Tag: exploit
-
Open-source benchmark EVMbench tests how well AI agents handle smart contract exploits
Smart contract exploits continue to drain funds from blockchain projects, even as auditing tools and bug bounty programs grow. The problem is tied to how Ethereum Virtual … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/evmbench-open-source-benchmark-ai-agents/
-
Hackers Hide Malware in Emoji-Based Code to Bypass Security Defenses
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-looking characters into stealth carriers for commands, data, and exploit payloads. Emoji smuggling is an obfuscation technique in which attackers encode malicious content using…
-
Hackers Hide Malware in Emoji-Based Code to Bypass Security Defenses
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-looking characters into stealth carriers for commands, data, and exploit payloads. Emoji smuggling is an obfuscation technique in which attackers encode malicious content using…
-
OpenAI Launches EVMbench: A New Framework to Detect and Exploit Blockchain Vulnerabilities
Tags: ai, blockchain, crypto, cyber, exploit, framework, intelligence, open-source, openai, vulnerabilityOpenAI has collaborated with crypto investment firm Paradigm to release EVMbench, a new benchmark designed to evaluate how artificial intelligence agents interact with smart contract security. As smart contracts currently secure over $100 billion in open-source crypto assets, the ability of AI to successfully read, write, and audit code is becoming a critical component of…
-
OpenAI Launches EVMbench: A New Framework to Detect and Exploit Blockchain Vulnerabilities
Tags: ai, blockchain, crypto, cyber, exploit, framework, intelligence, open-source, openai, vulnerabilityOpenAI has collaborated with crypto investment firm Paradigm to release EVMbench, a new benchmark designed to evaluate how artificial intelligence agents interact with smart contract security. As smart contracts currently secure over $100 billion in open-source crypto assets, the ability of AI to successfully read, write, and audit code is becoming a critical component of…
-
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
Tags: access, attack, backdoor, china, control, credentials, dns, espionage, exploit, group, infrastructure, intelligence, malicious, monitoring, network, risk, risk-management, service, software, supply-chain, threat, ukraine, update, vulnerabilityCSOonline, Ho said that no system can ever be declared absolutely unbreakable, “but the new design dramatically raises the bar.”An attacker must now compromise both the hosting infrastructure and the signing keys, he explained, adding that the updater now validates both the manifest and the installer, each with independent cryptographic signatures. And any mismatch, missing…
-
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
Pivot techniques: In addition to the payloads themselves, the investigation also revealed new techniques. For example, the legitimate shell script convert_hosts.sh that exists on these appliances has been modified to include the path of the backdoors to achieve persistence.The SLAYSTYLE web shell, which is designed to receive commands over HTTP and execute them on the…
-
Fed agencies ordered to patch Dell bug by Saturday after exploitation warning
Dell and Google released notices on Tuesday about CVE-2026-22769, warning that a sophisticated Chinese actor has been targeting the bug since at least mid-2024. First seen on therecord.media Jump to article: therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning
-
Dell’s Hard-Coded Flaw: A Nation-State Goldmine
A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/dells-hard-coded-flaw-a-nation-state-goldmine
-
Hidden Commands Found in AI Summarize Buttons
Commands Push Lasting Preferences Into AI Assistants. Microsoft researchers found companies embedding hidden commands in summarize with AI buttons to plant lasting brand preferences in assistants’ memory. The tactic, dubbed AI recommendation poisoning, exploits persistent memory features to bias future responses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hidden-commands-found-in-ai-summarize-buttons-a-30784
-
Zero-Day in Dell RecoverPoint Enables GRIMBOLT Backdoor
A Dell RecoverPoint zero-day has been exploited to deploy GRIMBOLT malware and pivot into VMware environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/zero-day-in-dell-recoverpoint-enables-grimbolt-backdoor/
-
Cybercrime Goes Corporate: Huntress Report Reveals Rise of Scalable, Stealth-First Attacks
Cybercriminals are no longer lone hackers exploiting flashy zero-days; they are running streamlined, profit-driven operations that mirror legitimate businesses. That’s the key takeaway from the newly released Huntress 2026 Cyber Threat Report, which exposes how organised cybercrime groups are standardising their playbooks to maximise efficiency and revenue. Drawing on telemetry from more than 4.6 million…
-
Hackers Increasingly Prefer Fast and Low-Complexity Attacks
Incident Responders Detail Top Ransomware and Business Email Compromise Tactics. There’s no need to invest into sophisticated hacking operations when moving fast and exploiting well-trod techniques gives threat actors all the access they want. Threat actors are prioritizing low-complexity entry points, rather than investing in sophisticated exploits, say incident responders. First seen on govinfosecurity.com Jump…
-
Threat groups using AI to speed up and scale cyberattacks
A report from Palo Alto Networks finds hackers are increasingly using stolen identities and exploiting critical vulnerabilities within minutes of disclosure. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-groups-ai-speed-scale-cyberattacks/812439/
-
Telegram channels expose rapid weaponization of SmarterMail flaws
Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to ransomware activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/telegram-channels-expose-rapid-weaponization-of-smartermail-flaws/
-
Cryptojacking Campaign Exploits Driver to Boost Monero Mining
Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cryptojacking-driver-boost-monero/
-
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines software since … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/exploited-dell-zero-day-cve-2026-22769-brickstorm-grimbolt/
-
AI Assistants Used as Covert CommandControl Relays
AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-assistants-covert-c2-relays/
-
Scammers exploit trust in Atlassian Jira to target organizations
Threat actors have leveraged legitimate email notification feature of Atlassian Jira to deliver localized scam emails at scale. The emails From late December 2025 through late … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/atlassian-jira-scam-emails/
-
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely.The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and First seen…
-
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely.The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and First seen…
-
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. >>Mandiant and Google Threat Intelligence Group (GTIG) have identified…
-
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in the Wild, Targeting Corporate Networks
Tags: control, corporate, cve, cyber, data-breach, endpoint, exploit, ivanti, mobile, network, remote-code-execution, vulnerability, zero-dayTwo critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, are being actively exploited to compromise enterprise mobile fleets and corporate networks. Both are remote code execution (RCE) vulnerabilities that allow unauthenticated attackers to run arbitrary commands on exposed EPMM servers, effectively giving them full control of the mobile device…
-
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, microsoft, ransomware, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…
-
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
Tags: china, credentials, cve, exploit, google, group, intelligence, mandiant, threat, vulnerability, zero-dayA maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG).The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials…
-
Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation
Tags: apt, attack, browser, chrome, control, cyber, cybersecurity, exploit, google, group, network, security-incident, vulnerability, windows, zero-dayBackground In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, the operation leveraged a Google Chrome 0-day vulnerability (CVE-2025-2783) as its core weapon. This vulnerability enabled sandbox escape, allowing arbitrary code execution on victims’ Windows systems and granting full control over the targeted…The…
-
ClickFix Exploits Homebrew Workflow to Deploy Cuckoo Stealer for macOS Credential Theft
ClickFix is being weaponized against macOS developers by turning a trusted Homebrew workflow into a stealthy delivery channel for a new infostealer dubbed Cuckoo Stealer. The campaign shows how attackers can skip exploit chains entirely and instead rely on users to run the payload for them.”‹ The attack starts with typosquatted domains that closely mimic…
-
Chinese APT Group Exploits Dell Zero-Day for Two Years
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-exploits-dell-zeroday/
-
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest.The version 8.9.2 update incorporates what maintainer Don Ho calls a “double lock” design that aims to make the update process “robust and…
-
Zero-Day in Dell RecoverPoint Exploited by Chinese Hacker Group
A critical zero-day vulnerability, tracked as CVE-2026-22769, is being actively exploited in Dell Technologies’ RecoverPoint for Virtual Machines. According to Mandiant and Google Threat Intelligence Group (GTIG), the flaw carries a perfect score severity score of 10, and has been weaponized by a Chinese threat cluster, identified as UNC6201. First seen on thecyberexpress.com Jump to…