Matanbuchus, a premium Malware-as-a-Service loader, has resurfaced in February 2026 following a nearly year-long hiatus. This latest iteration, version 3.0, features a complete code rewrite and now commands a subscription fee of up to $15,000 per month, a stark increase…
Category: Cyber Security News
Dell 0-Day Vulnerability Exploited by Chinese Hackers since mid-2024 to Deploy Malware
A critical zero-day exploitation campaign targeting Dell RecoverPoint for Virtual Machines. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSSv3.1 score of 10.0 and has been under active exploitation since at least mid-2024. Incident response engagements attribute this activity to…
Cybercriminals Leverage Atlassian Cloud for Spam Campaigns Redirecting Targets to Fraudulent Investment Schemes
Cybercriminals have launched a sophisticated spam campaign leveraging the trusted infrastructure of Atlassian Cloud. By abusing legitimate features within the platform, attackers are effectively bypassing traditional email security controls to reach high-value targets. This campaign focuses on redirecting users to…
DigitStealer Gains Attention as macOS-Targeting Infostealer Exposes Key Infrastructure Weaknesses
DigitStealer, a sophisticated information-stealing malware targeting macOS systems, has recently surged in activity, drawing significant attention from the cybersecurity community. First emerging in late 2025, this malicious software specifically targets Apple M2 devices, distinguishing itself from generic threats. It operates…
Malware in the Wild as Malicious Fork of Legitimate Triton App Surfaces on GitHub
A malicious fork of the legitimate macOS application Triton has surfaced on GitHub, exploiting open-source repositories to distribute malware. The fraudulent repository, created under the account “JaoAureliano,” appeared as a copy of the original Triton app developed by Otávio C.…
QR Codes Used to Spread Phishing Attacks and Malicious Apps Across Mobile Devices
QR codes have become a normal way to open links, pay bills, and sign in, but that same speed lets attackers push victims from the physical world into a risky web page or app action in seconds. In recent campaigns,…
How CISOs Can Prevent Incidents with the Right Threat Intelligence
Somewhere right now, a threat actor is testing the perimeter of a company that believes it is well-defended. The organization has a firewall, an EDR solution, and a SIEM generating thousands of alerts per day. It also has a SOC team working two-shift rotations. And yet, within hours or days, an initial foothold will become lateral movement, lateral movement will become data exfiltration, and exfiltration will become a regulatory notification, a board presentation, and a headline. The Breach Is Already in Motion. Are You? The problem is rarely effort. It is timing and intelligence. By the time most organizations detect an active intrusion, the average dwell time is still measured…
Threat Actors Attacking OpenClaw Configurations to Steal Login Credentials
Cybercriminals have discovered a new attack surface in the world of personal AI assistants. Recent investigations show that infostealers now target OpenClaw configuration files to steal sensitive authentication credentials and personal data. This marks a dangerous evolution in malware behavior,…
Critical “Log Poisoning” Vulnerability in OpenClaw AI Agent Allows Malicious Content Injection
OpenClaw, a fast-rising open-source AI assistant designed to connect to messaging, cloud services, and local system tools, has patched a “log poisoning” weakness that could let remote attackers inject malicious, user-controlled content into logs that the agent may later ingest.…
EU Parliament Blocks AI features on Corporate Devices Over Cybersecurity Concerns
The European Parliament has disabled built‑in artificial intelligence (AI) features on corporate devices used by lawmakers and staff, citing unresolved cybersecurity and data protection risks. The decision targets AI tools embedded in tablets and phones, while leaving essential apps such…
India’s Largest Pharmacy Exposes Customer Personal Details and Access to Internal Systems
A major vulnerability discovered on the platform of a division of Zota Healthcare exposed sensitive customer and internal system data due to insecure “super admin” APIs. The issue, uncovered by Eaton–Works, allowed anyone to create a privileged super admin account and take full…
Washington Hotel Located in Japan Suffers Ransomware Attack
The hotel confirmed that several of its servers were compromised in a ransomware attack, disrupting parts of its internal network and triggering an ongoing investigation into possible data exposure. According to the Washington Hotel Corporation official statement, the incident was…
Keenadu Android Backdoor Infects Firmware, Spreads via Google Play for Remote Control Access
A sophisticated new Android backdoor that infects device firmware at the build stage and spreads through Google Play apps, enabling attackers to seize remote control over victims’ tablets and phones. Published on February 16, 2026, their detailed analysis reveals how…
Microsoft Teams With AI Workflows Use Microsoft 365 Copilot to Automate Tasks via Scheduled Prompts
Microsoft is enhancing Teams productivity with AI Workflows. This new feature leverages Microsoft 365 Copilot to automate routine tasks through scheduled prompts and intelligent templates. The capability, scheduled to roll out between late January and mid-February 2026, aims to streamline…
Langchain Community SSRF Bypass Vulnerability Enables Access to Internal Services
A Server‑Side Request Forgery (SSRF) vulnerability has been identified in the langchain/community package, affecting versions up to 1.1.13. The flaw, tracked as CVE‑2026‑26019, has a moderate severity rating, with a CVSS 3.1 score, due on its potential to expose sensitive cloud metadata and internal infrastructure. The…
Malicious Chrome Extension Steals Facebook Business Manage 2FA Codes and Analytics Data
A malicious Chrome extension that claims to help Meta Business users quietly steals Facebook Business Manager 2FA codes and analytics data, putting high‑value ad accounts at risk of takeover. The extension, “CL Suite by @CLMasters” (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is still available in…
Apache NiFi Vulnerability Enables Authorization Bypass
A newly disclosed high-severity vulnerability in Apache NiFi exposes systems to an authorization bypass that could allow lower-privileged users to modify restricted components. Tracked as CVE-2026-25903, the flaw impacts Apache NiFi versions 1.1.0 through 2.7.2 and has been fixed in version 2.8.0. According to…
25 Vulnerabilities in Cloud Password Managers Allow Unauthorized Access and Modifications
Researchers from ETH Zurich have uncovered 25 serious vulnerabilities in three leading cloud-based password managers: Bitwarden, LastPass, and Dashlane. These flaws enable a malicious server to bypass zero-knowledge encryption claims, allowing unauthorized access, modification, and recovery of users’ stored passwords…
Noodlophile Malware Creators Evolve Tactics with Fake Job Postings and Phishing Lures
The Noodlophile information stealer, originally uncovered in May 2025, has significantly evolved its attack strategies to bypass security measures. Initially, this malware hid behind deceptive advertisements for fake AI video generation platforms on social media, tricking users into downloading malicious…
Beware of Fake Shops from Threat Actors to Attack Winter Olympics 2026 Fans
Cybercriminals are targeting fans of the Milano Cortina 2026 Winter Olympics through an extensive network of fake online merchandise stores designed to steal payment information and personal data from unsuspecting shoppers. The scam campaign capitalizes on overwhelming demand for official…