ESET uncovered a targeted Android spyware campaign that used a fake dating app to quietly spy on victims in Pakistan. The post Fake Dating App Delivers Android Spyware in Targeted Campaign appeared first on eSecurity Planet. This article has been…
Notepad++ says Chinese government hackers hijacked its software updates for months
The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software update mechanism to deliver tainted software to users for months. This article has been indexed from Security News | TechCrunch Read the…
Russia-linked APT28 attackers already abusing new Microsoft Office zero-day
Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft’s latest Office zero-day, with Ukraine’s national cyber defense team warning that the same bug is being used to target government agencies…
CultureAI Launches Global Partner Program
CultureAI has announced the launch of its global CultureAI Partner Program, designed to empower resellers, VARs, MSPs and MSSPs to help customers adopt AI with confidence, making critical AI usage controls accessible to all. As AI usage accelerates across enterprises,…
Iran-Linked Hackers Target Human Rights Groups in Redkitten Malware Campaign
A Farsi-speaking threat actor believed to be aligned with Iranian state interests is suspected of carrying out a new cyber campaign targeting non-governmental organizations and individuals documenting recent human rights abuses in Iran, according to a report by HarfangLab. The…
Open-Source AI Models Pose Growing Security Risks, Researchers Warn
Hackers and other criminals can easily hijack computers running open-source large language models and use them for illicit activity, bypassing the safeguards built into major artificial intelligence platforms, researchers said on Thursday. The findings are based on a 293-day study…
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been…
This Is How They Tell Me the World Ends
An investigative deep dive into the secretive global market for cyberweapons and zero-day exploits. This article has been indexed from CyberMaterial Read the original article: This Is How They Tell Me the World Ends
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original…
Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT
A fake Clawdbot VS Code extension silently deployed a ScreenConnect RAT through a trusted plugin. The post Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
ShinyHunters escalates tactics in extortion campaign linked to Okta environments
Researchers are tracking multiple clusters that are using social engineering to gain access to victims. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: ShinyHunters escalates tactics in extortion campaign linked to Okta environments
McDonald’s is not lovin’ your bigmac, happymeal, and mcnuggets passwords
Your favorite menu item might be easy to remember but it will not secure your account Change Your Password Day took place over the weekend, and in case you doubt the need to improve this most basic element of cybersecurity…
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators……
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data
Several threat clusters are using vishing in extortion campaigns that include tactics that are consistent with those used by high-profile threat group ShinyHunters. They are stealing SSO and MFA credentials to access companies’ environments and steal data from cloud applications,…
FCC urges telecoms to boost cybersecurity amid growing ransomware threat
The commission said it was aware of ransomware disruptions at a growing number of small and medium-sized telecoms. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: FCC urges telecoms to boost cybersecurity amid…
IT Security News Hourly Summary 2026-02-02 18h : 13 posts
13 posts were published in the last hour 16:34 : Please Don’t Feed the Scattered Lapsus Shiny Hunters 16:34 : Notepad++ Update Servers Hijacked in Targeted Supply Chain Attack 16:34 : NationStates Suffers Databreach – Game site Temporarily Offline 16:34…
Please Don’t Feed the Scattered Lapsus Shiny Hunters
A prolific data ransom gang that calls itself Scattered Lapsus Shiny Hunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and……
Notepad++ Update Servers Hijacked in Targeted Supply Chain Attack
Attackers hijacked Notepad++ update servers to selectively deliver trojanized installers through a trusted update channel. The post Notepad++ Update Servers Hijacked in Targeted Supply Chain Attack appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
NationStates Suffers Databreach – Game site Temporarily Offline
A long-running online nation simulation game has been taken temporarily offline following a security breach that compromised its central production server. The team estimates the downtime will last 2 to 5 days as they rebuild core infrastructure and audit the…
21,000+ OpenClaw AI Instances With Personal Configurations Exposed Online
21,000+ publicly exposed instances of an open-source personal AI assistant, raising significant concerns about unprotected access to sensitive user configurations and personal data. OpenClaw, a rapidly emerging personal AI assistant created by Austrian developer Peter Steinberger, has experienced explosive growth…
New Punishing Owl Hacker Group Targeting Networks of Russian Government Security Agency
A previously unknown hacktivist group called Punishing Owl has emerged with sophisticated cyberattacks targeting Russian government security agencies. The group first surfaced on December 12, 2025, when it announced the successful breach of a Russian government security agency’s network. The…
ShinyHunters flip the script on MFA in new data theft attacks
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully targeted in these latest…
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options. The development comes more than two years after the tech giant revealed its…
NSA Publishes New Zero Trust Implementation Guidelines
NSA released new guidelines to help organizations achieve target-level Zero Trust maturity This article has been indexed from www.infosecurity-magazine.com Read the original article: NSA Publishes New Zero Trust Implementation Guidelines