Get All Three Books: Scapy, Advanced Python, and Ethical Hacking!
https://buymeacoffee.com/halildeniz/e/317973

Wi-Fi Signal Disruption: Deauthentication Attack with Python Scapy

https://denizhalil.com/2025/04/23/wifi-deauthentication-attacks/

New Threat Alert: Rustobot Botnet
A new Rust-based botnet is making waves — and it's hijacking routers to do it. @FortiGuardLabs latest research dives into Rustobot, a stealthy, modular botnet that’s fast, evasive, and ready to wreak havoc.

Learn how it works, what makes it different, and how to protect your network:
https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers

IOCs

URLs

hxxp://66[.]63[.]187[.]69/w.sh
hxxp://66[.]63[.]187[.]69/wget.sh
hxxp://66[.]63[.]187[.]69/t
hxxp://66[.]63[.]187[.]69/tftp.sh
hxxp://66[.]63[.]187[.]69/arm5
hxxp://66[.]63[.]187[.]69/arm6
hxxp://66[.]63[.]187[.]69/arm7
hxxp://66[.]63[.]187[.]69/mips
hxxp://66[.]63[.]187[.]69/mpsl
hxxp://66[.]63[.]187[.]69/x86

Hosts

dvrhelper[.]anondns[.]net
techsupport[.]anondns[.]net
rustbot[.]anondns[.]net
miraisucks[.]anondns[.]net
5[.]255[.]125[.]150

Edit: Shout-out to the author behind this research, @7olzu

Critical router warning for ASUS users

ASUS has disclosed a major vulnerability in routers running AiCloud, urging immediate patching to prevent remote code execution risks.

- Tracked as CVE-2025-2492
- CVSS score: 9.2 (critical)
- Affected firmware series: 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102
- Exploitable via a crafted request

If unpatched, this flaw could allow attackers to take control of affected routers remotely — exposing networks to further compromise.

ASUS has released firmware fixes and offered urgent advice:
- Update your router firmware from the official support site
- Use strong, unique passwords for Wi-Fi and router admin
- Disable AiCloud and all remote-access features if patching is not immediately possible

This issue does not affect general ASUS hardware — it is limited to certain router firmware versions with AiCloud enabled. But the severity of the bug makes it essential to act fast.

Cyber hygiene starts at the network level. A vulnerable router could be the weakest link in an otherwise secure setup.

Always keep firmware up to date
Avoid using default or repeated passwords
Disable unnecessary services from WAN access

Before Wireshark, originally called Ethereal, packet sniffing was largely the domain of command line tools like tcpdump. Released in 1988, tcpdump gave users a raw, text based way to inspect network traffic. It was powerful, but also opaque and hard to master, especially for newcomers. You had to know exactly what you were looking for, and interpreting the data meant sifting through walls of cryptic output.

Then came Wireshark.

It brought a graphical interface to the world of packet analysis and made deep network inspection far more accessible. Users could visually follow TCP streams, filter by protocol, decode packets in real time, and dissect application level data with ease. Wireshark didn't just make packet sniffing easier, it changed how people learned networking and security. Today it is one of the most widely used tools for education, ethical hacking, malware analysis, and protocol development.

From dorm rooms to data centers, Wireshark made network hacking look good and work better.

Over 16,000 Fortinet devices have been compromised with a stealthy symlink backdoor — even after being patched.

A report from The Shadowserver Foundation reveals that attackers left behind a persistent backdoor on FortiGate devices by abusing symbolic links. These links provide read-only access to sensitive configuration files, even after vulnerabilities were patched.

Here’s what happened:
- Threat actors exploited FortiOS zero-days throughout 2023 and 2024
- They planted symbolic links in language file folders on SSL-VPN enabled devices
- These links connected public folders to the root filesystem
- Even after patching, the symlinks gave attackers continued visibility into sensitive files

Fortinet says this isn’t due to a new vulnerability — it’s a "persistence mechanism" that evaded detection by living in user-accessible directories.

The impact:
- Over 16,000 devices globally are affected
- Attackers may have had access to configuration files, including credentials
- Fortinet is notifying affected customers and has released updated AV/IPS signatures to detect and remove the malicious symlinks

If you're using FortiGate:
- Check for recent alerts from Fortinet
- Update to the latest firmware
- Reset all credentials
- Audit logs for suspicious access behavior

At Efani, we view this as a critical reminder: patching isn’t the end of an incident — it’s the start of validation. Persistence mechanisms like this one don’t need new vulnerabilities to survive.

Nice hardware with power over ethernet, then a decent firmware on openwrt, $sense or something else. #networksecurity #network #firewall #poe

DNS Flood Attack vs. DDoS

A DNS Flood Attack targets DNS servers specifically, whereas a DDoS Attack can target any online service. Understanding the distinction is key to building stronger defenses!

Join our Cyber security training Course -
https://infosectrain.com/cybersecurity-certification-training/

For good reasons, I have completely switched from US providers to EU FOSS projects and solutions since around 2020. Here are the router/firewall solutions. 1/2

- DD-WRT from Germany
- https://dd-wrt.com/

- DynFI from France
- https://dynfi.com/

- IPFire from Germany
- https://www.ipfire.org/

- Mikrotik from Latvia
- https://mikrotik.com/

- Nethsecurity from Italy
- https://nethsecurity.org/

SecPoint Cloud Penetrator – New EU Servers Available!

We're excited to announce the expansion of our SecPoint Cloud Penetrator infrastructure with brand-new servers based in the European Union.

Existing customers can easily access these new EU servers directly by logging into your account:
https://vip.secpoint.com

Discover the enhanced performance and security today!

When was the last time you've properly used the camera on your Android?

No I'm not talking about the camera which points at the scenery, I'm talking about the camera which points straight to your face 24 hours a day every time you pick your Android up.

¿Well? I'm waiting.

About 990 out of 1000 people will answer this wrong.

The only proper way of using that camera is making sure that it can only record images of your face when you absolutely want to

That means that you need to put a piece of electrical isolation tape in front of the lens of the camera and it should be like that for most of the day.

Any other manner means that you do not know anything about securing yourself and about protecting your identity.

Do you consider it normal to have a barrel of a firearm pointed at your face 24 hours a day?

The question is rhetorical

Now please follow suit and do like I have done it for decades;

The only time when the camera is pointed at me, is when I want to; if I don't I either cover it, or shove the person who puts the camera in my face in such a manner that they drop it immediately, or else!

Today's top stories, curated for you by Zorz Studios: http://zorz.it/newspaper

Celebrating the outstanding #winners of #FemaleInFocus2024;
- 5 #NetworkSecurity solutions to protect your #business;
- Taghrid El Hage #Spring2025 #WeddingDresses;
- What’s going on with #Versace?
- First #OldMasters #collection valued over $100m to come to auction at #Sotheby’s, and more