A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The campaign, active from late 2025 through early 2026, focuses primarily on victims…
Tag: Cyber Security News
Ex-Google Engineer Convicted of Stealing Google’s AI Secrets For China
A federal jury has convicted Linwei Ding, 38, a former Google software engineer, on charges of economic espionage and trade secret theft. The conviction stems from Ding’s systematic theft of over 2,000 pages of confidential Google documentation on artificial intelligence…
TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome
A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of espionage campaigns conducted by APT42, an Iranian state-sponsored cyber-espionage…
Attackers Using Hugging Face Hosting to Deliver Android RAT Payload
A new Android threat campaign has emerged that uses social engineering combined with a legitimate machine learning platform to spread dangerous malware across devices. The attack begins when users see fake security alerts claiming their phones are infected and need…
NVIDIA GPU Display Driver Vulnerabilities Allows Code Execution and Privilege Escalation
NVIDIA has issued a critical security update addressing multiple high-severity vulnerabilities in its GPU Display Driver, vGPU software, and HD Audio components. That could enable attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities, disclosed on…
Attackers Hijacked 200+ Websites Exploiting Magento Vulnerability to Gain Root-level Access
A critical security breach has exposed multiple Magento e-commerce platforms worldwide as threat actors successfully exploited a severe authentication flaw to achieve complete system control. The attack campaign, identified in January 2026, represents one of the most significant waves of…
GhostChat Spyware Attacking Android Users Via WhatsApp to Exfiltrate Sensitive Details
A new Android spyware campaign has emerged, targeting users in Pakistan through a sophisticated romance scam that uses fake dating profiles to steal personal information. The malicious application, known as GhostChat, disguises itself as a legitimate chat platform while secretly…
Hackers Weaponized Open VSX Extension with Sophisticated Malware After Reaching 5060+ Downloads
A dangerous malware campaign has infiltrated the Open VSX extension marketplace, compromising over 5,000 developer workstations through a fake Angular Language Service extension. The malicious package disguised itself as legitimate development tooling, bundling authentic Angular and TypeScript components alongside encrypted…
Microsoft Teams New Feature to Flag Suspicious One-to-One Calls
A new security feature is being added to Teams to help organizations detect and stop voice-based scams and phishing attacks. The new “Report a Call” button will allow users to flag suspicious one-to-one calls directly from their Teams call history.…
Education-Themed Malicious Domains Linked to Bulletproof Hosting Infrastructure Exposed
Security researchers have uncovered a sophisticated traffic distribution network leveraging deceptive education-themed domains to deliver malware and phishing attacks. The operation, tracked under infrastructure indicators pointing to TOXICSNAKE, uses legitimate-looking university and educational institution branding to deceive users into visiting…
Critical Ivanti Endpoint Manager 0-day RCE Vulnerabilities Actively Exploited in Attacks
Two critical code-injection vulnerabilities have been disclosed in the Endpoint Manager Mobile (EPMM) platform, which are currently being actively exploited in real-world attacks. The security flaws, tracked as CVE-2026-1281 and CVE-2026-1340, allow unauthenticated attackers to execute arbitrary code remotely on…
Wireshark 4.6.3 Released With Vulnerabilities Dissector and Parser Crash
The Wireshark Foundation has officially released Wireshark 4.6.3, the latest update to the world’s most popular network protocol analyzer. This release is critical for network administrators, security analysts, and developers, as it addresses multiple security vulnerabilities that could lead to…
3,280,081 Fortinet Devices Online With Exposed Web Properties Under Risk
Over 3,280,081 Fortinet Devices Were exposed, with web properties running vulnerable Fortinet devices affected by CVE-2026-24858, a severe authentication-bypass flaw actively exploited in the wild. The vulnerability, rated 9.4 on the CVSS scale, affects multiple Fortinet product lines, including FortiOS, FortiManager,…
Hackers Weaponized Open VSX Extension with Sophisticated Malware After Reaching 5066 Downloads
A dangerous malware campaign has infiltrated the Open VSX extension marketplace, compromising over 5,000 developer workstations through a fake Angular Language Service extension. The malicious package disguised itself as legitimate development tooling, bundling authentic Angular and TypeScript components alongside encrypted…
Microsoft Releases Update for Windows 11, version 25H2 and 24H2 Systems
Microsoft has officially released the optional non-security preview update KB5074105 for Windows 11, versions 25H2 and 24H2. This release, part of the January 2026 “C-week” schedule, focuses on functionality enhancements, performance optimization, and reliability improvements rather than addressing security vulnerabilities.…
Python-based PyRAT with Cross-Platform Capabilities and Extensive Remote Access Features
A new Python-based remote access trojan has emerged, targeting both Windows and Linux systems with sophisticated surveillance and data theft capabilities. The malware operates by establishing command-and-control communication through unencrypted HTTP channels, allowing attackers to execute commands, steal files, and…
Beware of Weaponized VS Code Extension Named ClawdBot Agent that Deploys ScreenConnect RAT
A malicious VS Code extension has surfaced in the digital threat landscape, targeting developers who rely on coding tools daily. Discovered on January 27, 2026, the fake “ClawdBot Agent” extension presented itself as a legitimate AI-powered assistant, but it concealed…
Threat Actors Leverage Google Search Ads for ‘Mac Cleaner’ to Direct Users to Malicious Websites
Cybercriminals are taking advantage of Google Search Ads to trick Mac users into visiting fake websites that promise to clean their computers. These sponsored ads appear when users search for common terms like “mac cleaner” or “clear cache macos,” making…
Exposed Open Directory Leaks BYOB Framework Across Windows, Linux, and macOS
Threat researchers have uncovered an actively serving command and control server hosting a complete deployment of the BYOB framework following the discovery of an exposed open directory. The server, located at IP address 38[.]255[.]43[.]60 on port 8081, was found distributing…
TA584 Actors Leveraging ClickFix Social Engineering to Deliver Tsundere Bot Malware
A sophisticated cybercriminal group known as TA584 has expanded its attack toolkit by deploying a new malware called Tsundere Bot through deceptive social engineering tactics. This threat actor, tracked as an initial access broker, has significantly intensified operations throughout 2025,…