Tag: exploit
-
Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect
Nation-state groups are consistently exploiting the defect to target victims in military, government and technology for espionage. First seen on cyberscoop.com Jump to article: cyberscoop.com/winrar-defect-active-exploits-google-threat-intel/
-
Microsoft Issues Emergency Patch for Active Office Zero-Day
Microsoft released an emergency Office patch to fix an actively exploited zero-day flaw that lets attackers bypass security via malicious files. The post Microsoft Issues Emergency Patch for Active Office Zero-Day appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-office-zero-day-emergency-patch-january-2026/
-
Microsoft Rushes Emergency Patch for Office Zero-Day
To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious Office file. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-rushes-emergency-patch-office-zero-day
-
NDSS 2025 Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach
Tags: attack, conference, cyber, detection, exploit, Internet, monitoring, network, phishing, ransomware, risk, windows, zero-daySession 10B: Ransomware Authors, Creators & Presenters: Christian van Sloun (RWTH Aachen University), Vincent Woeste (RWTH Aachen University), Konrad Wolsing (RWTH Aachen University & Fraunhofer FKIE), Jan Pennekamp (RWTH Aachen University), Klaus Wehrle (RWTH Aachen University) PAPER Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach Ransomware attacks have become one of the most widely…
-
WinRAR path traversal flaw still exploited by numerous hackers
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/winrar-path-traversal-flaw-still-exploited-by-numerous-hackers/
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
Tags: attack, authentication, cve, cybersecurity, data-breach, exploit, flaw, Internet, vulnerabilityShadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical authentication bypass flaw tracked as CVE-2026-23760. Cybersecurity firm watchTowr disclosed the vulnerability on January 8,…
-
U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, linux, microsoft, office, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog:…
-
From Cipher to Fear: The psychology behind modern ransomware extortion
Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare shows how today’s ransomware groups weaponize stolen data and pressure tactics to force payment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/from-cipher-to-fear-the-psychology-behind-modern-ransomware-extortion/
-
Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers create throwaway GitHub accounts and fork the official GitHub Desktop repository. They then modify the download link in the README file…
-
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified as >>G_Wagon,<>a lightweight, modular UI component […] The post G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload appeared first on GBHackers Security | #1 Globally Trusted…
-
Critical vm2 Flaw Lets Attackers Bypass Sandbox and Execute Arbitrary Code in Node.js
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback functions, allowing remote code execution without authentication or user interaction. Vulnerability Overview The vm2 library, deployed across 273,000 projects on npm,…
-
Over 6,000 SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability
Tags: cve, cyber, data-breach, detection, email, exploit, rce, remote-code-execution, threat, vulnerabilityApproximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relying on SmarterMail for email and collaboration services. The Shadowserver Foundation integrated CVE-2026-23760 detection into their daily vulnerable HTTP scans, flagging susceptible servers based on version…
-
Attackers Exploit React2Shell Vulnerability to Target IT Sector Systems
Active exploitation of a critical vulnerability in React Server Components, tracked as CVE”‘2025″‘55182 (React2Shell), targeting companies across multiple industry sectors worldwide. React2Shell affects the Flight protocol, which facilitates client-server communication for React Server Components. The vulnerability stems from insecure deserialization servers accept client data without proper verification, enabling remote code execution under specific conditions. The…
-
Hackers Exploit SEO Poisoning to Target Users Seeking Legitimate Tools
Search engine optimization (SEO) poisoning techniques to trick users into downloading malicious software disguised as legitimate tools. This attack campaign involves manipulating search results to promote fake repositories and archives containing BAT executable files that impersonate popular applications. Once users execute these files, the malware establishes contact with command-and-control (C2) servers to deliver secondary payloads,…
-
New Deepfake Phishing Attack Targets Bitcoin Users via Zoom and Teams
A sophisticated deepfake-enabled phishing campaign is actively targeting Bitcoin users through fake Zoom and Microsoft Teams calls. The attackers are exploiting video conferencing, Telegram, and AI-generated identities to steal bitcoin and compromise victims’ digital lives. The attack chain begins on Telegram, where victims receive what appears to be a legitimate message or call request from…
-
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks/
-
Microsoft Issues Emergency Patch for Active Office Zero-Day
Microsoft issued an emergency patch for an actively exploited Microsoft Office zero-day enabling code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-issues-emergency-patch-for-active-office-zero-day/
-
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure.Which exposures truly matter? Can attackers exploit them? Are our defenses effective?Continuous Threat Exposure First…
-
Office zero-day exploited in the wild forces Microsoft OOB patch
Another actively abused Office bug, another emergency patch Office 2016 and 2019 users are left with registry tweaks instead of fixes. First seen on theregister.com Jump to article: www.theregister.com/2026/01/27/office_zeroday_exploited_in_the/
-
Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation
Microsoft urged customers running Microsoft Office 2016 and 2019 to apply the patch to be protected First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-patch-office-zero-day/
-
CISA Flags Actively Exploited VMware vCenter RCE Flaw in KEV Catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vcenter, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real-world attacks. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/vmware-vcenter-cve-2024-37079-exploited/
-
Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)
Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/microsoft-reveals-actively-exploited-office-zero-day-provides-emergency-fix-cve-2026-21509/
-
Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic
What Is CVE-2026-21962? CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP access can exploit this flaw by sending crafted requests to the affected proxy components and bypass security controls. Successful exploitation can result……
-
Emergency Microsoft update fixes inwild Office zero-day
Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 20162024 and Microsoft 365 Apps. Microsoft released out-of-band security updates to address an actively exploited Office zero-day vulnerability tracked as CVE-2026-21509. The issue is a security feature bypass vulnerability that affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019,…
-
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/
-
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/
-
PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the internet. The vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems running vulnerable versions of the telnetd service. Vulnerability Overview CVE-2026-24061…
-
New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware
A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick is “inherited trust.” Attackers send short phishing emails with financial or business themes such as unpaid invoices, payment statements, or document reviews. The real hook is not the text, but…