A sophisticated cyber campaign has compromised over 1,800 Windows servers globally, using a potent malware strain known as BADIIS. This operation targets Internet Information Services (IIS) environments, transforming legitimate infrastructure into a massive network for SEO poisoning. By hijacking these…
Tag: Cyber Security News
Critical Vulnerability in Next-Mdx-Remote Allows Arbitrary Code Execution in React Server-Side Rendering
Security advisory HCSEC-2026-01 revealed a critical vulnerability in the next-mdx-remote library that allows attackers to execute arbitrary code on servers rendering untrusted MDX content. Tracked as CVE-2026-0969, the issue affects versions 4.3.0 through 5.0.0 and is fixed in 6.0.0. Next-mdx-remote…
CISA Warns of Notepad++ Code Execution Vulnerability Exploited in Attacks
CISA has added CVE-2025-15556 to its Known Exploited Vulnerabilities (KEV) catalog, highlighting active exploitation of a critical code execution flaw in Notepad++, a widely used open-source text editor popular among developers and IT professionals. Added on February 12, 2026, with…
Odido Telecom Suffers Cyberattack – 6.2 Million Customer Accounts Affected
Odido Telecom, a leading Dutch telecommunications provider, confirmed on February 12, 2026, that hackers accessed personal data from 6.2 million customer accounts in a major cyberattack. The breach, detected over the February 7-8 weekend, has raised alarms about phishing risks…
Feiniu NAS Devices Infected in Large-Scale Netdragon Botnet Attack Exploiting Unpatched Vulnerabilities
A serious security incident has recently emerged involving Feiniu (fnOS) Network Attached Storage devices. These systems are being actively targeted and infected by the Netdragon botnet, a malware strain that first appeared in October 2024. The attackers are leveraging undisclosed…
DShield Sensor Captures Self-Propagating SSH Worm Exploit Using Credential Stuffing and Multi-Stage Malware
A sophisticated self-spreading worm has emerged that can completely compromise Linux systems through SSH brute-force attacks in just four seconds. This new threat combines traditional credential stuffing techniques with modern cryptographic command verification, creating a fast-moving botnet that specifically targets…
DragonForce Ransomware Group Expands Its Influence with Cartel-like Operations and Targeting 363 Companies Since 2023
DragonForce has established itself as a formidable entity in the cybercrime landscape, having been active since December 2023. Operating under a sophisticated Ransomware-as-a-Service (RaaS) model, the group aggressively brands itself as a “cartel” to consolidate power and influence. This strategic…
ORB Networks Mask Cyberattacks Using Compromised IoT Devices and SOHO Routers
Operational Relay Box networks have emerged as one of the most sophisticated tools used by threat actors to hide their cyberattacks from security teams worldwide. These obfuscated mesh networks consist of compromised Internet-of-Things devices, Small Office/Home Office routers, and Virtual…
287 Chrome Extensions Exfiltrate Browsing History From 37.4 Million Users
A massive data exfiltration operation involving 287 Chrome extensions that secretly steal browsing history from approximately 37.4 million users worldwide. According to research with alias qcontinuum1, the discovery represents roughly one percent of the global Chrome user base, highlighting a…
Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Exploits GitHub, npm, and PyPI to Distribute Malware
The North Korean state-sponsored hacking team, Lazarus Group, has launched a sophisticated fake recruiter campaign targeting cryptocurrency developers through a malicious operation called “graphalgo.” Active since May 2025, this coordinated attack uses fraudulent job offers to distribute remote access trojans…
Google Warns of Hackers Leveraging Gemini AI for All Stages of Cyberattacks
Threat actors have begun leveraging Google’s Gemini API to dynamically generate C# code for multi-stage malware, evading traditional detection methods. The Google Threat Intelligence Group (GTIG) detailed this in its February 2026 AI Threat Tracker report, spotlighting the HONESTCUE framework…
Sophisticated ‘duer-js’ NPM Package Distributes ‘Bada Stealer’ Malware Targeting Windows and Discord Users
A dangerous malware campaign has emerged on the NPM package registry, putting thousands of developers and Windows users at risk. The malicious package, known as “duer-js,” was published by a user named “luizaearlyx” and disguised itself as a legitimate console…
Chrome Security Update – Patch for Vulnerabilities that Enables Code Execution Attacks
Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux, addressing 11 security vulnerabilities that could enable attackers to execute malicious code on user systems. The update, rolling out over the coming weeks, includes several high-severity…
Adblock Filters Exposes Reveal User Location Despite VPN Protection
Many internet users believe VPNs make them completely anonymous online. While VPNs hide your IP address and encrypt traffic, a new fingerprinting technique reveals they cannot protect against all tracking methods. Country-specific AdBlock filter lists installed in browsers can expose…
Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers
Security researchers have identified the first documented instance of a malicious Microsoft Outlook add-in being used against users in real-world scenarios. A compromised meeting scheduler named AgreeTo was used to steal over 4,000 Microsoft account credentials, credit card numbers, and answers to…
Fake CAPTCHA Attacks Emerge as Key Entry Point for LummaStealer Malware Campaigns
LummaStealer, a notorious information-stealing malware, has made a significant comeback following a major law enforcement disruption in 2025. This resurgence is characterized by a shift in distribution tactics, moving away from traditional exploit kits towards aggressive social engineering campaigns. Cybercriminals…
Palo Alto Networks Firewall Vulnerability Allows an Attacker to Force Firewalls into a Reboot Loop
A critical denial-of-service (DoS) flaw in Palo Alto Networks’ PAN-OS software could let unauthenticated attackers crash firewalls into endless reboot cycles, potentially crippling enterprise networks. Dubbed CVE-2026-0229, the vulnerability lurks in the Advanced DNS Security (ADNS) feature. An attacker sends…
$44 Evilmouse Autonomously Executes Commands and Compromises Systems Once Connected
A $44 hardware implant disguised as an ordinary computer mouse. This device acts as a covert keystroke injector, akin to the Hak5 Rubber Ducky, but leverages the innocuous form factor of a mouse to bypass basic user awareness training. Plug…
Promptware – Hackers Can Use Google Calendar Invites to Stream Victims’ Cameras via Zoom
A new and dangerous class of cyberattack called “Promptware” has been discovered, capable of turning your personal AI assistant into a sleeper agent that spies on you. Security researchers from Ben-Gurion University, Tel Aviv University, and Harvard have demonstrated a…
Threat Actors Leveraging Employee Monitoring and SimpleHelp Tools to Deploy Ransomware Attacks
Cybercriminals are increasingly using valid administrative software to launch attacks, making their malicious activities much harder to spot. Instead of relying solely on custom computer viruses, these actors abuse legitimate workforce monitoring tools to hide inside business networks. By utilizing…