Tag: exploit
-
Cybersquatting Attacks Exploit Trusted Brands to Steal Customer Data and Spread Malware
The nightmare scenario for any modern business is simple but devastating: scammers clone your website, steal your domain identity, and rob your customers. By the time the complaints roll in, the money is gone, and your reputation is left in tatters. This practice, known as cybersquatting, is no longer just a nuisance it is a…
-
Hackers Exploit Free Firebase Accounts to Launch Phishing Campaigns
A new wave of phishing campaigns where scammers are abusing Google’s legitimate infrastructure to bypass security filters. Attackers are now creating free developer accounts on Google Firebase to send fraudulent emails that impersonate well-known brands. By leveraging the reputation of the Firebase domain, these attackers are successfully landing in users’ inboxes, bypassing standard spam detection…
-
Hackers Exploit Cybersquatting Tactics to Spread Malware and Steal Sensitive Information
Digital squatting has evolved from a simple trademark nuisance into a dangerous cybersecurity threat. In 2025, the World Intellectual Property Organization (WIPO) handled a record-breaking 6,200 domain name disputes. This figure continues a troubling trend, with cybersquatting cases rising by 68% since the 2020 pandemic. Today, criminal networks use these fake domains not just to…
-
Docker AI Bug Lets Image Metadata Trigger Attacks
AI Assistant Executes Hidden Commands Embedded in Docker Image Labels. A vulnerability in Docker’s Ask Gordon AI assistant allows attackers to execute malicious commands by hiding them in the container application development platform’s image metadata, said security researchers. Dubbed DockerDash, the vulnerability exploits a failure across Docker’s AI execution chain. First seen on govinfosecurity.com Jump…
-
Six more vulnerabilities found in n8n automation platform
CVE-2026-21893, a command injection hole in the community edition of n8n. An unauthenticated user with administration permission could execute arbitrary system commands on the n8n host.”The risk is amplified by the trust typically placed in community extensions,” Upwinds said in its commentary, “making this a high-impact attack path that directly bridges application-level functionality with host-level…
-
TeamPCP and the Rise of Cloud-Native Cybercrime
Flare researchers report that TeamPCP is abusing exposed cloud control planes to run large-scale, automated exploitation campaigns. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teampcp-and-the-rise-of-cloud-native-cybercrime/
-
AI Threats, Botnets, and Cloud Exploits Define This Week’s Cyber Risks
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-threats-botnets-and-cloud-exploits-define-this-weeks-cyber-risks/
-
Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful
A disconnect exists between the organization’s cybersecurity needs and lists like CISA’s KEV Catalog. KEV Collider combines data from multiple open source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-tool-triage-exploited-vulnerabilities-make-kev-catalog-more-useful
-
CISA gives federal agencies 18 months to purge unsupported edge devices
Tags: authentication, cisa, cyber, data, exploit, firmware, Hardware, infrastructure, monitoring, network, risk, risk-assessment, service, software, technology, threat, updateImplementation hurdles: Sunil Varkey, advisor at Beagle Security, warns of implementation complexities. “The operational reality of removing legacy systems is not straightforward,” Varkey said. “Legacy devices continue to exist not by design, but by necessity.”He pointed to orphaned systems that remain live and embedded in workflows but lack clear ownership, and operational technology environments where…
-
Bulletproof Hosting Providers Exploit Legitimate ISPs to Power Cybercrime Servers
A surprising link between legitimate IT software and major cybercriminal operations. While investigating attacks by the >>WantToCry<< ransomware gang, analysts noticed that the attackers were using virtual machines (VMs) with identical, computer names (hostnames) like WIN-J9D866ESIJ2 and WIN-LIVFRVQFMKO. These names were not random. They were automatically generated by ISPsystem, a completely legitimate company that makes software for managing web…
-
FvncBot Targets Android Users, Exploiting Accessibility Services for Attacks
A previously undocumented Android banking trojan dubbed >>FvncBot.<< First observed in late 2025, this sophisticated malware disguises itself as a security application from mBank, a major Polish financial institution. Unlike many recent threats that recycle code from leaked sources like Ermac or Hook, FvncBot appears to be a completely new creation, demonstrating that threat actors…
-
U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Attackers are…
-
Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/06/ransomware-smartermail-cve-2026-24423/
-
The blind spot every CISO must see: Loyalty
Tags: access, ai, ciso, corporate, data, espionage, exploit, finance, framework, gartner, government, intelligence, jobs, malicious, monitoring, risk, strategy, tool, training, vulnerability, zero-trustHow the misread appears in practice: Recent examples illustrate the point. In the US federal sphere, abrupt terminations under workforce reduction initiatives have left former employees with lingering access to sensitive systems, amplifying the potential for data exposure or retaliation. Corporate cases show a similar dynamic: engineers or executives who have spent years building institutional…
-
CISA Alerts Exploited React Native Community Security Flaw
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, injection, kev, risk, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the React Native Community CLI to its Known Exploited Vulnerabilities (KEV) catalog. Identified as CVE-2025-11953, this vulnerability is an Operating System (OS) command injection flaw that poses severe risks to development environments, particularly those running on Windows infrastructures. The addition to the KEV…
-
CentOS 9 Security Flaw Enables Privilege Escalation PoC Released
A critical security flaw has been identified in CentOS 9 that allows a local user to escalate their privileges to root. The vulnerability, which stems from a Use-After-Free (UAF) condition in the Linux kernel’s networking subsystem, was awarded first place in the Linux category at the TyphoonPWN 2025 hacking competition. A Proof-of-Concept (PoC) exploit has…
-
Hackers Exploit Windows Screensaver to Deploy RMM Tools, Gain Remote Access
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) software to establish persistent control over targeted systems. The campaign utilizes a simple yet effective delivery mechanism designed to evade reputation-based…
-
Hackers Exploit Windows Screensaver to Deploy RMM Tools, Gain Remote Access
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) software to establish persistent control over targeted systems. The campaign utilizes a simple yet effective delivery mechanism designed to evade reputation-based…
-
CISA Advisory Highlights Exploited SmarterTools Vulnerability in Recent Ransomware Attacks
Tags: advisory, attack, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, ransomware, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting SmarterTools SmarterMail to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-24423, this flaw is actively being weaponized in the wild, with security researchers confirming its use in recent ransomware campaigns. This addition mandates that Federal Civilian Executive Branch (FCEB) agencies remediate the…
-
CISA Advisory Highlights Exploited SmarterTools Vulnerability in Recent Ransomware Attacks
Tags: advisory, attack, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, ransomware, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting SmarterTools SmarterMail to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-24423, this flaw is actively being weaponized in the wild, with security researchers confirming its use in recent ransomware campaigns. This addition mandates that Federal Civilian Executive Branch (FCEB) agencies remediate the…
-
Four new vulnerabilities found in Ingress NGINX
Tags: access, api, authentication, container, cve, cybersecurity, data, exploit, group, injection, jobs, kubernetes, malicious, risk, service, strategy, vulnerabilitycustom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the auth-url annotation may be accessed even when authentication fails.CVE-2026-24512 is a configuration injection vulnerability where the rules.http.paths.path Ingress field can be used to inject configuration into nginx.…
-
Breach Roundup: Italy Thwarts Russian Olympic Hacks
Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, Ukraine. This week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia’s APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace. First seen…
-
CISA tells agencies to stop using unsupported edge devices
A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exploits in recent years. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-bod-directive-unsupported-edge-devices-firewalls-routers/
-
Threat Group Running Espionage Operations Against Dozens of Governments
Unit 42 researchers say an Asian threat group behind what they call the Shadow Campaigns has targeted government agencies in 37 countries in a wide-ranging global cyberespionage campaign that has involved phishing attacks and the exploitation of a more than a dozen known vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/threat-group-running-espionage-operations-against-dozens-of-governments/
-
Cryptohack Roundup: Step Finance, CrossCurve Exploits
Also: US Sanctions UK-Registered Exchanges Over Iran Ties. This week, Step Finance and CrossCurve hacks, the United States sanctioned U.K.-registered exchanges over Iran ties, forfeiture finalization of funds linked to Helix, Coinbase data breach, 2025’s illicit crypto flows and a UK regulator banned Coinbase ads. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-step-finance-crosscurve-exploits-a-30685
-
CISA confirms exploitation of VMware ESXi flaw by ransomware attackers
CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/cisa-cve-2025-22225-ransomware-exploitation/
-
Critical flaw in SolarWinds Web Help Desk under exploitation
The vulnerability could allow an attacker to achieve remote code execution.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-flaw-solarwinds-web-help-desk-exploitation/811487/
-
Russian hackers attacking European maritime and transport orgs using Microsoft Office exploit
Russian state-linked hackers are exploiting a Microsoft Office vulnerability to target maritime organizations across Europe as part of a “sophisticated espionage campaign,” researchers said. First seen on therecord.media Jump to article: therecord.media/russian-hackers-microsoft-office-europe