We analyzed 400 DDoS-Stresstests from 2022 and gathered very interesting insights into the current state of protection/mitigation-solutions, what works (well), what doesnt, and especially: WHY. zero.bs/optimization-of-ddos… #ddos #dfir #cybervandals

Od @zero_B_S nám dorazil tip na nový druh DDoS útoku HTTP/2 Bomb. Tým WEDOS Global Protection to hned otestoval a ověřil, že jsme připravení. Ke mně se to dostalo až potom, ale stejně jsem si to chtěl zkusit sám. Protože tohle není útok, který "pochopíte přes curl".

Microsoft issues emergency fix for HTTP/2 Bomb affecting IIS: msrc.microsoft.com/update-gu…

🚀Introducing SO-CRATES 1.0 — Security Onion Containerized Rapid Analysis of Threats, Evil, and Sus! SO-CRATES is a single container image for analyzing pcap files, log files, and binary files. It was formerly known as OhMyPCAP. Here's what you can do with SO-CRATES: ✅analyze pcap files and then review Suricata alerts, metadata, and extracted files ✅import log files and then review Sigma alerts and the original log entries ✅import binary files and then review YARA matches and file metadata All of this runs in a single Docker/Podman container — perfect for air-gapped environments, malware analysis, incident response, threat hunting, forensics & teaching. Who’s trying it out? Drop a ❤️ and reply with your main use case! #DFIR #Cybersecurity #BlueTeam #ThreatHunting #Suricata #YARA #Sigma @Suricata_IDS @lennyzeltser @chrissanders88 @sansforensics @TomLawrenceTech

We'd love to be proven wrong here. As a red team, few things are more exciting than a reliable nginx RCE. For some context: we discovered at least two nginx 0-days and successfully weaponized one into a full RCE, bypassing ASLR with no external dependencies. We were thrilled, until we realized both bugs appear to require highly unusual nginx configs that we've yet to encounter in the wild. That's why we built ngxray: github.com/califio/ngxray. After analyzing 35,000 nginx configurations from GitHub, we found exactly one instance vulnerable to nginx-rift, in an abandoned project. We found none vulnerable to nginx-poolslip. Users should absolutely patch. But from a red team perspective, these exploits have been worthless. We've never encountered a target where they'd have been useful. If anyone has evidence that these configs are common in real-world deployments, we'd like to see it. Everybody wants their five minutes of Twitter fame. That's fine. But extraordinary claims still require extraordinary evidence.

The world’s largest residential proxy network runs on consent, TLS and vibes. The TV is always watching and apparently it is also available for contract work in surveillance or data acquisition? Bright Data sells access to a residential proxy network, the kind customers use to route requests through real home IP addresses instead of datacenter IPs that Cloudflare, DataDome and HUMAN are trained to block. The supply comes from an SDK embedded in consumer apps. So: CTV games, messengers, mobile apps and screensavers. With consent somewhere upstream, the device becomes an exit node. The TV is perfect for this job. It is plugged in, on WiFi, often unattended and barely supervised. It also asks for consent through a privacy policy and a remote-control UI, which is one way to make “informed choice” look like an endurance sport. One config flag tells the SDK to ignore whether the screen is on. Another tells it to ignore whether the user is on a call. In this economy, watching TV counts as downtime. blog.includesecurity.com/202…

Sovereignty Is Engineered, Not Procured #opensource #europe #palantir #cybersecurity foo.be/2026/06/Sovereignty-I…

For 19 years, GPS satellites have secretly broadcast a “numbers station” in their public signals. We decoded 12M messages: a 2011 flash where 31 of 32 satellites flipped in hours, “ghost” substrings repeating years apart, and a “TEXT” prefix spreading now. lsc-pagepro.mydigitalpublica…

Autschn x.com/calif_io/status/206189…

Testing Post Quantum Crypto (PQC) Implementations blog.kybervandals.com/testin… #ddos

As promised, here is paper part 2 of 2 attacking Azure Front Door issues for various bugs. Smuggling Through the Front Door... Achieving 0-Click XSS with Cache Poisoning malicious.group/smuggling-th…

The OG of cyber investigations, @briankrebs, just published a follow-up to our investigation into the Stark Industries hosting network. His piece adds new detail, including MIRhosting’s first official response. In his May 2024 deep-dive, Krebs first put Stark Industries on the map. We built on his work, and two years later, with last week’s arrests by Dutch authorities, the Stark saga is moving into new territory: what happens to the many companies across Europe that hosted the thinly disguised, rebranded Stark? Our original investigation (in English): volkskrant.nl/binnenland/how… Brian’s piece: krebsonsecurity.com/2026/05/…

Dutch authorities have arrested two men and seized over 800 servers in a major crackdown on infrastructure used to support Russian-linked cyberattacks, influence operations, and disinformation in Europe. The operation targeted the persons behind MIRhosting and WorkTitans BV / the[.]hosting, who took over hosting assets from the EU-sanctioned Stark Industries Solutions network after earlier sanctions on its previous operators (PQHosting / Neculiti brothers). Read the full story behind the takedown in this article by @moltke : How a consultant and a concert pianist from the Netherlands aided pro-Russian hackers" volkskrant.nl/binnenland/how… There is also a Story about it by @briankrebs Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks krebsonsecurity.com/2026/05/… volkskrant.nl/binnenland/how… #ddos #takedown #noname057

In our "A Silent Shift: The Return of Server-Based Botnets" - report we examine the resurgence of server-based attacker botnets, explain what they are, and discuss why they can pose a threat to established defense mechanisms. blog.kybervandals.com/a-sile…

More new TLD insights on Radar! New TLD nameserver performance widgets on TLD detail pages - aggregate p25/p50/p75 latency and per-nameserver median latency from Cloudflare servers over time. Example: radar.cloudflare.com/tlds/kr…

Attack surface.... attack surface everywhere

The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program. labs.cloudsecurityalliance.o… labs.cloudsecurityalliance.o…

Inside Keymous : An Exclusive Interview The North African hacktivist collective behind thousands of attacks in EMEA dailydarkweb.net/inside-keym…