A sophisticated self-spreading worm has emerged that can completely compromise Linux systems through SSH brute-force attacks in just four seconds. This new threat combines traditional credential stuffing techniques with modern cryptographic command verification, creating a fast-moving botnet that specifically targets…
Category: Cyber Security News
DragonForce Ransomware Group Expands Its Influence with Cartel-like Operations and Targeting 363 Companies Since 2023
DragonForce has established itself as a formidable entity in the cybercrime landscape, having been active since December 2023. Operating under a sophisticated Ransomware-as-a-Service (RaaS) model, the group aggressively brands itself as a “cartel” to consolidate power and influence. This strategic…
ORB Networks Mask Cyberattacks Using Compromised IoT Devices and SOHO Routers
Operational Relay Box networks have emerged as one of the most sophisticated tools used by threat actors to hide their cyberattacks from security teams worldwide. These obfuscated mesh networks consist of compromised Internet-of-Things devices, Small Office/Home Office routers, and Virtual…
287 Chrome Extensions Exfiltrate Browsing History From 37.4 Million Users
A massive data exfiltration operation involving 287 Chrome extensions that secretly steal browsing history from approximately 37.4 million users worldwide. According to research with alias qcontinuum1, the discovery represents roughly one percent of the global Chrome user base, highlighting a…
Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Exploits GitHub, npm, and PyPI to Distribute Malware
The North Korean state-sponsored hacking team, Lazarus Group, has launched a sophisticated fake recruiter campaign targeting cryptocurrency developers through a malicious operation called “graphalgo.” Active since May 2025, this coordinated attack uses fraudulent job offers to distribute remote access trojans…
Google Warns of Hackers Leveraging Gemini AI for All Stages of Cyberattacks
Threat actors have begun leveraging Google’s Gemini API to dynamically generate C# code for multi-stage malware, evading traditional detection methods. The Google Threat Intelligence Group (GTIG) detailed this in its February 2026 AI Threat Tracker report, spotlighting the HONESTCUE framework…
Sophisticated ‘duer-js’ NPM Package Distributes ‘Bada Stealer’ Malware Targeting Windows and Discord Users
A dangerous malware campaign has emerged on the NPM package registry, putting thousands of developers and Windows users at risk. The malicious package, known as “duer-js,” was published by a user named “luizaearlyx” and disguised itself as a legitimate console…
Chrome Security Update – Patch for Vulnerabilities that Enables Code Execution Attacks
Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux, addressing 11 security vulnerabilities that could enable attackers to execute malicious code on user systems. The update, rolling out over the coming weeks, includes several high-severity…
Adblock Filters Exposes Reveal User Location Despite VPN Protection
Many internet users believe VPNs make them completely anonymous online. While VPNs hide your IP address and encrypt traffic, a new fingerprinting technique reveals they cannot protect against all tracking methods. Country-specific AdBlock filter lists installed in browsers can expose…
Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers
Security researchers have identified the first documented instance of a malicious Microsoft Outlook add-in being used against users in real-world scenarios. A compromised meeting scheduler named AgreeTo was used to steal over 4,000 Microsoft account credentials, credit card numbers, and answers to…
Fake CAPTCHA Attacks Emerge as Key Entry Point for LummaStealer Malware Campaigns
LummaStealer, a notorious information-stealing malware, has made a significant comeback following a major law enforcement disruption in 2025. This resurgence is characterized by a shift in distribution tactics, moving away from traditional exploit kits towards aggressive social engineering campaigns. Cybercriminals…
Palo Alto Networks Firewall Vulnerability Allows an Attacker to Force Firewalls into a Reboot Loop
A critical denial-of-service (DoS) flaw in Palo Alto Networks’ PAN-OS software could let unauthenticated attackers crash firewalls into endless reboot cycles, potentially crippling enterprise networks. Dubbed CVE-2026-0229, the vulnerability lurks in the Advanced DNS Security (ADNS) feature. An attacker sends…
$44 Evilmouse Autonomously Executes Commands and Compromises Systems Once Connected
A $44 hardware implant disguised as an ordinary computer mouse. This device acts as a covert keystroke injector, akin to the Hak5 Rubber Ducky, but leverages the innocuous form factor of a mouse to bypass basic user awareness training. Plug…
Promptware – Hackers Can Use Google Calendar Invites to Stream Victims’ Cameras via Zoom
A new and dangerous class of cyberattack called “Promptware” has been discovered, capable of turning your personal AI assistant into a sleeper agent that spies on you. Security researchers from Ben-Gurion University, Tel Aviv University, and Harvard have demonstrated a…
Threat Actors Leveraging Employee Monitoring and SimpleHelp Tools to Deploy Ransomware Attacks
Cybercriminals are increasingly using valid administrative software to launch attacks, making their malicious activities much harder to spot. Instead of relying solely on custom computer viruses, these actors abuse legitimate workforce monitoring tools to hide inside business networks. By utilizing…
Israeli Spyware Firm Exposes Paragon Spyware Control Panel on LinkedIn
An Israeli spyware firm, Paragon Solutions, accidentally exposed its secretive Graphite control panel in a LinkedIn post, drawing sharp criticism from cybersecurity experts. The blunder offers a rare glimpse into the tool’s operations targeting encrypted communications. Cybersecurity researcher Jurre van…
Russia Blocked WhatsApp For Over 100 Million Users Nationwide
WhatsApp has accused the Russian government of attempting a nationwide block on its messaging service to force over 100 million users onto a Kremlin-backed alternative riddled with surveillance risks. In a statement on X, the Meta-owned app declared: “Today the…
Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals
Apple released iOS 26.3 and iPadOS 26.3 on February 11, 2026, patching over 40 vulnerabilities, including a critical zero-day in the dyld component actively exploited in targeted attacks. The update addresses CVE-2026-20700, a memory-corruption flaw discovered by Google’s Threat Analysis…
VoidLink Framework Enables On-Demand Tool Generation with Windows Plugin Support
A newly tracked intrusion framework called VoidLink is drawing attention for its modular design and focus on Linux systems. It behaves like an implant management framework, letting operators deploy a core implant and add capabilities as needed, which shortens the…
Massive Spike in Attacks Exploiting Ivanti EPMM Systems 0-day Vulnerability
An unprecedented surge in exploitation attempts targeting CVE-2026-1281, a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM). On February 9, 2026, Shadowserver scans revealed over 28,300 unique source IP addresses attempting to exploit the flaw, marking one of the largest…