A security flaw in Microsoft 365 Copilot is causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, bypassing configured Data Loss Prevention (DLP) policies dxposing potentially sensitive organizational data to unauthorized AI processing. The issue,…
Category: Cyber Security News
ClickFix Abuses Legitimate Homebrew Workflow to Deploy Cuckoo Stealer on macOS for Credential Harvesting
A sophisticated social engineering campaign is targeting macOS developers through fake Homebrew installation pages that deploy Cuckoo Stealer, a comprehensive credential-harvesting malware. The attack leverages the ClickFix technique, which tricks users into executing malicious Terminal commands disguised as legitimate software…
ClawHavoc Poisoned OpenClaw’s ClawHub with 1,184 Malicious Skills, Enabling Data Theft and Backdoor Access
A large-scale supply chain poisoning campaign that targeted OpenClaw’s official marketplace, ClawHub, distributing 1,184 malicious “Skills” designed to steal data and establish backdoor access on compromised systems. OpenClaw, a fast-growing open-source AI agent platform, enables users to install plugin-like Skills…
OpenClaw AI Framework v2026.2.17 Released with Anthropic Model Support and Security Fixes
OpenClaw has released version 2026.2.17 with significant enhancements, including support for Anthropic’s Claude Sonnet 4.6 model. Expanded context windows, though the update arrives as the AI agent framework continues facing scrutiny over critical security vulnerabilities involving credential theft and remote…
New SysUpdate Variant Malware Discovered and Tool Developed to Decrypt Encrypted Linux C2 Traffic
A new variant of the SysUpdate malware has emerged as a sophisticated threat targeting Linux systems with advanced command-and-control (C2) encryption capabilities. The malware was discovered during a Digital Forensics and Incident Response (DFIR) engagement when security teams detected the…
Paloalto to Acquire Koi Security for Establishing Agentic Endpoint security
Palo Alto Networks announced a definitive agreement to acquire Koi Security, a leading innovator in Agentic Endpoint Security, marking a major expansion of its AI‑driven defense portfolio. The move underscores Palo Alto’s commitment to securing the emerging landscape of AI-enabled endpoints. Autonomous…
MetaMask Users Targeted with Phishing Emails Containing Forged Security Report to Evade Detection
A new phishing campaign is targeting MetaMask users through carefully crafted emails that contain fake security incident reports designed to manipulate victims into compromising their accounts. The attack leverages social engineering tactics by creating a false sense of urgency around…
16 Zero-Day Vulnerabilities in Popular PDF Platforms Enable Code Execution and Data Exfiltration
16 zero-day vulnerabilities, including critical OS Command Injection, DOM-based XSS, SSRF, and Path Traversal flaws across Apryse WebViewer (formerly PDFTron) and Foxit PDF cloud services, affecting millions of enterprise users worldwide. The disclosure from Novee Security showcases its AI-augmented human-agent…
Single-Character Typo of “&” Instead of “|” Leads to 0-Day RCE in Firefox
A critical Remote Code Execution (RCE) vulnerability in Mozilla Firefox was caused by a single-character typo in the SpiderMonkey JavaScript engine’s WebAssembly garbage collection code, where a developer mistakenly typed “&” (bitwise AND) instead of “|” (bitwise OR). Security researcher…
CISA Adds Windows Video ActiveX Control RCE Flaw to KEV Catalog Following Active Exploitation
A long-dormant Microsoft Windows vulnerability, CVE-2008-0015, has been added to the Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw, first disclosed more than a decade ago, impacts the Windows Video ActiveX Control component and poses…
Anthropic Releases Claude Sonnet 4.6 with Improved Coding, Computer Use, and 1M Token Context Window
Anthropic has officially launched Claude Sonnet 4.6, its most capable mid-tier model to date, delivering a comprehensive upgrade across coding, computer use, long-context reasoning, agent planning, knowledge work, and design, all at the same price point as its predecessor. The…
New Phishing Campaign Targets Booking.com Partners and Customers in Multi-Stage Financial Fraud Scheme
A new Booking.com‑themed phishing campaign is abusing trust in travel brands to steal money and sensitive data from both hotels and guests. The scheme can start as a service message, but it can end with payment fraud and card exposure.…
New ‘Foxveil’ Malware Loader Leverages Cloudflare, Netlify, and Discord to Evade Detection
A new malware loader called “Foxveil” has been discovered actively targeting systems through legitimate cloud platforms, raising concerns about how threat actors are weaponizing trusted services to bypass security measures. The malware has been operational since August 2025 and has…
Notepad++ v8.9.2 Released with “Double-Lock” Update Mechanism Following Recent Hack
The widely used open-source text and code editor has released version v8.9.2, introducing a major security enhancement known as the “Double-Lock” update mechanism. This update addresses vulnerabilities that were exploited in a recent state-sponsored attack targeting the application’s update infrastructure. Last month, Notepad++’s…
Microsoft VS Code Extension with 11M Downloads Expose Developers to One-Click XSS Attacks
A critical vulnerability discovered in Microsoft’s popular Visual Studio Code (VS Code) Live Preview extension, downloaded over 11 million times, exposes developers to one-click cross-site scripting (XSS) and local file exfiltration attacks. The flaw, now patched, was discovered by researchers Nir Zadok and Moshe Siman Tov Bustan from OX Security.…
CISA Warns of Google Chromium 0-Day Vulnerability Actively Exploited in Attacks
An urgent warning regarding a newly discovered zero-day vulnerability in Google Chromium, which is reportedly under active exploitation in the wild. The vulnerability, tracked as CVE-2026-2441, affects Chromium’s CSS (Cascading Style Sheets) engine and can enable remote attackers to execute arbitrary…
New Malware Campaign ‘CRESCENTHARVEST’ Exploits Iran Protest Sentiment to Deploy Information-Stealing RAT
A sophisticated new malware campaign named ‘CRESCENTHARVEST’ has surfaced, strategically exploiting the geopolitical unrest in Iran to target dissidents and protest supporters. This cyberespionage operation leverages social engineering to deploy a dual-purpose threat capability, functioning as both a remote access…
Critical Windows Admin Center Vulnerability Allows Privilege Escalation
A critical security update addressing a high‑severity elevation of privilege vulnerability in Windows Admin Center (WAC), identified as CVE‑2026‑26119. The flaw, rated CVSS 8.8 (Critical), stems from improper authentication (CWE‑287) that could allow an authorized attacker to gain elevated network privileges. According to Microsoft, this…
Credit Card Fraud Emerges with a New Sophisticated Carding-as-a-Service Marketplaces
Credit card fraud has persisted despite global mitigation efforts, evolving from scattered illegal trades into a highly organized Carding-as-a-Service (CaaS) economy. This underground structure now mirrors legitimate online marketplaces, providing criminals with streamlined access to stolen payment data, specialized tools,…
Threat Actors Advertising New ‘ClickFix’ Payload That Stores Malware within Browser Cache
Cybersecurity researchers have uncovered a new iteration of the ‘ClickFix’ social engineering campaign, which now employs a sophisticated technique to evade detection by storing malware directly within a victim’s browser cache. This evolution represents a significant and dangerous shift in…