ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive…
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to…
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an…
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical…
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women…
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early,…
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan,…
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the…
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster…
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and…
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to…
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center
Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows…
ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories
The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up…
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions…
3 Ways to Start Your Intelligent Workflow Program
Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full…
Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with…
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons,…
Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud
Presentation of the KTU Consortium Mission ‘A Safe and Inclusive Digital Society’ at the Innovation Agency event ‘Innovation…
Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging
Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users…
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged…
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked…
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new…
LummaStealer Is Getting a Second Life Alongside CastleLoader
Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world's most prolific information-stealing…
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their…
Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days
Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said…
ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security
January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the…
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed…
⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems…
How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring
Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get…
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for…
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical…
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look…
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and…
Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and…
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and…
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular…
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed…
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative…
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others…
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental…
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal…
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between…