Russia-linked attackers are reportedly using a new Microsoft vulnerability as part of a coordinated espionage and malware campaign, Operation Neusploit. The campaign was spotted in January 2026 by Security researchers at ZScaler ThreatLabz, three days after Microsoft issued an urgent patch for the flaw. “In this campaign, the threat actor leveraged specially crafted Microsoft RTF…
Category: Malware, Security, Vulnerabilities
Exploits, Global Security News, Malware, Security, Vulnerabilities
Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack
Threat actors recently tried to exploit a freshly patched max-severity SAP Netweaver flaw to deploy a persistent Linux remote access trojan (RAT) “Auto-Color.” According to a Darktrace report, a recent attack abused the flaw to set up a stealthy advanced-stage compromise but was shortly contained by its “autonomous response.” “In April 2025, Darktrace identified an…
Exploits, Global Security News, Malware, Security, Vulnerabilities
Chinese ‘Fire Ant’ spies start to bite unpatched VMware instances
Suspected China-aligned actors are running a new “Fire Ant” espionage campaign, active since early 2025, that targets VMWare ESXi, vCenter servers, and F5 appliances to achieve stealthy hypervisor-level control. According to a Sygnia discovery, the campaign has been exploiting critical flaws in VMware environments to gain unauthenticated access to virtualization infrastructure and deploy persistent malware…
Exploits, Global Security News, Malware, Security, Vulnerabilities
Chinese ToddyCat abuses ESET antivirus bug for malicious activities
China-backed APT group ToddyCat has been found exploiting a medium-severity vulnerability in ESET antivirus software to sneak malicious code onto vulnerable systems. Tracked as CVE-2024-11859, the flaw is a dynamic link library (DLL) search order hijacking vulnerability discovered and reported by Kaspersky last year, with a fix issued by ESET in January. “On systems with…