Executive Summary: The Imperative for a New Dialogue In the contemporary operational environment, defined by industrialized cyber warfare and systemic supply chain compromises—exemplified by the Salt Typhoon and Volt Typhoon campaigns—the evaluation of network vendors has shifted from a procurement checklist to a strategic imperative. Organizations can no longer rely solely on perimeter defenses; they Read More
Category: Internet
FAQ – Which Shadowserver Reports list CVEs
FAQ – Which Shadowserver Reports list CVEs? Many people frequently ask how Shadowserver includes CVEs (Common Vulnerabilities and Exposures) in its reports. Currently, there are over 140 reports published, with more on the way. The Shadowserver Alliance is active, working together to support the Shadowserver initiative and develop new report types. It’s a logical question Read More
US ISP CPE SUPPLY CHAIN
Who Makes What, and Where with the US ISP CPE Supply Chain Version 2.0 | March 24, 2026 senki.org | bgreene@senki.org This research tool was curated from detailed questions by a +40-year Internet engineer, large network architect, and cybersecurity specialist. The questions were used to build out logic flows in multiple LLMs to gather insights Read More
How do you get 29 organizations to collaborate to disrupt multiple threat actors’ operational infrastructure?
How do you get 29 organizations to collaborate to disrupt multiple threat actors’ operational infrastructure? (see the list below) What is not stated is that this group is the known TLP: RED group. There is a larger TLP: AMBER community of supporting individuals and organizations. These groups all exist and will continue to put pressure Read More
CVE-2025-40778: Uncovering the Real DNS Vulnerability Risks
The DNS Cache Poison vulnerability (CVE-2025-40778) opens a huge exploitation range from INSIDE the network. This is NOT a “Kaminsky” attack – it is much worse – two crafted packets from an architected attack. Read More
You missed it! Threat Actors simple paths into your network.
On December 3rd, 2024, six cybersecurity organizations published Enhanced Visibility and Hardening Guidance for Communications Infrastructure, detailing simple paths threat actors use to penetrate networks. Most people I talk to say, “This is nothing new.” “We’ve heard it all before.” “These are all Best Common Practices (BCPs); everyone should have deployed them already!” Do not Read More
Using your Printer Ports to Attack?
Do you have a customer whose printer ports are open and vulnerable and can now be used for DDoS? Is your network’s “Internet Print Protocol” (IPP) port open and ready for exploitation? Last week, the Shadowserver Foundation alerted a “large increase in queries on 631/UDP seen in our sensors due to recent CUPS RCEs disclosure. Read More
Is ASEAN Ready for Serious Cybersecurity?
No, most ASEAN countries are not ready for “serious cybersecurity.” Cybersecurity requires a persistent and consistent rhythm of action that fixes known security risks. Public benefit—non-profit cyber civil defense organizations like the Shadowserver Foundation, CyberGreen, and other organizations deliver actionable cyber-risk reporting as a public benefit. Yes, these reports are free to organizations seeking to Read More
PlugX Infections – Is that You?
The French Government sees the massive number of PlugX infections as a national threat. PlugX is malware used by Nation State threat actors to get inside networks. Sekoia was part of a sinkholing action that uncovered thousands of locations where PlugX is deployed. Should you be concerned? How do you discover if you have a Read More
Industry Anti-DDOS Strategy 2018
Note to the Readers …… Yes, there are communities who consult and curate an anti-DDoS strategy to mitigate the risk to the Internet. Starting ~2000, Operators have consulted on ways to build better resilience into the Internet’s infrastructure. These consultations evolved into informal security strategy plans. By 2012, multiple groups were involved (see http://www.senki.org/2012-a-year-of-cyber-security-optimism/). A Read More