“Cybercrime is a borderless, multi-billion-dollar enterprise. We cannot defend against it solely by building taller walls around individual networks. Operation Ramz proves that actionable intelligence, combined with trusted public-private partnerships, results in actual arrests and dismantled infrastructure.” The organizations most concerned about cybercrime must fund the non-profit engine that actually disrupts it. Call to Action: Visit shadowserver.org/partner/ to invest in action. Read More
In Tribute to Peter G. Neumann (1932–2026) – Service, Sound Systems, and the Work That Remains
Peter Neumann said, “Security is a set of end-to-end total-system emergent properties,” and “Strength in Depth is desirable, but we have Weakness in Depth.” He quotes Einstein — “Everything should be made as simple as possible, but no simpler” — and warns that oversimplifying security leads to flaws. Read More
Origin of Protective DNS and RPZ
The Architectural Evolution of Protective DNS: From Academic Prototyping to Global Security Standard The historical trajectory of the Domain Name System (DNS) has transitioned from a rudimentary directory service into the fundamental control plane of modern internet security. This transformation was neither accidental nor purely market-driven; it was the result of a protracted conflict between Read More
Meaningful Security Conversations with Your Vendors: The 2026 Q1 Guide to Digital Safety & Resilience
Executive Summary: The Imperative for a New Dialogue In the contemporary operational environment, defined by industrialized cyber warfare and systemic supply chain compromises—exemplified by the Salt Typhoon and Volt Typhoon campaigns—the evaluation of network vendors has shifted from a procurement checklist to a strategic imperative. Organizations can no longer rely solely on perimeter defenses; they Read More
FAQ – Which Shadowserver Reports list CVEs
FAQ – Which Shadowserver Reports list CVEs? Many people frequently ask how Shadowserver includes CVEs (Common Vulnerabilities and Exposures) in its reports. Currently, there are over 140 reports published, with more on the way. The Shadowserver Alliance is active, working together to support the Shadowserver initiative and develop new report types. It’s a logical question to ask. The wonders of today make it soooo easy to find answers. You don’t need to ask gurus to kick-start your journey…. Read More
FAQ – Which Shadowserver Reports list CVEs
FAQ – Which Shadowserver Reports list CVEs? Many people frequently ask how Shadowserver includes CVEs (Common Vulnerabilities and Exposures) in its reports. Currently, there are over 140 reports published, with more on the way. The Shadowserver Alliance is active, working together to support the Shadowserver initiative and develop new report types. It’s a logical question Read More
US ISP CPE SUPPLY CHAIN
Who Makes What, and Where with the US ISP CPE Supply Chain Version 2.0 | March 24, 2026 senki.org | bgreene@senki.org This research tool was curated from detailed questions by a +40-year Internet engineer, large network architect, and cybersecurity specialist. The questions were used to build out logic flows in multiple LLMs to gather insights Read More
How do you get 29 organizations to collaborate to disrupt multiple threat actors’ operational infrastructure?
How do you get 29 organizations to collaborate to disrupt multiple threat actors’ operational infrastructure? (see the list below) What is not stated is that this group is the known TLP: RED group. There is a larger TLP: AMBER community of supporting individuals and organizations. These groups all exist and will continue to put pressure Read More
BEC’s Payroll Diversion Fraud Investigation Report: Operational Modalities, Threat Actor Investigation, and Defensive Architectures
1. Executive Summary The global financial cybercrime landscape has undergone a paradigmatic shift, evolving from indiscriminate, high-volume phishing campaigns to highly targeted, psychologically manipulative operations that exploit the structural seams of corporate finance. Among these threats, Payroll Diversion Fraud—the unauthorized redirection of employee salary disbursements to fraudulent accounts—has metastasized into a premier vector for both Read More
CVE-2025-40778: Uncovering the Real DNS Vulnerability Risks
The DNS Cache Poison vulnerability (CVE-2025-40778) opens a huge exploitation range from INSIDE the network. This is NOT a “Kaminsky” attack – it is much worse – two crafted packets from an architected attack. Read More