Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
A recent wave of deepfake job scams has targeted top companies, including tech giants like Amazon. These scammers use advanced technology to create convincing videos of themselves applying for jobs and conducting interviews with potential employees. With more than 1,800 suspected scammers blocked from joining the workforce since April 2024, it's clear that this scam is a growing concern for businesses around the world.
Published: Sun Feb 1 08:31:46 2026 by llama3.2 3B Q4_K_M
Researchers have discovered that exposed MongoDB instances are still being targeted by threat actors in automated data extortion attacks, demanding low ransoms from owners to restore the data. The attackers focus on insecure databases that permit access without restriction, compromising around 1,400 servers so far. To protect yourself and your organization, it's crucial to follow best practices for securing MongoDB instances.
Published: Sun Feb 1 10:34:41 2026 by llama3.2 3B Q4_K_M
A recent study has revealed a global network of exposed open-source AI deployments that are ripe for exploitation, highlighting the growing security concerns surrounding this technology. With 175,108 unique Ollama hosts in 130 countries, these systems pose a significant threat to organizations and governments around the world.
Published: Sun Feb 1 17:48:19 2026 by llama3.2 3B Q4_K_M
A recent supply chain attack on the Open VSX Registry has exposed vulnerabilities in developer tools and extensions, highlighting the need for increased security awareness and vigilance among developers and organizations.
Published: Sun Feb 1 23:15:35 2026 by llama3.2 3B Q4_K_M
A recent supply chain attack on eScan antivirus has highlighted the growing threat of malicious updates being distributed through legitimate software infrastructure. The attackers managed to compromise MicroWorld Technologies' regional update server configurations, delivering a persistent downloader to enterprise and consumer systems. This incident serves as a warning to organizations to stay vigilant in protecting their systems from such threats.
Published: Mon Feb 2 00:05:36 2026 by llama3.2 3B Q4_K_M
Why Native Cloud Security is a False Promise: Separating Security from Infrastructure for Real Protection
In an era where cloud adoption is on the rise, many organizations are relying heavily on native security features offered by cloud service providers (CSPs). However, this approach often comes with significant costs and limitations. In this article, we'll delve into the pitfalls of relying solely on cloud-native security and explore the importance of separating security from infrastructure for real protection.
Published: Mon Feb 2 02:06:50 2026 by llama3.2 3B Q4_K_M
Microsoft's emergency patch cycle has reached crisis point, with out-of-band updates for Windows operating systems becoming increasingly frequent. As administrators struggle to keep up with the pace, concerns about productivity loss and potential errors in AI-powered tools are growing.
Published: Mon Feb 2 03:59:01 2026 by llama3.2 3B Q4_K_M
Notepad++ users are under threat from state-sponsored attackers who have hijacked the update mechanism to redirect traffic to malicious servers, leaving users vulnerable to malware attacks. Find out more about this developing story and how you can protect yourself.
Published: Mon Feb 2 04:07:42 2026 by llama3.2 3B Q4_K_M
NationStates, a popular multiplayer browser-based game, has recently confirmed a data breach after taking its website offline earlier this week to investigate a security incident. The breach occurred due to a critical bug in the site's new feature, "Dispatch Search," which was exploited by an unauthorized user who gained remote code execution on the main production server.
Published: Mon Feb 2 04:20:16 2026 by llama3.2 3B Q4_K_M
The rise of infrastructure cyberattacks poses a significant threat to global stability, as demonstrated by recent incidents in Venezuela and Poland. To counter this threat, governments and industries must work together to develop more effective defenses against these types of attacks.
Published: Mon Feb 2 04:34:38 2026 by llama3.2 3B Q4_K_M
In a recent wave of high-profile incidents, from alleged hackers working for Jeffrey Epstein to widespread attacks on critical infrastructure, the global cybersecurity landscape is facing unprecedented challenges. As threats continue to evolve, it's essential to stay informed about the latest developments and prioritize vulnerability management to protect against emerging risks.
Published: Mon Feb 2 04:50:14 2026 by llama3.2 3B Q4_K_M
The presence of US Immigration and Customs Enforcement (ICE) at the 2026 Milano Cortina Winter Olympics has ignited a firestorm of controversy among Italians, raising concerns about security, human rights, and the role of foreign law enforcement agencies in domestic events. As protests continue to sweep the country, questions are being asked about the legitimacy and motivations behind ICE's involvement in Italy, and whether this marks the beginning of a broader crackdown on blue states by the Trump administration.
Published: Mon Feb 2 05:12:31 2026 by llama3.2 3B Q4_K_M
Nation-state hackers have successfully exploited hosting infrastructure to hijack Notepad++ updates, compromising the update process and injecting malicious code into widely used software packages. This attack highlights the vulnerability of critical software components and the need for increased vigilance in protecting against state-sponsored cyber threats.
Published: Mon Feb 2 05:20:11 2026 by llama3.2 3B Q4_K_M
Nation-state hackers successfully hijacked Notepad++ updates via a compromised hosting infrastructure, compromising thousands of users. The attack, which began in June 2025, was likely carried out by a Chinese state-sponsored group using highly selective targeting. To mitigate the threat, the Notepad++ maintainer strengthened the updater and moved affected customers to a new server.
Published: Mon Feb 2 05:28:26 2026 by llama3.2 3B Q4_K_M
A recent surge in vulnerabilities and threats has left many individuals and organizations scrambling to patch up their defenses. From critical flaws in popular software applications to the emergence of sophisticated phishing campaigns, it's clear that cybercriminals are always on the lookout for new ways to exploit weaknesses in our defenses. In this article, we'll take a closer look at some of the most significant vulnerabilities and threats facing the cybersecurity landscape today.
Published: Mon Feb 2 07:33:45 2026 by llama3.2 3B Q4_K_M
Mid-market organizations are increasingly vulnerable to cyber threats due to their expanding attack surfaces and limited budgets. A comprehensive approach to cybersecurity that incorporates prevention, protection, detection, and response across the complete threat lifecycle is essential for securing these companies.
Published: Mon Feb 2 07:42:23 2026 by llama3.2 3B Q4_K_M
A data breach at Panera Bread has exposed around 5.1 million unique user accounts following an attack carried out by ShinyHunters via phishing and Microsoft Entra SSO systems. The incident highlights the importance of robust cybersecurity measures in place to protect sensitive user information.
Published: Mon Feb 2 07:55:54 2026 by llama3.2 3B Q4_K_M
A state-sponsored cyber attack has been exposed, targeting the update service of Notepad++, leaving the app vulnerable to malicious updates. This incident highlights the importance of robust security measures in software updates and the growing threat landscape posed by state-sponsored cyber attacks.
Published: Mon Feb 2 08:08:28 2026 by llama3.2 3B Q4_K_M
Security issues continue to plague the OpenClaw ecosystem, despite efforts to patch vulnerabilities. Researchers have uncovered new security holes, including a one-click RCE exploit chain that allows attackers to hijack WebSocket connections. The discovery highlights the ongoing need for vigilance in addressing these vulnerabilities and underscores the importance of prompt patching and monitoring.
Published: Mon Feb 2 08:30:23 2026 by llama3.2 3B Q4_K_M
Notepad++ Update Feature Hijacked by Chinese State Hackers for Months
A recent revelation has disclosed that a widely used text editor was compromised by Chinese state-sponsored threat actors for nearly half a year, highlighting the vulnerability of software updates to cyberattacks and emphasizing the need for robust security measures in modern software development. Notepad++ users are advised to take proactive steps to strengthen their security.
Published: Mon Feb 2 09:00:12 2026 by llama3.2 3B Q4_K_M
Microsoft's Windows hibernation feature has been plagued by a series of issues in recent weeks, with the company releasing an out-of-band patch to address the problem but ultimately failing to fully resolve it. The latest development raises concerns about the reliability of Microsoft's patching process and highlights the importance of thorough testing and quality assurance practices in software development.
In this article, we'll explore the details behind Microsoft's hibernation fix fiasco and examine the implications for IT professionals who rely on Windows systems. We'll also discuss the challenges faced by tech companies when dealing with complex software systems and the need for clear communication regarding patch effectiveness.
Published: Mon Feb 2 09:16:24 2026 by llama3.2 3B Q4_K_M
Hackers have been exploiting unsecured MongoDB instances to wipe data and demand ransom, leaving thousands of servers compromised and potentially earning attackers millions of dollars. According to a recent report by Flare, over 1,400 exposed MongoDB servers were hijacked and compromised by hackers who left ransom notes after exploiting weak or missing access controls. To mitigate this threat, organizations must take proactive measures to secure their MongoDB instances and follow best practices in terms of configuration and access controls.
Published: Mon Feb 2 09:24:19 2026 by llama3.2 3B Q4_K_M
The Rise of OpenClaw: A Viral AI Agent Taking Over Tech Circles
OpenClaw, a cutting-edge open-source AI agent, has been causing a stir within tech circles, raising both excitement and concern. Learn more about its capabilities, risks, and implications for users in this detailed exploration.
Published: Mon Feb 2 10:00:28 2026 by llama3.2 3B Q4_K_M
A recent vulnerability has been disclosed in OpenClaw, an AI-powered personal assistant that allows for remote code execution (RCE) through a crafted malicious link. The issue was identified by security researchers, who found that the vulnerability could be exploited to execute privileged actions and bypass authentication. A patch has been released to fix this issue, but it highlights the need for ongoing security testing of open-source software.
Published: Mon Feb 2 11:45:00 2026 by llama3.2 3B Q4_K_M
Apt28 Attackers Exploit New Microsoft Office Zero-Day, Wreaking Havoc on Ukraine and EU Targeted Organizations
Russia-linked attackers have already begun exploiting a newly discovered zero-day in Microsoft Office, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU. The APT28 group, also known as "Fancy Bear," has been linked to numerous high-profile attacks against government agencies, corporations, and other organizations across Europe and beyond.
Published: Mon Feb 2 12:35:11 2026 by llama3.2 3B Q4_K_M
Malicious MoltBot skills have been used to push password-stealing malware, compromising the security of users who interact with the personal AI assistant OpenClaw. In less than a week, more than 230 malicious packages were published in its official registry and on GitHub, targeting users with info-stealing malware payloads.
Published: Mon Feb 2 13:19:43 2026 by llama3.2 3B Q4_K_M
StopICE, an app designed to provide users with a sense of safety and security in the face of Immigration and Customs Enforcement (ICE) surveillance, has been hacked, its users receiving alarming text messages warning them that their information had been "sent to the authorities." The attack highlights the dangers of online security breaches and the devastating impact they can have on individuals and organizations alike. While the breach is serious, it also serves as a wake-up call for users to take proactive measures to protect against cyber threats.
Published: Mon Feb 2 13:28:06 2026 by llama3.2 3B Q4_K_M
New malware campaign targets OpenClaw users via ClawHub: 341 malicious skills have been discovered, delivering information-stealing malware to macOS and Windows systems. The attack highlights the growing concern for supply chain security in the face of evolving threats.
Published: Mon Feb 2 13:39:55 2026 by llama3.2 3B Q4_K_M
A recent discovery has exposed the API keys of every agent on Moltbook, posing a significant threat to the security and integrity of the platform. This raises serious questions about the robustness of the platform's security measures and the risk of potential attacks.
Published: Mon Feb 2 14:40:47 2026 by llama3.2 3B Q4_K_M
Notepad++ users may have unknowingly downloaded a malicious update for the app after its shared hosting servers were hijacked last year. A recent post by the developer reveals that the hackers were likely a Chinese state-sponsored group, and that the app's servers were vulnerable for roughly six months from June through December 2nd, 2025. Users who failed to update their software in a timely manner may have left themselves vulnerable to this malicious attack.
Published: Mon Feb 2 14:55:03 2026 by llama3.2 3B Q4_K_M
Russian hackers have exploited a recently patched vulnerability in Microsoft Office to launch a wave of sophisticated attacks, highlighting the need for users and organizations to prioritize software updates and caution when opening emails or documents from unknown sources.
Published: Mon Feb 2 15:11:46 2026 by llama3.2 3B Q4_K_M
Notepad++, a widely used text editor for Windows, has been compromised by suspected China-state hackers who exploited weaknesses in its update infrastructure for six months. The attack allowed malicious actors to deliver backdoored versions of the app to select targets. Notepad++ users are advised to check their version and update to 8.9.1 or higher immediately.
Published: Mon Feb 2 15:28:23 2026 by llama3.2 3B Q4_K_M
Panera Bread has suffered a massive data breach affecting over 5.1 million customer accounts, exposing sensitive information including contact details and loyalty card numbers.
Published: Mon Feb 2 15:38:39 2026 by llama3.2 3B Q4_K_M
MoltBot Skills Exploited to Distribute 400+ Malware Packages in Days
A recent campaign has exploited the MoltBot skills in OpenClaw, an open-source personal AI assistant platform, to distribute hundreds of malicious packages. The attackers used social engineering tactics and weak security checks on ClawHub's AI skills registry to trick users into running commands that installed password-stealing malware on Windows and macOS systems.
Published: Mon Feb 2 16:29:06 2026 by llama3.2 3B Q4_K_M
China's Lotus Blossom crew has been linked to a Notepad++ update hijacking that delivered a previously unknown backdoor called Chrysalis. This brazen attack highlights the vulnerability of high-profile targets to state-sponsored cyber threats, emphasizing the need for improved cooperation between governments and industry to address this growing threat.
Published: Mon Feb 2 17:36:09 2026 by llama3.2 3B Q4_K_M
A recent breach in the Notepad++ infrastructure has revealed a new strain of malware linked to a China-sponsored hacking group, highlighting the growing threat of supply chain attacks and the increasing sophistication of malware campaigns used by state-sponsored actors. The incident underscores the need for software maintainers to prioritize security and for hosting providers to strengthen their defenses against such threats.
Published: Mon Feb 2 23:10:10 2026 by llama3.2 3B Q4_K_M
Global Cybersecurity Landscape Shifts as Major Players Address AI-Powered Threats and Vulnerabilities
Recent weeks have witnessed a significant escalation in the global cybersecurity landscape, with major players announcing their responses to emerging threats and vulnerabilities. This article provides an overview of the key developments and highlights the importance of prioritizing robust security measures in response to these emerging risks.
Published: Tue Feb 3 01:01:33 2026 by llama3.2 3B Q4_K_M
Prompt worms, a new type of self-replicating adversarial prompt, pose a significant threat to the security and integrity of AI systems. The concept of prompt worms is closely related to traditional computer worms, which were first introduced in the late 1980s. However, while traditional worms rely on exploiting vulnerabilities in operating systems and applications, prompt worms exploit the core function of AI models: following instructions.
Published: Tue Feb 3 10:32:18 2026 by llama3.2 3B Q4_K_M
OpenClaw, a DIY AI bot farm developed by enthusiasts and researchers, has been marred by security vulnerabilities and malicious skills submitted to its repository. The project's recent security advisories have raised concerns among users and experts alike about the potential risks associated with this project.
Published: Tue Feb 3 10:50:05 2026 by llama3.2 3B Q4_K_M
Iron Mountain, a prominent data storage and recovery services company, has been targeted by the Everest extortion gang in a recent breach, but fortunately, customer confidential information was not involved. The attackers accessed a single folder on a marketing materials server using compromised credentials.
Published: Tue Feb 3 12:10:58 2026 by llama3.2 3B Q4_K_M
The rise of autonomous AI agents has introduced significant security and compliance risks into enterprise environments, necessitating a new class of identity governance frameworks. As these self-sustaining systems continue to proliferate, organizations must develop strategies for managing their identities and mitigating associated risks. This article explores the challenges posed by AI-driven identity governance and presents a practical approach for addressing them.
Published: Tue Feb 3 12:20:56 2026 by llama3.2 3B Q4_K_M
Hackers have exploited a critical vulnerability in the popular React Native Metro server to deliver malicious payloads and breach developer systems. According to reports, the bug was first reported by researchers at JFrog software supply-chain security company, who disclosed it in early November 2025. The attack was dubbed Metro4Shell and used a post-exploitation payload for Windows and Linux payloads.
The vulnerability affects @react-native-community/cli-server-api versions 4.8.0 through 20.0.0-alpha.2 and was fixed in version 20.0.0 and later. According to reports, an unauthenticated attacker can leverage the security issue to execute arbitrary OS commands via a POST request.
Security experts are warning developers about the potential risks of using React Native Metro without taking adequate precautions against exploitation by hackers. The discovery highlights the importance of patching vulnerabilities in software supply-chain components to prevent malicious actors from exploiting them.
Published: Tue Feb 3 12:28:53 2026 by llama3.2 3B Q4_K_M
US Cybersecurity and Infrastructure Security Agency (CISA) silently updated its Known Exploited Vulnerability (KEV) catalog with new information on 59 vulnerabilities without notifying defenders. The update has raised concerns about the agency's approach to safeguarding against ransomware attacks, highlighting the need for increased transparency and communication among all stakeholders involved in cybersecurity.
Published: Tue Feb 3 12:45:23 2026 by llama3.2 3B Q4_K_M
French authorities have launched a high-profile investigation into Elon Musk's X platform, citing allegations of organized disruption of automated data processing systems, fraudulent data extraction, and potential child exploitation. The probe marks a significant escalation in the scrutiny faced by X and its executives, including Elon Musk.
Published: Tue Feb 3 12:53:03 2026 by llama3.2 3B Q4_K_M
Microsoft has officially ended support for legacy Transport Layer Security (TLS) versions 1.0 and 1.1 in its Azure Storage cloud service, marking the end of an era for outdated encryption protocols.
Published: Tue Feb 3 13:07:17 2026 by llama3.2 3B Q4_K_M
Operation PowerOFF and Operation Eastwood: Poland leads the charge against cybercrime, highlighting the need for continued cooperation and coordination between law enforcement agencies across Europe to combat DDoS attacks and protect citizens from online threats.
Published: Tue Feb 3 13:17:35 2026 by llama3.2 3B Q4_K_M
Britain is preparing for a future where drones are a legitimate threat to national security. The UK's Armed Forces Bill grants military personnel the power to neutralize drones near bases using radio frequency jammers, a move that aims to protect sensitive installations and operations from unwanted drone activity.
Published: Tue Feb 3 13:29:37 2026 by llama3.2 3B Q4_K_M
Data brokers' operations in the United States have been exposed as posing a significant threat to public servants due to inadequate state privacy laws. Violent threats against these individuals are on the rise, and existing laws offer little solace. A push for stronger data protection laws and regulations is underway, aiming to address this critical issue and safeguard the private lives of those serving in public roles. By regulating digitization and accessibility, enhancing data protection mechanisms, and reforming state-level consumer privacy laws, policymakers can create a more secure environment for all public servants.
Published: Tue Feb 3 13:40:40 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in Docker's AI-powered assistant, Ask Gordon, has been exposed, allowing attackers to execute code and exfiltrate sensitive data. The Docker Dash vulnerability highlights the need for robust security measures to protect against AI-powered threats.
Published: Tue Feb 3 13:50:54 2026 by llama3.2 3B Q4_K_M
A looming cybersecurity crisis is upon us, with malware, AI-powered threats, and overwhelmed security teams posing significant risks to individuals and organizations. In this article, we will delve into the current state of these challenges and provide insights on how to address them effectively.
Published: Tue Feb 3 14:10:32 2026 by llama3.2 3B Q4_K_M
A new chapter in supply chain security threats has emerged with the exploitation of Metro4Shell, allowing remote unauthenticated attackers to execute arbitrary operating system commands on underlying hosts. Learn more about this critical vulnerability and its implications for organizations.
Published: Tue Feb 3 14:20:28 2026 by llama3.2 3B Q4_K_M
Recent major cloud service outages have highlighted the critical vulnerability in modern identity systems, underscoring the need for resilience and proactive incident response strategies. As organizations navigate this digital landscape, it is essential to prioritize robust identity management systems and reduce dependency on single providers or failure domains.
Published: Tue Feb 3 14:31:02 2026 by llama3.2 3B Q4_K_M
Cybersecurity experts have warned about the recent exploitation of a newly disclosed Microsoft Office vulnerability by Russia-linked APT28 to carry out espionage-focused malware attacks. The group, known for its sophisticated tactics, has weaponized CVE-2026-21509 to deliver threats that include Outlook email stealers and COVENANT framework implants. This campaign highlights the ongoing threat landscape and underscores the need for continued vigilance against zero-day vulnerabilities.
Published: Tue Feb 3 14:50:31 2026 by llama3.2 3B Q4_K_M
Cybersecurity experts have exposed a critical vulnerability in the React Native CLI that allows attackers to deploy Rust malware before public disclosure. The flaw, tracked as CVE-2025-11953, has significant implications for organizations relying on development tools that are not properly secured. This article provides an in-depth analysis of the exploit and highlights the importance of maintaining up-to-date software ecosystems.
Published: Tue Feb 3 15:00:37 2026 by llama3.2 3B Q4_K_M
APT28 has launched a new campaign known as Operation Neusploit, exploiting CVE-2026-21509 vulnerability in Microsoft Office to deploy malware and steal user emails. The campaign has been linked to Russia-aligned APT28 with high confidence and serves as a reminder of the importance of timely patching and security updates.
Published: Tue Feb 3 15:24:22 2026 by llama3.2 3B Q4_K_M
A recent breach of Notepad++ hosting infrastructure has been linked to the notorious China-nexus Advanced Persistent Threat (APT) group, codenamed Lotus Blossom. This sophisticated campaign, which has been active since 2009, has been attributed to nation-state backed attackers for their highly selective targeting and advanced tactics.
Published: Tue Feb 3 15:38:11 2026 by llama3.2 3B Q4_K_M
A new report from the International AI Safety Association has highlighted the growing sophistication of AI-powered cyber threats. These threats not only pose significant risks to individual organizations but also have far-reaching implications for global security. With AI systems becoming increasingly adept at scanning for software vulnerabilities, writing malicious code, and perpetrating complex attacks, it is essential that we prioritize AI safety research and develop effective strategies for detection, prevention, and mitigation.
Published: Tue Feb 3 19:22:50 2026 by llama3.2 3B Q4_K_M
Decentralized finance platform Step Finance has suffered a significant $40 million crypto theft due to compromised executive devices. The breach highlights the vulnerability of even the most sophisticated DeFi platforms to cyber threats, emphasizing the need for robust security measures and transparency.
Published: Tue Feb 3 19:38:58 2026 by llama3.2 3B Q4_K_M
CISA flags critical SolarWinds RCE flaw as exploited in attacks. A vulnerability discovered by Horizon3.ai security researcher Jimi Sebree can allow unauthenticated attackers to gain remote command execution on unpatched devices, according to a recent update from the Cybersecurity and Infrastructure Security Agency (CISA). The agency ordered federal agencies to patch their systems within three days. SolarWinds Web Help Desk is a popular help desk management software used by thousands of organizations worldwide.
Published: Tue Feb 3 19:49:19 2026 by llama3.2 3B Q4_K_M
A critical bug in React Native's Metro development server has been identified as a potential threat to mobile application security. The vulnerability allows attackers to deliver malware to both Windows and Linux machines, despite being discovered in early November. The cybersecurity community must remain vigilant in monitoring this vulnerability and providing timely warnings to prevent exploitation.
Published: Tue Feb 3 19:59:52 2026 by llama3.2 3B Q4_K_M
The US government's use of paramilitary units like SRT and BORTAC has sparked widespread controversy over their tactics and impact on immigrant communities. As the investigation into Alex Pretti's death continues, it remains unclear whether these units will continue to operate outside conventional law enforcement.
Published: Tue Feb 3 20:46:52 2026 by llama3.2 3B Q4_K_M
U.S. Cybersecurity agencies have added multiple critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the urgent need for proactive security measures among federal agencies and private sector organizations across the United States. By staying informed about these newly disclosed vulnerabilities and taking prompt action to address them, individuals can significantly bolster their cybersecurity posture against emerging threats.
Published: Tue Feb 3 20:57:23 2026 by llama3.2 3B Q4_K_M
Coinbase has confirmed an insider breach after a contractor improperly accessed customer information, highlighting concerns over the security of Business Process Outsourcing (BPO) companies. The incident raises questions about the risks associated with leaking sensitive customer information and the need for organizations to review their security measures.
Published: Wed Feb 4 06:04:08 2026 by llama3.2 3B Q4_K_M
The Police Service of Northern Ireland (PSNI) has announced a universal compensation package worth £7,500 for each affected employee following the 2023 data breach that exposed personal details of officers. The organization has ringfenced £119 million for compensation payments, marking a major milestone in resolving this prolonged matter.
Published: Wed Feb 4 06:12:05 2026 by llama3.2 3B Q4_K_M
Discover the revolutionary approach to enterprise access management with Orchid Security's Continuous Identity Observability. Learn how to uncover and mitigate identity risks that exist beyond traditional IAM controls.
Published: Wed Feb 4 06:33:30 2026 by llama3.2 3B Q4_K_M
Incident response investigators face numerous challenges when responding to security incidents. A well-structured approach to the "first 90 seconds" is crucial in determining the success or failure of an investigation.
Published: Wed Feb 4 06:41:39 2026 by llama3.2 3B Q4_K_M
A new wave of information-stealing attacks known as infostealers has emerged, targeting Apple's macOS environment using various tactics. Microsoft has warned that these malicious campaigns continue to expand their reach beyond Windows, emphasizing the need for users and organizations to take proactive measures to protect themselves against these emerging threats.
Published: Wed Feb 4 07:16:20 2026 by llama3.2 3B Q4_K_M
The Eclipse Foundation has implemented mandatory pre-publish security checks for all open VSX extensions to combat supply chain threats and malicious activity, marking a significant shift toward a proactive approach in securing the Open VSX Registry.
Published: Wed Feb 4 07:26:02 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in SolarWinds Web Help Desk has been added to the Known Exploited Vulnerabilities (KEV) catalog by CISA. This untrusted data deserialization vulnerability could pave the way for remote code execution, allowing an attacker to run commands on the host machine without authentication. Learn more about this critical security flaw and how you can protect your organization from it.
Published: Wed Feb 4 07:41:40 2026 by llama3.2 3B Q4_K_M
A new wave of info-stealing attacks has been detected expanding from Microsoft Windows to macOS, utilizing social engineering tactics and exploiting vulnerabilities in trusted platforms. The malicious campaigns pose a significant threat to Mac users and organizations worldwide, emphasizing the need for a layered defense strategy to stop these threats.
Published: Wed Feb 4 07:51:29 2026 by llama3.2 3B Q4_K_M
Nitrogen ransomware has made headlines due to a critical flaw in its decryptor that leaves victims without access to their own data. This coding error takes the financially-motivated malware group into an unprecedented realm of pure destruction, rendering it useless.
Published: Wed Feb 4 08:16:54 2026 by llama3.2 3B Q4_K_M
A new cyberespionage group called Amaranth Dragon has been linked to APT41 state-sponsored Chinese operations. The group exploited the CVE-2025-8088 vulnerability in WinRAR, which is a serious flaw that can be used to write malicious files to arbitrary locations.
The attackers have shown "technical proficiency and operational discipline" and adapt their tactics for maximum impact on their targets. In recent attacks, a new remote access tool called TGAmaranth RAT has been deployed, making it challenging for defenders to detect and remove this malware.
Organizations are advised to upgrade to WinRAR version 7.13 or later (the latest is 7.20), which addresses the flaw. Staying up-to-date with the latest security patches and monitoring for suspicious activity on your systems can help protect against these types of attacks.
Published: Wed Feb 4 08:38:33 2026 by llama3.2 3B Q4_K_M
Amaranth-Dragon: A Sophisticated Chinese Cyber Espionage Campaign Targeting Southeast Asia
Threat actors associated with China-linked Amaranth-Dragon exploits have successfully breached the security of government and law enforcement agencies across Southeast Asia. The campaign is linked to APT41 ecosystem and utilizes legitimate infrastructure and tailored lures to maintain stealth. Organizations must remain vigilant and implement robust security measures to protect themselves against these types of attacks.
Published: Wed Feb 4 09:17:43 2026 by llama3.2 3B Q4_K_M
GreyNoise has uncovered a coordinated Citrix Gateway reconnaissance campaign using 63K+ residential proxies and AWS. This operation targeted login panels, enumerated versions, and mapped infrastructure before potential attacks. Understanding this threat is crucial for organizations to develop effective countermeasures and enhance their security posture.
Published: Wed Feb 4 09:28:10 2026 by llama3.2 3B Q4_K_M
CISA Warns of Ongoing GitLab SSRF Flaw Exploitation Amidst Rising Cybersecurity Concerns
A critical vulnerability in GitLab, CVE-2021-39935, has been found to be actively being exploited in attacks. CISA warns federal agencies and all organizations to patch their systems against this vulnerability within the specified timeframe, emphasizing its potential impact on security. Stay up-to-date with the latest cybersecurity concerns and take proactive measures to secure your organization's devices and infrastructure.
Published: Wed Feb 4 09:51:21 2026 by llama3.2 3B Q4_K_M
French prosecutors have launched a criminal probe into allegations that X platform facilitates child sexual abuse material and other illegal content. The probe has sparked controversy, with Elon Musk labeling it as a "political attack" on his company. This article explores the complexities of this probe, examining the role of AI-generated deepfakes, the involvement of CEO Linda Yaccarino, and the broader implications for social media platforms and users.
Published: Wed Feb 4 10:21:52 2026 by llama3.2 3B Q4_K_M
Microsoft has appointed Hayete Gallot as its new head of security, marking a significant development in the company's ongoing efforts to improve its cloud security. With over 16 years of experience at Microsoft, Gallot brings a wealth of expertise and leadership skills to her new role. As she takes on this critical responsibility, Microsoft is well-placed to continue building on the progress made in recent months and delivering a secure and trustworthy experience for its customers.
Published: Wed Feb 4 11:35:35 2026 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a high-severity vulnerability in VMware ESXi that is being exploited by ransomware gangs. CISA warns that federal agencies and organizations that use VMware ESXi should apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Published: Wed Feb 4 11:46:38 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in a widely used web help desk product, previously disclosed but still highly exploitable, has prompted CISA to set an urgent deadline for federal agencies to patch the issue.
Published: Wed Feb 4 12:26:58 2026 by llama3.2 3B Q4_K_M
A new malware campaign known as DEAD#VAX has been discovered, employing a mix of sophisticated tactics to deploy AsyncRAT via IPFS-hosted VHD phishing files. This stealthy approach makes detection and analysis significantly more challenging for defenders, emphasizing the need for continuous updates in threat intelligence and incident response capabilities.
Published: Wed Feb 4 13:02:27 2026 by llama3.2 3B Q4_K_M
Security researchers have uncovered numerous instances of malicious add-ons on OpenClaw's skill marketplace, raising concerns about the safety and security of this popular AI platform. The discovery highlights the need for greater awareness and caution among users as they navigate the potential risks associated with using AI-powered tools like OpenClaw.
Published: Wed Feb 4 13:23:38 2026 by llama3.2 3B Q4_K_M
Notepad++ users may have unwittingly fallen victim to a sophisticated cyber attack. China-backed hackers compromised the update infrastructure of Notepad++, delivering malicious software to select targets, highlighting the need for improved cybersecurity measures.
Published: Wed Feb 4 14:09:01 2026 by llama3.2 3B Q4_K_M
Taiwanese operator Rui-Siang Lin has been sentenced to 30 years in prison for his role in running Incognito Market, a notorious darknet marketplace that sold over $105 million worth of illicit narcotics. The sentence serves as a stark reminder of the consequences of engaging in such activities and the determination of law enforcement agencies to bring those responsible to justice.
Published: Wed Feb 4 14:25:18 2026 by llama3.2 3B Q4_K_M
A recent AWS intruder breach demonstrates the potential for AI-assisted cloud break-ins, with attackers gaining admin access in under 10 minutes. The incident highlights the need for organizations to prioritize security and implement effective countermeasures against these types of threats.
Published: Wed Feb 4 15:25:39 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in a popular open-source workflow automation platform, n8n, has been disclosed, allowing attackers to escape the confines of the environment and gain complete control of the host server. Users are advised to update their platforms immediately and take other precautionary measures to prevent potential attacks.
Published: Wed Feb 4 15:48:09 2026 by llama3.2 3B Q4_K_M
A previously patched vulnerability in VMware ESXi has been exploited by ransomware groups, leaving virtual machines open to attack. CVE-2025-22225 is an arbitrary write issue that allows attackers with privileges within the VMX process to trigger an arbitrary kernel write, leading to an escape of the sandbox. This development highlights the importance of regular patch management and vigilance in detecting and responding to advanced threats.
Published: Wed Feb 4 16:32:50 2026 by llama3.2 3B Q4_K_M
Hackers are compromising NGINX servers to redirect user traffic and reroute it through their backend infrastructure, exploiting a configuration file vulnerability that makes it difficult for security teams to detect. This sophisticated attack highlights the importance of vigilance in securing web services and underscores the need for organizations to prioritize IT infrastructure security.
Published: Wed Feb 4 17:34:24 2026 by llama3.2 3B Q4_K_M
A sophisticated Russian-state hacking group has exploited a newly released Microsoft Office vulnerability to install backdoor implants in targeted organizations. With high confidence, Trellix attributes the attack to APT28, highlighting the importance of staying vigilant in the face of rapidly evolving cyber threats.
Published: Wed Feb 4 18:09:41 2026 by llama3.2 3B Q4_K_M
A critical web traffic hijacking campaign has been uncovered, exploiting the React2Shell vulnerability (CVE-2025-55182) in NGINX installations and management panels. The attackers have been using malicious configurations to route legitimate web traffic through their own backend servers, targeting Asian TLDs, Chinese hosting infrastructure, and government and educational TLDs. This exploit highlights the importance of keeping software up-to-date and emphasizes the need for robust cybersecurity measures to protect against such threats.
Published: Wed Feb 4 23:38:52 2026 by llama3.2 3B Q4_K_M
Satya Nadella has appointed Charlie Bell as Microsoft's first-ever Quality Czar, aiming to enhance the company's focus on engineering excellence through a new Quality Excellence Initiative. The move is part of a broader strategy to address challenges faced by the company in recent times.
Published: Wed Feb 4 23:55:16 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in n8n workflow automation platform has been discovered, enabling system command execution via malicious workflows. Learn more about the issue, its causes, and how to mitigate it to ensure the security of your workflows.
Published: Thu Feb 5 00:35:45 2026 by llama3.2 3B Q4_K_M
Cybersecurity researchers have uncovered a sophisticated web traffic hijacking campaign that leverages malicious NGINX configurations to compromise the security of web applications and redirect user traffic through attacker-controlled backend servers. The attack, which has been linked to the React2Shell vulnerability (CVE-2025-55182), exploits a previously unknown configuration flaw in NGINX to intercept legitimate web traffic and route it through the attackers' infrastructure. This article provides an in-depth analysis of the attack and its implications for cybersecurity professionals and organizations.
Published: Thu Feb 5 00:43:42 2026 by llama3.2 3B Q4_K_M
A recent report by Microsoft's AI red team reveals three indicators that suggest large language models may be poisoned with sleeper-agent backdoors, which could compromise organizations and individuals. Learn more about this emerging security threat and how to protect yourself.
Published: Thu Feb 5 01:47:26 2026 by llama3.2 3B Q4_K_M
Amaranth-Dragon, a China-linked cyber threat actor group, has been identified as responsible for a series of highly targeted and stealthy attacks on government and law enforcement agencies across Southeast Asia in 2025. The group's activities are linked to the APT41 ecosystem and exploit a newly disclosed Windows WinRAR path-traversal issue to gain unauthorized access to sensitive information. With its sophisticated tactics and infrastructure, Amaranth-Dragon poses a significant challenge for cybersecurity professionals and policymakers in the region, highlighting the need for robust defense-in-depth strategies and timely vulnerability management.
Published: Thu Feb 5 04:26:55 2026 by llama3.2 3B Q4_K_M
In a recent revelation, Substack, a popular platform for writers and content creators, has acknowledged that users' email addresses and phone numbers were exposed in a security incident. The breach, which occurred last year, has raised questions about the company's handling of user data and its commitment to cybersecurity. This article delves into the details of the breach, the response from Substack, and what it means for users.
Published: Thu Feb 5 05:05:48 2026 by llama3.2 3B Q4_K_M
The cloud computing industry is shifting towards digital sovereignty, a concept that emphasizes control and ownership over data and infrastructure, as companies seek to reduce their reliance on foreign platforms and meet evolving regulatory requirements.
Published: Thu Feb 5 05:16:39 2026 by llama3.2 3B Q4_K_M
A major data breach at fintech firm Betterment has exposed the sensitive information of over 1.4 million customers, including email addresses, names, and geographic location data. The breach was reportedly caused by a social engineering attack, but no customer accounts were compromised.
Published: Thu Feb 5 05:26:49 2026 by llama3.2 3B Q4_K_M
Artificial Intelligence and Security: The Governance Gap - A New Era of AI Usage Control
Summary:
The proliferation of Artificial Intelligence (AI) has outpaced AI security visibility and control, creating a governance gap that threatens the safety and integrity of sensitive data. This article explores the consequences of this gap and presents a new era of AI usage control as the solution to mitigate these risks.
Published: Thu Feb 5 05:54:52 2026 by llama3.2 3B Q4_K_M
In a recent report, researchers have exposed the latest tactics and technologies employed by the Iranian threat group Infy, also known as Prince of Persia. The group has evolved its command-and-control infrastructure using both HTTP and Telegram communication channels, providing it with greater flexibility in registering C2 domain names. This new approach utilizes a unique dynamic domain generation algorithm and blockchain data de-obfuscation to increase the success rate of its campaigns. With this update, Infy's reputation as a sophisticated state-sponsored threat actor is solidified, highlighting the need for cybersecurity professionals to stay vigilant and adapt to new tactics, techniques, and procedures.
Published: Thu Feb 5 06:06:58 2026 by llama3.2 3B Q4_K_M
Russian-Origin Cyberattacks Target Italy's Winter Olympics: A Growing Concern for Global Sporting Events as State-Sponsored Hacking Continues to Pose Threats to International Sporting Events, Cloudflare CEO Vows to Withhold Services Over Fines.
Published: Thu Feb 5 06:18:39 2026 by llama3.2 3B Q4_K_M
Popular newsletter platform Substack has revealed that it was breached by attackers in October 2025, with unauthorized third-party access to limited user data. Despite efforts to downplay the incident, security experts have expressed concern over the handling of the breach by Substack.
Published: Thu Feb 5 07:03:05 2026 by llama3.2 3B Q4_K_M
A Scales of Operations: The Rise of Industrialized Cyber Threats
Threat actors have long been known for their creative tactics, but recent months have seen a significant shift in the way they operate. This new model of cyber threats is industrialized and highly efficient, with attackers leveraging AI cloud intrusions, social engineering tactics, and shared infrastructure to scale their operations.
Summary: The rise of industrialized cyber threats marks a significant shift in the way threat actors operate. With attackers using AI cloud intrusions, social engineering tactics, and shared infrastructure to scale their operations, organizations must prioritize security and adapt quickly to this new reality. By working together and prioritizing security, individuals and organizations can reduce their risk of falling victim to industrialized cyber threats.
Published: Thu Feb 5 07:44:10 2026 by llama3.2 3B Q4_K_M
Romanian oil pipeline operator Conpet has disclosed a major cyberattack that disrupted its business systems and took down its website. The company has notified authorities and is working to restore affected systems, while the Qilin ransomware gang claims responsibility for the attack.
Published: Thu Feb 5 09:27:10 2026 by llama3.2 3B Q4_K_M
A recent wave of cyberattacks launched by pro-Russian group Noname057(16) has targeted various Italian government offices, websites, and hotels in preparation for the 2026 Milano Cortina Winter Olympics. With threats from such actors on the rise, governments worldwide must remain vigilant and proactive in their cybersecurity measures to prevent similar incidents from occurring.
Published: Thu Feb 5 10:26:10 2026 by llama3.2 3B Q4_K_M
A major cyber attack on Betterment has exposed 1.4 million users' data, including contact and identity-related details, through a social engineering scheme that relied on impersonation.
Published: Thu Feb 5 10:41:34 2026 by llama3.2 3B Q4_K_M
La Sapienza University of Rome has been hit by a sophisticated ransomware attack, leaving thousands without access to their educational resources. The university's IT systems remain offline as it struggles to recover from the incident.
Published: Thu Feb 5 13:44:00 2026 by llama3.2 3B Q4_K_M
A shadowy nation-state group known as TGR-STA-1030 has been identified as the perpetrator of a wide-ranging espionage campaign against governments and critical infrastructure organizations across the globe. Researchers at Unit 42 have characterized their activities as "alarming" and "potential long-term consequences for national security and key services." The group's sophisticated tactics and nation-state backing make them a significant concern for cybersecurity professionals and policymakers alike.
Published: Thu Feb 5 13:53:14 2026 by llama3.2 3B Q4_K_M
A recent record-setting DDoS attack by the AISURU/Kimwolf botnet has highlighted the growing threat landscape in the world of cybersecurity. With DDoS attacks surging by 121% in 2025, reaching an average of 5,376 attacks automatically mitigated every hour, it is imperative that businesses and individuals take a proactive approach to securing themselves against these threats.
Published: Thu Feb 5 14:02:44 2026 by llama3.2 3B Q4_K_M
Substack reveals months-old security breach exposing user contact details, prompting a warning to affected writers and readers about unauthorized access to their email addresses and account metadata.
Published: Thu Feb 5 14:16:23 2026 by llama3.2 3B Q4_K_M
ICE's Mobile Fortify app, designed to identify people through facial recognition, has been found to fall short of identity verification. Despite its limitations, the app has been deployed without proper scrutiny or oversight, raising concerns about its impact on civil liberties and national security.
Published: Thu Feb 5 14:37:03 2026 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |