Tag: attack

Microsoft and Google Platforms Abused in New Enterprise Cyberattacks

Feb 4, 2026 9:13 AM

Tags: attack, cloud, cyber, cyberattack, defense, google, infrastructure, malicious, microsoft, phishing, service, tactics, threat

A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
Ingress-NGINX Flaw Enables Arbitrary Code Execution Attacks

Feb 4, 2026 8:13 AM

Tags: access, attack, cve, cyber, flaw, kubernetes, malicious, unauthorized, vulnerability

A high-severity vulnerability has been discovered in the Kubernetes ingress-nginx controller, allowing attackers to execute arbitrary code and potentially compromise entire clusters. Tracked as CVE-2026-24512, this high-severity flaw enables malicious actors to inject configuration directives through the ingress controller and gain unauthorized access to cluster secrets. Vulnerability Overview CVE-2026-24512 affects the ingress-nginx controller, a widely…
Critical Django Flaw Allows DoS and SQL Injection Attacks

Feb 4, 2026 8:13 AM

Tags: attack, cyber, dos, flaw, injection, open-source, service, software, sql, update, vulnerability

The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the popular Python web framework. Released on February 3, 2026, the updates fix severe flaws that could enable attackers to execute SQL injection attacks, cause denial-of-service conditions, and enumerate user accounts.”‹ Django is a widely used open-source Python…
From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent

Feb 4, 2026 6:13 AM

Tags: access, ai, api, attack, authentication, computer, container, control, crypto, cve, data, data-breach, detection, docker, email, flaw, github, group, Hardware, injection, Internet, leak, login, malicious, malware, open-source, password, privacy, remote-code-execution, risk, scam, skills, software, threat, tool, unauthorized, vulnerability

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users must prioritize to mitigate this enormous agentic AI security risk. Key takeaways Moltbot takes an…
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

Feb 4, 2026 12:13 AM

Tags: attack, hacker, infection, malicious, microsoft, office, russia

APT28’s attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-hackers-weaponize-office-bug-within-days
Fake Party Invites Lure Victims Into Installing Malicious Remote Access Tools

Feb 3, 2026 11:14 PM

Tags: access, attack, cyber, email, malicious, social-engineering, tool, windows

A sophisticated social engineering campaign targeting Windows users across the UK, using fake event invitations to silently install ScreenConnect a legitimate remote access tool that attackers have weaponized to gain complete system control. The attack chain begins with deceptive simplicity: victims receive emails that look like personal invitations from friends or colleagues. These messages are…
Ivanti’s EPMM is under active attack, thanks to two critical zero-days

Feb 3, 2026 11:14 PM

Tags: attack, exploit, ivanti, threat, vulnerability, zero-day

Limited attacks occurred prior to Ivanti’s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit/
GlassWorm Infiltrates VSX Extensions With 22,000+ Downloads to Target Developers

Feb 3, 2026 11:14 PM

Tags: access, attack, breach, credentials, cyber, data-breach, supply-chain, unauthorized

A new GlassWorm-linked supply chain attack abusing the Open VSX Registry, this time via a suspected compromise of a legitimate publisher’s credentials rather than typosquatted packages. The Open VSX security team assessed the activity as consistent with leaked tokens or other unauthorized access to the publishing pipeline, underscoring how stolen developer credentials can be weaponized…
Infostealer Attacks Hit macOS, Abusing Python and Trusted Platforms

Feb 3, 2026 11:14 PM

Tags: attack, cloud, credentials, crypto, cyber, data, macOS, social-engineering, threat

A sharp rise in campaigns targeting macOS users, while attackers also ramp up Python”‘based stealers and abuse trusted platforms like WhatsApp and popular PDF utilities. These attacks focus on harvesting credentials, browser data, cloud keys, and cryptocurrency wallets, then quietly exfiltrating them to attacker”‘controlled infrastructure. On macOS, threat actors increasingly rely on social engineering and…
Fake Dropbox Phishing Campaign Targets Users, Steals Login Credentials

Feb 3, 2026 11:14 PM

Tags: attack, credentials, cyber, email, exploit, login, malicious, phishing

A sophisticated phishing campaign that uses a multi-stage approach to bypass email filtering and content-scanning systems. The attack exploits trusted platforms, benign file formats, and layered redirection techniques to harvest user credentials from unsuspecting victims successfully. The attack chain begins with a professionally crafted phishing email containing a PDF attachment. The malicious payload leverages legitimate…
Critical React Native Metro dev server bug under attack as researchers scream into the void

Feb 3, 2026 9:14 PM

Tags: attack

Too slow react-ion time First seen on theregister.com Jump to article: www.theregister.com/2026/02/03/critical_react_native_metro_server/
CISA flags critical SolarWinds RCE flaw as exploited in attacks

Feb 3, 2026 9:14 PM

Tags: attack, cisa, exploit, flaw, rce, remote-code-execution, update, vulnerability

CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-critical-solarwinds-rce-flaw-as-actively-exploited/
Frequently Asked Questions About Notepad++ Supply Chain Compromise

Feb 3, 2026 8:13 PM

Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windows

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
Op Neusploit: Russian APT28 Uses Microsoft Office Flaw in Malware Attacks

Feb 3, 2026 8:13 PM

Tags: attack, control, email, exploit, flaw, group, malware, microsoft, office, russia, ukraine

A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania. First seen on hackread.com Jump to article: hackread.com/op-neusploit-russia-apt28-microsoft-office-malware/
8-Minute Access: AI Accelerates Breach of AWS Environment

Feb 3, 2026 8:13 PM

Tags: access, ai, attack, breach, credentials, data-breach

The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/8-minute-access-ai-aws-environment-breach
Security Is Shifting From Prevention to Resilience

Feb 3, 2026 7:13 PM

Tags: ai, attack, cybersecurity, malware, resilience, sophos, strategy

Dan Cole, senior vice president of product management at Sophos, unpacks how cybersecurity strategy is shifting from a prevention-first mindset toward resilience and response. Cole traces his career from the early days of mass malware outbreaks like Melissa and ILOVEYOU through today’s environment of nation-state actors, AI-assisted attacks, and sprawling hybrid workforces. While the tools..…
Compromise of Notepad++ Equals Software Supply Chain Fallout

Feb 3, 2026 7:13 PM

Tags: attack, backdoor, china, exploit, group, infrastructure, open-source, software, supply-chain, vulnerability, windows

Hacked Infrastructure Delivered Chinese Nation-State Group’s Backdoor, Experts Warn. The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors. First seen on…
Flare Report: Infostealers Are Fueling Enterprise Identity Attacks

Feb 3, 2026 7:13 PM

Tags: attack, credentials, identity

Flare research shows infostealers are increasingly exposing enterprise identity credentials, driving higher-impact compromises. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/flare-report-infostealers-are-fueling-enterprise-identity-attacks/
Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU

Feb 3, 2026 6:14 PM

Tags: attack, computer, cve, exploit, flaw, hacker, microsoft, office, russia, ukraine

Ukraine’s computer emergency response team, CERT-UA, said attackers began abusing the flaw, tracked as CVE-2026-21509, shortly after Microsoft disclosed it in early January. First seen on therecord.media Jump to article: therecord.media/russian-state-hackers-exploit-new-microsoft-flaw
From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain

Feb 3, 2026 5:14 PM

Tags: access, ai, attack, ciso, cloud, credentials, detection, framework, group, iam, least-privilege, LLM, monitoring, training

Lateral movement, LLMjacking, and GPU abuse: Once administrative access was obtained, the attacker moved laterally across 19 distinct AWS principals, assuming multiple roles and creating new users to spread activity across identities. This approach enabled persistence and complicated detection, the researchers noted.The attackers then shifted focus to Amazon Bedrock, enumerating available models and confirming that…
Notepad++ supply chain attack: Researchers reveal details, IoCs, targets

Feb 3, 2026 3:13 PM

Tags: attack, china, group, supply-chain, update

Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/notepad-supply-chain-attack-iocs-targets/
Wrench-Attacks: Kryptodiebe wenden zunehmend körperliche Gewalt an

Feb 3, 2026 2:13 PM

Tags: attack, crypto

Anleger aus Europa sind 2025 besonders gefährdet gewesen. Mehr als 40 Prozent der bekannten gewaltsamen Krypto-Diebstähle fanden dort statt. First seen on golem.de Jump to article: www.golem.de/news/wrench-attacks-kryptodiebe-wenden-zunehmend-koerperliche-gewalt-an-2602-204940.html
Analysis of the Attack Surface in the Agent SKILL Architecture: Case Studies and Ecosystem Research

Feb 3, 2026 1:13 PM

Tags: attack, cyber, LLM, network, tool

Background As LLMs and intelligent agents expand from dialogue to task execution, the encapsulation, reuse and orchestration of LLM capabilities have become key issues. As a capability abstraction mechanism, SKILL encapsulates reasoning logic, tool calls and execution processes into reusable skill units, enabling the model to achieve stable, consistent and manageable operations when performing complex…The…
Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack

Feb 3, 2026 1:13 PM

Tags: access, ai, apt, attack, backdoor, china, control, cybersecurity, detection, edr, email, espionage, exploit, framework, government, group, incident response, infrastructure, malicious, malware, microsoft, network, software, supply-chain, tool, update

Rapid7 identifies custom malware: Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.”Forensic analysis conducted by the MDR team suggests that the…
New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials

Feb 3, 2026 1:13 PM

Tags: attack, business, corporate, credentials, detection, password, phishing

Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/password-stealing-phishing-pdf/
Outages Happen to Everyone. Building a Resilient Architecture Doesn’t Have to Be Hard.

Feb 3, 2026 12:13 PM

Tags: access, ai, attack, breach, business, cloud, compliance, computing, container, control, csf, cyberattack, data, defense, detection, dora, encryption, finance, framework, government, nist, regulation, resilience, service, software, strategy, technology

Outages Happen to Everyone. Building a Resilient Architecture Doesn’t Have to Be Hard. madhav Tue, 02/03/2026 – 05:21 No company is spared the pain of outages. But their impact can be mitigated by how resilient you build your business architecture. And who you choose to partner with can significantly determine how effective that will be.…
Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

Feb 3, 2026 12:13 PM

Tags: apt, attack, breach, china, exploit, flaw, hacker, infrastructure, malicious, update

Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…
Chollima APT Hackers Weaponize LNK Files to Deploy Sophisticated Malware

Feb 3, 2026 11:13 AM

Tags: apt, attack, cyber, email, group, hacker, korea, malware, north-korea, phishing, spear-phishing, threat

In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign against activists focused on North Korean affairs. The threat actors initiated the attack chain via spear-phishing emails impersonating a North Korea-focused security expert based in South Korea. The emails referenced legitimate…
Abuse of OpenClaw AI Capabilities Enables Stealthy Malware Campaigns

Feb 3, 2026 11:13 AM

Tags: ai, attack, automation, backdoor, cyber, malicious, malware, marketplace, skills, supply-chain, threat

Hundreds of malicious skills are distributed through OpenClaw’s marketplace, transforming the popular AI agent ecosystem into a new supply chain attack vector. Threat actors are weaponizing the platform’s extensibility features to deliver droppers, backdoors, and infostealers disguised as legitimate automation tools.”‹ OpenClaw Skills Become Malware Distribution Channel OpenClaw is a self-hosted AI agent that executes…
APT28 Exploits Active Microsoft Office Zero-Day to Deliver Malware

Feb 3, 2026 11:13 AM

Tags: attack, cyber, exploit, group, malware, microsoft, office, russia, threat, ukraine, vulnerability, zero-day

The Russia-linked advanced persistent threat group APT28 has been observed actively exploiting a zero-day vulnerability in Microsoft Office to deliver malware through a sophisticated multi-stage attack campaign. Security researchers from Zscaler ThreatLabz identified this new operation, dubbed Operation Neusploit, targeting users across Central and Eastern Europe with weaponized RTF documents. The campaign specifically targeted Ukraine,…