Microsoft has released LiteBox, a project intended to function as a security-focused library OS that can serve as a secure kernel for protecting a guest kernel using virtualization hardware. LiteBox was developed in collaboration with the Linux Virtualization Based Security…
Microsoft brings project-focused AI agents into OneDrive
Teams often rely on shared document collections to track project history, decisions, and operational knowledge. To support this workflow, Microsoft introduced Agents in OneDrive, allowing users to create AI assistants built from selected files and folders. The feature allows users…
Broken Phishing URLs, (Thu, Feb 5th)
For a few days, many phishing emails that landed into my mailbox contain strange URLs. They are classic emails asking you to open a document, verify your pending emails, … This article has been indexed from SANS Internet Storm Center,…
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT. This article has been indexed from Securelist Read the original article: Stan Ghouls targeting Russia and…
Varonis acquires AllTrue.ai to enable safe, compliant AI at scale
Varonis is expanding its AI security capabilities through the acquisition of AllTrue.ai, which brings real-time visibility and security to AI systems, complementing Varonis’ understanding of enterprise data, identities, and access. Together, the combined platform helps organizations see and protect everything…
AiStrike introduces AI-powered MDR to reduce costs and alert fatigue
AiStrike announced the launch of AiStrike MDR, an AI-powered managed detection and response (MDR) service designed to replace human-intensive MDR with an AI-led, expert-guided operating model built for scale, speed, and measurable outcomes. Enterprises and government organizations use AiStrike to…
Ukraine tightens controls on Starlink terminals, VMware ESXi flaw now exploited, SolarWinds Web Help Desk bug under attack
Ukraine tightens controls on Starlink terminals VMware ESXi flaw now exploited SolarWinds Web Help Desk bug under attack Get the show notes here: https://cisoseries.com/cybersecurity-news-ukraine-tightens-controls-on-starlink-terminals-vmware-esxi-flaw-now-exploited-solarwinds-web-help-desk-bug-under-attack/ Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts…
APT28 Hackers Exploit Microsoft Office Vulnerability to Target Government Agencies
Russian state-sponsored hackers, known as APT28 or Fancy Bear, have launched a new wave of cyberattacks targeting government and military organizations across Europe. This sophisticated espionage campaign, observed in late January 2026, targets the theft on secrets from maritime and…
OfferUp scammers are out in force: Here’s what you should know
The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. This article has been indexed from WeLiveSecurity Read the original article: OfferUp scammers are out in force:…
Three clues that your LLM may be poisoned with a sleeper-agent back door
It’s a threat straight out of sci-fi, and fiendishly hard to detect Sleeper agent-style backdoors in AI large language models pose a straight-out-of-sci-fi security threat.… This article has been indexed from The Register – Security Read the original article: Three…
IT Security News Hourly Summary 2026-02-05 09h : 5 posts
5 posts were published in the last hour 7:34 : Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems 7:34 : New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support Scam Kit 7:34 : Threat…
Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems
A new cyber-espionage threat group dubbed Amaranth-Dragon. Active throughout 2025, this group has launched highly targeted attacks against government and law enforcement agencies across Southeast Asia. Evidence links Amaranth-Dragon to APT-41, a notorious Chinese state-sponsored hacking group, due to shared tools and…
New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support Scam Kit
A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebook’s paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…
Threat Actors Hacking NGINX Servers to Redirect Web Traffic to Malicious Servers
A sophisticated campaign in which threat actors are stealthily compromising NGINX servers to redirect web traffic to malicious destinations. The attackers, previously linked to “React2Shell” exploits, are now targeting NGINX configurations, specifically those using the Baota (BT) management panel, widely…
New DesckVB RAT with Multi-stage Infection Chain and Plugin-Based Architecture
A sophisticated new threat has surfaced in the wild, identified as the DesckVB RAT version 2.9. This modular Remote Access Trojan, built on the .NET framework, has been observed in active malware campaigns throughout early 2026. Unlike simple backdoors, this…
APT28 Hackers Exploiting Microsoft Office Vulnerability to Compromise Government Agencies
Russian state-sponsored actors known as APT28 have initiated a sophisticated cyber espionage campaign targeting high-value government and military entities across Europe. The primary targets include maritime and transport organizations in nations such as Poland, Ukraine, and Turkey. The attackers are…
Threat Actors Exploiting NGINX Servers to Redirect Web Traffic to Malicious Sites
A new cyber campaign where attackers are hijacking web servers to redirect visitors to malicious websites . The campaign targets NGINX, a popular web server software, and specifically focuses on servers using the Baota (BT) management panel. The attackers, linked…
Smart glasses are back, privacy issues included
AI smart glasses are the latest addition to fashion, and they include a camera, a microphone, AI, and privacy risks. After Google Glass failed to gain traction more than a decade ago, the category is seeing renewed interest as companies…
New DesckVB RAT Unveiled with Multi-Stage Infection Chain and Plugin-Based Architecture
A sophisticated strain of the DeskVB Remote Access Trojan (RAT) has been identified in the wild, showcasing a highly modular architecture and a complex, multi-stage infection chain. While the malware family itself is not entirely new, this latest iteration (v2.9.0.0)…
Amaranth-Dragon Exploiting WinRAR Vulnerability to Gain Persistent to Victim Systems
A sophisticated cyber-espionage group known as Amaranth-Dragon has launched a series of highly targeted attacks against government and law enforcement agencies across Southeast Asia. Active throughout 2025, these campaigns have demonstrated a keen interest in geopolitical intelligence, often timing their…
Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands
The cybersecurity landscape has darkened with the sophisticated evolution of the KongTuke campaign. Active since mid-2025, this threat actor group has continuously refined its techniques to bypass conventional enterprise security filters. Their primary weapon remains the “ClickFix” strategy, a social…
New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support #Scam Kit
A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebook’s paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure. Datadog Security Labs said it observed threat…
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate…