A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for…
Tag: EN
StopICE hacked to send alarming text messages, admins accuse border patrol agent of sabotage
The ICE-tracking service says it doesn’t store usernames or addresses ICE-reporting service StopICE has blamed a US Customs and Border Protection (CBP) agent for attacking its app and website and sending users text messages warning them that their information had…
AI Threats in 2026: A SecOps Playbook
As AI-driven threats accelerate in 2026, security teams must evolve their defenses to manage new risks and maintain resilience. The post AI Threats in 2026: A SecOps Playbook appeared first on eSecurity Planet. This article has been indexed from eSecurity…
Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack
A newly formed Russian hacker alliance known as Russian Legion has launched a coordinated cyberattack campaign against Denmark, threatening critical infrastructure and government services. The alliance, which includes Cardinal, The White Pulse, Russian Partizan, and Inteid, publicly announced its formation…
30 Wind and Solar Farms in Poland Faced Coordinated Cyberattacks
On December 29, 2025, Poland faced a coordinated assault targeting more than 30 wind and solar farms, alongside a large combined heat and power plant and a manufacturing facility. The attacks occurred during severe winter weather, when temperatures dropped and…
DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data
A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when security researchers detected its deployment at a Polish energy…
How Manifest v3 forced us to rethink Browser Guard, and why that’s a good thing
Browser Guard still blocks scams and phishing like it always has. But we had to rebuild the way it does that from the ground up. This article has been indexed from Malwarebytes Read the original article: How Manifest v3 forced us to…
Fake Dating App Delivers Android Spyware in Targeted Campaign
ESET uncovered a targeted Android spyware campaign that used a fake dating app to quietly spy on victims in Pakistan. The post Fake Dating App Delivers Android Spyware in Targeted Campaign appeared first on eSecurity Planet. This article has been…
Notepad++ says Chinese government hackers hijacked its software updates for months
The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software update mechanism to deliver tainted software to users for months. This article has been indexed from Security News | TechCrunch Read the…
Russia-linked APT28 attackers already abusing new Microsoft Office zero-day
Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft’s latest Office zero-day, with Ukraine’s national cyber defense team warning that the same bug is being used to target government agencies…
CultureAI Launches Global Partner Program
CultureAI has announced the launch of its global CultureAI Partner Program, designed to empower resellers, VARs, MSPs and MSSPs to help customers adopt AI with confidence, making critical AI usage controls accessible to all. As AI usage accelerates across enterprises,…
Iran-Linked Hackers Target Human Rights Groups in Redkitten Malware Campaign
A Farsi-speaking threat actor believed to be aligned with Iranian state interests is suspected of carrying out a new cyber campaign targeting non-governmental organizations and individuals documenting recent human rights abuses in Iran, according to a report by HarfangLab. The…
Open-Source AI Models Pose Growing Security Risks, Researchers Warn
Hackers and other criminals can easily hijack computers running open-source large language models and use them for illicit activity, bypassing the safeguards built into major artificial intelligence platforms, researchers said on Thursday. The findings are based on a 293-day study…
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been…
This Is How They Tell Me the World Ends
An investigative deep dive into the secretive global market for cyberweapons and zero-day exploits. This article has been indexed from CyberMaterial Read the original article: This Is How They Tell Me the World Ends
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original…
Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT
A fake Clawdbot VS Code extension silently deployed a ScreenConnect RAT through a trusted plugin. The post Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
ShinyHunters escalates tactics in extortion campaign linked to Okta environments
Researchers are tracking multiple clusters that are using social engineering to gain access to victims. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: ShinyHunters escalates tactics in extortion campaign linked to Okta environments
McDonald’s is not lovin’ your bigmac, happymeal, and mcnuggets passwords
Your favorite menu item might be easy to remember but it will not secure your account Change Your Password Day took place over the weekend, and in case you doubt the need to improve this most basic element of cybersecurity…
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators……