Ngioweb #malware powers NSOCKS, with 80% of bots sourced from vulnerable IoT devices like routers and cameras. The botnet averages 35,000 active bots daily, some lasting over a month. Learn how this botnet operates — thehackernews.com/2024/11/ngiowe… #infosec #cybersecurity

Welcome to the shady world of ASNs... Meet AS215551, aka the "Sweden_Internet_Exchange" Here's their homepage ➡️ ix.se Looking at the website, it's hard to take this operation seriously. They even describe an internet exchange as "basically a bunch of

FLARE is releasing a tool today that I've been working on over this year that helps break down binaries into smaller functional clusters and uses Gemini to describe their relationships, behavior and the overall malware functionality. It's called XRefer and it is out for you to

Evolved from AISURU, AIRASHI uses a 0DAY cnPilot router vulnerability for spreading, employs advanced encryption for C2 comms, and has stable T-level DDoS attack capabilities. The botnet also mocks XLAB and security researchers with its C2 domain names blog.xlab.qianxin.com/large-scale-bo…

1/ We've just released a new report uncovering new infrastructure tied to multiple activity clusters linked to the Israeli spyware vendor #Candiru across several countries. Full report: recordedfuture.com/research/track…

AISURU ,now one of the largest IoT botnets ,was linked to a massive 11.5 Tbps DDoS attack. First spotted in 2024 (targeting Black Myth: Wukong), it has since grown. In this blog, we also share anonymous tips, offering rare inside views of its ops. blog.xlab.qianxin.com/super-large-sc…

Our lastest blog uncovers a previously undocumented component at the core of the PolarEdge network: the RPX relay system. Which turns infected IoT devices into proxy nodes for C2 infrastructure. With 25000+ infected devices spreading around the globe. blog.xlab.qianxin.com/smoking-gun-un…