OpenAI, in collaboration with crypto investment firm Paradigm, has introduced EVMbench, a new benchmark designed to evaluate the ability of AI agents to detect, patch, and exploit high-severity vulnerabilities in smart contracts. The release marks a significant step in measuring…
Tag: Cyber Security News
Hackers Can Leverage Grok and Copilot for Stealthy Malware Communication and Control
A novel attack technique that repurposes mainstream AI assistants, specifically xAI’s Grok and Microsoft Copilot, as covert command-and-control (C2) relays, enabling attackers to tunnel malicious traffic through platforms that enterprise networks already trust and permit by default. Dubbed “AI as…
Fake CAPTCHA (ClickFix) Attack Chain Leads to Enterprise‑Wide Malware Infection in Organisations
A sophisticated cyberattack campaign leveraging “ClickFix” social engineering has emerged, posing a severe threat to enterprise networks globally. These massive campaigns, which trick users into executing malicious code under the guise of resolving a fake technical error, have become increasingly…
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in The Wild Targeting Corporate Networks
Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) have emerged as a major threat to enterprise networks, with active exploitation campaigns targeting corporate infrastructure across multiple countries. The vulnerabilities, identified as CVE-2026-1281 and CVE-2026-1340, enable unauthenticated attackers to…
Cryptocurrency Scams Target Asia, Combining Malvertising and Pig Butchering with Losses Up to ¥10 Million
A sophisticated cryptocurrency scam campaign is currently targeting users across Asia, with a heavy and specific focus on Japan. This operation uniquely combines two distinct fraud models into a single, highly effective attack vector: malvertising and “pig butchering.” By blending…
Malware Campaign Delivers Remote Access Backdoor and Fake MetaMask Wallet to Steal Cryptocurrency Funds
North Korean threat actors have launched a sophisticated attack campaign targeting IT professionals in cryptocurrency, Web3, and artificial intelligence sectors. The ongoing operation, known as Contagious Interview, deploys remote access backdoors alongside trojanized MetaMask wallet extensions designed to steal digital…
Microsoft 365 Exchange URL Filtering Update Quarantines Legitimate Emails as Phishing
A faulty URL filtering rule update in Microsoft Exchange Online triggered a widespread false-positive storm beginning February 9, 2026, causing legitimate email messages to be incorrectly flagged as phishing and quarantined, disrupting email workflows for organizations globally. Microsoft tracked the…
Microsoft 365 Copilot Flaw Allows AI Assistant to Summarize Sensitive Emails
A security flaw in Microsoft 365 Copilot is causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, bypassing configured Data Loss Prevention (DLP) policies dxposing potentially sensitive organizational data to unauthorized AI processing. The issue,…
ClickFix Abuses Legitimate Homebrew Workflow to Deploy Cuckoo Stealer on macOS for Credential Harvesting
A sophisticated social engineering campaign is targeting macOS developers through fake Homebrew installation pages that deploy Cuckoo Stealer, a comprehensive credential-harvesting malware. The attack leverages the ClickFix technique, which tricks users into executing malicious Terminal commands disguised as legitimate software…
ClawHavoc Poisoned OpenClaw’s ClawHub with 1,184 Malicious Skills, Enabling Data Theft and Backdoor Access
A large-scale supply chain poisoning campaign that targeted OpenClaw’s official marketplace, ClawHub, distributing 1,184 malicious “Skills” designed to steal data and establish backdoor access on compromised systems. OpenClaw, a fast-growing open-source AI agent platform, enables users to install plugin-like Skills…
OpenClaw AI Framework v2026.2.17 Released with Anthropic Model Support and Security Fixes
OpenClaw has released version 2026.2.17 with significant enhancements, including support for Anthropic’s Claude Sonnet 4.6 model. Expanded context windows, though the update arrives as the AI agent framework continues facing scrutiny over critical security vulnerabilities involving credential theft and remote…
New SysUpdate Variant Malware Discovered and Tool Developed to Decrypt Encrypted Linux C2 Traffic
A new variant of the SysUpdate malware has emerged as a sophisticated threat targeting Linux systems with advanced command-and-control (C2) encryption capabilities. The malware was discovered during a Digital Forensics and Incident Response (DFIR) engagement when security teams detected the…
Paloalto to Acquire Koi Security for Establishing Agentic Endpoint security
Palo Alto Networks announced a definitive agreement to acquire Koi Security, a leading innovator in Agentic Endpoint Security, marking a major expansion of its AI‑driven defense portfolio. The move underscores Palo Alto’s commitment to securing the emerging landscape of AI-enabled endpoints. Autonomous…
MetaMask Users Targeted with Phishing Emails Containing Forged Security Report to Evade Detection
A new phishing campaign is targeting MetaMask users through carefully crafted emails that contain fake security incident reports designed to manipulate victims into compromising their accounts. The attack leverages social engineering tactics by creating a false sense of urgency around…
16 Zero-Day Vulnerabilities in Popular PDF Platforms Enable Code Execution and Data Exfiltration
16 zero-day vulnerabilities, including critical OS Command Injection, DOM-based XSS, SSRF, and Path Traversal flaws across Apryse WebViewer (formerly PDFTron) and Foxit PDF cloud services, affecting millions of enterprise users worldwide. The disclosure from Novee Security showcases its AI-augmented human-agent…
Single-Character Typo of “&” Instead of “|” Leads to 0-Day RCE in Firefox
A critical Remote Code Execution (RCE) vulnerability in Mozilla Firefox was caused by a single-character typo in the SpiderMonkey JavaScript engine’s WebAssembly garbage collection code, where a developer mistakenly typed “&” (bitwise AND) instead of “|” (bitwise OR). Security researcher…
CISA Adds Windows Video ActiveX Control RCE Flaw to KEV Catalog Following Active Exploitation
A long-dormant Microsoft Windows vulnerability, CVE-2008-0015, has been added to the Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw, first disclosed more than a decade ago, impacts the Windows Video ActiveX Control component and poses…
Anthropic Releases Claude Sonnet 4.6 with Improved Coding, Computer Use, and 1M Token Context Window
Anthropic has officially launched Claude Sonnet 4.6, its most capable mid-tier model to date, delivering a comprehensive upgrade across coding, computer use, long-context reasoning, agent planning, knowledge work, and design, all at the same price point as its predecessor. The…
New Phishing Campaign Targets Booking.com Partners and Customers in Multi-Stage Financial Fraud Scheme
A new Booking.com‑themed phishing campaign is abusing trust in travel brands to steal money and sensitive data from both hotels and guests. The scheme can start as a service message, but it can end with payment fraud and card exposure.…
New ‘Foxveil’ Malware Loader Leverages Cloudflare, Netlify, and Discord to Evade Detection
A new malware loader called “Foxveil” has been discovered actively targeting systems through legitimate cloud platforms, raising concerns about how threat actors are weaponizing trusted services to bypass security measures. The malware has been operational since August 2025 and has…