Attackers exploited Hugging Face’s trusted infrastructure to spread an Android RAT, using fake security apps and thousands of malware variants. The post Hugging Face Repositories Abused in New Android Malware Campaign appeared first on TechRepublic. This article has been indexed…
WhatsApp Launches High-Security Mode for Ultimate User Protection
WhatsApp has launched a new high-security mode called “Strict Account Settings,” providing users with enhanced defenses against sophisticated cyber threats. This feature, introduced on January 27, 2026, allows one-click activation and builds on the platform’s existing end-to-end encryption. It…
Apple’s New Feature Will Help Users Restrict Location Data
Apple has introduced a new privacy feature that allows users to restrict the accuracy of location data shared with cellular networks on a few iPad models and iPhone. About the feature The “Limit Precise Location” feature will start after updating…
ShinyHunters Claims Match Group Data Breach Exposing 10 Million Records
A new data theft has surfaced linked to ShinyHunters, which now claims it stole more than 10 million user records from Match Group, the U.S. company behind several major swipe-based dating platforms. The group has positioned the incident as…
Open VSX Supply Chain Breach Delivers GlassWorm Malware Through Trusted Developer Extensions
Cybersecurity experts have uncovered a supply chain compromise targeting the Open VSX Registry, where unknown attackers abused a legitimate developer’s account to distribute malicious updates to unsuspecting users. According to findings from Socket, the attackers infiltrated the publishing environment…
Scanning for exposed Anthropic Models, (Mon, Feb 2nd)
Yesterday, a single IP address (%%ip:204.76.203.210%%) scanned a number of our sensors for what looks like an anthropic API node. The IP address is known to be a Tor exit node. This article has been indexed from SANS Internet Storm…
Important Notice: Preserving Free Access While Evolving the Wordfence Intelligence Vulnerability API
In 2022, Wordfence introduced a completely free vulnerability database to support the WordPress security community. We made sure that included completely free access to the Wordfence Intelligence Vulnerability Database API on the founded belief that WordPress vulnerability information should be…
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 & CVE-2026-1340) in its EPMM software. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Ivanti Issues Urgent Fix…
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom
Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers…
ShinyHunters-Branded Extortion Activity Expands, Escalates
Hackers rely on evolved vishing and login harvesting to compromise SSO credentials for unauthorized MFA enrollment. The post ShinyHunters-Branded Extortion Activity Expands, Escalates appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: ShinyHunters-Branded Extortion…
AI Agent Orchestration: How It Works and Why It Matters
AI agent orchestration is reshaping how businesses build intelligent systems. It moves beyond single chatbots or generative interfaces, coordinating multiple specialized AI agents to complete…Read More The post AI Agent Orchestration: How It Works and Why It Matters appeared first…
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Notepad++ Update Hijacking Linked to Hosting Provider Compromise
Cyber Briefing: 2026.02.02
Supply-chain attacks poison software updates, crypto scams steal millions, energy sites face attacks, crime networks move billions, and Apple boosts privacy. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.02.02
Windows 11 Bug Causing Password Sign-in Option to Disappear from the Lock Screen on
Microsoft has acknowledged a strange user interface bug affecting specific Windows environments where the password sign-in option appears to vanish from the lock screen. The issue, which originated with updates released in late 2025, primarily impacts managed IT infrastructures and…
Hackers Exploiting Microsoft Office 0-day Vulnerability to Deploy Malware
The Russia-linked threat group UAC-0001, also known as APT28, has been actively exploiting a critical zero-day vulnerability in Microsoft Office. The group is using this flaw to deploy sophisticated malware against Ukrainian government entities and European Union organizations. The vulnerability,…
Pulsar RAT Attacking Windows Systems via Per-user Run Registry Key and Exfiltrates Sensitive Details
A new wave of attacks targeting Windows systems has emerged through a sophisticated remote access trojan known as Pulsar RAT. This malware establishes persistence using the per-user Run registry key, enabling automatic execution each time an infected user logs into…
Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack
A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Vulnerability Summary for the Week of January 26, 2026
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike Software–Bandwidth Monitor 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers…
Malwarebytes in ChatGPT delivers AI-powered protection against scams
Malwarebytes announced Malwarebytes in ChatGPT, a new way for individuals and small businesses to get fast, trusted security assistance directly within ChatGPT. Users can ask Malwarebytes to check whether something is a scam or spam, tapping into the company’s deep…
Spotify and Major Music Labels Sue Anna’s Archive for $13 Trillion
Spotify and the Big Three labels have filed a record-breaking $13 trillion lawsuit against Anna’s Archive over a massive music data scrape. Find out what this means for the future of digital music. This article has been indexed from Hackread…
Modern Vulnerability Detection: Using GNNs to Find Subtle Bugs
For over 20 years, static application security testing (SAST) has been the foundation of secure coding. However, beneath the surface, many legacy SAST tools still operate using basic techniques such as regular expressions and lexical pattern matching; essentially, sophisticated versions…
Scam-checking just got easier: Malwarebytes is now in ChatGPT
Malwarebytes is now in ChatGPT, making it the first cybersecurity provider that can deliver novel expertise without ever leaving the chat. This article has been indexed from Malwarebytes Read the original article: Scam-checking just got easier: Malwarebytes is now in ChatGPT
OpenClaw patches one-click RCE as security Whac-A-Mole continues
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution…
Gakido CRLF Injection Vulnerability Let Attackers Bypass Security Controls
A critical vulnerability in Gakido, an HTTP client library by HappyHackingSpace, has been discovered that allows attackers to inject arbitrary HTTP headers through CRLF (Carriage Return Line Feed) sequences. Tracked as CVE-2026-24489 under advisory RO-26-005, the vulnerability affects all versions…