Advanced Persistent Threat actors are shifting their focus toward network edge devices, exploiting critical vulnerabilities in firewalls, routers, and VPN appliances to establish long-term access within target environments. These attacks mark a dangerous evolution in cyber warfare, where adversaries bypass…
Hackers Exploiting ClawHub Skills to Bypass VirusTotal Detections via Social Engineering
Threat actors have significantly evolved their attack strategies recently observed within the ClawHub ecosystem, moving away from easily detectable methods to more subtle techniques. Rather than embedding malicious payloads directly into files, they now host these dangers on convincing external…
European Commission Contains Cyber-Attack Targeting Staff Mobile Data
The European Commission has confirmed the detection and containment of a security incident affecting the central infrastructure that manages staff mobile devices. The breach, identified on January 30 through internal telemetry, resulted in unauthorized access to a limited subset of…
ScarCruft Abuses Legitimate Cloud Services for C2 and OLE-based Chain to Drop Malware
ScarCruft, a prolific North Korean-backed advanced persistent threat (APT) group, has significantly refined its cyberespionage capabilities in a newly identified campaign distributing the ROKRAT malware. This recent activity marks a strategic deviation from their traditional reliance on LNK-based attack chains,…
Fake 7-Zip downloads are turning home PCs into proxy nodes
A convincing lookalike of the popular 7-Zip archiver site has been silently turning victims’ machines into residential proxy nodes. This article has been indexed from Malwarebytes Read the original article: Fake 7-Zip downloads are turning home PCs into proxy nodes
TikTok under EU pressure to change its addictive algorithm
The European Commission has issued preliminary findings that say TikTok breaches the Digital Services Act due to its addictive design. The Commission opened a formal investigation into TikTok in February 2024. The probe examined whether the platform meets its obligations…
OpenAI updates Europe privacy policy, adding new data categories
OpenAI has updated its Europe-facing privacy policy following the November 2024 EU revision, clarifying scope, expanding coverage, and detailing user controls. The updated document is longer, with dedicated sections for data controls and practical resources. It explains key controls and…
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan…
China-Linked DKnife Spyware Hijacking Internet Routers Since 2019
Cisco Talos uncovers DKnife, a China-nexus framework targeting routers and edge devices. Learn how seven stealthy implants hijack data and deliver malware via AitM attacks. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware
APT activity across APAC is rising rapidly as geopolitical tensions continue to grow, and defenders are seeing more advanced tradecraft aimed at long-term access. Taiwan stood out as the most targeted environment, with 173 tracked attacks far higher than any…
New RecoverIt Tool Abuses Windows Service Failure Recovery to Execute Malicious Payloads
A new offensive security tool named “RecoverIt” has been released, offering red teamers a stealthy method for lateral movement and persistence by abusing the Windows Service recovery mechanism. The tool circumvents traditional detection methods that focus on monitoring service creation…
European Commission probes intrusion into staff mobile management backend
Officials explore issue affecting infrastructure after CERT-EU detected suspicious activity Brussels is digging into a cyber break-in that targeted the European Commission’s mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff.… This…
IT Security News Hourly Summary 2026-02-09 12h : 7 posts
7 posts were published in the last hour 10:32 : Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors 10:32 : Heimdal Claims Industry First with IASME-Aligned Cyber Essentials PEDM Mapping 10:32 : Critical FortiClientEMS Vulnerability Let…
Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors
A threat cluster tracked as “Vortex Werewolf” (also known as SkyCloak) has been observed targeting Russian government and defense organizations. The attack begins not with a typical malicious attachment, but with a highly credible phishing link. Vortex Werewolf distributes URLs…
Heimdal Claims Industry First with IASME-Aligned Cyber Essentials PEDM Mapping
London, UK, February 9, 2026 – Heimdal today announced it is the first vendor to publish an IASME Cyber Essentials aligned control mapping for Privilege Elevation and Delegation Management (PEDM), helping organisations evidence least privilege and stronger control over administrative access. Privileged access…
Critical FortiClientEMS Vulnerability Let Attackers Execute Malicious Code Remotely
Fortinet has issued a critical security advisory warning administrators to immediately patch instances of FortiClientEMS, its central management solution for endpoint protection. The vulnerability, tracked as CVE-2026-21643, carries a CVSSv3 score of 9.1 and could allow unauthenticated, remote attackers to…
New RecoverIt Tool Exploits Windows Service Failure Recovery Functions to Execute Payload
A new open-source offensive security tool named “RecoverIt” has been released, offering Red Teamers and penetration testers a novel method for establishing persistence and executing lateral movement on compromised Windows systems. The tool, developed by security researcher TwoSevenOneT, weaponizes the…
Vortex Werewolf Attacking Organizations to Gain Tor-Enabled Remote Access Over the RDP, SMB, SFTP, and SSH Protocols
A new cyber espionage cluster has recently emerged, focusing its aggressive targeting on Russian government and defense organizations. Active since at least December 2025, the group, designated as Vortex Werewolf, employs a combination of social engineering and legitimate software utilities…
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Cybersecurity researchers have called attention to a “massive campaign” that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as “worm-driven,” leveraged exposed Docker APIs, Kubernetes…
Social Media Platforms Earn Billions from Scam Ads
Revolut claims social media sites make ÂŁ3.8bn annually from scam ads targeting European users This article has been indexed from www.infosecurity-magazine.com Read the original article: Social Media Platforms Earn Billions from Scam Ads
Critical Fortinet FortiClient EMS Vulnerability Allows Remote Code Execution
A critical security vulnerability has been discovered in Fortinet’s FortiClient EMS (Endpoint Management Server), potentially exposing organizations to remote code execution attacks. The flaw, tracked as CVE-2026-21643, was disclosed on February 6, 2026, and carries a severe CVSS score of…
Romania’s national oil pipeline firm Conpet reports cyberattack
Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its…
New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog
The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it. The post New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog appeared first on SecurityWeek.…
US Agencies Told to Scrap End of Support Edge Devices
CISA has issued a new directive requiring federal agencies to decommission all end of support edge devices within 12 months to reduce ongoing exploitation risks This article has been indexed from www.infosecurity-magazine.com Read the original article: US Agencies Told to…