Tag: attack
-
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
A critical security flaw has been disclosed in Grist”‘Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution.The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs.”One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,” First seen…
-
4 issues holding back CISOs’ security agendas
Tags: access, ai, application-security, attack, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, endpoint, framework, governance, intelligence, jobs, monitoring, network, resilience, risk, risk-assessment, risk-management, sans, service, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-management2. Inability to keep pace with AI innovation and adoption: Executives and employees alike have been rushing to adopt artificial intelligence, enticed by expectations that AI will transform workflows and save time, money, and effort.But CISOs for the most part have not kept pace with their business colleagues’ rate of AI adoption.According to a survey…
-
Nike Probes Possible Cybersecurity Incident Following Dark Web Claims
Nike has confirmed that it is investigating a potential cybersecurity incident after claims surfaced online that its internal data may have leaked by a cybercrime group. The same group, known for extortion-driven attacks against other companies, previously claimed the Nike cyberattack on its dark web site. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/nike-cyberattack-investigation/
-
Stealth in Script: >>PeckBirdy<< Framework Powers New Wave of China-Aligned Attacks
The post Stealth in Script: >>PeckBirdy<< Framework Powers New Wave of China-Aligned Attacks appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/stealth-in-script-peckbirdy-framework-powers-new-wave-of-china-aligned-attacks/
-
A new wave of ‘vishing’ attacks is breaking into SSO accounts in real time
Cybercrime groups, including one that identifies as ShinyHunters, are targeting single sign-on services to gain access to victim networks and steal data. First seen on cyberscoop.com Jump to article: cyberscoop.com/shinyhunters-voice-phishing-sso-okta-mfa-bypass-data-theft/
-
Why MSPs Should Add Privileged Access Management (PAM) To Their Security Offerings
It’s no surprise that the most popular managed service is security. Cybersecurity threats are a daily occurrence and continue to get more sophisticated, with identity-based attacks now the primary vector. For example, 2023 saw a 72% increase in data breaches… Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/why-msps-should-add-privileged-access-management-pam-to-their-security-offerings/
-
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-clickfix-attacks-abuse-windows-app-v-scripts-to-push-malware/
-
Sandworm Blamed for Wiper Attack on Poland Power Grid
Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/sandworm-wiper-attack-poland-power-grid
-
NDSS 2025 all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks
Tags: attack, authentication, conference, credentials, finance, group, Internet, network, ransom, ransomware, softwareSession 10B: Ransomware Authors, Creators & Presenters: Kevin van Liebergen (IMDEA Software Institute), Gibran Gomez (IMDEA Software Institute), Srdjan Matic (IMDEA Software Institute), Juan Caballero (IMDEA Software Institute) PAPER all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks We present the first systematic study of database ransom(ware) attacks, a class of attacks where…
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
Saudi satirist hacked with Pegasus spyware wins damages in court battle
The London High Court awarded the London-based satirist and human rights activist Ghanem Al-Masarir more than £3 million, after finding the Saudi government hacked his phone and was likely behind a physical attack targeting him in London. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/26/saudi-satirist-hacked-with-pegasus-spyware-wins-damages-in-court-battle/
-
Russian state hackers likely behind wiper malware attack on Poland’s power grid
A major cyberattack that nearly cut electricity to half-a-million people in Poland last year was reportedly carried out by the Russia-linked hacking group Sandworm, which likely attempted to knock out systems using wiper malware. First seen on therecord.media Jump to article: therecord.media/russia-eset-sandworm-poland-hack
-
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/
-
SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the >>SyncFuture Espionage Campaign,<< weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems."‹ The campaign begins with targeted…
-
New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware
A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick is “inherited trust.” Attackers send short phishing emails with financial or business themes such as unpaid invoices, payment statements, or document reviews. The real hook is not the text, but…
-
Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
The defense mechanisms that NPM introduced after the ‘Shai-Hulud’ supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-can-bypass-npms-shai-hulud-defenses-via-git-dependencies/
-
Lazarus Hackers Target European Drone Manufacturers in Active Campaign
The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer,…
-
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
-
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
-
SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the >>SyncFuture Espionage Campaign,<< weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems."‹ The campaign begins with targeted…
-
Energy Firms Targeted in SharePoint AiTM Session Hijacking
Attackers are abusing SharePoint links in an AiTM phishing campaign to hijack sessions at energy firms and enable BEC attacks, even with MFA enabled. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/energy-firms-targeted-in-sharepoint-aitm-session-hijacking/
-
Okta Flags Customized, Reactive Vishing Attacks Which Bypass MFA
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/okta-flags-vishing-attacks-which/
-
Poland repels data-wiping malware attack on energy systems
Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware and failed. According to information shared … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/26/poland-energy-malware-attack/
-
Okta Flags Customised, Reactive Vishing Attacks Which Bypass MFA
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/okta-flags-vishing-attacks-which/
-
Moscow likely behind wiper attack on Poland’s power grid, experts say
Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy First seen on theregister.com Jump to article: www.theregister.com/2026/01/26/moscow_likely_behind_wiper_attack/
-
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in…
-
Wiper Attack on Polish Power Grid Linked to Russia’s Sandworm
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wiper-attack-polish-power-grid/
-
Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid
Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to…