Tag: attack
-
North Korean hackers use new macOS malware in crypto-theft attacks
North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-macos-malware-in-crypto-theft-attacks/
-
SolarWinds WHD Attacks Highlight Risks of Exposed Apps
Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/solarwinds-whd-attacks-exposed-apps
-
After major Poland energy grid cyberattack, CISA issues warning to U.S. audience
Tags: attack, cisa, control, cyberattack, cybersecurity, infrastructure, technology, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency said the attack highlighted threats from vulnerable edge devices to operational technology and industrial control systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-warning-russian-cyberattack-poland-power-grid/
-
North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam
The scam involved a ClickFix attack where hackers install malware on a device by having the victim try to resolve fictitious technical issues. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeted-crypto-exec-clickfix
-
New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims
Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying. First seen on hackread.com Jump to article: hackread.com/cybercrime-group-0apt-faking-breach-claims/
-
OT Attacks Get Scary With ‘Livingthe-Plant’ Techniques
Tags: attackIronically, security by obscurity has helped prevent dangerous OT attacks in recent years. It won’t be that way forever. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/ot-attacks-living-off-the-plant
-
Single prompt breaks AI safety in 15 major language models
Fundamental changes to safety mechanisms: The research went beyond measuring attack success rates to examine how the technique alters models’ internal safety mechanisms. When Microsoft tested Gemma3-12B-It on 100 diverse prompts, asking the model to rate their harmfulness on a 0-9 scale, the unaligned version systematically assigned lower scores, with mean ratings dropping from 7.97…
-
Senegal shuts National ID office after ransomware attack
Senegal closed its national ID card office after a ransomware cyberattack disrupted ID, passport, and biometric services. Senegal confirmed a cyberattack on the Directorate of File Automation, the government office that manages national ID cards, passports, and biometric data. After ransomware claims surfaced, authorities temporarily closed the office to contain the incident. The agency warned…
-
Unpatched SolarWinds WHD instances under active attack
Internet”‘exposed and vulnerable SolarWinds Web Help Desk (WHD) instances are under attack by threat actors looking to gain an initial foothold into target organizations’ … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/solarwinds-whd-under-active-attack/
-
TeamPCP Turns Cloud Misconfigurations Into a Self-Propagating Cybercrime Platform
Tags: api, attack, cloud, cyber, cybercrime, data-breach, docker, group, infrastructure, kubernetes, malware, threat, vulnerabilityTeamPCP, operating under aliases including PCPcat, ShellForce, and DeadCatx3, emerged in late 2025 as a cloud-native cybercrime operation that transforms misconfigured infrastructure into automated attack platforms. Unlike traditional malware groups, this threat actor doesn’t break into systems they walk through doors left open by exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell-vulnerable…
-
APT36 Targets Linux Systems With New Tools Designed to Disrupt Services
Critical infrastructure worldwide faces mounting threats from sophisticated, state-sponsored >>espionage ecosystems.<< These well-funded organizations deploy various tools designed to disrupt essential services and gather intelligence. Some launch denial-of-service (DDoS) attacks against transport hubs and supply chains. In contrast, others seek geopolitical advantage by mining sensitive information and bypassing traditional security measures. For over a decade,…
-
Threat Actors Weaponize Bing Ads for Azure Tech Support Scams
A sophisticated tech support scam campaign has emerged, exploiting malicious advertisements on Bing search results to redirect victims to fraudulent websites hosted on Microsoft’s Azure Blob Storage platform. The attack, first detected on February 2, 2026, affected users across 48 organizations in the United States within hours, demonstrating the effectiveness of weaponizing legitimate advertising channels…
-
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure
NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-warning-severe-cyberattacks/
-
Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data
Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…
-
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear as a legitimate Word document to unsuspecting users. Attackers enhance deception by borrowing icons from…
-
European Governments Breached in Zero-Day Attacks Targeting Ivanti
The European Commission and government agencies in Finland and the Netherlands have suffered potentially related breaches First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/european-governments-zeroday/
-
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data
The Netherlands’ Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country’s parliament on Friday.”On January 29, the National…
-
How AI is reshaping attack path analysis
Cybersecurity teams are overwhelmed with data and short on clarity, while adversaries use AI to move faster and operate at unprecedented scale. Most organizations collect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/plextrac-attack-path-visualization/
-
Bloody Wolf Cybercrime Group Uses NetSupport RAT to Breach Organizations
The latest campaign, they have switched to misusing a legitimate remote administration tool called NetSupport RAT. A cybercriminal group known as >>Stan Ghouls<< (or Bloody Wolf) has launched a fresh wave of attacks targeting organizations across Central Asia and Russia. Active since at least 2023, this group focuses heavily on the manufacturing, finance, and IT…
-
Threat Actors Using Ivanti EPMM Flaws to Install Stealth Backdoors
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Unlike typical attacks that immediately steal data or deploy ransomware, this campaign focuses on silence and persistence. Stealth Backdoors The attackers…
-
European Commission Hit by Mobile Management Data Breach
The European Commission is investigating a mobile device management breach that exposed staff data amid similar attacks across Europe. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/european-commission-hit-by-mobile-management-data-breach/
-
McLaren Health Will Pay $14M to Settle Lawsuits in 2 Attacks
2023 and 2024 Ransomware Breaches Affected More Than 2.5M. Michigan-based McLaren Health Care has agreed to pay $14 million to settle consolidated class action litigation involving two ransomware attacks – allegedly by Alphv/BlackCat in 2023 and by Inc Ransom in 2024 – that affected about 2.5 million patients and employees. First seen on govinfosecurity.com Jump…
-
Russia’s cyber attacks on Polish utilities draws NCSC alert
A series of Russian cyber attacks targeting Poland’s energy infrastructure has prompted a new warning from the UK’s National Cyber Security Centre. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638859/Russias-cyber-attacks-on-Polish-utilities-draws-NCSC-alert
-
TeamPCP Turns Cloud Infrastructure into Crime Bots
The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-cloud-infrastructure-crime-bots
-
Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks
Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for persistence and remote control. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actors-exploit-solarwinds-wdh-flaws-to-deploy-velociraptor/
-
Cyber Attack Hits European Commission Staff Mobile Systems
The European Commission reports a cyber attack on its central mobile infrastructure that may have exposed staff names and phone numbers. First seen on hackread.com Jump to article: hackread.com/cyber-attack-european-commission-staff-mobile-systems/
-
Ivanti Zero-Days Likely Deployed in EU and Dutch Hacks
Ivanti’s Endpoint Manager Mobile Flaws Under Active Exploitation. The European Commission fell victim to a cyberattack that could have allowed the theft of some staff personal information. The European Union’s executive body said Friday it detected on Jan. 30 an attack on its central infrastructure managing mobile devices. First seen on govinfosecurity.com Jump to article:…
-
Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR
Torrance, United States / California, February 9th, 2026, CyberNewswire Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR. The integration brings external, IP-based threat intelligence directly into IBM QRadar’s detection, investigation, and response workflows, enabling security teams to identify malicious activity faster…
-
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Microsoft has revealed that it observed a multi”‘stage intrusion that involved the threat actors exploiting internet”‘exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets.That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently First seen…