Tag: attack
-
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure
NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-warning-severe-cyberattacks/
-
Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data
Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…
-
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear as a legitimate Word document to unsuspecting users. Attackers enhance deception by borrowing icons from…
-
European Governments Breached in Zero-Day Attacks Targeting Ivanti
The European Commission and government agencies in Finland and the Netherlands have suffered potentially related breaches First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/european-governments-zeroday/
-
How AI is reshaping attack path analysis
Cybersecurity teams are overwhelmed with data and short on clarity, while adversaries use AI to move faster and operate at unprecedented scale. Most organizations collect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/plextrac-attack-path-visualization/
-
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data
The Netherlands’ Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country’s parliament on Friday.”On January 29, the National…
-
Bloody Wolf Cybercrime Group Uses NetSupport RAT to Breach Organizations
The latest campaign, they have switched to misusing a legitimate remote administration tool called NetSupport RAT. A cybercriminal group known as >>Stan Ghouls<< (or Bloody Wolf) has launched a fresh wave of attacks targeting organizations across Central Asia and Russia. Active since at least 2023, this group focuses heavily on the manufacturing, finance, and IT…
-
Threat Actors Using Ivanti EPMM Flaws to Install Stealth Backdoors
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Unlike typical attacks that immediately steal data or deploy ransomware, this campaign focuses on silence and persistence. Stealth Backdoors The attackers…
-
European Commission Hit by Mobile Management Data Breach
The European Commission is investigating a mobile device management breach that exposed staff data amid similar attacks across Europe. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/european-commission-hit-by-mobile-management-data-breach/
-
McLaren Health Will Pay $14M to Settle Lawsuits in 2 Attacks
2023 and 2024 Ransomware Breaches Affected More Than 2.5M. Michigan-based McLaren Health Care has agreed to pay $14 million to settle consolidated class action litigation involving two ransomware attacks – allegedly by Alphv/BlackCat in 2023 and by Inc Ransom in 2024 – that affected about 2.5 million patients and employees. First seen on govinfosecurity.com Jump…
-
Russia’s cyber attacks on Polish utilities draws NCSC alert
A series of Russian cyber attacks targeting Poland’s energy infrastructure has prompted a new warning from the UK’s National Cyber Security Centre. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638859/Russias-cyber-attacks-on-Polish-utilities-draws-NCSC-alert
-
TeamPCP Turns Cloud Infrastructure into Crime Bots
The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-cloud-infrastructure-crime-bots
-
Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks
Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for persistence and remote control. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actors-exploit-solarwinds-wdh-flaws-to-deploy-velociraptor/
-
Cyber Attack Hits European Commission Staff Mobile Systems
The European Commission reports a cyber attack on its central mobile infrastructure that may have exposed staff names and phone numbers. First seen on hackread.com Jump to article: hackread.com/cyber-attack-european-commission-staff-mobile-systems/
-
Ivanti Zero-Days Likely Deployed in EU and Dutch Hacks
Ivanti’s Endpoint Manager Mobile Flaws Under Active Exploitation. The European Commission fell victim to a cyberattack that could have allowed the theft of some staff personal information. The European Union’s executive body said Friday it detected on Jan. 30 an attack on its central infrastructure managing mobile devices. First seen on govinfosecurity.com Jump to article:…
-
Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR
Torrance, United States / California, February 9th, 2026, CyberNewswire Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR. The integration brings external, IP-based threat intelligence directly into IBM QRadar’s detection, investigation, and response workflows, enabling security teams to identify malicious activity faster…
-
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Microsoft has revealed that it observed a multi”‘stage intrusion that involved the threat actors exploiting internet”‘exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets.That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently First seen…
-
Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack
BridgePay Network Solutions initially warned customers on Friday that it was dealing with system-wide outages and later said that it was working with the FBI and U.S. Secret Service forensic team to resolve a ransomware attack. First seen on therecord.media Jump to article: therecord.media/payment-tech-provider-texas-florida-govs-ransomware-attack
-
Dutch data watchdog snitches on itself after getting caught in Ivanti zero-day attacks
Staff data belonging to the regulator and judiciary’s governing body accessed First seen on theregister.com Jump to article: www.theregister.com/2026/02/09/dutch_data_protection_ivanti/
-
BridgePay Ransomware Causes Widespread Payment Outages
A ransomware attack on BridgePay caused widespread U.S. payment outages, forcing some organizations to go cash-only. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/bridgepay-ransomware-causes-widespread-payment-outages/
-
Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor
Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare…
-
Hackers Abuse Apple PayPal Invoice Emails in DKIM Replay Attack Campaign
A sophisticated way to bypass email security by weaponizing legitimate messages from trusted companies like Apple and PayPal. These attacks, known as DKIM replay attacks, exploit email authentication systems to deliver scams that appear completely authentic. The technique is deceptively simple. Attackers create accounts on platforms like Apple’s App Store or PayPal and manipulate user-controlled…
-
Shai-hulud: The Hidden Costs of Supply Chain Attacks
Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/shai-hulud-hidden-cost-supply-chain-attacks
-
Active Exploitation of SolarWinds Web Help Desk RCE Used to Drop Custom Malware
Threat actors are actively exploiting critical vulnerabilities in SolarWinds Web Help Desk (WHD) to deploy custom malware and establish persistent remote control. Security researchers observed these attacks starting on February 7, 2026, targeting organizations that had not yet applied the latest security patches. SolarWinds Web Help Desk RCE The intrusion leverages recently disclosed Remote Code…
-
ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware
The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This new campaign highlights the group’s ability to abuse legitimate cloud services like pCloud and Yandex…
-
Suspected sabotage disrupts trains in northern Italy as Winter Games begin
Italian authorities are investigating a series of suspected sabotage attacks on railway infrastructure in northern Italy that disrupted travel services during the opening days of the Winter Olympics. First seen on therecord.media Jump to article: therecord.media/italy-suspected-sabotage-winter-olympics-trains
-
AI security’s ‘Great Wall’ problem
AI security requires more than cloud hardening. The real attack surface isn’t your infrastructure”, it’s the supply chains, agents, and humans that make up the system around it. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-threat-modeling-beyond-cloud-infrastructure-op-ed/
-
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT.Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks…
-
BridgePay Confirms Ransomware Attack, No Card Data Compromised
The services of Florida-based payments platform BridgePay are offline due to a ransomware attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bridgepay-confirms-ransomware/