Category: hacking

Auto Added by WPeMatico

A May 2025 cyberattack on ApolloMD exposed the personal data of over 626,000 patients linked to affiliated physicians and practices. ApolloMD is a US-based healthcare services company that partners with hospitals, health systems, and physician practices. It provides practice management, staffing, revenue cycle, and administrative support services. The company works with affiliated physicians across specialties…

LummaStealer activity spikes post-law enforcement disruption

February 12, 2026

Bitdefender reports a surge in LummaStealer activity, showing the MaaS infostealer rebounded after 2025 law enforcement disruption. Bitdefender observed renewed LummaStealer activity, proving the MaaS infostealer recovered after 2025 takedowns. Active since 2022, it relies on affiliates, social engineering, fake cracked software, and fake CAPTCHA “ClickFix” lures. CastleLoader plays a key role in spreading it.…

Apple fixed first actively exploited zero-day in 2026

February 12, 2026

Apple fixed an exploited zero-day in iOS, macOS, and other devices that allowed attackers to run code via a memory flaw. Apple released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to address an actively exploited zero-day tracked as CVE-2026-20700. The flaw is a memory corruption issue in Apple’s Dynamic Link Editor (dyld) that…

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

February 11, 2026

A new Linux botnet, SSHStalker, has infected about 7,000 systems using old 2009-era exploits, IRC bots, and mass-scanning malware. Flare researchers uncovered a previously undocumented Linux botnet dubbed SSHStalker, observed via SSH honeypots over two months. Researchers ran an SSH honeypot with weak credentials starting in early 2026 and spotted a set of intrusions unlike…

U.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

February 11, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-21510 Microsoft Windows Shell Protection Mechanism Failure…

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

February 10, 2026

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most…

Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data

February 10, 2026

Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…

China-linked APT UNC3886 targets Singapore telcos

February 10, 2026

China-linked group UNC3886 targeted Singapore ’s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major…

Apple Sends Alert – iPhones are at Risk

February 10, 2026

Around 1.6 billion people around the world have iPhones, and while Apple is usually diligent regarding security, there are two major problems that have surfaced. These problems leave iPhone users completely vulnerable to cyber criminal attacks and if users don’t address, they can steal all of your personal data and even your financial information. The…

BeyondTrust fixes critical pre-auth bug allowing remote code execution

February 9, 2026

BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted…

BeyondTrust fixes critical pre-auth bug allowing remote code execution

February 9, 2026

BeyondTrust fixes critical pre-auth bug allowing remote code execution

February 9, 2026

BeyondTrust fixes critical pre-auth bug allowing remote code execution

February 9, 2026

European Commission probes cyberattack on mobile device management system

February 9, 2026

The European Commission is investigating a cyberattack after detecting signs that its mobile device management system was compromised. The European Commission is investigating a cyberattack on its mobile device management platform after detecting intrusion traces. Attackers may have accessed some staff data, including names and phone numbers, but so far they have not compromised any…

European Commission probes cyberattack on mobile device management system

February 9, 2026

European Commission probes cyberattack on mobile device management system

February 9, 2026

European Commission probes cyberattack on mobile device management system

February 9, 2026

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

February 9, 2026

Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare…

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

February 9, 2026

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

February 9, 2026

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

February 9, 2026

Flickr moves to contain data exposure, warns users of phishing

February 8, 2026

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Flickr moves to contain data exposure, warns users of phishing

February 8, 2026

Flickr moves to contain data exposure, warns users of phishing

February 8, 2026

Flickr moves to contain data exposure, warns users of phishing

February 8, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

February 8, 2026

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

February 8, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

February 8, 2026

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

February 8, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

February 8, 2026

DKnife toolkit abuses routers to spy and deliver malware since 2019

February 8, 2026

DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…

Italian university La Sapienza still offline to mitigate recent cyber attack

February 7, 2026

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts.…

CISA pushes Federal agencies to retire end-of-support edge devices

February 7, 2026

CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must…

Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare

February 6, 2026

AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked. The AISURU/Kimwolf botnet was linked to a record-breaking DDoS attack that peaked at 31.4 Tbps and lasted just 35 seconds. Cloudflare said the November 2025 incident was part of a surge in hyper-volumetric HTTP…

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

February 6, 2026

A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials via .git/config files. A new 2026 study by the Mysterium VPN research team reveals that nearly 5 million public web servers are exposing Git repository metadata — with over 250,000 of them exposing .git/config files containing deployment credentials. Such misconfigurations…

Deeper Network Promo Deeper Network Promo

AI, Apps, Breaking News, CISA, Cybersecurity, Endpoint, Exploits, Global Security News, hacking, hacking news, malware, Network Security, Risk Management, Security

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

February 6, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-11953 React Native…

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

February 5, 2026

Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including email addresses and phone numbers. Substack is an online platform for publishing email‑based newsletters and blogs, with built‑in paid subscriptions and basic analytics. It’s free to start; creators pay a fee on paid plans. In 2026 it’s estimated to serve…

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

February 5, 2026

Italy stopped Russian-linked cyberattacks targeting Foreign Ministry offices and Winter Olympics websites and hotels, Foreign Minister Tajani said. Italy has thwarted a series of Russian-linked cyberattacks aimed at Foreign Ministry offices, including one in Washington, as well as Winter Olympics websites and hotels in Cortina d’Ampezzo, according to Foreign Minister Antonio Tajani. “We have foiled…

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

February 5, 2026

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…

GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS

February 4, 2026

GreyNoise spotted a dual-mode Citrix Gateway recon campaign using 63K+ residential proxies and AWS to find login panels and enumerate versions. Between Jan 28 and Feb 2, 2026, GreyNoise tracked a coordinated reconnaissance campaign targeting Citrix ADC and NetScaler Gateways. Attackers used over 63,000 residential proxies to discover login panels, then switched to AWS infrastructure…

U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog

February 3, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2019-19006 Sangoma FreePBX Improper Authentication…

Inside the Iron Mountain Breach: What the Extortion Gang Didn’t Want You to Know

February 3, 2026

Iron Mountain Incorporated is a global information management company with a long history in data storage, records management, backup and recovery, and secure shredding, serving a massive worldwide customer base. In early February 2026, a cybercrime group calling itself Everest claimed on its dark web leak site that it had stolen approximately 1.4 TB of…

Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

February 3, 2026

Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a…

APT28 exploits Microsoft Office flaw in Operation Neusploit

February 3, 2026

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations…

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

February 3, 2026

Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

February 2, 2026

Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped data and left ransom notes, usually demanding $500 in Bitcoin, often using…

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

February 2, 2026

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

February 2, 2026

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

February 2, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

February 2, 2026

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

February 2, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

February 2, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

February 2, 2026

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

February 2, 2026

Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

February 2, 2026

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

February 2, 2026

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

February 2, 2026

Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION

February 2, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker working for Jeffrey Epstein Cyberattacks Disrupt Communications at Wind, Solar,…

Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION

February 2, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker working for Jeffrey Epstein Cyberattacks Disrupt Communications at Wind, Solar,…

Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION

February 2, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker working for Jeffrey Epstein Cyberattacks Disrupt Communications at Wind, Solar,…

Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION

February 2, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker working for Jeffrey Epstein Cyberattacks Disrupt Communications at Wind, Solar,…

SmarterTools patches critical SmarterMail flaw allowing code execution

January 30, 2026

SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3) that could let attackers run malicious code on affected systems. “SmarterTools SmarterMail versions prior to build 9511 contain…

SmarterTools patches critical SmarterMail flaw allowing code execution

January 30, 2026

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

January 30, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a code injection that impacts Ivanti Endpoint Manager…

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

January 30, 2026

SolarWinds addressed four critical Web Help Desk flaws

January 29, 2026

SolarWinds patched six Web Help Desk vulnerabilities, including four critical flaws exploitable without authentication for RCE or auth bypass. SolarWinds released security updates to address six Web Help Desk vulnerabilities, including four critical bugs that allow unauthenticated remote code execution or authentication bypass. The three critical flaws found by watchTowr, and specifically by researcher Piotr…

Google targets IPIDEA in crackdown on global residential proxy networks

January 29, 2026

Google disrupted IPIDEA, a major residential proxy network that enrolled users’ devices via SDKs embedded in mobile and desktop apps. Google and partners disrupted the IPIDEA residential proxy network, used by many threat actors, via legal domain takedowns, intelligence sharing on malicious SDKs, and ecosystem-wide enforcement. Google Play Protect now removes and blocks apps with…

Nation-state and criminal actors leverage WinRAR flaw in attacks

January 29, 2026

Multiple threat actors exploited a now-patched critical WinRAR flaw to gain initial access and deliver various malicious payloads. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including APTs and financially motivated groups, are exploiting the CVE-2025-8088 flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. The WinRAR…

OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution

January 29, 2026

OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw. Cybersecurity firm Aisle discovered the twelve vulnerabilities. The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling.…

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

January 28, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2026-24858 (CVSS score of 9.4), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet started rolling out patches for…

Deeper Network Promo Deeper Network Promo

Breaking News, CVE-2026-24858, Exploits, Fortinet, Global Security News, hacking, Security

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

January 28, 2026

Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and FortiAnalyzer. Fortinet started rolling out patches for a critical FortiOS flaw under active attack. The bug, CVE-2026-24858 (CVSS score of 9.4), lets attackers bypass authentication via SSO. It affects FortiOS, FortiManager, and FortiAnalyzer, while Fortinet checks if other…

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

January 28, 2026

Koi researchers found “PackageGate” flaws in NPM, PNPM, VLT, and Bun that let attackers perform supply chain attacks and run malicious code. Security firm Koi uncovered a set of vulnerabilities collectively tracked as “PackageGate” affecting major JavaScript package managers like NPM, PNPM, VLT, and Bun. These flaws could let attackers bypass supply chain protections and…

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

January 27, 2026

Meta announced new Strict Account Settings on WhatsApp to better protect high-risk users from advanced cyber attacks. Meta announced new Strict Account Settings on WhatsApp to enhance the security of high-risk users from advanced, targeted cyber attacks. “Strict Account Settings is one of many ways we’re working to protect you from the most sophisticated of…

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

January 27, 2026

Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical authentication bypass flaw tracked as CVE-2026-23760. Cybersecurity firm watchTowr disclosed the vulnerability on January 8,…

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

January 27, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog:…

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

January 27, 2026

A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting users in Russia. The attack uses fake business documents as social engineering lures to distract victims while malware runs in the background. It escalates to full…

Dormakaba flaws allow to access major organizations’ doors

January 27, 2026

Researchers found over 20 flaws in Dormakaba access systems that could let attackers remotely unlock doors at major organizations. Researchers from SEC Consult discovered and fixed more than 20 security flaws in Dormakaba physical access control systems. The experts uncovered multiple critical vulnerabilities in Dormakaba physical access control systems based on exos 9300. These enterprise…

Emergency Microsoft update fixes in-the-wild Office zero-day

January 26, 2026

Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. Microsoft released out-of-band security updates to address an actively exploited Office zero-day vulnerability tracked as CVE-2026-21509. The issue is a security feature bypass vulnerability that affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019,…

Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint

January 26, 2026

Microsoft warns of a multi-stage phishing and BEC campaign hitting energy firms, abusing SharePoint links and inbox rules to steal credentials. Microsoft reports an active multi-stage phishing campaign targeting energy sector organizations. The campaign misused SharePoint file-sharing to deliver phishing links and created inbox rules to hide malicious activity and maintain persistence. After the initial…

North Korea–linked KONNI uses AI to build stealthy malware tooling

January 26, 2026

Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Research uncovered an active phishing campaign attributed to the North Korea–linked KONNI group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima). The operation targets software developers and engineers using fake project…

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

January 26, 2026

Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to…

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

January 26, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

January 25, 2026

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates…

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

January 24, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Osiris ransomware emerges, leveraging BYOVD technique to kill security tools U.S. CISA adds a flaw in…

U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

January 24, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2024-37079 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a centralized management platform developed…

11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

January 23, 2026

Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS score of 9.8), in the GNU InetUtils telnet daemon (telnetd) impacts all versions from 1.9.3 to 2.7. The vulnerability can be exploited to gain root access on affected systems.…

Fortinet warns of active FortiCloud SSO bypass affecting updated devices

January 23, 2026

Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Fortinet confirmed attacks bypass FortiCloud SSO on fully patched devices. Threat actors automate firewall changes, add users, enable VPNs, and steal configs, in campaigns resembling December 2025 exploits of critical FortiCloud SSO flaws. Arctic Wolf researchers reported…

U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

January 23, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities…

Critical SmarterMail vulnerability under attack, no CVE yet

January 22, 2026

A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploited just two days after a patch was released. The issue, tracked as WT-2026-0001 and lacking a CVE, was fixed on January 15, 2026, with…

Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

January 22, 2026

Arctic Wolf warned of a new wave of automated attacks making unauthorized firewall configuration changes on Fortinet FortiGate devices. Arctic Wolf researchers reported a new automated attack cluster observed since January 15, 2026, targeting FortiGate devices. Attackers created generic accounts for persistence, enabled VPN access, and exfiltrated firewall configurations. The activity resembles a December 2025…

Cisco fixed actively exploited Unified Communications zero day

January 21, 2026

Cisco patched a critical zero-day RCE flaw (CVE-2026-20045) in Unified Communications and Webex Calling that is actively exploited in the wild. Cisco patched a critical zero-day remote code execution flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), actively exploited in attacks. An unauthenticated, remote attacker can exploit the flaw to execute arbitrary commands on the…

Zoom fixed critical Node Multimedia Routers flaw

January 21, 2026

Zoom addressed a critical security vulnerability, tracked as CVE-2026-22844, that could result in remote code execution. Cloud-based video conferencing and online collaboration platform Zoom released security updates to address multiple vulnerabilities, including command injection, tracked as CVE-2026-22844 (CVSS score of 9.9), in Zoom Node Multimedia Routers (MMRs) that could result in remote code execution. “A…

ACME flaw in Cloudflare allowed attackers to reach origin servers

January 21, 2026

Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation logic that could let attackers bypass security checks and reach origin servers. The issue stemmed from how Cloudflare’s edge handled requests to the /.well-known/acme-challenge/ path.…

Crooks impersonate LastPass in campaign to harvest master passwords

January 21, 2026

Password manager LastPass warns of an active phishing campaign impersonating the service to steal users’ master passwords. LastPass warned users about an active phishing campaign that began around January 19, 2026. Attackers impersonate the service with emails claiming urgent maintenance and urge users to back up their password vaults within 24 hours. The messages use…

Access broker caught: Jordanian pleads guilty to hacking 50 companies

January 20, 2026

A Jordanian man pleaded guilty in the US to selling illegal access to 50 compromised enterprise networks after an undercover sting. A Jordanian national Feras Khalil Ahmad Albashiti (40), living in Georgia, pleaded guilty in a US court to acting as an access broker, selling unauthorized access to the networks of at least 50 companies.…

Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems

January 20, 2026

TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity flaw, tracked as CVE-2026-0629 (CVSS score 8.7), affecting over 32 VIGI C and VIGI InSight camera models. The vulnerability lets attackers on a local network bypass…

Telegram-based illicit billionaire marketplace Tudou Guarantee stopped transactions

January 20, 2026

Major Telegram-based illicit marketplace Tudou Guarantee appears to be shutting down its operations, according to Elliptic. Blockchain cybersecurity firm Elliptic reports that Tudou Guarantee, a major Telegram-based illicit marketplace in Southeast Asia, has stopped transactions in its public groups after handling over $12 billion. The researchers noted that other services still run, so a full…

UK NCSC warns of Russia-linked hacktivists DDoS attacks

January 20, 2026

The UK government warns Russia-linked hacktivists are still carrying out DDoS attacks on critical infrastructure and local government systems The UK government warns that Russia-linked hacktivists are continuing DDoS attacks against critical infrastructure and local government systems. “Today, 19th January 2026, the National Cyber Security Centre (NCSC) – a part of GCHQ – has issued an…

Ransomware attack on Ingram Micro impacts 42,000 individuals

January 19, 2026

Ingram Micro says a ransomware attack exposed personal data of about 42,000 people, including names, birth dates, SSNs, and job-related details. Ingram Micro is a global technology distributor and supply-chain services company. It acts as a middleman between IT vendors (like Microsoft, Cisco, HP, Apple, and cybersecurity firms) and businesses, resellers, and service providers, helping…

StealC malware control panel flaw leaks details on active attacker

January 19, 2026

Researchers uncovered an XSS flaw in StealC malware’s control panel, exposing key details about a threat actor using the info stealer. StealC is an infostealer that has been active since at least 2023, sold as Malware-as-a-Service to steal cookies and passwords. In 2025, its operators released StealC v2, but the web panel quickly leaked and…

AI, Breaking News, cyber crime, data breach, Data Breaches, Global Security News, hacking, Security

AI, Cybercrime, Europe, Exploits, Global Security News, hacking, hacking news, information security news, malware, Uncategorized

AI, Apple, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, Security

AI, Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware, Network Security

AI, Breaking News, CISA, Cybersecurity, Exploits, Global Security News, hacking, hacking news, Network Security, Risk Management, Security

AI, Breaking News, Exploits, Global Security News, hacking, hacking news, Security, Uncategorized

AI, Breaking News, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, hacking, hacking news, intelligence, Security

AI, APT, Breaking News, china, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, intelligence, Network Security, Security

Apple, cyber security, Cybersecurity, Global Security News, hacking, mobile devices, Risk Management

AI, Breaking News, Exploits, Global Security News, Government & Policy, hacking, hacking news, Security

AI, Breaking News, Exploits, Global Security News, Government & Policy, hacking, hacking news, Security

AI, Breaking News, Exploits, Global Security News, Government & Policy, hacking, hacking news, Security

AI, Breaking News, Exploits, Global Security News, Government & Policy, hacking, hacking news, Security

AI, Breaking News, Cybersecurity, data breach, Data Breaches, Europe, Global Security News, hacking, Security

AI, Breaking News, Cybersecurity, data breach, Data Breaches, Europe, Global Security News, hacking, Security

AI, Breaking News, Cybersecurity, data breach, Data Breaches, Europe, Global Security News, hacking, Security

AI, Breaking News, Cybersecurity, data breach, Data Breaches, Europe, Global Security News, hacking, Security

AI, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Network Security, Security

AI, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Network Security, Security

AI, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Network Security, Security

AI, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Network Security, Security

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

AI, Breaking News, china, Cybercrime, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, malware, Network Security, Risk Management, Russia, Security

AI, Breaking News, china, Cybercrime, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, malware, Network Security, Risk Management, Russia, Security

AI, Apps, Breaking News, china, Endpoint, Exploits, Global Security News, hacking, malware, Mobile, Network Security, Security

AI, Breaking News, cyber crime, Cybersecurity, Data Breaches, Europe, Global Security News, hacking, malware, Network Security, Russia, Security

AI, Breaking News, Compliance, Cybersecurity, edge network devices, Global Security News, Government & Policy, hacking, hacking news, Network Security, Risk Management, Security

AI, Breaking News, china, cyber crime, Global Security News, Government & Policy, hacking, malware, Network Security, Security

AI, APAC, Breaking News, Data Breaches, Europe, git, Git Metadata, Global Security News, hacking, Risk Management, Security

AI, Apps, Breaking News, CISA, Cybersecurity, Endpoint, Exploits, Global Security News, hacking, hacking news, malware, Network Security, Risk Management, Security

AI, Cybercrime, data breach, Data Breaches, Global Security News, hacking, hacking news, Uncategorized

AI, Breaking News, Cybersecurity, DDoS, Global Security News, Government & Policy, hacking, hacktivism, information security news, Russia

AI, APT, china, Cyber warfare, Exploits, Global Security News, Government & Policy, hacking, intelligence, malware

Breaking News, citrix, cyber crime, Exploits, Global Security News, hacking, Security

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

AI, Cybersecurity, data breach, Data Breaches, Endpoint, Exploits, Global Security News, hacking, Information Security, malware, Network Security

Breaking News, Exploits, Global Security News, hacking, hacking news, Security

APT, Exploits, Global Security News, hacking, intelligence, malware, Security

APT, Asia Pacific, Breaking News, Global Security News, hacking, malware, Security

Breaking News, cyber crime, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, cyber crime, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, cyber crime, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, cyber crime, Exploits, Global Security News, hacking, hacking news, Security

Asia Pacific, Breaking News, Cybercrime, data breach, Global Security News, hacking, Security