Category: Cyber Security

Hackers Can Use Indirect Prompt Injection Allows Adversaries to Manipulate AI Agents with Content Artificial intelligence tools are now a core part of everyday workflows — from browsers that summarize web pages to automated agents that help users make decisions online. As these tools become more capable, attackers are learning how to turn them against…

Threat Actors Using Fake Claude Code Download to Deploy Infostealer Cybercriminals have found a new way to target developers and IT professionals by setting up fake download pages that impersonate Claude Code, a legitimate AI coding assistant. These deceptive pages trick users into downloading what appears to be an official installation package, but instead silently…

Hackers Mimic LastPass Support Email to Steal Vault Passwords A new and carefully crafted phishing campaign is currently targeting LastPass users, with attackers sending fake support emails designed to steal vault master passwords. The campaign, which began on or around March 1, 2026, relies on social engineering tactics to trick users into believing their accounts…

Malicious Packages Disguised as Laravel Utilities Deploy PHP RAT and Enables Remote Access A supply chain attack targeting the PHP developer community has surfaced through Packagist, the official package repository for PHP and Laravel projects. Threat actor nhattuanbl published several packages that disguised a fully functional remote access trojan (RAT) inside what looked like standard Laravel utility…

SloppyLemming Espionage Campaign Uses BurrowShell Backdoor and Rust RAT to Hit Pakistan and Bangladesh Targets A suspected India-aligned threat group known as SloppyLemming has been conducting a sustained espionage campaign against government agencies, defense organizations, nuclear oversight bodies, and critical infrastructure operators in Pakistan and Bangladesh. Active since 2021 and also tracked as Outrider Tiger…

Hackerbot-Claw Bot Attacks Microsoft and DataDog via GitHub Actions CI/CD Misconfiguration Between February 21 and February 28, 2026, an autonomous bot named hackerbot-claw launched a week-long attack campaign against major open source repositories. It targeted GitHub Actions CI/CD pipelines belonging to Microsoft, DataDog, the Cloud Native Computing Foundation, and several other widely used projects. Over…

Threat Actors Exploit OpenVSX Aqua Trivy with Malicious AI Prompts to Hijack Local Coding Tools A supply chain attack targeting developers surfaced on March 2, 2026, when unauthorized code was found inside two versions of the Aqua Trivy VS Code extension on the OpenVSX registry. The compromised versions — 1.8.12 and 1.8.13 — were uploaded…

Pixel Perfect Extension Abuse Enables Covert Script Injection and Security Header Removal A browser extension that once earned a Featured badge from Google quietly turned into a remote code execution tool after its ownership changed hands, exposing thousands of users to covert script injection and full browser security header stripping. The campaign, centered on a…

Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain, and watching the network go dark. Law enforcement used this method to dismantle major operations like Emotet, TrickBot, and QakBot. A newly discovered botnet loader called Aeternum C2…

Vshell Gains Traction Among Threat Actors as an Alternative to Cobalt Strike A Go-based command-and-control (C2) framework originally marketed within Chinese-speaking offensive security communities has been quietly expanding its reach, drawing growing attention from threat actors seeking flexible and cost-effective alternatives to expensive commercial tools. Known as Vshell, the tool has evolved well beyond its…

New Dohdoor Malware Attacking Schools and Health Care Sectors in U.S. via Multi-Stage Attack Chain A newly discovered malware campaign has been quietly targeting educational institutions and healthcare organizations across the United States since at least December 2025. The threat, tracked under the actor designation “UAT-10027,” deploys a previously unknown backdoor called “Dohdoor,” which uses…

Microsoft Defender Uncovers Trojanized Gaming Utility Campaign Targeting Users with RATs and Remote Data Theft Cybercriminals have found a new way to get past users’ defenses — by hiding malware inside gaming tools that look completely normal. Microsoft’s security team has uncovered an active campaign where attackers are distributing trojanized versions of popular gaming utilities…

North Korean APT37 Hackers Leverages Novel Malware to Infect Air‑Gapped Systems North Korea-linked threat group APT37 has launched a sophisticated new campaign using a fresh set of custom malware tools specifically designed to reach computers that are not connected to the internet — a type of system long considered among the most secure in the…

Google Disrupts Chinese Hackers Infrastructre which Breached 53 Telecom and Government Entities A suspected Chinese state-linked hacking group has been caught running one of the most far-reaching cyber espionage operations ever uncovered — silently breaching telecom providers and government bodies across four continents for nearly a decade. Google has now stepped in to dismantle that…

Microsoft Warns of Hackers Attacking Developers with Malicious Next.js Repositories A coordinated attack campaign is actively targeting software developers through malicious repositories disguised as legitimate Next.js projects and technical assessment materials. The attackers rely on job-themed lures, presenting fake recruitment challenges that convince developers to clone and run poisoned code on their own machines. Once…

Threat Actors Exploit Apache ActiveMQ Server Vulnerability to Gain RDP Access and Deploy LockBit Ransomware A critical vulnerability in Apache ActiveMQ has been actively exploited by threat actors, leading to a full LockBit ransomware deployment across an enterprise network. Attackers leveraged CVE-2023-46604, a remote code execution flaw in the ActiveMQ messaging broker, to break into…

Hackers Leverage DeepSeek and Claude to Attack FortiGate Devices Worldwide In early February 2026, a significant cybersecurity threat emerged involving the sophisticated use of Large Language Models (LLMs) in active intrusion campaigns. A misconfigured server exposed a detailed software pipeline where threat actors integrated DeepSeek and Claude into their attack workflows. This discovery highlights a…

DPRK Linked Operators Sustain Aggressive Crypto Targeting 12 Months After Bybit Breach February 21, 2026, marks one year since North Korea (DPRK)-linked operators stole approximately $1.46 billion in cryptoassets from Dubai-based exchange Bybit — the largest confirmed crypto theft in history. Rather than slowing down after that breach, the group has only become more active,…

Silver Fox APT Uses DLL Sideloading and BYOVD Techniques in Sophisticated Malware Attacks The cybersecurity community recently witnessed the emergence of targeted malware campaigns linked to the Silver Fox threat group. This operation focuses heavily on Asia, targeting local organizations with carefully localized lures. By disguising attacks as routine business communications, actors successfully distributed the…

Grandstream VoIP Phones Vulnerability Allows Attackers to Gain Root Privileges VoIP desk phones are trusted devices, but many are managed like office furniture. A newly disclosed flaw in Grandstream phones shows how a simple network-facing bug can turn a handset into an entry point for eavesdropping and wider access. In a typical attack, the goal…

CharlieKirk Grabber Stealer Attacking Windows Systems to Exfiltrate Login Credentials A new Python-based infostealer called CharlieKirk Grabber has been identified targeting Windows systems, with a focused goal of stealing stored login credentials, browser cookies, and session data. The malware is built to work as a “smash-and-grab” threat — it launches quickly, collects whatever sensitive data…

Hackers Actively Exploiting Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT A critical vulnerability in BeyondTrust’s remote support software is being actively exploited by hackers to deliver dangerous backdoors on compromised systems. The flaw, tracked as CVE-2026-1731, carries a CVSS score of 9.9 and lets attackers run system commands with no login required. BeyondTrust released…

Advanced Crypto Mining Malware Spreads Through External Drives and Air-Gapped Systems A sophisticated cryptocurrency mining campaign has emerged, targeting systems through external storage devices with the ability to compromise even air-gapped environments. The malware operates as a multi-stage infection that prioritizes mining Monero cryptocurrency while establishing persistent mechanisms to resist removal. Unlike typical cryptojacking operations,…

MCP Servers can be Exploited to Execute Arbitrary Code and Exfiltrate Sensitive Data The Model Context Protocol (MCP) emerged as a breakthrough standard in November 2024, designed by Anthropic to seamlessly connect AI assistants with external systems and data sources. This innovation allows Large Language Models (LLMs) to interact with tools and repositories, significantly enhancing…

New ‘Foxveil’ Malware Loader Leverages Cloudflare, Netlify, and Discord to Evade Detection A new malware loader called “Foxveil” has been discovered actively targeting systems through legitimate cloud platforms, raising concerns about how threat actors are weaponizing trusted services to bypass security measures. The malware has been operational since August 2025 and has since evolved significantly.…

Noodlophile Malware Creators Evolve Tactics with Fake Job Postings and Phishing Lures The Noodlophile information stealer, originally uncovered in May 2025, has significantly evolved its attack strategies to bypass security measures. Initially, this malware hid behind deceptive advertisements for fake AI video generation platforms on social media, tricking users into downloading malicious ZIP files. These…

Chrome Extensions Infected 500K Users to Hijack VKontakte Accounts Over half a million VKontakte users have fallen victim to a sophisticated malware campaign that silently hijacks accounts through seemingly harmless Chrome extensions. The malicious extensions, disguised as VK customization tools, automatically subscribe users to attacker-controlled groups, reset account settings every 30 days, and manipulate security…

New ClickFix Attack Wave Targeting Windows Systems to Deploy StealC Stealer A sophisticated social engineering campaign is targeting Windows users through fake CAPTCHA verification pages to deliver the StealC information stealer malware. The attack begins when victims visit compromised websites that display fraudulent Cloudflare security checks, tricking them into executing malicious PowerShell commands. The compromised…

Over 1,800 Windows Servers Compromised by BADIIS Malware in Large-Scale SEO Poisoning Campaign A sophisticated cyber campaign has compromised over 1,800 Windows servers globally, using a potent malware strain known as BADIIS. This operation targets Internet Information Services (IIS) environments, transforming legitimate infrastructure into a massive network for SEO poisoning. By hijacking these servers, threat…

Fake CAPTCHA Attacks Emerge as Key Entry Point for LummaStealer Malware Campaigns LummaStealer, a notorious information-stealing malware, has made a significant comeback following a major law enforcement disruption in 2025. This resurgence is characterized by a shift in distribution tactics, moving away from traditional exploit kits towards aggressive social engineering campaigns. Cybercriminals are now leveraging…