SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. If exploited, the flaws may allow attackers to create a system admin user and/or execute code as a privileged account. The SolarWinds Serv-U vulnerabilities SolarWinds Serv-U runs on Windows or Linux and…
Category: Exploits
AI, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors
Microsoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessments. The campaign employs carefully crafted lures to blend into routine workflows, such as cloning repositories, opening projects, and running builds, thereby allowing the malicious code to execute undetected. Telemetry collected during an incident…
Exploits, Global Security News, Russia
US sanctions Russian broker for buying stolen zero-day exploits
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. […]
Exploits, Global Security News, Russia
Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets
Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading guilty to stealing and selling sensitive cyber-exploit trade secrets to a Russian broker. Williams admitted his actions caused the defense contractor an estimated $35 million in losses. The…
Exploits, Global Security News
CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)
CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused by attackers abusing the flaw. Because public disclosures from the Japanese CERT Coordination Center (JPCERT/CC) and…
AI, Apps, Exploits, Global Security News, Government & Policy, Russia
Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero
A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker. Peter Williams, a 39-year-old Australian former L3Harris employee, received a prison sentence of just over seven years for selling eight zero-day exploits to the Russian broker Operation Zero for millions. Williams pleaded guilty…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Soliton Systems K.K FileZen flaw, tracked as CVE-2026-25108 (CVSS v4 score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. Soliton Systems K.K. FileZen is a…
AI, Exploits, Global Security News, Russia
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October…
Exploits, Global Security News, Government & Policy, Russia
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. […]
Exploits, Global Security News
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below – CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system…
Cybersecurity, Exploits, Global Security News
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute
AI, Exploits, Global Security News
Edge systems take the brunt of internet-wide exploitation attempts
Internet-facing VPNs, routers, and remote access services absorbed sustained exploitation attempts throughout the second half of 2025, with nearly 3 billion malicious sessions recorded over 162 days. The concentration on edge infrastructure aligns with how attackers pursue initial access across the public internet. GreyNoise’s State of the Edge data set covers 2.97 billion sessions observed…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
New Serv-U bugs extend SolarWinds’ run of high-severity disclosures
SolarWinds continues to be besieged by security issues, this time in its Serv-U managed file transfer server. The software company has released four patches for critical Serv-U remote code execution (RCE) vulnerabilities that could allow attackers to gain root (administrator) access to unpatched servers. These four common vulnerabilities and exposures (CVEs) are rated “critical,” the…
AI, Exploits, Global Security News, Network Security, Risk Management
VMware fixes command injection flaw in Aria Operations
VMware has released patches for several high- and medium-risk vulnerabilities that impact its Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure products. The most serious of these flaws allows unauthenticated attackers to execute arbitrary commands on the underlying OS, while another gives authenticated users the ability to elevate to administrator privileges. The…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security
What are the types of ransomware attacks?
Ransomware isn’t an isolated, potential cyber threat—it’s like a living organism that can shapeshift with multiple strains, tactics, and targets. The cybercriminals behind ransomware attacks run these operations like a business and are motivated to keep up profits at any cost. Their tactics range from quickly locking down an entire network to slowly leaking sensitive…
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Take control: Locking down common endpoint vulnerabilities
Attackers are constantly on the prowl, scoping out vulnerabilities of network-connected devices in your systems. These devices—laptops, desktops, servers, IoT, and more—are like unlocked doors waiting for threat actors to stroll through. And here’s the kicker: many of these vulnerabilities are shockingly common and easily preventable. Let’s break down the weaknesses we most frequently track…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Russia
Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker
An ex-L3 Harris executive was sentenced to over seven years in prison Tuesday after pleading guilty to selling eight zero-day exploits to a Russian broker in exchange for millions of dollars. Williams, 39, admitted to two counts of theft of trade secrets in U.S. District Court in Washington, D.C., last year, acknowledging he took at…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management
Know the red flags: Business email compromise signs to look out for
When it comes to cyber threats, business email compromise (BEC) is one of the sneakiest, most costly scams out there. These digital predators don’t rely on brute force, but are patient, tactical, and they exploit one weakness above all: human trust. If you’re in the cybersecurity game, spotting a BEC attack can mean the difference…
AI, APAC, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
VMware Aria Vulnerabilities Expose RCE Risk
Broadcom has disclosed three vulnerabilities in VMware Aria Operations, including one that could allow unauthenticated remote code execution during product migrations. One of the flaws, CVE-2026-22719, can allow an attacker “… to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress,” said Broadcom…
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
SolarWinds patches four critical Serv-U flaws enabling root access
SolarWinds addressed four critical Serv-U vulnerabilities that could let attackers gain root access to unpatched servers. SolarWinds released updates fixing four critical Serv-U vulnerabilities that allow remote code execution, potentially giving attackers full root access on unpatched servers. Serv-U is a file transfer server software that allows organizations to securely transfer files over networks using…
AI, Exploits, Global Security News
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google Patches Three High-Severity Chrome Flaws
Google has released a security update for its Chrome browser that addresses three high-severity vulnerabilities, which could pose risk to users. One of the vulnerabilities, CVE-2026-3061, allows “… a remote attacker to perform an out-of-bounds memory read via a crafted HTML page,” said NIST in its advisory. Inside the Chrome Vulnerabilities The security update addresses…
AI, APAC, Compliance, Exploits, Global Security News, Risk Management
VMware Aria Operations flaws could enable remote attacks
Broadcom patched multiple VMware Aria Operations flaws, including high-severity issues that could enable remote code execution. Broadcom has released security updates to address multiple vulnerabilities affecting VMware Aria Operations. VMware Aria Operations is an IT operations management platform that helps organizations monitor and optimize virtual, cloud, and hybrid environments. It provides performance monitoring, capacity planning,…
AI, Exploits, Global Security News, Risk Management
Aikido Infinite introduces continuous, self-remediating AI penetration testing
Aikido Security has unveiled Aikido Infinite, a continuous AI penetration testing solution that autonomously validates and remediates vulnerabilities. Infinite reduces risk with every release by testing software changes as they move through deployment, confirming exploitability, and fixing vulnerabilities within the same workflow. Penetration testing often relies on manual or point-in-time assessments, frequently delivered weeks after…
AI, Compliance, Cybersecurity, Exploits, Global Security News, Risk Management
All Covered Launches Managed Vulnerability Service
All Covered, a division of Konica Minolta and a managed IT and managed security services provider, has launched a vulnerability remediation service designed to help organizations continuously identify, prioritize, and remediate security vulnerabilities before they can be exploited. Announced Feb. 24, the offering responds to growing demand from organizations, particularly in regulated industries such as…
AI, Exploits, Global Security News, malware, Risk Management
Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools
A massive Shai-Hulud-style npm supply chain worm is hitting the software ecosystem, burrowing through developer machines, CI pipelines, and AI coding tools. Socket researchers uncovered the active attack campaign and called it SANDWORM_MODE, derived from the “SANDWORM_*” environment variable switches embedded in the malware’s runtime control logic.” At least 19 typosquatted packages were published under…
AI, Apps, china, Compliance, Exploits, Global Security News, Risk Management
Anthropic alleges large-scale distillation campaigns targeting Claude
Anthropic has accused three Chinese AI developers of running large-scale campaigns to illicitly extract capabilities from its Claude model to improve their own systems. The company claims DeepSeek, Moonshot, and MiniMax used a distillation technique, where a less capable model is trained on the outputs of a more advanced one. More than 16 million interactions…
AI, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Russia
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration
Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…
AI, china, Cybersecurity, Exploits, Global Security News, malware, Network Security
CrowdStrike says attackers are moving through networks in under 30 minutes
Cyberattacks reached victims faster and came from a wider range of threat groups than ever last year, CrowdStrike said in its annual global threat report released Tuesday, adding that cybercriminals and nation-states increasingly relied on predictable tactics to evade detection by exploiting trusted systems. The average breakout time — how long it took financially-motivated attackers…
AI, china, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia
The rise of the evasive adversary
Since the earliest days of the internet, there has never been a let-up in adversarial activity. According to CrowdStrike’s just-released 12th annual Global Threat Report, malicious activity in cyberspace continues to not only accelerate but also expand its scale and increasingly abuse the trust of targeted organizations. The good news is that, despite discussion of…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Anthropic’s Claude Code Security rollout is an industry wakeup call
When Anthropic launched a “limited research preview” of its Claude Code Security offering on Friday, Wall Street investors sent the stocks of the largest cybersecurity vendors plunging. But did the Anthropic rollout warrant such a reaction? After all, those companies, including CrowdStrike, Zscaler, Palo Alto Networks and Okta, are preparing their own agentic capabilities, and…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Ad Tech Firm Optimizely Investigates Vishing Incident
Ad tech firm Optimizely is notifying customers after a voice phishing attack led to unauthorized access to some of its internal systems. The company says threat actors obtained limited business contact information but did not access sensitive customer data or disrupt operations. “The threat actor gained access to Optimizely’s systems through a sophisticated voice-phishing attack,…
AI, Europe, Exploits, Global Security News, Russia
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation…
AI, Exploits, Global Security News, malware
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth
A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that spreads through pirated software bundles to deploy a custom XMRig miner. The attack uses a BYOVD exploit and a time-based logic bomb to evade detection and maximize…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management, Russia
AWS Threat Intel Finds 600+ FortiGate Devices Hit
A financially motivated cybercriminal has used commercial generative AI tools to compromise more than 600 FortiGate devices across 55 countries — without exploiting specific software vulnerabilities. This “… campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale,” said CJ…
AI, APAC, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Ransomware, Zero-Days, and Data Breaches Shape This Week’s Cybersecurity Landscape
This week, a Dell vulnerability is being actively exploited, an Apache flaw allows bypass of RBAC, and over 41% of OpenClaw skills are vulnerable. Major Threats & Vulnerabilities Zero-Day Vulnerabilities A zero-day vulnerability in Dell RecoverPoint is being actively exploited to deploy web shells and backdoors in VMware environments. This highlights the urgent need for…
AI, Apps, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
1.2 Million Accounts Exposed in French Bank Registry Breach
An incident disclosed by the French Ministry of Finance involved unauthorized access to the national bank account registry and may have exposed data tied to approximately 1.2 million accounts. This case highlights the continued effectiveness of credential theft as an attack vector. The attacker “… was able to consult part of this file which lists…
AI, APAC, Apps, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
A newly uncovered infostealer, suspected to be built with the help of a large language model, is targeting victims with Python and C++ variants, each tailored for a different stage of data theft. Kaspersky researchers discovered a stealer dubbed “Arkanix,” which is capable of harvesting credentials, browser data, cryptocurrency, and banking assets from infected machines.…
AI, Exploits, Global Security News
CISA: Recently patched RoundCube flaws now exploited in attacks
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. […]
AI, china, Exploits, Global Security News, Network Security, Russia
AI-powered campaign compromises 600 FortiGate systems worldwide
A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how…
AI, APAC, Apps, Endpoint, Exploits, Global Security News, Government & Policy, Network Security
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
Attackers are actively exploiting two critical zero-day vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) to gain unauthenticated control of enterprise mobile device management infrastructure and install backdoors engineered to persist even after organizations apply available patches. “Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Anthropic unveils Claude Code Security to detect and fix code bugs
Anthropic launches Claude Code Security, an AI tool that scans code for vulnerabilities and suggests how to address them. Anthropic has introduced Claude Code Security, a new AI-powered service designed to scan software codebases for vulnerabilities and recommend fixes. Built into Claude Code, the tool aims to help teams detect and remediate security flaws faster.…
AI, Exploits, Global Security News, malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links…
AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia
Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog PayPal discloses extended data…
AI, Exploits, Global Security News
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed significantly over the past decade, but according to John White, EMEA Field CISO, Torq, the most disruptive shift is accountability driven by agentic AI. In this Help…
AI, Exploits, Global Security News, Russia
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. “No exploitation of FortiGate
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-49113 (CVSS score of 9.9) RoundCube Webmail Deserialization of Untrusted Data Vulnerability…
AI, Cybersecurity, Exploits, Global Security News
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-49113 (CVSS score: 9.9) – A deserialization of untrusted data vulnerability that allows remote code
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Risk Management
Compromised npm package silently installs OpenClaw on developer machines
A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
University of Mississippi Medical Center Closes Clinics After Ransomware Attack
A ransomware attack has forced the University of Mississippi Medical Center (UMMC) to temporarily close most of its clinics, cancel elective procedures, and shift to manual documentation as IT systems remain offline. The incident, detected in the early hours of Feb. 19, 2026, disrupted UMMC’s network, including its EPIC electronic medical record (EMR) platform. “We…
AI, Apps, Cybersecurity, Exploits, Global Security News
Anthropic rolls out embedded security scanning for Claude
Anthropic is rolling out a new security feature for Claude Code that can scan a user’s software codebases for vulnerabilities and suggest patching solutions. The company announced Friday that Claude Code Security will initially be available to a limited number of enterprise and team customers for testing. That follows more than a year of stress-testing…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Barracuda: Firewall Exploits Drive 90% of Ransomware Incidents
Ninety percent of ransomware incidents in 2025 reportedly exploited firewalls via unpatched software or a vulnerable account, according to Barracuda Networks’ newly published Barracuda Managed XDR Global Threat Report. Outdated tools and remote access abuse heighten ransomware exposure According to the cybersecurity company, the findings show how attackers exploit legitimate IT tools such as remote…
Exploits, Global Security News, Network Security
Attackers Use New Tool to Scan for React2Shell Exposure
Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.
AI, Compliance, Europe, Exploits, Global Security News, Network Security, Russia
AI-augmented threat actor accesses FortiGate devices at scale
Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates this shift: Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries…
AI, APAC, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Apache Tomcat Vulnerability Circumvents Access Rules
A vulnerability in Apache Tomcat enables users to bypass certain access controls by leveraging legacy HTTP/0.9 requests. Under specific configurations, the issue could allow attackers to circumvent defined security constraints. “If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET…
Cybersecurity, Exploits, Global Security News
CISA: BeyondTrust RCE flaw now exploited in ransomware attacks
Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. […]
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
Don’t trust TrustConnect: This fake remote support tool only helps hackers
After breaking into a system, crooks often install legitimate remote admin tools to keep a foothold on the network — with the risk that the tool’s vendor spots them and locks them out. Now they have a new option: a fake remote monitoring and management (RMM) tool, complete with serious-looking online storefront, built just for…
Exploits, Global Security News
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the
AI, Exploits, Global Security News, Network Security
KI und Komplexität als Brandbeschleuniger für Cyberkriminelle
Cyberangriffe werden immer schneller, wodurch sich die Zeitspanne zwischen der ersten Kompromittierung und den negativen Folgen verkürzt. andrey_l – shutterstock.com Der Einzug von KI hat den benötigten Zeitaufwand für Cyberattacken massiv verkürzt, so dass menschliche Verteidiger nicht mehr mithalten können. So lautet das vielleicht wenig überraschende Ergebnis des 2026 Global Incident Response Report von Palo…
AI, Exploits, Global Security News, malware
FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025
The FBI warns ATM jackpotting is rising nationwide, with over $20 million lost in 2025 and 1,900 incidents reported since 2020. The FBI has warned of a sharp rise in ATM jackpotting attacks across the U.S., with losses exceeding $20 million in 2025 alone. Since 2020, about 1,900 incidents have been reported, including 700 last…
AI, Exploits, Global Security News, malware, Network Security
PromptSpy abuses Gemini AI to gain persistent access on Android
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity…
AI, Apps, china, Cybersecurity, Data Security, Exploits, Global Security News, Government & Policy, Network Security, Politics, Risk Management
Texas Sues TP-Link Over Alleged Security Risks and Supply Chain Deception
Texas has filed a lawsuit against networking manufacturer TP-Link Systems, accusing the company of misleading consumers about the security and origins of its routers while exposing users to exploitation by Chinese state-backed threat actors. The complaint alleges that TP-Link marketed its devices as secure and labeled them “Made in Vietnam,” despite sourcing nearly all components…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
MCP Servers Expose a Hidden AI Attack Surface in Enterprise Environments
As enterprises rush to integrate AI assistants into daily workflows, a new and potentially overlooked attack surface is emerging: Model Context Protocol (MCP) servers. Built to connect AI applications to external tools and data, MCP servers can be exploited to execute code, exfiltrate data and manipulate users — often without visible signs of compromise. Attackers…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Risk Management
HHS burrows into identifying risks to health sector from third-party vendors
A Department of Health and Human Services official said Thursday that HHS is devoting a lot of attention to the security of third-party service providers after the 2024 Change Healthcare cyberattack. That attack, which is widely regarded as the biggest ever in the sector — including by HHS’s Charlee Hess, who spoke Thursday at CyberTalks…
AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
better-auth Flaw Allows Unauthenticated API Key Creation
A vulnerability in the better-auth library could allow attackers to take over user accounts without ever logging in. The flaw affects the library’s API keys plugin and enables unauthenticated attackers to mint privileged API keys for arbitrary users. Exploitation of the vulnerability grants “… full authenticated access as the targeted user and, depending on the…
Exploits, Global Security News, Risk Management
90% of Ransomware Incidents Exploit Firewalls
GUEST RESEARCH: New Barracuda Report Shows How Attackers Target Organisations and The Security Gaps Increasing Risk
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
CISA orders feds to patch actively exploited Dell flaw within 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. […]
AI, Exploits, Global Security News
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps
AI, china, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2021-22175 (CVSS score 6.8) GitLab Server-Side Request Forgery (SSRF)…
AI, APAC, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Ivanti EPMM Vulnerabilities Actively Exploited in the Wild
Two vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, putting thousands of enterprise mobile management systems at risk. The flaws allow unauthenticated attackers to remotely execute arbitrary code on vulnerable servers, potentially giving them full control over corporate mobile device management (MDM) environments. “Palo Alto Networks Cortex Xpanse has…
Exploits, Global Security News, malware
China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware
Dell warns of a critical security hole in its RecoverPoint software exploited by hackers. Learn how to protect your data from the CVE-2026-22769 vulnerability and the new GrimBolt malware.
Exploits, Global Security News, Network Security
Texas sues TP-Link over Chinese hacking risks, user deception
Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users’ devices. […]
Endpoint, Exploits, Global Security News, Network Security, Risk Management
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329)
A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 researchers discovered. “The vulnerability is present in the device’s web-based API service, and is accessible in a default configuration,” Rapid7 researcher Stephen Fewer noted. The risks related to CVE-2026-2329 exploitation CVE-2026-2329…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Six flaws found hiding in OpenClaw’s plumbing
Security researchers have uncovered six high-to-critical flaws affecting the open-source AI agent framework OpenClaw, popularly known as a “social media for AI agents.” The flaws were discovered by Endor Labs as its researchers ran the platform through an AI-driven static application security testing (SAST) engine designed to follow how data actually moves through the agentic…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Honeywell CCTVs are affected by a critical authentication bypass flaw, tracked as CVE-2026-1670 (CVSS score of 9.8), that lets attackers change the recovery email without logging…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Politics, Risk Management
The Caracas operation suggests cyber was part of the plan – just not the whole operation
The dominant narrative has framed the Jan. 3 Caracas power outage during the mission to capture Venezuelan leader Nicolás Maduro as a “precision cyberattack.” But publicly available information points to a more complicated picture: videos, photographs, and accounts published from Caracas show significant physical damage to at least three Venezuelan substations. Experts who reviewed that…
AI, Apps, Exploits, Global Security News, Risk Management
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk
CredShields announces that the OWASP Smart Contract Security Project has officially released the OWASP Smart Contract Top 10 2026, a risk prioritization framework derived from structured analysis of 2025 smart contract incidents representing hundreds of millions in contract related losses. CredShields, supported by its exploit intelligence platforms including SolidityScan and Web3HackHub, led the structured incident…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn
Enterprise security teams racing to enable generative AI tools may be overlooking a new risk: attackers can abuse web-based AI assistants such as Grok and Microsoft Copilot to quietly relay malware communications through domains that are often exempt from deeper inspection. The technique, outlined by Check Point Research (CPR), exploits the web-browsing and URL-fetch capabilities…
AI, Endpoint, Exploits, Global Security News, malware, Network Security
WatchGuard: New Malware Variants Surge 1,500% in H2 2025
A new report from WatchGuard Technologies reveals that unique malware detections on endpoints skyrocketed by 1,548% in the second half of 2025, even as overall malware volume dipped slightly. Internet Security Report findings suggest threat actors are bypassing traditional defense The findings, published in the company’s H2 2025 Internet Security Report, highlight a sharp pivot…
AI, Exploits, Global Security News
Open-source benchmark EVMbench tests how well AI agents handle smart contract exploits
Smart contract exploits continue to drain funds from blockchain projects, even as auditing tools and bug bounty programs grow. The problem is tied to how Ethereum Virtual Machine (EVM) contracts work: code is deployed permanently, runs autonomously, and often controls large pools of assets. That environment has created demand for better ways to measure whether…
AI, Exploits, Global Security News, Government & Policy, Network Security, privacy
Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports
Amnesty reports Angolan journalist’s iPhone was infected by Intellexa’s Predator spyware via a WhatsApp link in May 2024. Amnesty International reports that in May 2024, Intellexa’s Predator spyware infected the iPhone of Teixeira Cândido, an Angolan journalist and press freedom advocate, after he opened a malicious link sent via WhatsApp. This incident highlights how attackers…
AI, Apps, china, Exploits, Global Security News, Network Security, Risk Management
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author. Don Ho made the claim this week after the release of version 8.9.2 of Notepad++, which includes a double-lock verification that any download of the tool from this point…
AI, APAC, Apps, china, Endpoint, Exploits, Global Security News, malware, Network Security
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution. The flaw, patched by Dell this week, allows unauthenticated attackers to gain command execution on the underlying OS as root. The vulnerability, tracked as CVE-2026-22769, stems from hardcoded…
AI, china, Exploits, Global Security News, malware
Dell’s Hard-Coded Flaw: A Nation-State Goldmine
A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.
AI, APAC, Apps, china, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Zero-Day in Dell RecoverPoint Enables GRIMBOLT Backdoor
A zero-day vulnerability in Dell RecoverPoint for Virtual Machines is being actively exploited to deploy backdoors and pivot deeper into enterprise networks. The flaw has reportedly been abused since at least mid-2024 by a suspected China-linked threat cluster. “Beyond the Dell appliance exploitation, Mandiant observed the actor employing novel tactics to pivot into VMware virtual…
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware
Notepad++ patches flaw used to hijack update system
Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Booking.com Phishing Campaign Hijacks Hotel Accounts to Defraud Guests
A new phishing campaign is exploiting trust in Booking[.]com to steal credentials from hotel partners and then defraud unsuspecting travelers. The multi-stage operation begins with convincing “complaint” emails sent to hotel staff and can end with fraudulent payment requests sent directly to guests via WhatsApp. “The primary motivation driving this incident is financial fraud, targeting…
AI, Exploits, Global Security News
Telegram channels expose rapid weaponization of SmarterMail flaws
Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to ransomware activity. […]
AI, Apps, Exploits, Global Security News, Risk Management
News alert: CredShields research informs OWASP’s 2026 ‘Smart Contract Security Priorities Project’
SINGAPORE, Feb. 17th, 2026, CyberNewswire — The OWASP Smart Contract Security Project has released the OWASP Smart Contract Top 10 2026, a risk prioritization framework developed from structured analysis of real world exploit data observed across blockchain ecosystems in 2025. Crypto protocols continued to experience significant smart contract failures in 2025, with exploit patterns increasingly pointing…
Cybersecurity, Exploits, Global Security News, Risk Management
Essential Cybersecurity Tips For Startups
In this post, I will show you essential cybersecurity tips for startups. Launching a company is exciting, but it also exposes you to risks that can hit your business before it finds its footing. Criminals move fast to exploit weak spots and mistakes in young companies that haven’t built strong security habits yet. Follow these…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Windows Admin Center Flaw Opens Door to Privilege Escalation
A vulnerability in Windows Admin Center (WAC) could allow authorized attackers to escalate privileges in enterprise environments. The issue affects WAC version 2.6.4 and has been assigned a CVSS score of 8.8. “Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network,” said Microsoft in its advisory. How the…
AI, Exploits, Global Security News, malware
AI Assistants Used as Covert Command-and-Control Relays
AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication
AI, china, Exploits, Global Security News, Network Security
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines software since at least mid-2024, according to new research from Google’s threat intelligence team and Mandiant. The attackers deployed stealthy backdoors (BRICKSTORM and GRIMBOLT), a webshell (SLAYSTYLE) and maintained long-term access inside targeted networks. “Beyond…
Cybersecurity, Exploits, Global Security News
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and
AI, Exploits, Global Security News
Scammers exploit trust in Atlassian Jira to target organizations
Threat actors have leveraged legitimate email notification feature of Atlassian Jira to deliver localized scam emails at scale. The emails From late December 2025 through late January 2026, victims were targeted with spam emails from legitimate-looking Atlassian Jira Cloud addresses. Organizations already using Jira were specifically targeted: the attackers selected domains known to have active…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Flaws in four popular VS Code extensions left 128 million installs open to attack
Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, and local network reconnaissance. Application security company OX Security published the findings this week, saying it had begun notifying vendors in June 2025 but received no response…
AI, china, Exploits, Global Security News, malware, Risk Management
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. “Mandiant and Google Threat Intelligence Group (GTIG) have identified…
AI, APAC, china, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CVE-2026-22769: Critical Dell RecoveryPoint Zero-Day Exploited in the Wild
SOC Prime has recently covered a wave of actively exploited zero-days across major ecosystems, including Apple’s CVE-2026-20700 and Microsoft’s CVE-2026-20805, alongside a fresh Chrome zero-day case. But the avalanche of threats keeps marching into 2026. Recently, researchers from Mandiant and Google Threat Intelligence Group (GTIG) detailed the active exploitation of CVE-2026-22769, a maximum-severity hardcoded-credential vulnerability…
AI, Endpoint, Exploits, Global Security News, Risk Management
From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses
The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs. We’re now seeing this pattern all over again with AI systems. And, even worse, AI introduces non-deterministic behavior, autonomous actions,…