Arti is our ongoing project to create a next-generation Tor implementation in Rust. We’re happy to announce the latest release, Arti 1.5.0. Arti 1.5.0 continues development on important client features, including Counter Galois Onion encryption, Conflux, flow control and congestion control, and onion service proof of work. It also includes significant backend work for Arti…
I noticed recently that we have more and more requests for ZIP files in our web honeypot logs. Over the last year, we have had a substantial increase in these requests. Here are some of the most common URLs requested so far this year: url c …
Highlights: Check Point Research (CPR) uncovered an ongoing in-the-wild campaign attributed to the Silver Fox APT which involves the abuse of a previously unknown vulnerable driver, amsdk.sys (WatchDog Antimalware, version 1.0.600). This driver, built on the Zemana Anti-Malware SDK, was Microsoft-signed, not listed in the Microsoft Vulnerable Driver Blocklist, and not detected by community projects like LOLDrivers. The attackers leveraged this unknown…
ISC Stormcast For Thursday, August 28th, 2025 https://isc.sans.edu/podcastdetail/9590, (Thu, Aug 28th) Source link
In July 2021, a sudden drop in Tor usage in Turkmenistan called our attention. Tor would come to understand that this marked the beginning of a new era of censorship and restriction in this post-Soviet country. But let’s rewind… The Tor Community has long been defending internet freedom, running relays and providing bridges to combat…
Today, federal agencies and their technology partners are operating in the most scrutinized risk environment in history. The stakes are clear: a breach in high-impact systems – those holding national security, healthcare, or financial data – can result in loss of life, catastrophic economic damage, or disruption of essential services. Against this backdrop, the federal…
In most attack scenarios, attackers have to perform a crucial operation: to load a shellcode in memory and execute it. This is often performed in a three-step process: Some memory must be allocated and flagged as “executable” with VirtualAlloc() (and sometimes combined with VirtualProtect()) The shellcode (often deobfuscated) is copied into this newly…
ISC Stormcast For Wednesday, August 27th, 2025 https://isc.sans.edu/podcastdetail/9588, (Wed, Aug 27th) Source link
International domain names (IDN) continue to be an interesting topic. For the most part, they are probably less of an issue than some people make them out to be, given that popular browsers like Google Chrome are pretty selective in displaying them. But on the other hand, they are still used legitimately or not, and…
What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform, revealing a set of compounding risks….
