Privacy Aware Bots
A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them.
https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796)
Critical Ingress Nightmare Vulnerability
ingress-nginx fixed four new vulnerabilities, one of which may lead to a Kubernetes cluster compromise. Note that at the time I am making this live, not all of the URLs below are available yet, but I hope they will be available shortly after publishing this podcast
https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments)
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities)
https://kubernetes.io/blog/)
FBI Warns of File Converter Scams
File converters may include malicious ad ons. Be careful where you get your software from.
https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam)
VSCode Extension Includes Ransomware
https://x.com/ReversingLabs/status/1902355043065500145)
