Tag: Cyber Security News

ZeroDayRAT is a new mobile spyware platform sold openly through Telegram, with activity first observed on February 2, 2026. It targets Android (5–16) and iOS (up to 26), giving attackers one cross-platform tool. From a browser-based control panel, an operator…

Read more →

An alert regarding two critical vulnerabilities found in ZLAN Information Technology Co.’s ZLAN5143D industrial communication device. According to the advisory (ICSA-26-041-02), successful exploitation could allow attackers to gain complete control of affected systems by bypassing authentication mechanisms or resetting device…

Read more →

The state-sponsored threat group Lotus Blossom successfully breached the official hosting infrastructure of Notepad++ between June and December 2025, targeting users across government agencies, telecommunications companies and critical infrastructure sectors. The attackers gained access by compromising the shared hosting provider’s…

Read more →

A critical vulnerability tracked as CVE-2026-1731 is being actively exploited in the wild, enabling attackers to gain full domain control over affected systems. Threat actors are leveraging this flaw to execute operating system commands remotely without authentication. The flaw, discovered in self-hosted BeyondTrust…

Read more →

Google has urgently patched a high-severity zero-day vulnerability in Chrome, confirming active exploitation in the wild. Tracked as CVE-2026-2441, the flaw is a use-after-free bug in the browser’s CSS handling, reported by independent researcher Shaheen Fazim just five days ago…

Read more →

Microsoft’s February 10, 2026, security update KB5077181 for Windows 11 versions 24H2 (build 26200.7840) and 25H2 (build 26100.7840) has triggered widespread reports of critical boot failures just days after deployment. Users describe devices entering infinite restart loops, often exceeding 15…

Read more →

PentestAgent, an open-source AI agent framework from developer Masic (GH05TCREW), has introduced enhanced capabilities, including prebuilt attack playbooks and seamless HexStrike integration. Released on GitHub by a researcher with the alias GH05TCREW, this tool leverages large language models (LLMs) like…

Read more →

A new evolution in the ClickFix social engineering campaign, which now employs a custom DNS hijacking technique to deliver malware. This attack method tricks users into executing malicious commands that utilize DNS lookups to fetch the next stage of the…

Read more →

A new evolution in the ClickFix social engineering campaign, which now employs a custom DNS hijacking technique to deliver malware. This attack method tricks users into executing malicious commands that utilize DNS lookups to fetch the next stage of the…

Read more →

A sophisticated malware campaign targeting macOS users through Google-sponsored search results and legitimate platforms, including Anthropic’s Claude AI and Medium. The campaign has already reached over 15,000 potential victims through two distinct attack variants that exploit users’ trust in established…

Read more →

A threat actor is reportedly selling a purported critical severity zero-day exploit chain targeting OpenSea for $100,000 USD in Bitcoin or Monero. The listing claims the vulnerability remains unpatched and undisclosed, raising alarms in the NFT community. The exploit allegedly…

Read more →

CISA has issued an urgent alert about a critical SQL injection vulnerability in Microsoft Configuration Manager (SCCM). Tracked as CVE-2024-43468, this flaw lets unauthenticated attackers run malicious commands on servers and databases. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog…

Read more →

A coordinated campaign is using malicious Chrome extensions that impersonate popular AI tools like ChatGPT, Claude, Gemini, and Grok. These fake “AI assistants” spy on users through injected, remote-controlled iframes, turning helpful browser add-ons into surveillance tools. More than 260,000…

Read more →

OpenClaw Version 2026.2.12 is a major security-focused update that fixes more than 40 vulnerabilities and strengthens protection across the AI agent platform. The update improves hooks, browser control, scheduling, messaging channels, and gateway security. The main goal of this release…

Read more →

A sophisticated social engineering campaign is targeting Windows users through fake CAPTCHA verification pages to deliver the StealC information stealer malware. The attack begins when victims visit compromised websites that display fraudulent Cloudflare security checks, tricking them into executing malicious…

Read more →

Over half a million VKontakte users have fallen victim to a sophisticated malware campaign that silently hijacks accounts through seemingly harmless Chrome extensions. The malicious extensions, disguised as VK customization tools, automatically subscribe users to attacker-controlled groups, reset account settings…

Read more →

A new phishing campaign has been observed delivering an updated variant of XWorm, a Remote Access Trojan (RAT) that can give attackers full remote control of infected Microsoft Windows systems. First tracked in 2022, XWorm is still actively distributed and…

Read more →

In a critical move for email server security, Zimbra released version 10.1.16 on February 4, 2026, tackling high-severity vulnerabilities including cross-site scripting (XSS), XML external entity (XXE), and LDAP injection. Labelled as high-patch severity and deployment risk, this update urges…

Read more →

The distribution of malicious software through pirated games and cracked applications continues to be a highly effective strategy for cybercriminals. By exploiting the widespread desire for free access to premium content, attackers can easily bypass initial user suspicions and deliver…

Read more →

A sophisticated malware loader known as OysterLoader has emerged as a significant threat in the cybersecurity landscape, employing multiple layers of obfuscation to evade detection and deliver dangerous payloads. First identified in June 2024 by Rapid7, this C++ malware is…

Read more →