Security Leftovers

posted by Roy Schestowitz on Dec 06, 2025

• Federal News Network ☛ Cybersecurity in focus: DOJ aggressively investigating contractors’ cybersecurity practices

  Federal contractors should ensure that they understand and operationalize their contractual obligations, particularly with respect to the new DFARS obligations.

• Cyble Inc ☛ New Stealthy Linux Malware Combines Mirai DDoS Botnet with Cryptominer

  Cyble researchers have identified new Linux malware that combines Mirai-derived DDoS botnet capabilities with a stealthy fileless cryptominer, enabling both network disruption and financial profit in the same threat campaign.

  “This campaign represents a sophisticated and financially motivated operation combining botnet propagation with stealthy cryptomining,” Cyble threat intelligence researchers wrote in a blog post today.

• Pen Test Partners ☛ The built-in backdoored Windows security features you should be using

  It’s more common than you might think to miss built-in defences. backdoored Windows has a lot of features that help keep your identity safe, make endpoints more secure, control what software can run, and make it easier to see what’s going on if something bad happens.

• Security Week ☛ Critical King Addons Vulnerability Exploited to Hack WordPress Sites

  A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites.

• Security Week ☛ React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

  A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182.

• Security Week ☛ Marquis Data Breach Impacts Over 780,000 People

  The compromised personal and financial information includes names, addresses, Social Security numbers, and card numbers.

• Security Week ☛ Personal Information Compromised in Freedom Mobile Data Breach

  Freedom Mobile says hackers stole customers’ personal information from its account management platform.

• Security Week ☛ Inotiv Says Personal Information Stolen in Ransomware Attack

  Hackers stole the names, addresses, Social Security numbers, and financial and medical information of 9,542 people.

• J.C. Jones: Reflecting on 10 years of Let’s Encrypt

  My friend Christophe Brocas has just published a retrospective on the ten years since we unveiled the ACME protocol to the world. He interviewed me and some colleagues for the piece, and I recommend it! There’s even nice comments on HackerNews, which always makes me smile.

  It’s been fun to think back on the early days that made such a dramatic inflection to my career. In early 2014 I was still working on selling turn-key PKI systems based on my SAIFE framework, though the company had been dealt quite a blow by the 2013 U.S. Federal Government shutdown. Having just constructed a certificate authority that would go on to be added to relevant trust lists, it turns out that the freshness of that experience became a key part of my recruitment into what became Let’s Encrypt.

• Announcing Istio 1.26.7

  This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.26.6 and 1.26.7.

• Announcing Istio 1.27.4

  This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.27.3 and 1.27.4.

• ISTIO-SECURITY-2025-003

• SANS ☛ Attempts to Bypass CDNs, (Wed, Dec 3rd)

  Currently, in order to provide basic DDoS protection and filter aggressive bots, some form of Content Delivery Network (CDN) is usually the simplest and most cost-effective way to protect a web application. In a typical setup, DNS is used to point clients to the CDN, and the CDN will then forward the request to the actual web server. There are a number of companies offering services like this, and cloud providers will usually have solutions like this as well.

• SANS ☛ Nation-State Attack or Compromised Government

• Scoop News Group ☛ Developers scramble as critical React flaw threatens major apps

  The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.