A new wave of attacks targeting Windows systems has emerged through a sophisticated remote access trojan known as Pulsar RAT. This malware establishes persistence using the per-user Run registry key, enabling automatic execution each time an infected user logs into…
Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack
A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Vulnerability Summary for the Week of January 26, 2026
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike Software–Bandwidth Monitor 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers…
Malwarebytes in ChatGPT delivers AI-powered protection against scams
Malwarebytes announced Malwarebytes in ChatGPT, a new way for individuals and small businesses to get fast, trusted security assistance directly within ChatGPT. Users can ask Malwarebytes to check whether something is a scam or spam, tapping into the company’s deep…
Spotify and Major Music Labels Sue Anna’s Archive for $13 Trillion
Spotify and the Big Three labels have filed a record-breaking $13 trillion lawsuit against Anna’s Archive over a massive music data scrape. Find out what this means for the future of digital music. This article has been indexed from Hackread…
Modern Vulnerability Detection: Using GNNs to Find Subtle Bugs
For over 20 years, static application security testing (SAST) has been the foundation of secure coding. However, beneath the surface, many legacy SAST tools still operate using basic techniques such as regular expressions and lexical pattern matching; essentially, sophisticated versions…
Scam-checking just got easier: Malwarebytes is now in ChatGPT
Malwarebytes is now in ChatGPT, making it the first cybersecurity provider that can deliver novel expertise without ever leaving the chat. This article has been indexed from Malwarebytes Read the original article: Scam-checking just got easier: Malwarebytes is now in ChatGPT
OpenClaw patches one-click RCE as security Whac-A-Mole continues
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution…
Gakido CRLF Injection Vulnerability Let Attackers Bypass Security Controls
A critical vulnerability in Gakido, an HTTP client library by HappyHackingSpace, has been discovered that allows attackers to inject arbitrary HTTP headers through CRLF (Carriage Return Line Feed) sequences. Tracked as CVE-2026-24489 under advisory RO-26-005, the vulnerability affects all versions…
New Stealthy Fileless Linux Malware ‘ShadowHS’ Emphasizes Automated Propagation
Security teams defending Linux environments now face a sophisticated threat designed to evade traditional detection. A newly uncovered fileless malware framework named ShadowHS operates entirely in memory, leaving no persistent traces on disk while establishing long-term control over compromised systems.…
Autonomous AI Agents Are Becoming the New Operating System of Cybercrime
The cybersecurity landscape has entered a dangerous new phase where autonomous AI agents are transforming from simple automation tools into sophisticated criminal operators. These self-directed systems now execute complex cyberattacks without human oversight, marking a fundamental shift in how digital…
Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities
Poland’s CERT has published a report on the recent attack, providing new details on targeted ICS and attribution. The post Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities appeared first on SecurityWeek. This article has been indexed…
Chinese Crime Networks Move Billions
In 2025, Chinese-language money laundering networks utilized cryptocurrency to move approximately 16.1 billion dollars in illegal funds, representing nearly twenty percent of all illicit digital asset activity. This article has been indexed from CyberMaterial Read the original article: Chinese Crime…
Apple Privacy Feature Limits Tracking
Apple is launching a privacy setting in iOS 26.3 that allows users to restrict cellular carriers from tracking their exact location through cell towers. This article has been indexed from CyberMaterial Read the original article: Apple Privacy Feature Limits Tracking
IT Security News Hourly Summary 2026-02-02 15h : 15 posts
15 posts were published in the last hour 13:34 : Iconics SCADA Vulnerability Can Render Systems Unbootable 13:34 : Notepad++ update service hijacked in targeted state-linked attack 13:34 : How state-sponsored attackers hijacked Notepad++ updates 13:34 : Securing the Mid-Market…
Iconics SCADA Vulnerability Can Render Systems Unbootable
Palo Alto Networks researchers identified an Iconics SCADA flaw that can render industrial systems unbootable. The post Iconics SCADA Vulnerability Can Render Systems Unbootable appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Notepad++ update service hijacked in targeted state-linked attack
Breach lingered for months before stronger signature checks shut the door A state-sponsored cyber criminal compromised Notepad++’s update service in 2025, according to the project’s author.… This article has been indexed from The Register – Security Read the original article:…
How state-sponsored attackers hijacked Notepad++ updates
Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for notepad-plus-plus.org, the software’s maintainer Don Ho confirmed on Monday. The attack timeline In early December…
Securing the Mid-Market Across the Complete Threat Lifecycle
For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done.…
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about…
Open Vsx Supply Chain Attack Spreads Glassworm
Cybersecurity researchers recently identified a supply chain attack on the Open VSX Registry where hackers hijacked a developer’s account to distribute malicious updates. This article has been indexed from CyberMaterial Read the original article: Open Vsx Supply Chain Attack Spreads…
Nationstates Confirms Breach Shuts Site
The browser-based government simulation game NationStates recently experienced a significant data breach after a vulnerability reporter accessed and copied sensitive information from its production server. This article has been indexed from CyberMaterial Read the original article: Nationstates Confirms Breach Shuts…
Crypto Investor Loses Millions To Scam
An Ethereum investor recently lost $12.4 million in a sophisticated address poisoning scam after accidentally sending funds to a fraudulent wallet that mimicked a frequent contact. This article has been indexed from CyberMaterial Read the original article: Crypto Investor Loses…
Cyberattacks Disrupt Polish Energy Sites
CERT Polska reported that a coordinated wave of cyberattacks on December 29, 2025, targeted more than thirty renewable energy sites, a manufacturer, and a major combined heat and power plant. This article has been indexed from CyberMaterial Read the original…