The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive aimed at reducing a long-standing cyber risk across federal networks: outdated “edge devices” that are not longer supported by vendors and aren’t receiving timely security updates.…
Category: EN
Bulletproof Hosting Providers Exploit Legitimate ISPs to Power Cybercrime Servers
A surprising link between legitimate IT software and major cybercriminal operations. While investigating attacks by the “WantToCry” ransomware gang, analysts noticed that the attackers were using virtual machines (VMs) with identical, computer names (hostnames) like WIN-J9D866ESIJ2 and WIN-LIVFRVQFMKO. These names were not random.…
Phishing and OAuth Token Flaws Lead to Full Microsoft 365 Compromise
Modern web applications frequently introduce unforeseen attack surfaces through seemingly harmless features designed for user engagement, such as newsletter signups, contact forms, and password resets. While individual vulnerabilities might appear manageable in isolation, sophisticated adversaries increasingly chain these minor flaws…
Flickr Confirms Data Breach – 35 million Users Data at Risk
Flickr has disclosed a potential data breach stemming from a vulnerability in a third-party email service provider’s system. The incident, reported on February 5, 2026, may have exposed data for some of its 35 million monthly users, though the exact…
APT-Q-27 Targeting Corporate Environments in Stealthy Attack Without Triggering Alerts
In mid-January 2026, a highly sophisticated cyber campaign targeting financial institutions surfaced, characterized by its ability to infiltrate corporate environments without triggering standard security alerts. The attack was notable for its extreme stealth, as neither the end-users nor conventional endpoint…
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In…
Claude Opus 4.6 Launches Enhanced Security Capabilities to Validate 500+ Critical Vulnerabilities
Anthropic has released Claude Opus 4.6, marking a significant leap in the defensive application of artificial intelligence. Released yesterday, the model has already identified and validated over 500 high-severity “zero-day” vulnerabilities in open-source software. This development signals a major shift…
iPhone Lockdown Mode Protects Washington Post Reporter
404Media is reporting that the FBI could not access a reporter’s iPhone because it had Lockdown Mode enabled: The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after…
Living off the AI: The Next Evolution of Attacker Tradecraft
Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. The post Living off the AI: The Next Evolution of Attacker Tradecraft appeared first…
Flickr Security Incident Tied to Third-Party Email System
Potential breach at Flickr exposes usernames, email addresses, IP addresses, and activity data. The post Flickr Security Incident Tied to Third-Party Email System appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Flickr Security…
FvncBot Targets Android Users, Exploiting Accessibility Services for Attacks
A previously undocumented Android banking trojan dubbed “FvncBot.” First observed in late 2025, this sophisticated malware disguises itself as a security application from mBank, a major Polish financial institution. Unlike many recent threats that recycle code from leaked sources like…
The Winter Olympics Are Back, and So Are Attackers
The Olympics have traditionally been a major attack vector for cyber disruption, espionage, and financially motivated attacks. The 2018 Winter Olympic Games in PyeongChang saw the Olympic Destroyer malware used to disrupt Wi-Fi, ticket, and venue systems during the opening…
In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities
Other noteworthy stories that might have slipped under the radar: AT&T and Verizon response to Salt Typhoon, AI agents solve security challenges, man arrested in Poland for DDos Attacks. The post In Other News: Record DDoS, Epstein’s Hacker, ESET Product…
Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks. A glut of SmarterMail vulnerabilities On…
How Samsung Knox Helps Stop Your Network Security Breach
As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use…
U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SmarterTools SmarterMail and React Native Community CLI flaws to its…
Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks
A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials via .git/config files. A new 2026 study by the Mysterium VPN research team reveals that nearly 5 million public web servers are exposing Git repository…
From Log Aggregation to Threat Hunting: Maximizing Your SIEM Investment
Here’s the part nobody likes to admit in steering committee meetings: most organizations didn’t fail… From Log Aggregation to Threat Hunting: Maximizing Your SIEM Investment on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This…
OpenAI Launches Trusted Access to Strengthen Cybersecurity Protections
OpenAI has unveiled Trusted Access for Cyber, a new identity- and trust-based framework designed to enhance cybersecurity defenses while mitigating risks posed by its most advanced AI models. The initiative centers on GPT-5.3-Codex, OpenAI’s most cyber-capable frontier-reasoning model, which can…
RenEngine Loader Deploys Stealthy Multi-Stage Execution to Bypass Security Measures
The malware family, RenEngine Loader, after discovering malicious logic embedded within what appears to be a legitimate Ren’Py-based game launcher. Active since April 2025, the operation has already compromised over 400,000 victims globally, with a localized focus on India, the United…