPS connections only. This change aims to eliminate the risks of sensitive data exposure through unencrypted requests, particularly on public networks. Consequently, any existing HTTP-based integrations will cease to function immediately, with Cloudflare recommending users transition to HTTPS.…
Read More
CISA Warns of Three Actively Exploited Security Vulnerabilities in IoT, Backup, and Enterprise Systems
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting significant active threats in the cybersecurity landscape. The vulnerabilities impact Edimax IP cameras, NAKIVO Backup and Replication software, and SAP NetWeaver, each of which poses serious risks of system exploitation and data compromise.…
Read More
Taiwan critical infrastructure targeted by hackers with possible ties to Volt Typhoon
Summary: Hackers linked to China-based groups, especially UAT-5918, are targeting critical infrastructure in Taiwan to gain long-term access and steal sensitive information. This malicious activity aligns with tactics used by other state-backed groups, such as Volt Typhoon and Flax Typhoon, which have been known to exploit vulnerabilities in internet-facing systems.…
Read More

Summary: The video discusses a wide range of security topics including the age verification dilemma, a bogus employee scheme tied to North Korea, a potential Bluetooth backdoor vulnerability discovered in popular chips, and the implications of these findings within the context of cybersecurity. Steve Gibson, the host, highlights the nature of undocumented commands found in Bluetooth chips and explains the misinterpretation of these findings as a true “backdoor.”…
Read More