ZeroBS_GmbH

We analyzed 400 DDoS-Stresstests from 2022 and gathered very interesting insights into the current state of protection/mitigation-solutions, what works (well), what doesnt, and especially: WHY. zero.bs/optimization-o… #ddos #dfir #cybervandals

@WahlenPMattias @ImposeCost Most underrated, esp. the last one

@ImposeCost AI will affect cybersecurity in 3 ways. It will speed up attacks, it will speed up defense and it will create entirely new attack surfaces. I am most worried about the last one.

See, there's real conversations about becoming better, faster, and stronger with AI to beat adversaries using AI, and I'm over here quietly thinking "so if those dudes are using these technologies to find the vulnerabilities, why aren't the friendly dudes using the same or similar technologies to find the vulnerabilities before they're ever put in front of an adversary... Like do all that BEFORE we're doing the get better at firefighting through agents....

@anton_chuvakin @unpromptedconf @gadievron You mean this? vibe-radar-ten.vercel.app

So why nobody (well, maybe <1%) care about the coming AI-powered vulnerability apocalypse? (ref @unpromptedconf vs #RSAC discussions, cc @gadievron ) #question

What Akamai says ⬇️ The current SOTI-Report with detailed insights on shifting battlegrounds and new attack vectors (APIs & AI), but also useful mitigations/architecture advices akamai.com/resources/stat…

NoName057(16) Exclusive Interview: The Pro-Russian Hacker Group Behind 1,500+ DDoS Attacks Speaks Out dailydarkweb.net/noname05716-ex…

Building for the future means preparing for the quantum era today. Our security teams have just introduced our 2029 timeline for PQC migration, warning that quantum computers could break standard encryption much sooner than many previously expected. Learn more in @ArsTechnica.

Google just shifted PQC migration goal to 2029. Others likely to follow given projected advances of quantum computing capability toward a cryptographically relevant quantum computer (CRQC). blog.google/innovation-and… Will we see a CRQC by 2029? Most likely not, but to be safe you'll want to land your PQC migration more aggressively to cover that tail risk. And, focus more on authentication controls that secrecy controls. Time to get going. philvenables.com/post/post-quan…

@cyb3rops Thats Amazing

I use this graph in internal slides to better explain the concept

The #TeamPCP #LiteLLM compromise is a good example of where scalable detection still matters. Our internal Thunderstorm analysis flagged the malicious litellm-1.82.8 wheel with a high score and multiple signature matches on the embedded litellm_init.pth payload, before the incident was broadly written up publicly What I find interesting here is where different approaches fit: - AV-style engines are great at very high-volume scanning - LLM-based analysis is great when ambiguity starts and code needs deeper interpretation - in between, you need something that can process lots of packages and build artifacts, surface suspicious content reliably, and hand the interesting cases to humans or AI workflows for deeper investigation That middle layer has real value. It lets you inspect package repositories, build workflows and newly introduced dependencies continuously, at fixed cost and on your own infrastructure, instead of trying to send whole firehoses through token-priced analysis. In this case, old signatures were enough to surface something very real. Blogs opensourcemalware.com/blog/teampcp-l… securitylabs.datadoghq.com/articles/litel… Overview with IOCs ramimac.me/teampcp/

Aisuru is know for hypervolumetric attacks up to 20 TB/s from last year we track this botnet here: #aisuru" target="_blank" rel="nofollow noopener">blog.kybervandals.com/tracking_botne…

Huge Takedown: U.S. authorities, working with Canada and Germany, have disrupted four major IoT botnets: Aisuru, Kimwolf, JackSkid, and Mossad, that infected over 3 million routers, webcams, and other devices. krebsonsecurity.com/2026/03/feds-d… #ddos #osint #iot

@evilsocket vugs

should we call them vibugs?

Pro-Iran hacktivist activity continues daily, groups such as Keymous, Rippersec and team313 continue DDoS attacks, Pro-Russian groups continue sporadic targeting while many groups continue to claim network access and data leaks. Still not as many groups at the 12-day war.

Up to now our talking point was "that bored 16yo" who attacked you and brought your infrastructure down. Now its 12yo who do it for profit 😎 #ddos #osint theregister.com/2026/03/10/pol…

@IceSolst > why vendors can come up with inane bullshit Thats the reason our company is called "zeroBS", really

There’s an astronomical skill gap between good security people, and the rest. There’s no mid. Accounts you see posting their research here are absolutely cracked, it’s not the norm. When you go out and talk to security folks that don’t go to conferences, don’t read up on research, you realize- holy shit. They have no fucking clue. The majority of the cybersecurity work force is absolutely incompetent. It’s partly why vendors can come up with inane bullshit as marketing material and it works on many CISOs. If you’re reading this, you’re most likely 1000x the skill level of the average person. Like I cannot emphasize enough how low the bar is when the sample size is the entire industry.

Looks like Killmilk is restarting Killnet. One of the most well-known pro-Russian hacktivist groups.

DieNet the first hacktivist group supporting Iran to expand DDoS attacks outside of the Gulf and US. Suggesting attacks on Cyprus, because they host a British base. The UK has had nothing to do with the current US/Israel- Iran fighting.

Breaking! Noname05716 has joined the cyber activity in support of Iran. You can expect groups part of their pro-Russian cluster to commence operations.

We lost FX. A lot of people wrote about this so I feel comfortable sharing here too. I’m heartbroken. We’re heartbroken. At 8 am pacific today (Monday), we are gathering on Zoom to share memories of FX, as a community. Ping me for a link.

About Offensive AI, Part II blog.kybervandals.com/about-offensiv… tl;dr: You will get attacked soon by a swarm of red teaming agents. It's High Time to get your external attack surface under control

@GreyNoiseIO Proxies serve as a good smokescreening strategy for attackers. blog.kybervandals.com/rapid-proxy-ro…

GreyNoise observed a coordinated campaign probing SonicWall firewalls to identify which devices have SSL VPN enabled — the prerequisite step before credential attacks. Four infrastructure clusters, a commercial proxy service rotating thousands of IPs, and near-zero exploitation. This is target mapping. 🔗greynoise.io/blog/active-re…