German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Secur…
How Samsung Knox Helps Stop Your Network Security Breach
As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent,…
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI)…
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500…
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4…
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look…
The Buyer’s Guide to AI Usage Control
Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms,…
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as…
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could…
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement…
Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives…
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular…
When Cloud Outages Ripple Across the Internet
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have…
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed…
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative…
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others…
Securing the Mid-Market Across the Complete Threat Lifecycle
For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an…
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to…
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been…
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors…
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental…
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed…
CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic…
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal…
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between…
Badges, Bytes and Blackmail
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and…
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted…
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in…
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited…
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment…
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week's updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add…
Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps
A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and…
3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026
Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any…
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four…
Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks
Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest…
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the…
Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid
The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian…
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability…
From Triage to Threat Hunts: How AI Accelerates SecOps
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors…
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow…
Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks
Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in…
Password Reuse in Disguise: An Often-Missed Risky Workaround
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These…
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a…