Tag: malicious
-
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the…
-
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the…
-
Dynamic Objects in Active Directory: The Stealthy Threat
Active Directory’s “dynamic objects” feature offers attackers a perfect evasion cloak. These objects automatically self-destruct without a trace, so they allow adversaries to bypass quotas, pollute access lists, and persist in the cloud, leaving forensic investigators with nothing to analyze. Key takeaways The threat: Dynamic objects self-delete without leaving any traces, or “tombstones” in AD…
-
Don’t trust TrustConnect: This fake remote support tool only helps hackers
Attackers use a dual-purpose website: The TrustConnect website has realistic marketing language, feature descriptions, and documentation that serves both as a public-facing front to promote the software and as a backend portal for customers who purchase access to the tool’s malicious services.”Cybercriminals are instructed to sign up for a ‘free trial,’ instructed on how to…
-
Why the shift left dream has become a nightmare for security and developers
The “shift left” approach has increased pressure on developers, as speed demands override security checks in modern CI pipelines. Qualys explains how analyzing 34,000 public container images revealed 7.3% were malicious and why security must be enforced at the infrastructure layer by default. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-the-shift-left-dream-has-become-a-nightmare-for-security-and-developers/
-
Critical Jenkins Flaw Exposes Build Environments to XSS Attacks
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most critical issue is a stored cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts into…
-
Critical Jenkins Flaw Exposes Build Environments to XSS Attacks
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most critical issue is a stored cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts into…
-
Google Blocks 1.75 Million Malicious Apps from Entering Play Store
Google has revealed that it blocked more than 1.75 million malicious or policy”‘violating Android apps from reaching users through the Play Store in 2025, highlighting a major AI”‘driven push to secure the mobile ecosystem against malware, fraud, and privacy abuse. More than 80,000 “bad” developer accounts were also banned, cutting off repeat offenders who tried…
-
AI-Empowered Cybersecurity: Key Events and Emerging Trends in 2025
In September 2025, Anthropic disclosed a groundbreaking incident”, the world’s first autonomous AI-driven cyberattack. This event, documented as the first large-scale cyber offensive primarily executed by AI with minimal human intervention, underscored the immense threat posed by AI agents in malicious applications. The attackers posed as representatives of a legitimate cybersecurity firm conducting a defense assessment.…
-
Google Rushes Out Critical Chrome Update to Address Serious PDFium and V8 Vulnerabilities
Google has rushed out a vital security patch for Chrome, fixing three flaws that could let attackers run malicious code on users’ devices. The Stable Channel update bumps versions to 145.0.7632.109/.110 for Windows and Mac, and 144.0.7559.109 for Linux. High-severity issues in PDFium, the engine that handles PDF files in Chrome and V8, the speedy…
-
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal entities but can be exploited to bypass Data Loss Prevention (DLP) policies, as seen in…
-
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
The malicious version of Cline’s npm package, 2.3.0, was downloaded more than 4,000 times before it was removed. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/supply-chain-attack-openclaw-cline-users
-
Huntress, Microsoft Detail the Continued Popularity, Evolution of ClickFix Attacks
ClickFix, an attack technique used to trick victims into pasting or clicking on malicious commands, has rapidly become a favorite method of threat groups. Recent reports by Huntress, Microsoft, and Intego detail how quickly the ClickFix tactic is evolving. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/huntress-microsoft-detail-the-continued-popularity-evolution-of-clickfix-attacks/
-
Huntress, Microsoft Detail the Continued Popularity, Evolution of ClickFix Attacks
ClickFix, an attack technique used to trick victims into pasting or clicking on malicious commands, has rapidly become a favorite method of threat groups. Recent reports by Huntress, Microsoft, and Intego detail how quickly the ClickFix tactic is evolving. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/huntress-microsoft-detail-the-continued-popularity-evolution-of-clickfix-attacks/
-
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
Tags: access, ai, attack, business, cloud, compliance, control, cyber, data, flaw, framework, governance, grc, iam, identity, least-privilege, malicious, malware, radius, risk, risk-management, service, supply-chain, tactics, threat, tool, vulnerability, zero-trustAI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The velocity trap: Security teams are fighting “machine-speed” threats with manual processes; you…
-
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
Tags: access, ai, attack, business, cloud, compliance, control, cyber, data, flaw, framework, governance, grc, iam, identity, least-privilege, malicious, malware, radius, risk, risk-management, service, supply-chain, tactics, threat, tool, vulnerability, zero-trustAI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The velocity trap: Security teams are fighting “machine-speed” threats with manual processes; you…
-
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-coretax-apps-fraud-indonesia/
-
Data on 1.2 million French bank accounts accessed in registry breach
In late January 2026, a malicious intruder accessed France’s national bank account registry, FICOBA, enabling them to view information tied to 1.2 million accounts, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/ficoba-data-breach-bank-accounts/
-
Threat Actors Using Fake Google Forms Site to Harvest Google Logins
A new phishing campaign in which threat actors are using a convincing fake version of Google Forms to steal Google account credentials. Cybercriminals are once again exploiting a trusted brand Google to trick job seekers and steal their credentials. The campaign’s malicious URLs all followed a similar structure: forms.google.ss-o[.]com/forms/d/e/{unique_id}/viewform?form=opportunitysecpromo= At first glance, these links appear…
-
Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports
Amnesty reports Angolan journalist’s iPhone was infected by Intellexa’s Predator spyware via a WhatsApp link in May 2024. Amnesty International reports that in May 2024, Intellexa’s Predator spyware infected the iPhone of Teixeira Cândido, an Angolan journalist and press freedom advocate, after he opened a malicious link sent via WhatsApp. This incident highlights how attackers…
-
Hackers Hide Malware in Emoji-Based Code to Bypass Security Defenses
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-looking characters into stealth carriers for commands, data, and exploit payloads. Emoji smuggling is an obfuscation technique in which attackers encode malicious content using…
-
Hackers Hide Malware in Emoji-Based Code to Bypass Security Defenses
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-looking characters into stealth carriers for commands, data, and exploit payloads. Emoji smuggling is an obfuscation technique in which attackers encode malicious content using…
-
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran’s ongoing protests to conduct information theft and long-term espionage.The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan (RAT)…
-
Critical MCP Server Enables Arbitrary Code Execution and Sensitive Data Exfiltration
MCP servers can silently turn AI assistants into powerful attack platforms, enabling arbitrary code execution, large”‘scale data exfiltration, and stealthy user manipulation across both local machines and cloud environments. New research and recent real”‘world incidents show that this emerging ecosystem is already being abused in the wild, including a malicious Postmark MCP server that quietly…
-
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
Tags: access, attack, backdoor, china, control, credentials, dns, espionage, exploit, group, infrastructure, intelligence, malicious, monitoring, network, risk, risk-management, service, software, supply-chain, threat, ukraine, update, vulnerabilityCSOonline, Ho said that no system can ever be declared absolutely unbreakable, “but the new design dramatically raises the bar.”An attacker must now compromise both the hosting infrastructure and the signing keys, he explained, adding that the updater now validates both the manifest and the installer, each with independent cryptographic signatures. And any mismatch, missing…