The JDY botnet has expanded to over 1,500 compromised devices to conduct large-scale reconnaissance and service fingerprinting. This network primarily targets small office and home office routers, firewalls, and IoT devices from various manufacturers. It functions as a high-performance scanner that maps exposed services to identify vulnerable infrastructure for state-sponsored hacking groups.

Source

Cloudflare has introduced a new integration that allows its Web Application Firewall to use live threat intelligence data for proactive mitigation. This feature enables the creation of rules based on specific threat actor names, targeted industries, and attack types like DDoS or cybercrime. By populating these fields during the early stages of a request, the system can block high-risk traffic before it reaches the origin infrastructure.

Source

Palo Alto Networks has upgraded the severity of a vulnerability in its PAN-OS software following reports of active exploitation in the wild. The flaw, tracked as CVE-2026-0257, allows attackers to bypass security restrictions and establish unauthorized VPN connections to corporate networks. While initially rated as medium severity, the discovery of successful attacks has prompted a reclassification to high urgency.

Source