Tag: malicious
-
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link.The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token…
-
OpenClaw patches one-click RCE as security Whac-A-Mole continues
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/openclaw_security_issues/
-
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. >>According to the…
-
1-Click Flaw in ClawDBot Allows Remote Code Execution
A high-severity authentication bypass vulnerability has been discovered in ClawDBot, a popular npm package, enabling attackers to achieve remote code execution through a single malicious link. The flaw stems from the insufficient validation of the gateway URL parameter, combined with automatic connection behaviour that exposes authentication tokens to unauthorised actors. Vulnerability Overview The vulnerability, identified…
-
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility’s update mechanism to redirect update traffic to malicious servers instead.”The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org,” developer Don Ho said. “The compromise occurred at the hosting First seen on thehackernews.com Jump…
-
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer’s resources to push malicious updates to downstream users.”On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the…
-
Ivanti patches two actively exploited critical vulnerabilities in EPMM
install rpm url [patch_url] command.The RPM_12.x.0.x patch is applicable to EPMM software versions 12.5.0.x, 12.6.0.x, and 12.7.0.x. It is also compatible with the older 12.3.0.x and 12.4.0.x versions. Meanwhile the RPM_12.x.1.x patch is applicable to versions 12.5.1.0 and 12.6.1.0.”The RPM script does not survive a version upgrade,” the company warns. “If after applying the RPM…
-
A Head Start on Emerging Vulnerabilities with The Pentest Tool You Need!
The world of cybersecurity is undergoing a seismic shift. In 2026, AI-driven pentest tools are set to redefine how we approach vulnerability detection and exploitation. The conventional pentesting methods, which have served as the backbone of security assessments for decades, cannot be replaced, but given the hi-tech tactics of the malicious contemporaries, these tools simply……
-
Google’s disruption rips millions out of devices out of malicious network
The actions impaired some of IPIDEA’s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals’ vast and growing infrastructure. First seen on cyberscoop.com Jump to article: cyberscoop.com/ipidea-proxy-network-disrupted-google-lumen/
-
Sophisticated Malware Lurks In Open VSX Extension With 5,066 Downloads
A malicious VS Code extension in the Open VSX registry that masquerades as the popular Angular Language Service. Published two weeks ago, it amassed 5,066 downloads before activating sophisticated malware. The extension bundles legitimate Angular tooling (@angular/language-service 21.1.0-rc.0) and TypeScript 5.9.3. However, it contains malicious code hidden in the extension/index.js file, posing a severe supply-chain…
-
NVIDIA GPU Driver Vulnerability Opens Door to Elevated Privileges
NVIDIA has released critical security updates for its GPU Display Drivers after discovering multiple high-severity vulnerabilities that could allow attackers to execute malicious code and escalate privileges on affected systems. The security bulletin, published on January 27, 2026, addresses five distinct vulnerabilities affecting Windows, Linux, and virtualization platforms, with CVSS scores reaching 7.8. Use-After-Free and…
-
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome First…
-
Hugging Face infra abused to spread Android RAT in a large-scale malware campaign
Abuse through smart hosting: Hugging Face is a go-to platform for developers hosting machine learning models, datasets, and tooling. According to Bitdefender, the resource is now being leveraged to mask malicious downloads amidst legitimate activity. While the platform uses ClamAV scanning on uploads, these controls currently fall short of filtering out cleverly disguised malware repositories,…
-
SmarterTools patches critical SmarterMail flaw allowing code execution
SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3) that could let attackers run malicious code on affected systems. >>SmarterTools SmarterMail versions prior to build 9511 contain…
-
Human risk management: CISOs’ solution to the security awareness training paradox
Tags: access, ai, awareness, ciso, compliance, cyber, cybersecurity, data, email, identity, intelligence, malicious, mitigation, risk, risk-management, strategy, tool, trainingWhat is human risk management?: HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).To be more specific, HRM integrates into email security tools, web gateways,…
-
Human risk management: CISOs’ solution to the security awareness training paradox
Tags: access, ai, awareness, ciso, compliance, cyber, cybersecurity, data, email, identity, intelligence, malicious, mitigation, risk, risk-management, strategy, tool, trainingWhat is human risk management?: HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).To be more specific, HRM integrates into email security tools, web gateways,…
-
eScan AV users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/escan-antivirus-update-supply-chain-compromised/
-
The ‘staggering’ cybersecurity weakness that isn’t getting enough focus, according to a top Secret Service official
The internet domain registration system is a major weakness that malicious hackers can exploit, but is often being overlooked, a senior Secret Service official said Thursday. “It is staggering to me that we live in a world where domain registrars and registrars will do bulk registration of various spellings of a major institution’s brand name…
-
Report: Open Source Malware Instances Increased 73% in 2025
ReversingLabs this week published a report that finds there was a 73% increase in the number of malicious open source packages discovered in 2025 compared with the previous year. More than 10,000 malicious open source packages were discovered, most of which involved node package managers (npms) that cybercriminals were using to compromise software supply chains……
-
‘Semantic Chaining’ Jailbreak Dupes Gemini Nano Banana, Grok 4
Tags: maliciousIf an attacker splits a malicious prompt into discrete chunks, some large language models (LLMs) will get lost in the details and miss the true intent. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/semantic-chaining-jailbreak-gemini-nano-banana-grok-4
-
Google targets IPIDEA in crackdown on global residential proxy networks
Google disrupted IPIDEA, a major residential proxy network that enrolled users’ devices via SDKs embedded in mobile and desktop apps. Google and partners disrupted the IPIDEA residential proxy network, used by many threat actors, via legal domain takedowns, intelligence sharing on malicious SDKs, and ecosystem-wide enforcement. Google Play Protect now removes and blocks apps with…
-
Apple’s new iPhone and iPad security feature limits cell networks from collecting precise location data
The new security feature makes it more difficult for police and malicious hackers to obtain a person’s precise location data from a cell phone company. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/29/apples-new-iphone-and-ipad-security-feature-limits-cell-networks-from-collecting-precise-location-data/
-
eScan AV supply chain compromise: Users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/escan-antivirus-update-supply-chain-compromised/
-
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for >>mac cleaner,<< displaying trusted domains such as docs.google.com and business.google.com as landing pages. However, clicking these ads redirects users to Google Apps Script…
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…
-
Weaponized VS Code Extension “ClawdBot Agent” Spreads ScreenConnect RAT
A malicious Visual Studio Code extension posing as an AI coding assistant has been caught secretly installing a fully functional remote access tool (RAT) on developer machines. The extension looks convincing at first glance: polished branding, a professional icon, and integration with several AI providers including OpenAI, Anthropic, Google, Ollama, Groq, Mistral, and OpenRouter. In…
-
Matanbuchus Malware Evolves to Bypass AV Defenses by Swapping Core Components
Matanbuchus is a malicious C++-based downloader that has been sold as Malware-as-a-Service (MaaS) since 2020. Initially known as a simple loader for second-stage payloads, it has steadily evolved into a flexible backdoor platform that is increasingly tied to ransomware operations. In July 2025, researchers observed Matanbuchus version 3.0 in the wild, featuring redesigned components, stronger…