Microsoft Exchange Online is experiencing a service degradation that incorrectly flags legitimate customer emails as phishing, quarantining them and disrupting communications. The issue, identified as EX1227432, started on February 5, 2026, at 10:31 AM EST and remains ongoing. Microsoft classifies…
Tag: Cyber Security News
APT Hackers Target Edge Devices by Abusing Trusted Services to Deploy Malware
Advanced Persistent Threat actors are shifting their focus toward network edge devices, exploiting critical vulnerabilities in firewalls, routers, and VPN appliances to establish long-term access within target environments. These attacks mark a dangerous evolution in cyber warfare, where adversaries bypass…
Hackers Exploiting ClawHub Skills to Bypass VirusTotal Detections via Social Engineering
Threat actors have significantly evolved their attack strategies recently observed within the ClawHub ecosystem, moving away from easily detectable methods to more subtle techniques. Rather than embedding malicious payloads directly into files, they now host these dangers on convincing external…
European Commission Contains Cyber-Attack Targeting Staff Mobile Data
The European Commission has confirmed the detection and containment of a security incident affecting the central infrastructure that manages staff mobile devices. The breach, identified on January 30 through internal telemetry, resulted in unauthorized access to a limited subset of…
ScarCruft Abuses Legitimate Cloud Services for C2 and OLE-based Chain to Drop Malware
ScarCruft, a prolific North Korean-backed advanced persistent threat (APT) group, has significantly refined its cyberespionage capabilities in a newly identified campaign distributing the ROKRAT malware. This recent activity marks a strategic deviation from their traditional reliance on LNK-based attack chains,…
Critical FortiClientEMS Vulnerability Let Attackers Execute Malicious Code Remotely
Fortinet has issued a critical security advisory warning administrators to immediately patch instances of FortiClientEMS, its central management solution for endpoint protection. The vulnerability, tracked as CVE-2026-21643, carries a CVSSv3 score of 9.1 and could allow unauthenticated, remote attackers to…
New RecoverIt Tool Exploits Windows Service Failure Recovery Functions to Execute Payload
A new open-source offensive security tool named “RecoverIt” has been released, offering Red Teamers and penetration testers a novel method for establishing persistence and executing lateral movement on compromised Windows systems. The tool, developed by security researcher TwoSevenOneT, weaponizes the…
Vortex Werewolf Attacking Organizations to Gain Tor-Enabled Remote Access Over the RDP, SMB, SFTP, and SSH Protocols
A new cyber espionage cluster has recently emerged, focusing its aggressive targeting on Russian government and defense organizations. Active since at least December 2025, the group, designated as Vortex Werewolf, employs a combination of social engineering and legitimate software utilities…
OpenClaw Becomes New Target in Rising Wave of Supply Chain Poisoning Attacks
OpenClaw, a rapidly growing open-source AI agent platform, faces severe supply chain risks as attackers poison its ClawHub plugin marketplace with malicious skills. Security firms SlowMist and Koi Security have uncovered hundreds of compromised extensions deploying infostealers like Atomic Stealer.…
Black Basta Ransomware Actors Embeds BYOVD Defense Evasion Component with Ransomware Payload Itself
Ransomware actors are constantly refining their arsenals to bypass modern defenses. A recent campaign by the Black Basta group has introduced a significant tactical shift by embedding a “Bring Your Own Vulnerable Driver” (BYOVD) component directly into the ransomware payload…
Ransomware Detection With Windows Minifilter by Intercepting File Filter and Change Events
Ransomware continues to be the most financially damaging type of cyberattack affecting organizations around the world. One of the most effective tools for monitoring in Windows is the minifilter driver. By sitting directly in the file system I/O pipeline, a…
New Telegram Phishing Attack Abuses Authentication Workflows to Obtain Full Authorized User Sessions
A sophisticated Telegram phishing campaign has re-emerged, marking a significant evolution in how threat actors compromise user accounts. Unlike traditional credential harvesting, this operation does not rely on cloning login pages to steal passwords but instead manipulates the platform’s legitimate…
Beware of Apple Pay Phishing Attack that Aims to Steal Your Payment Details
A sophisticated phishing campaign is currently targeting Apple Pay users, utilizing deceptive emails and phone calls to steal sensitive financial information. The attack typically begins with an email that appears boringly familiar, featuring the official Apple logo and a clean,…
Hackers Attacking IT & OSINT Professionals with New PyStoreRAT to Gain Remote Access
A sophisticated new supply chain attack is targeting Information Technology administrators and Open Source Intelligence (OSINT) professionals. This campaign leverages the reputation of the trusted development platform GitHub to distribute a stealthy backdoor. Unlike typical opportunistic attacks, this operation employs…
Hackers Actively Exploiting SolarWinds Web Help Desk RCE Vulnerability to Deploy Custom Tools
Active exploitation of a remote code execution (RCE) vulnerability in SolarWinds Web Help Desk (WHD) is accelerating, with attackers rapidly weaponizing compromised instances to deploy legitimate but heavily abused administrative tooling. According to observations from Huntress, 84 endpoints across 78…
Hackers Leveraging Free Firebase Developer Accounts to Send Phishing Emails
The landscape of digital threats is constantly shifting, with cybercriminals increasingly adopting “living off the cloud” strategies to bypass security perimeters. By exploiting the infrastructure of trusted service providers, attackers can effectively cloak their malicious activities, making detection significantly more…
Cybersecurity Weekly Newsletter – Notepad++ hack, Office 0-Day, ESXi 0-day Ransomware Attacks and More
Welcome to this week’s pulse on the cyber threat landscape, where vulnerabilities strike fast, and defenders must move faster. Notepad++ users face a supply-chain nightmare after a malicious update; Microsoft Office’s latest 0-day is ripe for exploitation; and ESXi servers…
LocalGPT – A Secure Local Device Focused AI Assistant Built in Rust
In an era where AI assistants like ChatGPT and Claude dominate cloud infrastructures, exposing user data to remote breaches, a new Rust-based tool called LocalGPT promises a fortress-like alternative. Developed as a single ~27MB binary, LocalGPT runs entirely on local…
Microsoft Data Center Power Outage Disrupts Windows 11 Updates and Store Functionality
Microsoft has confirmed that a significant power outage at one of its West US data centers triggered widespread service disruptions yesterday, leaving thousands of Windows 11 users unable to access the Microsoft Store or complete Windows Updates. The incident, which…
BridgePay Payment Gateway Hit by Ransomware, Causing Nationwide Outages
BridgePay Network Solutions, a major U.S. payment gateway provider, confirmed a ransomware attack caused a widespread outage, disrupting card processing for merchants nationwide. The outage began early on February 6, 2026, around 3:29 a.m. EST with degraded performance in systems…