#CyberMonday 7.3 Tbps DDoS in 45 seconds, do you really think your cloud is ready?

The largest DDoS attack ever seen hit 7.3 Tbps and dumped 37.4 TB of traffic in under a minute. #Cloudflare blocked it, but the message is clear:

Attackers are moving faster and hitting harder than ever.

🔥This week's threat landscape:

1️⃣ Off-hours Attacks Are Up
Hackers don't wait for business hours. They strike when teams are thin. If your SOC is not watching 24/7, you're giving attackers a head start.

2️⃣ Insider Risk Is Real
A GCHQ (Government Communications Headquarters) intern took secret data home. Journalist accounts were hacked. Most breaches start with a person, not a tool.

3️⃣ New Malware, New Tricks
Android malware like AntiDot is spreading using overlays and NFC theft. Trojanized GitHub repos are targeting devs and gamers.

4️⃣ Big Events, Big Damages
Scattered Spider's attack on U.K. retailers caused up to $592M in losses. These are not small problems-they hit real people and real business.

🫢 Recent Critical & High Severity CVEs
→ CVE-2023-0386 (#LinuxKernel #PublicExploit)
→ CVE-2023-33538 (#TPLink #KnownExploited)

See full CVE lists for the last 7 and 30 days if you want more detail — https://lnkd.in/dHN8u6nA

My take:
If your last DDoS test was "good enough," it's time to raise the bar.

→ Run stress tests that match the scale of today's attacks
→ Test your team's response outside office hours
→ Patch high-severity CVEs before attackers do
→ Build a culture where everyone knows their role during an incident

Security is about readiness, not luck. The next wave is already here.

__

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

The cybersecurity "right skills shortage". SANS 2025 Workforce report.

Helen Patton, Cisco's CISO:

"My perspective is that we don't have a talent shortage in cybersecurity. The real issue lies in understanding the skill sets that are needed."

After taking a deep dive into SANS' latest Cybersecurity Workforce Research Report (3400+ respondents globally), I wanted to share some facts with the community.

Here is what stood out to me:

1️⃣ "Right skills" set
→ 52% of organizations say "not having the right staff" is a bigger problem than "not enough staff" (48%). It is essential to adapt and learn new skills to the specific requirements of your job or position.

2️⃣ Training is non-negotiable
→ 55% recognize having security teams is not enough; ongoing skills development is crucial.

3️⃣ Certifications are a must
→ 65% of jobs now require certifications for skill validation.

4️⃣ Top Valued Skills: Teamwork, growth mindset, and adaptability.

5️⃣ New rules (NIS 2 Directive, DORA, Cybersecurity Maturity Model Certification) are shaping how cybersecurity is hired and trained.

So, what do we learn from this?

For CISOs and hiring managers:

Look inside your team. Perhaps the Cybersecurity "star" you are looking for is already working for you and needs some development.

For career seekers:

Start with some entry certifications (CompTIA Security+, eJPT, and others) to get your foot into the first job.

Are you currently looking for a talent? How difficult is it to find a "highly skilled" professional?

Perhaps you are starting in cybersecurity. What problems are giving you the most pain when finding your first job?

Stay sharp, stay secure. 😑

(SANS 2025 Workforce report in the comments below.)

__

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #SkillsGap #SANS

#CyberMonday 7 Threats, 3 CVEs, 1 Death.

The death of one person has been linked to a ransomware attack on NHS England services at London hospitals.

King's College Hospital confirmed that one patient had "died unexpectedly" during the cyber attack on 3 June 2024, because of "a long wait for a blood test result".

This is what happens when cybersecurity fails.

And this week's risks weren't just techical, it touched lives.👇


🔥 Top News:

1️⃣ Ransomware + NHS = tragedy
→ Delayed blood test results contributed to a patient’s death.

2️⃣ Facebook's new AI tool asks users to upload personal photos for "story ideas."

3️⃣ LapDogs espionage: 1,000+ SOHO routers compromised in a China-linked campaign.

4️⃣ Cisco ISE & ISE-PIC RCE flaws (CVE-2025-20281 & 20282).
→ Unauthenticated API access → root privileges. Update now.

5️⃣ Printer exploits led to real-world "Prishing" attacks via QR code bait.
→ Review and act, harden your printer.

6️⃣ Citrix Bleed 2.0 (CVE-2025-6543): Another NetScaler zero-day.

7️⃣ GIFTEDCROOK malware evolved from browser stealer to full-blown intelligence tool.


🫢 New Critical CVEs:
→ CVE-2024-54085 (#AMI Redfish API #KnownExploited)
→ CVE-2024-0769 (#DLink #KnownExploited)


📌 Exploitability spike +50%:
→ CVE-2015-5311 (#PowerDNS Server #DOS)


Let's be honest: cybersecurity isn't just about uptime anymore.
It's about protecting real people from real harm.

What stuck with you this week?

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

Please help me to improve my Cybersecurity Blog.

I want all of you to write 3 things that you Like and 3 things that you Don't like about my Blog. 👇

I am a humble person, and I believe there is always room for improvement.

Your feedback matters 🙂

(The person with most valuable feedback will get a prise)

Stay secure 😑
.

My daily cybersecurity flow keeps me ahead of threats. Here's my 6-site routine:

Staying up to date in cybersecurity feels impossible. News breaks every hour. Threats move faster than most teams can react.

But I have found a daily system that works. I keep these 6 sites in my rotation for real-time alerts and deep dives.

→ The Hacker News
Fast updates on new exploits, CVEs, and breaches. I keep this tab open all day. TG: @thehackernews

→ Bleeping Computer
Trusted for alerts, malware analysis, and patch news. TG: @BleepingComputer

→ tl;dr sec
7 minutes a week for the best tools and resources. Categories for tech, AI, infosec, and more.

→ CISA
America's Cyber Defense Agency. I subscribe to their alerts for breaking news on threats.

→ Sans Internet Storm Center
Daily "Stormcast" for threat trends, malware outbreaks, and vulnerability news.

→ CVEdetails
Not just a CVE database. Advisories, exploits, and RSS feeds for vulnerability intelligence.

Each week, I scan these sites. I don't read every article. I focus on major trends and alerts. This habit keeps my team ready for what's next.

Cybersecurity is not about knowing everything. It's about having the right signals at the right time.

What am I missing? Which sites do You trust to stay ahead?

Share, save, and stay secure. 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

#CyberMonday Hackers breached a Norwegian dam and opened the floodgates.

Norvay Critical infrastructure is under attack. Unidentified hackers have breached the systems of a Norwegian dam and opened its water valve at full capacity.

Single breach can impact communities, economies, and daily life.

Cyber risk = real-world consequences.


🔥Top News:

→ Taiwan's National Security Bureau warned about apps like TikTok and Weibo. Too much data collection. Data flowing where it shouldn't.

→ Exposed JDWP interfaces let attackers mine crypto and launch DDoS on your servers.

→ A new APT, NightEagle, is using zero-days to target Microsoft Exchange.

→ Two new Sudo flaws on Linux. Local users can get root access. Major distros affected Ubuntu, RHEL, Fedora.

→ Google faces a $314M fine for passive Adroid cellular data misuse.

→ Over 40 Firefox extensions are stealing crypto wallet secrets.

→ Glasgow City Council is offline after an attack. City services, disrupted.


🫢 New Critical CVEs:
→ CVE-2025-6554 (#Chrome #KnownExploited)
→ CVE-2025-6543 (#Citrix #KnownExploited)


📌 Exploitability spike +50%:
→ CVE-2024-5247 (#Netgear #RCE)
→ CVE-2002-1623 (#IKE #UserEnumaration)


Stay sharp, because these threats are not stopping.

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

Explaining cyber risk: 𝙃𝙤𝙬 𝙄 𝙩𝙝𝙞𝙣𝙠 𝙄 𝙡𝙤𝙤𝙠 𝙫𝙨. 𝙃𝙤𝙬 𝙄 𝙖𝙘𝙩𝙪𝙖𝙡𝙡𝙮 𝙡𝙤𝙤𝙠

Everyone been there. You walk into the boardroom with slides, ready to talk risk. Picture yourself as Einstein-clear, smart, in control.

But two minutes in?

Drawing messy lines, talking about threats, and compliance.
Eyes glaze over.
Did I lose them? (Probably.)

Here's what worked for me:

→ 𝗦𝗵𝗼𝘄 𝘁𝗵𝗲 𝗻𝘂𝗺𝗯𝗲𝗿 🤑
"$2M at risk if things go wrong"
Beats "Here's how many vulnerabilities we have."

→ 𝗨𝘀𝗲 𝘁𝗵𝗲𝗶𝗿 𝘄𝗼𝗿𝗱𝘀
"Business risks," not "attack vectors."
"Disruptions," not "threat actors"

→ 𝗦𝗵𝗮𝗿𝗲 𝘀𝘁𝗼𝗿𝗶𝗲𝘀
"Our competitor lost $50M last year to ransomware."
People connect with real events, not long reports.

→ 𝗖𝗮𝗹𝗹 𝗼𝘂𝘁 𝘃𝗮𝗹𝘂𝗲 🚀
Security helps us move faster, not slower.

Clarity builds trust.
That's where true security starts.

Got a better way to explain risk to non-technical leaders?
I want to hear your best tip.👇

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#InfoSec #SecurityLeadership

#CyberMonday Office RCEs. Bluetooth car hacks. Four teens arrested after cyberattacks.

The National Crime Agency arrested three young men and one woman-ages 17 to 20-used, who used social engineering to breach two of the UK’s biggest retailer stores (M&S and Co-op).


🔥Top News:

→ Patch Tuesday: Microsoft Office RCEs

→ PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution

→ An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month

→ Fortinet's critical SQL injection flaw affecting FortiWeb

→ Wing FTP Server vulnerability actively exploited


🫢 New Critical/High CVEs:
→ CVE-2016-10033 (#PHPMailer #PublicExploit)
→ CVE-2019-9621 (#Zimbra #PublicExploit)
→ CVE-2019-5418 (#ActionView #PublicExploit)
→ CVE-2025-5777 (#NetScaler #KnownExploited)
→ CVE-2014-3931 (#MRLG #KnownExploited)


As always, share new CVEs and your thoughts in comments. 👇

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

How to Improve my Cybersecurity Blog.

I asked for your feedback and response was incredible.
A huge thank you to everyone who shared their thoughts! The quality and quantity of the feedback was humbling. I truly appreciate it.

What you like

✅ Consistency & Quality
The predictable #CyberMonday posts, sharp insights, and quality visuals all a hit.

✅ Clarity & Accessibility
You appreciate that the content is easy to understand, even for beginners, and provides a clear message.

✅ Value
Getting relevant news summaries without having to search the internet is something you find valuable.

Now to the exciting part: the improvements. I've gathered all your suggestions into a few key themes.

Here are the top recommendations

1️⃣ Real-World Stories & Case Studies
This was the most requested topic. You want to hear about real cases (mine or others), the biggest hacks and failures. The focus would be on how problems were actually solved, not just what happened.
(Inspired by Oleksandr, Vasyl, Anton, @leleka_marabou)

2️⃣ Career Growth & A Day in the Life
Many of you, especially those looking to enter or switch to cybersecurity, want to know what the job is really like. This could include my present struggles, career paths, and how I look for new opportunities and certifications.
(Inspired by Anna Ovsepian, @OleksTpk, @rdbstrd)

3️⃣ Deep Dives & Niche Research:
A call for more technical content, including reviews of promising tools, deep dives into infosec research, and analysis of bug bounty reports.
(Inspired by Dawid Czarnecki, @TuPa_Ded, @rdbstrd)

4️⃣ More Fun
Injecting more personality, some funny stories or jokes related to the field.
(Inspired by Abel, Anna Ovsepian, @rdbstrd)

As I promissed I've choosen a winner for most valuable comment. The winner is @rdbstrd!

Please send me a DM, and we'll sort out how to send you a book! 🙂

Thank you again to everyone who contributed, including Oleksandr Zaliubovskyi, Vladyslav Panchenko, Dawid Czarnecki, Vasyl Kuzyk, Pavlo Somko, Abel Hailu, Anton Kalakutskyi, Anna Ovsepian, Anastasia Mieshkova, @letsencryptssl, @TuPa_Ded, @OleksTpk, @leleka_marabou, and @rdbstrd.

Let's build a better blog together.

As always, stay secure😑.

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #CyberSec

#CyberMonday Microsoft let engineers in China touch US DoD data.

Last week, a ProPublica investigation revealed that Microsoft subcontractors in China helped maintain US Defense Department systems-with little oversight from US staff.

Sensitive data. Minimal control = Maximum risk.

🔥Top News:

→ Salt Typhoon (China-backed APT) quietly compromised the US Army National Guard for nearly a year.

→ Massistant, a new surveillance tool in China – can silently extract SMS, GPS, and images from confiscated phones.

→ Ivanti Zero-Days Exploited

→ CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign


🫢 New Critical CVEs:
→ CVE-2025-53770 (#SharePoint #KnownExploited)
→ CVE-2025-25257 (#FortiWeb #KnownExploited)
→ CVE-2025-47812 (#WingFTP #PublicExploit)

Share new CVEs and your thoughts in comments. 👇

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

Cybersecurity in Development - Online Webinar.

I am joining PM Coffee Time with Mykola Kalakutskyi and Kateryna Mandryka for their 40th anniversary session on July 30th. We'll talk about cybersecurity in development-and why you must keep security at the center of every project.

Here's what you can expect 👇

→ How secure development process protects your project
→ Why every person in organization (not just security teams) is responsible for strong cyber defense
→ Practical steps to make security part of your SDLC
→ How can cybersecurity be an enabler for your business

Good security is not something you add at the end. You build it in from day one.

The session is open to everyone - new PMs, senior leaders, and anyone who cares about quality and resilience.

📅 July 30th

🔗 Free to join: https://lnkd.in/dgSWvhrQ

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ProjectManagement

#CyberMonday SharePoint at risk even after updates.

Attackers are using ToolShell to target unpatched SharePoint servers on-premises.

They install web shell backdoors and steal Machine Keys. That means even after you patch, attackers can stick around, move deeper, and deploy ransomware.

Read more on CVE-2025-53770.

Rapid-response checklist:

→ Isolate vulnerable servers from your network
→ Apply all available SharePoint updates
→ Rotate Machine Keys
→ Ensure anti-malware scanning is enabled
→ Reset all credentials that touched those servers
→ Scan for indicators of compromise


🔥Top News:

→ CrushFTP Critical Flaw Exploited (CVE-2025-54309)

→ UK Plans Ransomware Payment Ban and Reporting Requirements

→ Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor


🫢 New Critical/High CVEs:
→ CVE-2025-2775/2776 (#SysAid #XXE)
→ CVE-2025-6558 (#Chrome #SandboxEscape)


What grabbed your attention this week? Share in comments.

Stay safe 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

#CyberMonday AI-generated npm malware drained 1,500+ Solana wallets.

The kodane/patch-manager package looked normal. It promised "advanced license validation" for Node.js apps.

Hidden in its code: an "enhanced crypto wallet drainer."
Created by AI.
Spread through the npm registry.
Over 1,500 people downloaded it. Their Solana wallets emptied.

Sad truth:
AI makes it easier to create and hide these threats.


🔥Top News:

→ The Russian nation-state threat actor known as Secret Blizzard orchestrated a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM).

→ Fake OAuth apps mimicked Adobe & SharePoint to hijack Microsoft 365 accounts.

→ Apple Updates Everything. A total of 89 different vulnerabilities patched.


🫢 New Critical/High CVEs:
→ CVE-2025-20337/20281 (#CiscoISE)
→ CVE-2025-6558 (#PaperCut)

Less news to report, is the vacation season influencing things?

Stay vigilant 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

ChatGPT Private Chats Exposed on Google in Privacy Breach

Thousands of private ChatGPT conversations ended up searchable on Google. All because of a misconfigured sharing feature that let search engines crawl unique chat links.

What happened?

→ OpenAI let users share chats with unique URLs.
→ The robots.txt file didn't block Google from crawling them.
→ Many users had no idea their "private" links were public.

OpenAI acted. Disabled the tool, started removing links from search.

I've checked myself and wasn't able to found anything on Google.

However, other search engines (DuckDuckGo, Bing), seem to still have trace of it. Internet doesn't forget. Web archives may hold many of those chats. For people affected, the damage is real and lasting.

Do your own research 🥸

Never assume privacy and security is guaranteed.

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #DataBreach

#CyberMonday CyberArk and HashiCorp Critical Flaws

Last week, researchers found over a dozen new vulnerabilities in CyberArk and HashiCorp vaults. These flaws let attackers take control of enterprise vaults - no credentials needed.

Patch now


🔥Top News:

→ Microsoft released an advisory for a high-severity Exchange Server flaw (CVE-2025-53786). This bug lets attackers gain elevated privileges in hybrid cloud setups.

→ Adobe patched two critical bugs in Experience Manager Forms. Public exploits available.

→ CERT-UA warns of the UAC-0099 threat actor using new malware (MATCHBOIL, MATCHWOK, DRAGSTARE) against Ukraine's infrastructure.


📌 Exploitability spike +50%:
→ CVE-2022-40799 (#DLink)
→ CVE-2025-53770 (#SharePoint)

As always, share new CVEs and your thoughts in comments. 👇

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

Hey guys,

I have been quite busy lately.
I am no longer able to post frequently, so I will, for now, stop posting #CyberMondays.

I know, that is sad. But hey, life happens, and you have to cope with it.

I will, however, post things I find interesting and cybersecurity updates from time to time.

Stay tuned 😑