A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.

Despite both technical exposure by researchers and law enforcement disruption, this infrastructure has remained uncharacteristically consistent, only changing hosting providers. Given the contrasting high level of sophistication between Volt Typhoon’s activity within target organizations and their proxy network, it is possible the KV Botnet is operated by a party other than Volt Typhoon.

This blog analysis regarding a recent threat actor posting, which claims to offer compromised configuration and VPN credentials from FortiGate devices, provides factual information to help our customers better understand the situation and make informed decisions.

Discover Bishop Fox's survey on the current state of SonicWall appliances on the public internet.

A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.

The Dig research team reveals recently discovered critical vulnerability in GCP CloudSQL service that lead to internal container access and data exposure