Tag: cyber

Active Exploitation of SolarWinds Web Help Desk RCE Used to Drop Custom Malware

Feb 9, 2026 2:13 PM

Tags: attack, cyber, exploit, malware, rce, remote-code-execution, threat, vulnerability

Threat actors are actively exploiting critical vulnerabilities in SolarWinds Web Help Desk (WHD) to deploy custom malware and establish persistent remote control. Security researchers observed these attacks starting on February 7, 2026, targeting organizations that had not yet applied the latest security patches. SolarWinds Web Help Desk RCE The intrusion leverages recently disclosed Remote Code…
ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware

Feb 9, 2026 2:13 PM

Tags: attack, cloud, cyber, exploit, group, malware, north-korea, service, threat

The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This new campaign highlights the group’s ability to abuse legitimate cloud services like pCloud and Yandex…
As space gets crowded, cyber threats from jamming to stalker satellites loom large

Feb 9, 2026 1:13 PM

Tags: cyber, supply-chain, threat, vulnerability

Experts at the inaugural CYSAT Asia in Singapore warn of the urgency of securing space assets amid growing geopolitical tensions and supply chain vulnerabilities First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638806/As-space-gets-crowded-cyber-threats-from-jamming-to-stalker-satellites-loom-large
Hackers Abuse ClawHub Skills to Evade VirusTotal via Social Engineering

Feb 9, 2026 1:13 PM

Tags: attack, cyber, hacker, malicious, malware, skills, social-engineering, threat

A new evolution in ClawHub skill-based attacks that effectively sidesteps recent security measures. Rather than embedding base64-encoded payloads directly in SKILL.md files, threat actors have now shifted to a simpler approach: hosting malware on convincing lookalike websites and using skills purely as lures. A new iteration of an ongoing ClawHub malicious skills campaign is using…
New RecoverIt Tool Abuses Windows Service Failure Recovery to Execute Malicious Payloads

Feb 9, 2026 12:13 PM

Tags: cyber, detection, malicious, monitoring, network, service, tool, windows

A new offensive security tool named >>RecoverIt<< has been released, offering red teamers a stealthy method for lateral movement and persistence by abusing the Windows Service recovery mechanism. The tool circumvents traditional detection methods that focus on monitoring service creation and binary paths. For years, attackers have moved laterally across networks by creating or modifying…
APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware

Feb 9, 2026 12:13 PM

Tags: apt, attack, cyber, espionage, hacker, malware, service

APT activity across APAC is rising rapidly as geopolitical tensions continue to grow, and defenders are seeing more advanced tradecraft aimed at long-term access. Taiwan stood out as the most targeted environment, with 173 tracked attacks far higher than any other regional target highlighting its role as a focal point for espionage and strategic access.…
Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors

Feb 9, 2026 11:13 AM

Tags: attack, backdoor, cyber, defense, government, malicious, phishing, russia, threat

A threat cluster tracked as >>Vortex Werewolf<< (also known as SkyCloak) has been observed targeting Russian government and defense organizations. The attack begins not with a typical malicious attachment, but with a highly credible phishing link. Vortex Werewolf distributes URLs that masquerade as legitimate Telegram file-sharing resources. These links, often hosted on domains designed to…
Critical Fortinet FortiClient EMS Vulnerability Allows Remote Code Execution

Feb 9, 2026 11:13 AM

Tags: cve, cvss, cyber, flaw, fortinet, injection, remote-code-execution, sql, vulnerability

A critical security vulnerability has been discovered in Fortinet’s FortiClient EMS (Endpoint Management Server), potentially exposing organizations to remote code execution attacks. The flaw, tracked as CVE-2026-21643, was disclosed on February 6, 2026, and carries a severe CVSS score of 9.1 out of 10. FortiClient EMS Vulnerability The vulnerability stems from an SQL injection flaw…
UAE Cyber Security Council Warns Stolen Logins Fuel Majority of Financial Cyberattacks

Feb 9, 2026 10:14 AM

Tags: access, attack, breach, credentials, cyber, cyberattack, cybercrime, finance, fraud, identity, login, password, theft, threat, unauthorized

The UAE Cyber Security Council has issued a renewed warning about the growing threat of financial cybercrime, cautioning that stolen login credentials remain the most common entry point for attacks targeting individuals, companies, and institutions. According to the council, around 60% of financial cyberattacks begin with the theft of usernames and passwords, making compromised credentials…
Detecting Ransomware Using Windows Minifilters to Intercept File Change Events

Feb 9, 2026 10:14 AM

Tags: cyber, detection, encryption, endpoint, github, malicious, ransomware, strategy, tool, windows

A security researcher has released a new proof-of-concept (PoC) tool on GitHub designed to stop ransomware at the deepest level of the operating system. Part of a broader Endpoint Detection and Response (EDR) strategy named >>Sanctum,<< the project demonstrates how defenders can use Windows Minifilters to detect and intercept malicious file encryption before it destroys…
Singapore Launches Largest-Ever Cyber Defense Operation After UNC3886 Targets All Major Telcos

Feb 9, 2026 9:14 AM

Tags: country, cyber, cyberattack, defense

Singapore has launched its largest-ever coordinated cyber defense operation following a highly targeted cyberattack on telecommunications that affected all four of the country’s major telecommunications operators. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/singapore-unc3886-telecom-cyberattack/
Black Basta Ransomware Integrates BYOVD Technique to Evade Defenses

Feb 9, 2026 9:14 AM

Tags: attack, cyber, defense, group, ransomware, software, tool, vulnerability

A recent campaign by the Black Basta ransomware group has revealed a significant shift in attack tactics. This is a departure from standard operations, where attackers typically deploy a separate tool to turn off security software before running the actual ransomware. In this specific campaign, the ransomware payload bundles a vulnerable driver known as the…
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
Cybersquatting Attacks Exploit Trusted Brands to Steal Customer Data and Spread Malware

Feb 9, 2026 8:14 AM

Tags: attack, business, cyber, data, exploit, identity, malware, scam

The nightmare scenario for any modern business is simple but devastating: scammers clone your website, steal your domain identity, and rob your customers. By the time the complaints roll in, the money is gone, and your reputation is left in tatters. This practice, known as cybersquatting, is no longer just a nuisance it is a…
Over 5 Million Misconfigured Git Web Servers Found Exposing Secrets Online

Feb 9, 2026 7:13 AM

Tags: cyber, data, Internet, leak, theft, vpn, vulnerability

A massive widespread vulnerability in web server configurations has left millions of websites open to data theft and unauthorised takeover. A new 2026 study conducted by the Mysterium VPN research team reveals that nearly 5 million web servers worldwide are publicly exposing their .git repository metadata. The Scale of the Leak The research scanned the internet for…
New Telegram Phishing Scam Hijacks Login Flow to Steal Fully Authorized User Sessions

Feb 9, 2026 7:13 AM

Tags: api, authentication, credentials, cyber, login, malware, password, phishing, scam

A new and sophisticated Telegram phishing operation is active in the wild, targeting users globally by hijacking the platform’s legitimate authentication features. Unlike traditional phishing, which often relies on malware or cloning login pages to steal passwords, this campaign integrates directly with Telegram’s official infrastructure. The attackers register their own Telegram API credentials (api_id and api_hash) and…
BeyondTrust Remote Access Products Hit by 0-Day RCE Vulnerability

Feb 9, 2026 7:13 AM

Tags: access, advisory, cyber, flaw, rce, remote-code-execution, risk, vulnerability, zero-day

BeyondTrust has issued an urgent security advisory regarding a critical zero-day vulnerability affecting its popular remote access solutions. The flaw, tracked as CVE-2026-1731, carries a near-maximum severity score of 9.9 out of 10 on the CVSSv4 scale. It poses a significant risk to organizations using self-hosted versions of BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The…
State-Backed Hackers Target Military Officials, Journalists via Signal

Feb 9, 2026 7:13 AM

Tags: cyber, espionage, group, hacker, hacking, military, office

A suspected state-sponsored hacking group is actively targeting high-profile individuals across Europe. The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) have identified a coordinated espionage campaign aimed at military officials, diplomats, politicians, and investigative journalists.”‹ Instead, they are using >>social engineering<< to weaponize the legitimate…
OpenClaw Taps VirusTotal to Safeguard AI Agent Skill Ecosystem

Feb 9, 2026 7:13 AM

Tags: ai, cyber, detection, finance, marketplace, software, threat, tool

As AI agents move from experimental chatbots to powerful tools capable of managing our finances and smart homes, security has become the top priority. Today, OpenClaw announced a major partnership with VirusTotal to bring advanced threat detection to ClawHub, its marketplace for AI skills. Why AI Agents Need Special Protection Traditional software is rigid; it…
New “Crypto Scanner” Tool Helps Developers Identify Quantum Risks Before Q-Day

Feb 9, 2026 7:13 AM

Tags: computer, cyber, encryption, infrastructure, open-source, risk, tool, vulnerability

With the >>Q-Day<< horizon the point when quantum computers will be capable of breaking standard encryption projected for roughly 2033, the race to secure digital infrastructure is accelerating. To aid in this transition, Quantum Shield Labs has released Crypto Scanner, a new open-source CLI tool designed to inventory and analyse cryptographic vulnerabilities in codebases before they…
Top 10 Best DDoS Protection Service Providers for 2026

Feb 8, 2026 7:14 PM

Tags: attack, cyber, ddos, finance, malicious, network, service

In the ever-evolving digital landscape of 2025, Distributed Denial of Service (DDoS) attacks have become more potent and frequent than ever. These attacks, which aim to overwhelm a website or network with a flood of malicious traffic, can bring down services, cause significant financial losses, and damage a company’s reputation. Today’s attacks are not just…
Security Affairs newsletter Round 562 by Pierluigi Paganini INTERNATIONAL EDITION

Feb 8, 2026 4:14 PM

Tags: attack, cisa, cyber, email, international, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…
DKnife toolkit abuses routers to spy and deliver malware since 2019

Feb 8, 2026 12:14 PM

Tags: cisco, control, cyber, data, espionage, linux, malware, network, phone, router, spy, threat

DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…
Italian university La Sapienza still offline to mitigate recent cyber attack

Feb 7, 2026 8:14 PM

Tags: access, attack, cyber, cyberattack

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts.…
Apple Pay Users Targeted by Phishing Attack Aimed at Stealing Payment Details

Feb 7, 2026 2:14 PM

Tags: apple, attack, cyber, email, fraud, phishing, phone, scam, social-engineering

A sophisticated new phishing campaign is targeting Apple Pay users, leveraging high-quality email design and social engineering to bypass security measures. Unlike typical scams that rely on poorly spelled emails and suspicious links, this campaign uses a >>hybrid<>vishing<<, to steal Apple IDs and payment data. […] The post Apple Pay Users Targeted by Phishing Attack…
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Feb 7, 2026 2:14 PM

Tags: advisory, attack, cyber, germany, malicious, military, office, phishing, threat, verfassungsschutz

Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.”The focus is on high-ranking…
State-Backed Hackers Target Military Officials and Journalists on Signal in Latest Cyberattack

Feb 7, 2026 1:14 PM

Tags: cyber, cyberattack, espionage, hacker, intelligence, military, office, social-engineering, verfassungsschutz

German intelligence and security agencies have issued a high-priority warning regarding a sophisticated cyber espionage campaign targeting military officials, diplomats, and investigative journalists across Europe. The Bundesamt für Verfassungsschutz (BfV) and the Federal Office for Information Security (BSI) identified the attackers as likely state-sponsored actors utilizing social engineering to compromise accounts on the encrypted messaging…
Hackers Exploit Free Firebase Accounts to Launch Phishing Campaigns

Feb 7, 2026 9:14 AM

Tags: cyber, detection, email, exploit, google, hacker, infrastructure, phishing, scam, spam

A new wave of phishing campaigns where scammers are abusing Google’s legitimate infrastructure to bypass security filters. Attackers are now creating free developer accounts on Google Firebase to send fraudulent emails that impersonate well-known brands. By leveraging the reputation of the Firebase domain, these attackers are successfully landing in users’ inboxes, bypassing standard spam detection…
Hackers Exploit Cybersquatting Tactics to Spread Malware and Steal Sensitive Information

Feb 7, 2026 7:13 AM

Tags: cyber, cybersecurity, exploit, hacker, malware, network, tactics

Digital squatting has evolved from a simple trademark nuisance into a dangerous cybersecurity threat. In 2025, the World Intellectual Property Organization (WIPO) handled a record-breaking 6,200 domain name disputes. This figure continues a troubling trend, with cybersquatting cases rising by 68% since the 2020 pandemic. Today, criminal networks use these fake domains not just to…
Asian Cyber Espionage Campaign Breached 37 Countries

Feb 7, 2026 12:14 AM

Tags: cyber, espionage, government, network

Palo Alto Networks says an Asian cyber espionage campaign breached 70 organizations in 37 countries, targeting government agencies and critical infrastructure. The post Asian Cyber Espionage Campaign Breached 37 Countries appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-asian-cyber-espionage-campaign-breached-37-countries/