Fortinet has disclosed a high-severity authentication bypass vulnerability in FortiOS, tracked as CVE-2026-22153 (FG-IR-25-1052), that could allow unauthenticated attackers to sidestep LDAP authentication for Agentless VPN or Fortinet Single Sign-On (FSSO) policies. Classified under CWE-305 (Authentication Bypass by Primary Weakness),…
Category: Cyber Security News
Threat Hunting Is Critical to SOC Maturity but Often Misses Real Attacks
High-performing SOC teams are increasingly turning to sandbox-derived threat intelligence to make threat hunting repeatable and impactful. Tools like ANY.RUN’s TI Lookup enables faster hunts grounded in real attacker behaviours from millions of analyses. Threat hunting remains a cornerstone of…
FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands
Fortinet has disclosed a high-severity cross-site scripting (XSS) vulnerability in its FortiSandbox platform, tracked as CVE-2025-52436 (FG-IR-25-093), that enables unauthenticated attackers to execute arbitrary commands on affected systems. Dubbed an “Improper Neutralization of Input During Web Page Generation” issue (CWE-79),…
Microsoft Patch Tuesday February 2026 – 54 Vulnerabilities Fixed, Including 6 Zero-days
Microsoft released its February 2026 Patch Tuesday updates on February 10, addressing 54 vulnerabilities, including six zero-days across Windows, Office, Azure, and developer tools. The updates fix issues in products like Windows Remote Desktop Services, Microsoft Defender, Azure services, GitHub…
TeamPCP Industrializes Cloud Misconfigurations Into a Self-Propagating Cybercrime Platform
TeamPCP, also known as PCPcat, ShellForce, and DeadCatx3, emerged in December 2025 as a sophisticated cloud-native threat actor targeting exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell vulnerabilities. The group launched a massive campaign designed to build…
ILOVEPOOP Toolkit Exploiting React2Shell Vulnerability to Deploy Malicious Payload
The cybersecurity sector has been impacted by the sudden appearance of “React2Shell” (CVE-2025-55182), a critical vulnerability affecting Next.js and React Server Components. Following its public disclosure on December 4, 2025, threat actors mobilized with alarming speed, launching exploitation attempts against…
SAP Security Patch Day – Critical SAP CRM and SAP S/4HANA Code Injection Vulnerabilities Fixed
SAP’s February 2026 Security Patch Day delivered fixes that SAP urges customers to prioritize to reduce exposure across core enterprise workloads. The release includes 26 new SAP Security Notes and one update to a previously published note. SAP’s monthly bulletin…
Hackers Weaponizing 7-Zip Downloads to Turn Your Home Computers into Proxy Nodes
A deceptive campaign targeting unsuspecting users has emerged, using a counterfeit version of the widely used 7-Zip file archiving software to silently transform home computers into residential proxy nodes. The malicious operation relies on a lookalike domain, 7zip[.]com, which closely…
Ivanti Endpoint Manager Vulnerability Lets Remote Attacker Leak Arbitrary Data
Ivanti has released critical security updates for its Endpoint Manager (EPM) platform, addressing two newly discovered vulnerabilities that could enable unauthorized access to sensitive database information and compromise user credentials. The updates, released in version 2024 SU5, also resolve 11…
Attackers Weaponizing Windows Shortcut File to Deliver Global Group Ransomware
The cyber threat landscape is witnessing the resurgence of the Phorpiex botnet, a long-standing malware-as-a-service platform active for over a decade. In a recent high-volume campaign, attackers are distributing phishing emails with the deceptive subject line “Your Document.” These emails…
Windows Error Reporting Service Vulnerability Let Attackers Elevate Privileges – PoC Released
A critical security flaw in Windows Error Reporting Service has been discovered, allowing attackers with standard user access to escalate their privileges to SYSTEM-level control. CVE-2026-20817, patched by Microsoft in January 2026, represents a significant threat to Windows environments due…
VoidLink Linux C2 Highlights LLM-Generated Malware with Multi-Cloud and Kernel-Level Stealth
A sophisticated Linux malware framework known as VoidLink has emerged as a concerning example of AI-assisted threat development, combining advanced multi-cloud targeting capabilities with kernel-level stealth mechanisms. The malware represents a new generation of cyber threats where large language models…
Threat Actors Exploiting React2Shell Vulnerability Using AI-Generated Malware
A fully AI-generated malware campaign actively exploiting the “React2Shell” vulnerability, detected within Darktrace’s “CloudyPots” global honeypot network, the intrusion highlights a critical shift in cybercrime: the weaponization of Large Language Models (LLMs) to lower the barrier of entry for effective…
Threat Actor Claims Leak of Cybercrime-Focused AI Platform WormGPT Database
A threat actor operating under the alias Sythe has claimed responsibility for leaking the complete WormGPT database, a notorious cybercrime-focused artificial intelligence platform that has been sold on dark web forums since 2023. Hackmanac observed that the alleged breach reportedly…
30-Year-Old Libpng Vulnerability Exposes Millions of Systems to Code Execution Attacks
A critical vulnerability has been uncovered in libpng, the official PNG reference library used by practically every operating system and web browser in existence. The flaw, assigned CVE-2026-25646, is a heap buffer overflow in the png_set_quantize() function that allows attackers…
Axios Vulnerability Let Attackers Triggers DoS Condition and Crash Node.js Servers
A high-severity security flaw has been discovered in Axios, one of the most popular HTTP client libraries used in the JavaScript ecosystem. The vulnerability, tracked as CVE-2026-25639, allows remote attackers to trigger a Denial-of-Service (DoS) condition, effectively crashing Node.js servers with a…
Fancy Bear Hackers Exploiting Microsoft Zero-Day Vulnerability to Deploy Backdoors and Email Stealers
The Russia-linked cyber espionage group known as Fancy Bear has launched Operation Neusploit. The group is also known as APT28. This marks a significant escalation, leveraging a zero-day vulnerability, CVE-2026-21509, in Microsoft RTF files. By exploiting this flaw, attackers execute…
Crypto Scanner – New Tool to Find Quantum-Vulnerable Cryptography in your Codebase
As the timeline for powerful quantum computing accelerates, a new open-source tool has emerged to help developers secure their data against future threats. Crypto Scanner, developed by Quantum Shield Labs, is a command-line interface (CLI) utility designed to hunt down…
Bloody Wolf Hackers Attacking Organizations to Deploy NetSupport RAT and Gain Remote Access
Stan Ghouls, a cybercriminal group also known as Bloody Wolf, has launched a sophisticated wave of targeted attacks against organizations across Russia and Uzbekistan. Active since at least 2023, the group focuses heavily on the manufacturing, finance, and IT sectors.…
AI Chat App Exposes 300 Million Messages from 25 Million Users
The popular mobile application “Chat & Ask AI” has inadvertently exposed hundreds of millions of private user conversations. The app, which boasts over 50 million users across the Google Play and Apple App stores, failed to secure its backend database,…