APT28, the Russia-linked advanced persistent threat group, has launched a sophisticated campaign targeting Central and Eastern Europe using a zero-day vulnerability in Microsoft Office. The threat actors leveraged specially crafted Microsoft Rich Text Format (RTF) files to exploit the vulnerability…
Tag: Cyber Security News
Apache Syncope Vulnerability Let Attackers Hijack User Sessions
A critical XML External Entity (XXE) vulnerability has been disclosed in the Syncope identity management console. The flaw could allow administrators to expose sensitive user data and compromise session security inadvertently. The vulnerability, tracked as CVE-2026-23795, affects multiple versions of…
OpenClaw AI Agent Skills Abused by Threat Actors to Deliver Malware
Hundreds of malicious skills designed to deliver trojans, infostealers, and backdoors disguised as legitimate automation tools. VirusTotal has uncovered a significant malware distribution campaign targeting OpenClaw, a rapidly growing personal AI agent ecosystem. OpenClaw, previously known as Clawdbot and briefly…
Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution
A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device firmware, potentially allowing attackers with valid credentials to execute arbitrary commands…
Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware
A dangerous banking malware called Anatsa has been discovered spreading through the Google Play Store, reaching more than fifty thousand downloads before detection. The malicious application was cleverly hidden as a document reader, making it appear harmless to unsuspecting users…
Notepad++ Hack Detailed Along With the IoCs and Custom Malware Used
A sophisticated espionage campaign attributed to the Chinese Advanced Persistent Threat (APT) group Lotus Blossom (also known as Billbug). The threat actors compromised the infrastructure hosting the popular text editor Notepad++ to deliver a custom, previously undocumented backdoor named “Chrysalis”.…
Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack
A newly formed Russian hacker alliance known as Russian Legion has launched a coordinated cyberattack campaign against Denmark, threatening critical infrastructure and government services. The alliance, which includes Cardinal, The White Pulse, Russian Partizan, and Inteid, publicly announced its formation…
30 Wind and Solar Farms in Poland Faced Coordinated Cyberattacks
On December 29, 2025, Poland faced a coordinated assault targeting more than 30 wind and solar farms, alongside a large combined heat and power plant and a manufacturing facility. The attacks occurred during severe winter weather, when temperatures dropped and…
DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data
A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when security researchers detected its deployment at a Polish energy…
NationStates Suffers Databreach – Game site Temporarily Offline
A long-running online nation simulation game has been taken temporarily offline following a security breach that compromised its central production server. The team estimates the downtime will last 2 to 5 days as they rebuild core infrastructure and audit the…
21,000+ OpenClaw AI Instances With Personal Configurations Exposed Online
21,000+ publicly exposed instances of an open-source personal AI assistant, raising significant concerns about unprotected access to sensitive user configurations and personal data. OpenClaw, a rapidly emerging personal AI assistant created by Austrian developer Peter Steinberger, has experienced explosive growth…
New Punishing Owl Hacker Group Targeting Networks of Russian Government Security Agency
A previously unknown hacktivist group called Punishing Owl has emerged with sophisticated cyberattacks targeting Russian government security agencies. The group first surfaced on December 12, 2025, when it announced the successful breach of a Russian government security agency’s network. The…
Windows 11 Bug Causing Password Sign-in Option to Disappear from the Lock Screen on
Microsoft has acknowledged a strange user interface bug affecting specific Windows environments where the password sign-in option appears to vanish from the lock screen. The issue, which originated with updates released in late 2025, primarily impacts managed IT infrastructures and…
Hackers Exploiting Microsoft Office 0-day Vulnerability to Deploy Malware
The Russia-linked threat group UAC-0001, also known as APT28, has been actively exploiting a critical zero-day vulnerability in Microsoft Office. The group is using this flaw to deploy sophisticated malware against Ukrainian government entities and European Union organizations. The vulnerability,…
Pulsar RAT Attacking Windows Systems via Per-user Run Registry Key and Exfiltrates Sensitive Details
A new wave of attacks targeting Windows systems has emerged through a sophisticated remote access trojan known as Pulsar RAT. This malware establishes persistence using the per-user Run registry key, enabling automatic execution each time an infected user logs into…
Gakido CRLF Injection Vulnerability Let Attackers Bypass Security Controls
A critical vulnerability in Gakido, an HTTP client library by HappyHackingSpace, has been discovered that allows attackers to inject arbitrary HTTP headers through CRLF (Carriage Return Line Feed) sequences. Tracked as CVE-2026-24489 under advisory RO-26-005, the vulnerability affects all versions…
New Stealthy Fileless Linux Malware ‘ShadowHS’ Emphasizes Automated Propagation
Security teams defending Linux environments now face a sophisticated threat designed to evade traditional detection. A newly uncovered fileless malware framework named ShadowHS operates entirely in memory, leaving no persistent traces on disk while establishing long-term control over compromised systems.…
Autonomous AI Agents Are Becoming the New Operating System of Cybercrime
The cybersecurity landscape has entered a dangerous new phase where autonomous AI agents are transforming from simple automation tools into sophisticated criminal operators. These self-directed systems now execute complex cyberattacks without human oversight, marking a fundamental shift in how digital…
Arsink Rat Attacking Android Devices to Exfiltrate Sensitive Data and Enable Remote Access
A dangerous Android malware called Arsink RAT has emerged as a serious threat to mobile device security worldwide. This cloud-native Remote Access Trojan gives attackers complete control over infected devices while quietly stealing personal information. The malware spreads through social…
Hackers Attacking MongoDB Instances to Delete Database and Add Ransom Note
Threat actors are actively targeting internet-exposed MongoDB instances in large-scale automated ransomware campaigns. The attacks follow a consistent pattern: attackers scan for unsecured MongoDB databases accessible on the public internet, delete the stored data, and insert ransom notes demanding payment…