Tag: attack
-
Capital Health to Pay $4.5M in LockBit Breach Settlement
Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000. Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees. First seen on…
-
What’s New in Tenable Cloud Security: Multi-cloud Risk Analysis, Attack Surface Assessments, Improved IAM Security and More
Tags: ai, attack, cloud, compliance, data, data-breach, endpoint, gartner, google, governance, iam, identity, infrastructure, Internet, least-privilege, microsoft, mitigation, network, radius, risk, risk-analysis, service, supply-chain, switch, tool, training, vulnerabilityTenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key takeaways Graph-based multi-cloud exploration: We’ve leveraged our unified data model to provide deep visibility across all cloud environments. You…
-
Hanging Up on ShinyHunters: Experts Detail Vishing Defenses
Sophisticated Voice Phishing Campaigns Don’t Exploit Any Software Vulnerabilities. Amidst persistent voice phishing campaigns designed to trick employees and steal sensitive corporate data, security experts recommend organizations deploy phishing-resistant multifactor authentication, monitor for attacks and use live video verification to safeguard authentication changes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hanging-up-on-shinyhunters-experts-detail-vishing-defenses-a-30657
-
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data
Several threat clusters are using vishing in extortion campaigns that include tactics that are consistent with those used by high-profile threat group ShinyHunters. They are stealing SSO and MFA credentials to access companies’ environments and steal data from cloud applications, according to Mandiant researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/shinyhunters-leads-surge-in-vishing-attacks-to-steal-saas-data/
-
Notepad++ Update Servers Hijacked in Targeted Supply Chain Attack
Attackers hijacked Notepad++ update servers to selectively deliver trojanized installers through a trusted update channel. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/notepad-update-servers-hijacked-in-targeted-supply-chain-attack/
-
ShinyHunters Expands Scope of SaaS Extortion Attacks
Following its attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shinyhunters-expands-scope-saas-extortion-attacks
-
ShinyHunters flip the script on MFA in new data theft attacks
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/shinyhunters-mfa-social-engineering/
-
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options.The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks…
-
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/notepad-update-hijacked/
-
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 CVE-2026-1340) in its EPMM software. First seen on hackread.com Jump to article: hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/
-
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 CVE-2026-1340) in its EPMM software. First seen on hackread.com Jump to article: hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/
-
NSFOCUS Monthly APT Insights December 2025
Regional APT Threat Situation In December 2025, the global threat hunting system of Fuying Lab detected a total of 24 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, with a smaller portion also found in Eastern Europe and South America. Some organizations remain unattributed to known APT groups,…The…
-
Notepad++ hijacked by suspected state-sponsored hackers
In a security update posted on the project’s website, the development team said the attack did not exploit a flaw in the editor’s source code itself. Instead, the compromise occurred at the infrastructure level, involving systems used to deliver software updates. First seen on therecord.media Jump to article: therecord.media/popular-text-editor-hijacked-by-suspected-state-sponsored-hackers
-
Notepad++ update service hijacked in targeted state-linked attack
Breach lingered for months before stronger signature checks shut the door First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/notepad_plusplus_intrusion/
-
âš¡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage.Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt, and how fast attackers try to stay…
-
Securing the Mid-Market Across the Complete Threat Lifecycle
For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done.The challenge is that many security tools add complexity and cost that most mid-market businesses First…
-
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-bear-exploits-office-flaw/
-
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. >>According to the…
-
Voice channels are the next major attack vector that security teams can’t monitor
Deepfake voices, live fraud, zero visibility: why voice channels are the next security blind spot. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/voice-channels-are-the-next-major-attack-vector-that-security-teams-cant-m/810567/
-
Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes
Tags: attack, authentication, cyber, data-breach, exploit, extortion, hacker, Internet, ransom, ransomware, threatA widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances that lack basic authentication controls. Recent research reveals that opportunistic threat actors are leveraging automated scripts to wipe databases and demand Bitcoin ransoms, turning configuration negligence into a scalable extortion operation. Attack Resurfaces After Years…
-
Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers
Notepad++ fell victim to a sophisticated supply chain attack orchestrated by state-sponsored threat actors who compromised its update infrastructure over a six-month campaign. Security experts have attributed the attack to a Chinese state-backed group based on the highly selective targeting and technical sophistication demonstrated throughout the incident. Attack Timeline and Scope The compromise began in…
-
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility’s update mechanism to redirect update traffic to malicious servers instead.”The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org,” developer Don Ho said. “The compromise occurred at the hosting First seen on thehackernews.com Jump…
-
StrongestLayer: Top ‘Trusted’ Platforms are Key Attack Surfaces
Explore StrongestLayer’s threat intelligence report highlighting the rise of email security threats exploiting trusted platforms like DocuSign and Google Calendar. Learn how organizations can adapt to defend against these evolving cyber risks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/strongestlayer-top-trusted-platforms-are-key-attack-surfaces/
-
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer’s resources to push malicious updates to downstream users.”On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the…
-
Exposed MongoDB instances still targeted in data extortion attacks
A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exposed-mongodb-instances-still-targeted-in-data-extortion-attacks/
-
IoT Penetration Testing: Definition, Process, Tools, and Benefits
IoT penetration testing is a security assessment of the complete IoT ecosystem, from backend systems and cloud services to mobile devices and hardware. It involves a multi-stage simulated attack on IoT devices and their supporting system to identify security risks before attackers can exploit them. Unpatched firmware is responsible for 60% of IoT security breaches,……
-
Top 10 Best DNS Filtering Solutions 2026
In 2026, the perimeter is gone. Your users are everywhere, and the >>castle and moat<< security model is obsolete. The most effective way to secure a hybrid workforce is through DNS filtering and Secure Access Service Edge (SASE). These tools act as the new control plane, stopping ransomware command-and-control (C2) callbacks and AI-driven phishing attacks…
-
Startup Amutable plotting Linux security overhaul to counter hacking threats
Tags: attack, backdoor, ceo, cloud, computer, computing, container, cve, cybercrime, data, exploit, fortinet, hacking, infrastructure, kubernetes, linux, microsoft, open-source, skills, software, startup, supply-chain, technology, threat, tool, training, vpn, vulnerabilitysystemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack. Computing is full of security…
-
ISMG Editors: Real-Time Vishing Is Breaking MFA
Also: Why AI Agents Are Colliding, What Good Governance Ought to Look Like. In this week’s panel, four ISMG editors discussed real-time vishing attacks that are defeating MFA, the growing problem of AI agents making conflicting decisions inside of enterprises and why the next phase of AI adoption depends on governance, accountability and control. First…
-
Polish Grid Hack Underlines European Need for Active Defense
Russian Hacking Shows Limits of Preventive Measures. Europe must step up its active defenses against cyberattacks and modernize its IT infrastructure, a leading expert has warned in the wake of a major attack on Poland’s energy grid attributed to Russian hackers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/polish-grid-hack-underlines-european-need-for-active-defense-a-30651