FISA

What Is Masjesu? Cybersecurity researchers at Trellix have pulled back the curtain on a sophisticated and deliberately low-profile botnet known as Masjesu, a DDoS-for-hire operation that has been quietly recruiting customers and compromising devices globally since it first appeared in 2023. Marketed openly on Telegram, Masjesu offers paying clients the ability to launch volumetric Distributed Denial-of-Service (DDoS) attacks against virtually any target. What makes it particularly dangerous is not its raw power, but its design philosophy: stealth, persistence, and strategic evasion over aggressive widespread infection. How It Works Once Masjesu's malware lands on a compromised IoT device, typically a router or gateway, it follows a precise sequence of actions: It attempts to bind a socket to a hard-coded TCP port (55988), which allows the attacker to connect to the device directly. If this fails, the execution chain terminates immediately, a deliberate fail-safe to avoid dete...

  Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called  Project Glasswing  that will use a preview version of its new frontier model,  Claude Mythos , to find and address security vulnerabilities. The model will be   used   by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, along with Anthropic, to secure critical software. The company said it's forming this initiative in response to capabilities observed in its general-purpose frontier model that demonstrate a "level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.Because of its cybersecurity capabilities and concerns that they could be abused, Anthropic has opted not to m...

  What's Happening? U.S. cybersecurity and intelligence agencies, including the FBI and CISA, have issued a formal warning confirming that Iranian-affiliated threat actors are actively targeting internet-facing Operational Technology (OT) devices, specifically Programmable Logic Controllers (PLCs), deployed across critical infrastructure sectors in the United States. The consequences are real and already documented: degraded PLC functionality, falsified readings on industrial control screens, operational disruptions, and in some cases, direct financial losses. Who Is Being Targeted and How? The attacks are focused on Rockwell Automation and Allen-Bradley PLC devices, particularly CompactLogix and Micro850 models. The targeted sectors include: Government services and facilities Water and Wastewater Systems (WWS) Energy infrastructure The attack method is methodical. The threat actors leveraged third-party hosted infrastructure combined with legitimate engineering software,...

Security teams have been talking about alert fatigue for years. And yet, for many SOCs, the problem isn’t getting better. It’s getting worse. As environments expand across cloud, SaaS, identity, and legacy systems, analysts are flooded with signals that all demand attention but rarely arrive with enough context to act quickly. Staffing shortages only amplify the issue. The result is a SOC stuck reacting to noise instead of responding to real risk. Recent industry research reinforces what analysts already know. False positives remain one of the top challenges in detection and response, and many analysts encounter low-value alerts so frequently that it slows investigations and contributes directly to burnout. Alert fatigue isn’t just an efficiency problem. It’s an operational risk. Why alert fatigue persists, and why it’s not your fault Alert fatigue isn’t a reflection of weak analysts or underperforming teams. It’s the outcome of security models that haven’t kept pace with modern compl...

  Last week, the industry learned that Anthropic was developing Claude Capybara, also called Mythos, a powerful new AI model with substantially improved capabilities in vulnerability discovery, exploit development, and multi-step attack reasoning. While the details emerged through a data leak rather than a formal launch, the market response was unmistakable: AI has crossed a critical cyber security threshold. The frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale, speed and through novel methods that previously were the domain of advanced nation state entities. For security leaders, this development is both a warning and a call to action. It crystallizes a trend we’ve been closely monitoring and preparing for: the democratization and industrialization of cyber attacks. Two Structural Shifts Redefining Cyber Risk Claude Mythos is the early signal of two profound shifts in the threat landscape: 1.  ...

  AI assistants like ChatGPT have quickly become trusted environments for handling some of the most sensitive data people own. Users discuss medical symptoms, upload financial records, analyze contracts, and paste internal documents—often assuming that what they share remains safely contained within the platform.   That assumption was challenged when new research uncovered a previously unknown vulnerability that enabled silent data leakage from ChatGPT conversations without user knowledge or consent. While the issue has since been fully resolved by OpenAI, the discovery delivers a much broader lesson for enterprises and security leaders: AI tools should not be assumed secure by default.   Just as organizations learned not to blindly trust cloud providers, the same logic now applies to AI vendors. Native security does not equal sufficient security. AI requires an independent security layer on top.   From Trusted Assist...

  What's Happening? Security researchers at VulnCheck have confirmed that malicious actors are actively exploiting a critical vulnerability in Flowise, a popular open-source platform used to build AI agents and workflows. The flaw carries the highest possible severity rating, a CVSS score of 10.0, meaning it requires no special privileges to exploit and can result in complete system compromise. The Vulnerability: CVE-2025-59528 The flaw, tracked as CVE-2025-59528, is a code injection vulnerability residing in Flowise's CustomMCP node, a component that lets users configure connections to external Model Context Protocol (MCP) servers. The problem lies in how the node processes user-provided configuration strings: it executes JavaScript code embedded in those strings without any security validation whatsoever. Because Flowise runs with full Node.js runtime privileges, a successful attacker gains access to powerful system modules including: child_process — enabling arbi...