Lightnews — Scholar-powered news

New Shai Hulud NPM Worm Emerges - Decipher

Decipher

@deciphersec.bsky.social

Some (vaguely) Thanksgiving-related security phrases for you to use this weekend:

credential stuffing
big game (hen) hunting
Scattered smothered covered and chunked Spider
YAML
cookies
watering hole
Plymouth infosec Rock star
SPAM
Dinner roll your own crypto

What else ya got? 🦃

November 26, 2025 at 5:08 PM

Reposted by Decipher

Socket

@socket.dev

We have updated this list to include more than 500 packages and 700+ affected versions, as well as a technical analysis of the attack. socket.dev/blog/shai-hu....

cc: @campuscodi.risky.biz @typescript.fm @bleepingcomputer.com @theregister.com

November 24, 2025 at 5:19 PM

Decipher

@deciphersec.bsky.social

Just in time for the holiday week...it's a new npm worm!
decipher.sc/2025/11/24/n...

Researchers from Wiz are currently tracking more than 25,000 affected repositories across approximately 350 unique users.

decipher.sc/2025/11/19/d...

November 24, 2025 at 3:47 PM

Decipher

@deciphersec.bsky.social

DoJ Sanctions Bulletproof Hosting Provider Used By Ransomware Groups - Decipher

The provider, Media Land LLC, has been used by ransomware actors like Lockbit, BlackSuit, and Play, and its infrastructure has been leveraged across several ...

DoJ Sanctions, the SEC Abandons the SolarWinds Action, and the FCC Reverses Course on Telecom Security

November 24, 2025 at 1:10 PM

Decipher

@deciphersec.bsky.social

Things got a little weird in Washington this week. We break it all down for you!

decipher.sc/podcasts/doj...

It’s an acronym-filled, government-only bonanza this week! We discuss the DoJ sanctioning Russian bulletproof hosting provider Media Land (0:53), the S...

decipher.sc/2025/11/19/d...

November 21, 2025 at 4:46 PM

Decipher

@deciphersec.bsky.social

DoJ Sanctions Bulletproof Hosting Provider Used By Ransomware Groups - Decipher

The provider, Media Land LLC, has been used by ransomware actors like Lockbit, BlackSuit, and Play, and its infrastructure has been leveraged across several ...

Rich Mogull on the Cloudflare Outage, Resilience, and Single Points of Failure

November 20, 2025 at 5:49 PM

Decipher

@deciphersec.bsky.social

Aloha! Many of our podcasts are now available as video episodes on Spotify! Including this one with @rmogull.com.

open.spotify.com/show/3XsgM8x...

Spotify video

open.spotify.com

November 20, 2025 at 3:29 PM

Reposted by Decipher

Stephen Fewer

@stephenfewer.bsky.social

We posted our AttackerKB @rapid7.com Analysis of the new EITW FortiWeb command injection vuln, CVE-2025-58034. The patch fixes several command injections, so we reproduced the SAML config name injection, and popped a reverse root shell 🎯 Full details here: attackerkb.com/topics/zClpI...

November 19, 2025 at 7:19 PM

Decipher

@deciphersec.bsky.social

Good post-mortem from @cloudflare.social on their outage yesterday. TL;DR it wasn't a security incident.
blog.cloudflare.com/18-november-...

Cloudflare outage on November 18, 2025

Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

blog.cloudflare.com

November 19, 2025 at 2:42 PM

Decipher

@deciphersec.bsky.social

Quick chat with our pal @rmogull.com on today's @cloudflare.social outage, the fragility of our distributed infrastructure, and how providers and users handle it when things break.

youtu.be/2118EJ4Gb5s?...

Rich Mogull on the Cloudflare Outage, Resilience, and Single Points of Failure

Share your videos with friends, family, and the world

November 18, 2025 at 9:59 PM

Decipher

@deciphersec.bsky.social

The mentality of the characters in The Social Network is not so much parody as prediction.

youtube.com/clip/UgkxhnE...

YouTube

youtube.com

November 18, 2025 at 8:11 PM

Decipher

@deciphersec.bsky.social

"We already know security by obscurity doesn't work; adversaries monitor new product releases and are actively reverse engineering patches." @catc0n.bsky.social

decipher.sc/2025/11/17/f...

Fortinet CVE-2025-64446 Under Active Attack - Decipher

That vulnerability (CVE-2025-64446) affects several versions of FortiWeb and CISA has added it to its Known Exploited Vulnerabilities catalog.

CSDL | IEEE Computer Society

November 18, 2025 at 2:27 PM

Decipher

@deciphersec.bsky.social

Dan Geer has a new essay on the shift toward indeterminism in computing and implications for security.

“The limiting factor in offensive capability is not finding vulnerabilities, it is having the talent to turn them into dependable tools”. @daveaitel.bsky.social

www.computer.org/csdl/magazin...

www.computer.org

November 17, 2025 at 3:37 PM

Decipher

@deciphersec.bsky.social

“Silently patching vulnerabilities is an established bad practice that enables attackers and harms defenders." @catc0n.bsky.social

decipher.sc/2025/11/17/f...

Fortinet CVE-2025-64446 Under Active Attack - Decipher

That vulnerability (CVE-2025-64446) affects several versions of FortiWeb and CISA has added it to its Known Exploited Vulnerabilities catalog.

Marks and Spencer’s Profit Drop: The Financial Toll of Cyberattacks - Decipher

November 17, 2025 at 3:28 PM

Reposted by Decipher

Dennis

@dennisf.bsky.social

“It’s still hard to get a comprehensive perspective on financial losses. People report on the ransom that was paid, but not the costs of internal processes." Wade Baker, Cyentia

decipher.sc/2025/11/14/m...

The financial impacts of cyberattacks are hard to measure - but they lend critical context to conversations around security risk at the boardroom level.

The Hacker Movie Canon: THE SOCIAL NETWORK

November 17, 2025 at 2:19 PM

Decipher

@deciphersec.bsky.social

If you need a few laughs this afternoon, listen to the great Melanie Ensign @melanie-ensign.bsky.social of @discernibleinc.bsky.social have a field day with THE SOCIAL NETWORK.
youtu.be/KPgSnB4tYQ4?...

decipher.sc/2025/11/14/m...

November 15, 2025 at 6:19 PM

Decipher

@deciphersec.bsky.social

Marks and Spencer’s Profit Drop: The Financial Toll of Cyberattacks - Decipher

The financial impacts of cyberattacks are hard to measure - but they lend critical context to conversations around security risk at the boardroom level.

Lighthouse Phishing Kit Takedown, Zero Day Mysteries, and Measuring Cyber Attack Costs

November 14, 2025 at 7:58 PM

Decipher

@deciphersec.bsky.social

New podcast is up!

➡️ Google disrupts Lighthouse phishing service
➡️ Amazon identifies APT targeting zero days in Cisco and Citrix products
➡️ Measuring the financial effects of cyber attacks

open.spotify.com/episode/35P5...

open.spotify.com

November 14, 2025 at 4:51 PM

Decipher

@deciphersec.bsky.social

🚨 New hacker movie podcast episode is out!! It's THE SOCIAL NETWORK🚨

This podcast has everything:
✅ Friendster references
✅ Harvard trash talk
✅ Silicon Valley despair
✅ and most importantly @melanie-ensign.bsky.social !!

youtu.be/KPgSnB4tYQ4?...

The Hacker Movie Canon: THE SOCIAL NETWORK

decipher.sc/2025/11/12/a...

November 13, 2025 at 3:46 PM

Decipher

@deciphersec.bsky.social

APT Targets Cisco and Citrix Zero Days - Decipher

The chain of discovery began with Amazon's security honeypot service, MadPot, which detected exploitation attempts for the Citrix Bleed Two vulnerabilit...

Microsoft Warns of Exploited Windows Kernel Zero-Day - Decipher

November 12, 2025 at 10:06 PM

Decipher

@deciphersec.bsky.social

“Bugs like these are often paired with a code execution bug by malware to completely take over a system."
decipher.sc/2025/11/11/m...

The important-severity flaw (CVE-2025-62215) has been exploited, said Microsoft.

Google: Threat Actors Testing AI During Malware Execution - Decipher

November 12, 2025 at 2:59 PM

Decipher

@deciphersec.bsky.social

“Attackers are moving beyond ‘vibe coding’ and the baseline observed in 2024 of using AI tools for technical support."

decipher.sc/2025/11/05/g...

Threat actors are now using LLMs in malware during execution, as a way to alter the malware’s behavior to enable detection evasion and more.

Yahoo's Sean Zadig on How to Raise a Hacker Safely and How AI Isn't Changing Everything

November 6, 2025 at 2:26 PM

Decipher

@deciphersec.bsky.social

🎥 Brand new podcast episode is up! 🎥

We talked to @yahoo.bsky.social CISO Sean Zadig about his path to infosec and the challenges of raising the next generation of hackers.
youtu.be/e7K16g5JONc?...