Tag: threat
-
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular “@react-native-community/cli” npm package.Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary First seen on thehackernews.com…
-
The rise of Moltbook suggests viral AI prompts may be the next big security threat
We don’t need self-replicating AI models to have problems, just self-replicating prompts. First seen on arstechnica.com Jump to article: arstechnica.com/ai/2026/02/the-rise-of-moltbook-suggests-viral-ai-prompts-may-be-the-next-big-security-threat/
-
How Data Brokers Can Fuel Violence Against Public Servants
A new report from the Public Service Alliance finds state privacy laws offer public servants few ways to protect their private data, even as threats against them are on the rise. First seen on wired.com Jump to article: www.wired.com/story/how-data-brokers-can-fuel-violence-against-public-servants/
-
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania,…
-
British military to get legal OK to swat drones near bases
Armed Forces Bill would let troops take action against unmanned threats around defense sites First seen on theregister.com Jump to article: www.theregister.com/2026/02/03/armed_forces_bill_drones/
-
Chollima APT Hackers Weaponize LNK Files to Deploy Sophisticated Malware
In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign against activists focused on North Korean affairs. The threat actors initiated the attack chain via spear-phishing emails impersonating a North Korea-focused security expert based in South Korea. The emails referenced legitimate…
-
Abuse of OpenClaw AI Capabilities Enables Stealthy Malware Campaigns
Tags: ai, attack, automation, backdoor, cyber, malicious, malware, marketplace, skills, supply-chain, threatHundreds of malicious skills are distributed through OpenClaw’s marketplace, transforming the popular AI agent ecosystem into a new supply chain attack vector. Threat actors are weaponizing the platform’s extensibility features to deliver droppers, backdoors, and infostealers disguised as legitimate automation tools.”‹ OpenClaw Skills Become Malware Distribution Channel OpenClaw is a self-hosted AI agent that executes…
-
APT28 Exploits Active Microsoft Office Zero-Day to Deliver Malware
The Russia-linked advanced persistent threat group APT28 has been observed actively exploiting a zero-day vulnerability in Microsoft Office to deliver malware through a sophisticated multi-stage attack campaign. Security researchers from Zscaler ThreatLabz identified this new operation, dubbed Operation Neusploit, targeting users across Central and Eastern Europe with weaponized RTF documents. The campaign specifically targeted Ukraine,…
-
Why Identity Threat Detection Response Matters in 2026?
In 2026, identity has firmly established itself as the new security perimeter. As enterprises accelerate cloud adoption, enable remote workforces, and integrate SaaS and third-party ecosystems, attackers are no longer trying to “break in”; they are simply logging in. Compromised identities now sit at the center of most advanced breaches, making Identity Threat Detection &……
-
Shai-Hulud & Co.: The software supply chain as Achilles’ heel
Tags: access, ai, application-security, attack, backdoor, ciso, cloud, credentials, cyber, github, Hardware, identity, infrastructure, kritis, kubernetes, malicious, network, nis-2, programming, risk, rust, sbom, software, strategy, supply-chain, threat, tool, vulnerability, wormThe polyglot supply chain attack: The most frightening prospect, however, is the convergence of these threats in a polyglot supply chain attack. Currently, security teams operate in isolation. AppSec monitors the code, CloudSec monitors the cloud, NetworkSec monitors the perimeter. A polyglot attack is designed to seamlessly break through these silos.This happens as follows: A…
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.The development comes shortly First seen…
-
njRAT runs MassLogger
njRAT is a remote access trojan that has been around for more than 10 years and still remains one of the most popular RATs among criminal threat actors. This blog post demonstrates how NetworkMiner Professional can be used to decode the njRAT C2 traffic to extract artifacts like screenshots, command[…] First seen on securityboulevard.com Jump…
-
IT Security
In a world where businesses are built on digital infrastructure, IT security has become a critical pillar of organizational resilience and trust. From cloud computing and remote workforces to SaaS applications and connected devices, modern IT environments are larger, more complex, and more exposed than ever before. At the same time, cyber threats are growing…
-
What Is Threat Intelligence?
Threat Intelligence is the process of collecting, analyzing, and contextualizing data about existing and emerging cyber threats to produce actionable insights that help organizations prevent, detect, and respond to cyberattacks. Rather than relying on raw alerts or isolated indicators, threat intelligence provides who is attacking, how they operate, what they are targeting, and why it…
-
New phishing attack leverages PDFs and Dropbox
Masquerading as a safe document format: But after so many warnings about this over time, why are people still so trusting of PDFs and Dropbox?”Because, historically, they’ve actually been trained to be,” said Avakian. PDFs are routinely used in the business world and have been positioned as a safe, read-only document format for invoices, contracts,…
-
Nitrogen Ransomware: ESXi malware has a bug!
Nitrogen ransomware was derived from the previously leaked Conti 2 builder code, and is similar to Nitrogen ransomware, but a coding mistake in the ESXi malware causes it to encrypt all the files with the wrong public key, irrevocably corrupting them. This means that even the threat actor is incapable of decrypting them, and that…
-
Why Your WAF Missed It: The Danger of Double-Encoding and Evasion Techniques in Healthcare Security
Tags: access, ai, api, attack, data, data-breach, detection, exploit, governance, hacker, healthcare, intelligence, malicious, risk, technology, threat, tool, wafThe “Good Enough” Trap If you ask most organizations how they protect their APIs, they point to their WAF (Web Application Firewall). They have the OWASP Top 10 rules enabled. The dashboard is green. They feel safe. But attackers know exactly how your WAF works, and, more importantly, how to trick it. We recently worked…
-
Cybercrime Enters a New Era as Autonomous AI Agents Take Center Stage
As of February 2026, enterprise defenders are no longer just battling human-operated ransomware groups or credential thieves. The frontline has shifted to a new class of threat: autonomous AI agents that plan, execute, adapt, and even reinvest their own criminal profits without direct human oversight. The convergence of OpenClaw (local runtime), Moltbook (agent collaboration network),…
-
Chinese Hackers Hijack Notepad++ Updates for 6 Months
State-sponsored threat actors compromised the popular code editor’s hosting provider to redirect targeted users to malicious downloads. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chinese-hackers-hijack-notepad-updates-6-months
-
Russian Hacker Alliance Launches Large-Scale Cyberattack Targeting Denmark
A pro-Russian hacker alliance calling itself “Russian Legion” has issued direct threats against Denmark, warning of large-scale cyberattacks linked to the country’s planned military support to Ukraine. The campaign appears designed to combine disruptive cyber activity with psychological pressure on Danish authorities, businesses, and the wider public. The first threat was posted on the Russian…
-
New “Punishing Owl” Hacker Group Targets Networks Linked to Russian Security Agency
A previously unknown threat actor calling itself Punishing Owl has claimed responsibility for breaching a Russian government security agency, marking the emergence of what cybersecurity researchers believe is a new politically motivated hacktivist collective. The attack demonstrated sophisticated operational security capabilities beyond typical data exfiltration campaigns. On the same day as the breach announcement, Punishing…
-
AI Threats in 2026: A SecOps Playbook
As AI-driven threats accelerate in 2026, security teams must evolve their defenses to manage new risks and maintain resilience. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-threats-in-2026-a-secops-playbook/
-
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data
Several threat clusters are using vishing in extortion campaigns that include tactics that are consistent with those used by high-profile threat group ShinyHunters. They are stealing SSO and MFA credentials to access companies’ environments and steal data from cloud applications, according to Mandiant researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/shinyhunters-leads-surge-in-vishing-attacks-to-steal-saas-data/
-
FCC urges telecoms to boost cybersecurity amid growing ransomware threat
The commission said it was aware of ransomware disruptions at a growing number of small and medium-sized telecoms. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fcc-telecommunications-ransomware-warning/811100/
-
ShinyHunters flip the script on MFA in new data theft attacks
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/shinyhunters-mfa-social-engineering/
-
NSFOCUS Monthly APT Insights December 2025
Regional APT Threat Situation In December 2025, the global threat hunting system of Fuying Lab detected a total of 24 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, with a smaller portion also found in Eastern Europe and South America. Some organizations remain unattributed to known APT groups,…The…
-
Notepad++ update feature hijacked by Chinese state hackers for months
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/notepad-plus-plus-update-feature-hijacked-by-chinese-state-hackers-for-months/
-
Drone sightings have doubled near UK military bases, warns British government
The surge in sightings has prompted the government to expand the powers available to service personnel to deal with the threat from uncrewed aerial vehicles without having to first involve law enforcement. First seen on therecord.media Jump to article: therecord.media/military-drone-sightings-double-uk-government
-
âš¡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage.Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt, and how fast attackers try to stay…