Collecting Cyber-News from over 60 sources

Tag: exploit

Attackers Use Over 240 Exploits Ahead of Ransomware Attacks

Jan 9, 2026 7:02 PM

Tags: attack, cyber, exploit, Internet, ransomware, vulnerability

Ransomware attacks don’t begin with encryption. They start with reconnaissance and security researchers just documented a significant reconnaissance operation that unfolded over the Christmas holiday. Between December 25 and 28, a single operator systematically scanned the internet for vulnerable systems, testing more than 240 different exploits against targets and logging every successful hit. That harvested…
PeekBoo! ðŸ«£ Emoji Smuggling and Modern LLMs FireTail Blog

Jan 9, 2026 3:01 PM

Tags: ai, computer, control, cybersecurity, data, exploit, injection, LLM, malicious, monitoring, risk, social-engineering, tactics, threat, tool, vulnerability

Jan 09, 2026 – Viktor Markopoulos – We often trust what we see. In cybersecurity, we are trained to look for suspicious links, strange file extensions, or garbled code. But what if the threat looked exactly like a smiling face sent by a colleague?Based on research by Paul Butler and building on FireTail’s previous disclosures…
PeekBoo! ðŸ«£ Emoji Smuggling and Modern LLMs FireTail Blog

Jan 9, 2026 3:01 PM

Tags: ai, computer, control, cybersecurity, data, exploit, injection, LLM, malicious, monitoring, risk, social-engineering, tactics, threat, tool, vulnerability

Jan 09, 2026 – Viktor Markopoulos – We often trust what we see. In cybersecurity, we are trained to look for suspicious links, strange file extensions, or garbled code. But what if the threat looked exactly like a smiling face sent by a colleague?Based on research by Paul Butler and building on FireTail’s previous disclosures…
CISA flags max-severity bug in HPE OneView amid active exploitation

Jan 9, 2026 2:01 PM

Tags: api, authentication, cisa, endpoint, exploit, flaw, Hardware, intelligence, kev, monitoring, software, strategy, threat, update, vulnerability

Not an ‘apply and move on’ solution: While CISA’s KEV inclusion raised the priority immediately, enterprises can’t treat OneView like a routine endpoint patch. Management-plane software is often deployed on-premises, sometimes on physical servers, and tightly coupled with production workflows. A rushed fix that breaks monitoring, authentication, or integrations can be almost as dangerous as…
Cisco identifies vulnerability in ISE network access control devices

Jan 9, 2026 5:01 AM

Tags: access, advisory, breach, cisco, control, credentials, cvss, data, exploit, firewall, google, identity, malicious, network, sans, theft, vulnerability

rotate ISE credentials for those with existing and approved access;ensure only those who need access have credentials;reduce the number of devices that can access the ISE server;patch as soon as it’s possible to take the server offline.In its notice to customers, Cisco says a vulnerability [CVE-2026-20029] in the licensing features of ISE and Cisco ISE…
Chinese-speaking hackers exploited ESXi zero-days long before disclosure

Jan 9, 2026 5:01 AM

Tags: china, exploit, hacker, vmware, vpn, zero-day

Chinese-speaking attackers used a hacked SonicWall VPN to deploy ESXi zero-days that were likely exploited over a year before public disclosure. Chinese-speaking attackers were seen abusing a hacked SonicWall VPN to deliver a toolkit targeting VMware ESXi. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year…
New China-linked hackers breach telcos using edge device exploits

Jan 9, 2026 1:01 AM

Tags: breach, china, exploit, hacker, linux, malware, threat

A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-china-linked-hackers-breach-telcos-using-edge-device-exploits/
CISA sunsets 10 emergency directives thanks to evolution of exploited vulnerabilities catalog

Jan 9, 2026 12:01 AM

Tags: cisa, cybersecurity, exploit, infrastructure, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday that the 10 directives being retired were issued between 2019 and 2024, spanning both the Trump and Biden administrations. First seen on therecord.media Jump to article: therecord.media/cisa-sunsets-10-emergency-directives
Maximum Severity HPE OneView Flaw Exploited in the Wild

Jan 9, 2026 12:01 AM

Tags: cve, exploit, flaw, infrastructure, remote-code-execution

Exploitation of CVE-2025-37164 can enable remote code execution on HPE’s IT infrastructure management platform, leading to devastating consequences. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/maximum-severity-hpe-oneview-flaw-exploited
VMware ESXi zero-days likely exploited a year before disclosure

Jan 8, 2026 11:01 PM

Tags: china, exploit, threat, vmware, vpn, vulnerability, zero-day

Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vmware-esxi-zero-days-likely-exploited-a-year-before-disclosure/
ChatGPT’s Memory Feature Supercharges Prompt Injection

Jan 8, 2026 11:01 PM

Tags: chatgpt, exploit, injection

The ZombieAgent exploit makes use of ChatGPT’s long-term memory and advanced capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chatgpt-memory-feature-prompt-injection
CrowdStrike Acquires SGNL for $740 Million to Thwart AI-Powered Cyber Threats

Jan 8, 2026 10:02 PM

Tags: ai, credentials, crowdstrike, cyber, cybersecurity, defense, exploit, hacker, identity, intelligence, startup, technology, threat

CrowdStrike Inc. said Thursday it will acquire identity security startup SGNL in a deal valued at $740 million the latest move by the cybersecurity giant to fortify its defenses against increasingly sophisticated artificial intelligence (AI)-powered cyberattacks. The acquisition centers on SGNL’s continuous identity technology, designed to prevent hackers from exploiting user credentials as entry.. First…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
Patch Cisco ISE bug now before attackers abuse proofconcept exploit

Jan 8, 2026 8:02 PM

Tags: cisco, exploit, update

No reports of active exploitation “¦ yet First seen on theregister.com Jump to article: www.theregister.com/2026/01/08/rcisco_ise_bug_poc/
React2Shell Vulnerability Hit by 8.1 Million Attack Attempts

Jan 8, 2026 7:02 PM

Tags: attack, cve, cyber, exploit, intelligence, remote-code-execution, threat, vulnerability

The React Server Components (RSC) >>Flight<>React2Shell,<< has become the target of a massive exploitation campaign that shows no signs of slowing. Since the vulnerability's initial disclosure, threat intelligence firm GreyNoise has recorded over 8.1 million attack sessions, with daily attack volumes […] The post React2Shell Vulnerability Hit by 8.1 Million Attack Attempts appeared first on…
Public PoC prompts Cisco patch for ISE, ISE-PIC vulnerability

Jan 8, 2026 6:03 PM

Tags: cisco, cve, exploit, identity, service, update, vulnerability

Cisco addressed a medium-severity vulnerability in ISE and ISE-PIC after a public PoC exploit was disclosed. Cisco addressed a medium-severity vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) after a public PoC exploit was disclosed. The vulnerability resides in the licensing feature of Cisco ISE…
CISA flags actively exploited Office relic alongside fresh HPE flaw

Jan 8, 2026 4:01 PM

Tags: cisa, exploit, flaw, office

Max-severity OneView hole joins a PowerPoint bug that should’ve been retired years ago First seen on theregister.com Jump to article: www.theregister.com/2026/01/08/cisa_oneview_powerpoint_bugs/
50,000 Servers Exposed as GoBruteforcer Scales Brute-Force Attacks

Jan 8, 2026 4:01 PM

Tags: attack, credentials, data-breach, exploit, linux

GoBruteforcer is exploiting weak credentials to compromise thousands of exposed Linux servers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/50000-servers-exposed-as-gobruteforcer-scales-brute-force-attacks/
Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)

Jan 8, 2026 4:01 PM

Tags: cisa, exploit, flaw, remote-code-execution, vulnerability

An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/hpe-oneview-cve-2025-37164-exploited/
Phishing Attacks Exploit Misconfigured Email Routing Settings to Target Microsoft 365 Users

Jan 8, 2026 4:01 PM

Tags: attack, email, exploit, microsoft, phishing

Misconfigurations abused to make phishing emails look like they come from within the organization First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-exploits-misconfigured/
U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog

Jan 8, 2026 1:01 PM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, office, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2009-0556 is a memory corruption flaw…
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Jan 8, 2026 1:01 PM

Tags: access, cisco, cve, exploit, flaw, identity, service, update, vulnerability

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit.The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to First seen…
Cisco warns of Identity Service Engine flaw with exploit code

Jan 8, 2026 11:01 AM

Tags: cisco, exploit, flaw, identity, service, vulnerability

Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-identity-service-engine-flaw-with-exploit-code/
Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset

Jan 8, 2026 10:01 AM

Tags: attack, cyber, cybercrime, exploit, threat, vmware, vpn, vulnerability, zero-day

Huntress security researchers have uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit that remained undetected for over a year before VMware’s public disclosure. The December 2025 intrusion, which began through a compromised SonicWall VPN, demonstrates how threat actors are chaining multiple critical vulnerabilities to achieve complete hypervisor compromise. Attack Chain Begins With…
CISA tags max severity HPE OneView flaw as actively exploited

Jan 8, 2026 10:01 AM

Tags: cisa, cybersecurity, exploit, flaw, infrastructure, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-max-severity-hpe-oneview-flaw-as-actively-exploited/
Three Malicious NPM Packages Target Developers’ Login Credentials

Jan 8, 2026 10:01 AM

Tags: access, attack, credentials, cyber, exploit, login, malicious

Security researchers at Zscaler ThreatLabz have uncovered three malicious npm packages designed to install a sophisticated remote access trojan (RAT) targeting JavaScript developers. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, collectively registered over 3,400 downloads before being removed from the npm registry in November 2025. The attack exploits developer trust in the legitimate BitcoinJS project…
Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset

Jan 8, 2026 10:01 AM

Tags: attack, cyber, cybercrime, exploit, threat, vmware, vpn, vulnerability, zero-day

Huntress security researchers have uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit that remained undetected for over a year before VMware’s public disclosure. The December 2025 intrusion, which began through a compromised SonicWall VPN, demonstrates how threat actors are chaining multiple critical vulnerabilities to achieve complete hypervisor compromise. Attack Chain Begins With…
Top cyber threats to your AI systems and infrastructure

Jan 8, 2026 9:01 AM

Tags: ai, api, attack, best-practice, business, chatgpt, ciso, cloud, cyber, cybersecurity, data, defense, detection, exploit, framework, governance, hacker, infrastructure, injection, intelligence, LLM, malicious, mitre, monitoring, open-source, RedTeam, risk, sans, service, skills, software, strategy, supply-chain, tactics, theft, threat, tool, training, unauthorized, usa, vulnerability

Data poisoning Data poisoning is a type of attack in which bad actorsmanipulate, tamper with, and pollute the data used to develop or train AI systems, including machine learning models. By corrupting the data or introducing faulty data, attackers can alter, bias, or otherwise render inaccurate a model’s performance.Imagine an attack that tells a model…
CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

Jan 8, 2026 8:01 AM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, office, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerabilities are listed below -CVE-2009-0556 (CVSS score: 8.8) – A code injection vulnerability in Microsoft Office First seen on thehackernews.com…