Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers…
Category: EN
ShinyHunters-Branded Extortion Activity Expands, Escalates
Hackers rely on evolved vishing and login harvesting to compromise SSO credentials for unauthorized MFA enrollment. The post ShinyHunters-Branded Extortion Activity Expands, Escalates appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: ShinyHunters-Branded Extortion…
AI Agent Orchestration: How It Works and Why It Matters
AI agent orchestration is reshaping how businesses build intelligent systems. It moves beyond single chatbots or generative interfaces, coordinating multiple specialized AI agents to complete…Read More The post AI Agent Orchestration: How It Works and Why It Matters appeared first…
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Notepad++ Update Hijacking Linked to Hosting Provider Compromise
Cyber Briefing: 2026.02.02
Supply-chain attacks poison software updates, crypto scams steal millions, energy sites face attacks, crime networks move billions, and Apple boosts privacy. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.02.02
Windows 11 Bug Causing Password Sign-in Option to Disappear from the Lock Screen on
Microsoft has acknowledged a strange user interface bug affecting specific Windows environments where the password sign-in option appears to vanish from the lock screen. The issue, which originated with updates released in late 2025, primarily impacts managed IT infrastructures and…
Hackers Exploiting Microsoft Office 0-day Vulnerability to Deploy Malware
The Russia-linked threat group UAC-0001, also known as APT28, has been actively exploiting a critical zero-day vulnerability in Microsoft Office. The group is using this flaw to deploy sophisticated malware against Ukrainian government entities and European Union organizations. The vulnerability,…
Pulsar RAT Attacking Windows Systems via Per-user Run Registry Key and Exfiltrates Sensitive Details
A new wave of attacks targeting Windows systems has emerged through a sophisticated remote access trojan known as Pulsar RAT. This malware establishes persistence using the per-user Run registry key, enabling automatic execution each time an infected user logs into…
Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack
A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Vulnerability Summary for the Week of January 26, 2026
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike Software–Bandwidth Monitor 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers…
Malwarebytes in ChatGPT delivers AI-powered protection against scams
Malwarebytes announced Malwarebytes in ChatGPT, a new way for individuals and small businesses to get fast, trusted security assistance directly within ChatGPT. Users can ask Malwarebytes to check whether something is a scam or spam, tapping into the company’s deep…
Spotify and Major Music Labels Sue Anna’s Archive for $13 Trillion
Spotify and the Big Three labels have filed a record-breaking $13 trillion lawsuit against Anna’s Archive over a massive music data scrape. Find out what this means for the future of digital music. This article has been indexed from Hackread…
Modern Vulnerability Detection: Using GNNs to Find Subtle Bugs
For over 20 years, static application security testing (SAST) has been the foundation of secure coding. However, beneath the surface, many legacy SAST tools still operate using basic techniques such as regular expressions and lexical pattern matching; essentially, sophisticated versions…
Scam-checking just got easier: Malwarebytes is now in ChatGPT
Malwarebytes is now in ChatGPT, making it the first cybersecurity provider that can deliver novel expertise without ever leaving the chat. This article has been indexed from Malwarebytes Read the original article: Scam-checking just got easier: Malwarebytes is now in ChatGPT
OpenClaw patches one-click RCE as security Whac-A-Mole continues
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution…
Gakido CRLF Injection Vulnerability Let Attackers Bypass Security Controls
A critical vulnerability in Gakido, an HTTP client library by HappyHackingSpace, has been discovered that allows attackers to inject arbitrary HTTP headers through CRLF (Carriage Return Line Feed) sequences. Tracked as CVE-2026-24489 under advisory RO-26-005, the vulnerability affects all versions…
New Stealthy Fileless Linux Malware ‘ShadowHS’ Emphasizes Automated Propagation
Security teams defending Linux environments now face a sophisticated threat designed to evade traditional detection. A newly uncovered fileless malware framework named ShadowHS operates entirely in memory, leaving no persistent traces on disk while establishing long-term control over compromised systems.…
Autonomous AI Agents Are Becoming the New Operating System of Cybercrime
The cybersecurity landscape has entered a dangerous new phase where autonomous AI agents are transforming from simple automation tools into sophisticated criminal operators. These self-directed systems now execute complex cyberattacks without human oversight, marking a fundamental shift in how digital…
Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities
Poland’s CERT has published a report on the recent attack, providing new details on targeted ICS and attribution. The post Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities appeared first on SecurityWeek. This article has been indexed…
Chinese Crime Networks Move Billions
In 2025, Chinese-language money laundering networks utilized cryptocurrency to move approximately 16.1 billion dollars in illegal funds, representing nearly twenty percent of all illicit digital asset activity. This article has been indexed from CyberMaterial Read the original article: Chinese Crime…