Tag: exploit
-
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ex-l3harris-exec-jailed-for-selling-zero-days-to-russian-exploit-broker/
-
Cybercriminals Exploit Fake Avast Website to Steal Users Credit Card Information
Cybercriminals have launched a convincing phishing operation by building a fake Avast website designed to steal credit card information from unsuspecting visitors. The fraudulent page mimics Avast’s official portal almost perfectly, complete with the genuine Avast logo pulled directly from the company’s content delivery network. It displays regular navigation links like “Home,” “My Account,” and…
-
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars.Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025.…
-
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below -CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system admin user…
-
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware
Threat actors recently abused a critical Apache ActiveMQ vulnerability to gain deep access to a Windows environment, eventually deploying LockBit ransomware over RDP. The attack shows how failing to patch CVE-2023-46604 can give adversaries repeat access and time to turn an initial foothold into full-domain impact. The exploit loaded a malicious Java Spring bean configuration XML file,…
-
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
OAuth consent attacks in Microsoft Entra ID are giving threat actors a stealthy path to cloud email, and even trusted apps like ChatGPT can become a vehicle if permissions are abused. In this hypothetical case, a user in an Entra ID tenant adds the legitimate ChatGPT service principal and grants it Microsoft Graph OAuth permissions,…
-
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute First…
-
Treasury sanctions Russian zero-day broker accused of buying exploits stolen from U.S. defense contractor
The U.S. Treasury announced it was imposing sanctions against a Russian broker of zero-day exploits, its founder and two affiliates, citing a threat to U.S. national security. Another affiliated zero-day broker in the United Arab Emirates was also sanctioned. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/24/treasury-sanctions-russian-zero-day-broker-accused-of-buying-exploits-stolen-from-u-s-defense-contractor/
-
Threat Actors Exploit Weaponized AI to Seize Full Domain Access in Under 30 Minutes
Threat actors are rapidly weaponizing artificial intelligence to move from initial access to full domain compromise in under half an hour, leaving defenders with almost no room for error or delay. As enterprises adopt AI across development, identity, and cloud workflows, adversaries are abusing the same tools to script lateral movement, automate reconnaissance, and scale…
-
Cybercriminals Exploit Windows Management Instrumentation WMI to Maintain Stealthy Access and Silent Control
Tags: access, control, cyber, cybercrime, exploit, infrastructure, malware, startup, strategy, windowsWindows Management Instrumentation (WMI) is a critical utility built into the Windows operating system designed to help administrators monitor status and automate routine tasks. However, cybercriminals have increasingly weaponized this legitimate infrastructure to maintain persistent access to compromised networks. Unlike traditional malware strategies that rely on visible startup folders or registry run keys, WMI abuse…
-
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration
Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…
-
CrowdStrike Analysis Paints Worsening Cybersecurity Picture
A report published by CrowdStrike today finds the average breakout time for a cyberattack in 2025 has been reduced to 29 minutes, representing a 65% year-over-year reduction. At the same time, CrowdStrike is also reporting there was a 42% increase in the number of zero-day vulnerabilities being exploited prior to public disclosure. Additionally, 82% of..…
-
LUKS Encryption Compromised on Linux ICS Devices via TPM Bus Sniffing Exploit
Security researchers Per Idenfeldt Okuyama and Sam Eizad have uncovered a critical physical attack vulnerability in the Moxa UC-1222A Secure Edition industrial computer, demonstrating that its LUKS full-disk encryption can be fully defeated by passively sniffing the SPI bus between the processor and the discrete TPM 2.0 chip during system boot. The flaw, tracked as…
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Anthropic’s Claude Code Security rollout is an industry wakeup call
Anchors security posture to the model: However, those assurances didn’t make all concerns evaporate. “The moment those vibe coders plug a foundation model into their CI pipeline, their entire security posture is no longer anchored only to the company’s code,” I-Gentic AI CEO Zahra Timsah pointed out.”It is anchored to the current behavior of that model.…
-
Hackers Exploit DeepSeek and Claude AI to Launch Global Attacks on FortiGate Devices
Hackers are using commercial AI models DeepSeek and Claude to automate attacks against FortiGate firewalls worldwide, turning basic misconfigurations into a high”‘volume intrusion campaign. In early February 2026, a misconfigured SimpleHTTP server running on 212.11.64[.]250:9999 was found exposing more than 1,400 files and 139 subdirectories, including stolen FortiGate configurations, Active Directory maps, credential dumps, exploit…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe.The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation of…
-
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth
A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that spreads through pirated software bundles to deploy a custom XMRig miner. The attack uses a BYOVD exploit and a time-based logic bomb to evade detection and maximize…
-
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts.”Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim First seen on thehackernews.com Jump…
-
Hackers target vulnerabilities in Roundcube Webmail
CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-target-vulnerabilities-in-roundcube-webmail/812839/
-
AI helps novice threat actor compromise FortiGate devices in dozens of countries
Generative AI tools analyzed target networks and wrote exploit code, giving an opportunistic attacker an outsized impact, according to a new Amazon report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-cyberattacks-fortigate-amazon/812830/
-
VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report
Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN product, which allowed the hackers to gain access to 119 other unnamed organizations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/23/vpn-flaws-allowed-chinese-hackers-to-compromise-dozens-of-ivanti-customers-says-report/
-
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide…
-
Recently patched RoundCube flaws now exploited in attacks
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-recently-patched-roundcube-flaws-now-exploited-in-attacks/
-
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
The stealer employs a broad data-theft toolkit: The researchers noted that the Python implementation acts as a wide-net data harvester. It collects system information, extracts browser-stored data, and pulls details from communication platforms, including Telegram and Discord. Additional modules target VPN configurations, retrieve selected files from the host, and can deliver other payloads, suggesting the…
-
Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs
A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys. First seen on hackread.com Jump to article: hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
-
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide…
-
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
Patch, but verify first: Unit 42 directed organizations to Ivanti’s security advisory for remediation guidance, which recommends applying version-specific RPM patches for EPMM 12.x branches that require no appliance downtime. Ivanti cautioned, however, that the patch does not survive a version upgrade and must be reinstalled if the software is updated. “The permanent fix for…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…