no alarms and no surprises please..
-
YARA-X 1.13.0 Release, (Mon, Feb 9th)
YARA-X 1.13.0 Release, (Mon, Feb 9th) YARA-X’s 1.13.0 release brings 4 improvements and 4 bugfixes. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Weekly Update 490
Weekly Update 490 A big “thank you” to everyone who helped me troubleshoot the problem with my “Print Screen” button on the new PC. Try as we all might, none of us could figure out why it refused to bind to SnagIt and instead insisted on dumping the entire collection of screens to a file…
-
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs The ransomware group breached SmarterTools through a vulnerability in the company’s own SmarterMail product. Alexander Culafi Go to gbhackers.com
-
TeamPCP Turns Cloud Infrastructure into Crime Bots
TeamPCP Turns Cloud Infrastructure into Crime Bots The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Black Basta Bundles BYOVD With Ransomware Payload
Black Basta Bundles BYOVD With Ransomware Payload Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta’s ransomware, illustrating the increasing popularity of the defense-evasion technique. Rob Wright Go to gbhackers.com
-
New RecoverIt Tool Abuses Windows Service Failure Recovery to Execute Malicious Payloads
New RecoverIt Tool Abuses Windows Service Failure Recovery to Execute Malicious Payloads A new offensive security tool named “RecoverIt” has been released, offering red teamers a stealthy method for lateral movement and persistence by abusing the… Go to gbhackers.com
-
APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware
APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware APT activity across APAC is rising rapidly as geopolitical tensions continue to grow, and defenders are seeing more advanced tradecraft aimed at long-term access…. Go to gbhackers.com
-
Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors
Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors A threat cluster tracked as “Vortex Werewolf” (also known as SkyCloak) has been observed targeting Russian government and defense organizations. The attack begins not… Go to gbhackers.com
-
Critical Fortinet FortiClient EMS Vulnerability Allows Remote Code Execution
Critical Fortinet FortiClient EMS Vulnerability Allows Remote Code Execution A critical security vulnerability has been discovered in Fortinet’s FortiClient EMS (Endpoint Management Server), potentially exposing organizations to remote code execution attacks. The flaw,… Go to gbhackers.com
-
Detecting Ransomware Using Windows Minifilters to Intercept File Change Events
Detecting Ransomware Using Windows Minifilters to Intercept File Change Events A security researcher has released a new proof-of-concept (PoC) tool on GitHub designed to stop ransomware at the deepest level of the operating system…. Go to gbhackers.com
-
European Commission discloses breach that exposed staff data
European Commission discloses breach that exposed staff data The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked. […] Sergiu Gatlan Go to bleepingcomputer
-
New tool blocks imposter attacks disguised as safe commands
New tool blocks imposter attacks disguised as safe commands A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution. […] Bill Toulas Go to bleepingcomputer
-
Vortex Werewolf Attacking Organizations to Gain Tor-Enabled Remote Access Over the RDP, SMB, SFTP, and SSH Protocols
Vortex Werewolf Attacking Organizations to Gain Tor-Enabled Remote Access Over the RDP, SMB, SFTP, and SSH Protocols A new cyber espionage cluster has recently emerged, focusing its aggressive targeting on Russian government and defense organizations. Active since at least December 2025, the group, designated as Vortex Werewolf, employs a combination of social engineering and legitimate…
-
New RecoverIt Tool Exploits Windows Service Failure Recovery Functions to Execute Payload
New RecoverIt Tool Exploits Windows Service Failure Recovery Functions to Execute Payload A new open-source offensive security tool named “RecoverIt” has been released, offering Red Teamers and penetration testers a novel method for establishing persistence and executing lateral movement on compromised Windows systems. The tool, developed by security researcher TwoSevenOneT, weaponizes the built-in failure recovery…
-
Critical FortiClientEMS Vulnerability Let Attackers Execute Malicious Code Remotely
Critical FortiClientEMS Vulnerability Let Attackers Execute Malicious Code Remotely Fortinet has issued a critical security advisory warning administrators to immediately patch instances of FortiClientEMS, its central management solution for endpoint protection. The vulnerability, tracked as CVE-2026-21643, carries a CVSSv3 score of 9.1 and could allow unauthenticated, remote attackers to execute arbitrary code or unauthorized commands…
-
New Telegram Phishing Attack Abuses Authentication Workflows to Obtain Full Authorized User Sessions
New Telegram Phishing Attack Abuses Authentication Workflows to Obtain Full Authorized User Sessions A sophisticated Telegram phishing campaign has re-emerged, marking a significant evolution in how threat actors compromise user accounts. Unlike traditional credential harvesting, this operation does not rely on cloning login pages to steal passwords but instead manipulates the platform’s legitimate authentication infrastructure.…
-
Ransomware Detection With Windows Minifilter by Intercepting File Filter and Change Events
Ransomware Detection With Windows Minifilter by Intercepting File Filter and Change Events Ransomware continues to be the most financially damaging type of cyberattack affecting organizations around the world. One of the most effective tools for monitoring in Windows is the minifilter driver. By sitting directly in the file system I/O pipeline, a minifilter can observe,…
-
TR-26-0019 (Zirve Bilgi Teknolojileri – e-Mükellef Muhasebe Web Sitesi Güvenlik Bildirimi)
TR-26-0019 (Zirve Bilgi Teknolojileri – e-Mükellef Muhasebe Web Sitesi Güvenlik Bildirimi) Go to usom.gov
-
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills OpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. “All skills published to ClawHub are now scanned…
-
Apple Pay Users Targeted by Phishing Attack Aimed at Stealing Payment Details
Apple Pay Users Targeted by Phishing Attack Aimed at Stealing Payment Details A sophisticated new phishing campaign is targeting Apple Pay users, leveraging high-quality email design and social engineering to bypass security measures. Unlike typical scams… Go to gbhackers.com
-
State-Backed Hackers Target Military Officials and Journalists on Signal in Latest Cyberattack
State-Backed Hackers Target Military Officials and Journalists on Signal in Latest Cyberattack German intelligence and security agencies have issued a high-priority warning regarding a sophisticated cyber espionage campaign targeting military officials, diplomats, and investigative journalists across… Go to gbhackers.com
-
State actor targets 155 countries in ‘Shadow Campaigns’ espionage op
State actor targets 155 countries in ‘Shadow Campaigns’ espionage op A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. […] Bill Toulas Go to bleepingcomputer
-
LocalGPT – A Secure Local Device Focused AI Assistant Built in Rust
LocalGPT – A Secure Local Device Focused AI Assistant Built in Rust In an era where AI assistants like ChatGPT and Claude dominate cloud infrastructures, exposing user data to remote breaches, a new Rust-based tool called LocalGPT promises a fortress-like alternative. Developed as a single ~27MB binary, LocalGPT runs entirely on local devices, keeping sensitive…
-
Microsoft Data Center Power Outage Disrupts Windows 11 Updates and Store Functionality
Microsoft Data Center Power Outage Disrupts Windows 11 Updates and Store Functionality Microsoft has confirmed that a significant power outage at one of its West US data centers triggered widespread service disruptions yesterday, leaving thousands of Windows 11 users unable to access the Microsoft Store or complete Windows Updates. The incident, which began early Saturday…
-
BridgePay Payment Gateway Hit by Ransomware, Causing Nationwide Outages
BridgePay Payment Gateway Hit by Ransomware, Causing Nationwide Outages BridgePay Network Solutions, a major U.S. payment gateway provider, confirmed a ransomware attack caused a widespread outage, disrupting card processing for merchants nationwide. The outage began early on February 6, 2026, around 3:29 a.m. EST with degraded performance in systems like the Gateway.Itstgate.com virtual terminal, reporting,…
-
Hackers Linked to State Actors Target Signal Messages of Military Officials and Journalists
Hackers Linked to State Actors Target Signal Messages of Military Officials and Journalists Germany’s top security agencies issued an urgent warning yesterday regarding a sophisticated cyber espionage campaign targeting high-ranking officials and journalists across Europe. The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) revealed that…
-
OpenClaw v2026.2.6 Released With Support for Opus 4.6, GPT-5.3-Codex and Safety Scanner
OpenClaw v2026.2.6 Released With Support for Opus 4.6, GPT-5.3-Codex and Safety Scanner OpenClaw v2026.2.6 enhances security in response to increasing concerns about malicious skills within its ecosystem. This release includes a code safety scanner and model support, and addresses recent vulnerabilities highlighted by researchers. It is an open-source framework for local AI agents that manage…
-
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing…
-
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam When a Romanian businesswoman fell for a fake Dubai Crown Prince in a $2.5 million romance scam, investigators tracked the fraudster to his Nigerian mansion – only to discover he was masquerading as a campaigning philanthropist. Read more in my article on the…
-
Hackers Exploit Free Firebase Accounts to Launch Phishing Campaigns
Hackers Exploit Free Firebase Accounts to Launch Phishing Campaigns A new wave of phishing campaigns where scammers are abusing Google’s legitimate infrastructure to bypass security filters. Attackers are now creating free developer accounts… Go to gbhackers.com
-
Hackers Exploit Cybersquatting Tactics to Spread Malware and Steal Sensitive Information
Hackers Exploit Cybersquatting Tactics to Spread Malware and Steal Sensitive Information Digital squatting has evolved from a simple trademark nuisance into a dangerous cybersecurity threat. In 2025, the World Intellectual Property Organization (WIPO) handled a… Go to gbhackers.com
-
Transparent Tribe Hacker Group Targets India’s Startup Ecosystem in Cyber Attack
Transparent Tribe Hacker Group Targets India’s Startup Ecosystem in Cyber Attack A worrying shift in the tactics of “Transparent Tribe,” a notorious threat group also known as APT36. Historically focused on Indian government, defense, and… Go to gbhackers.com
-
Bulletproof Hosting Providers Exploit Legitimate ISPs to Power Cybercrime Servers
Bulletproof Hosting Providers Exploit Legitimate ISPs to Power Cybercrime Servers A surprising link between legitimate IT software and major cybercriminal operations. While investigating attacks by the “WantToCry” ransomware gang, analysts noticed that the attackers… Go to gbhackers.com
-
Claude Opus 4.6 Launches Enhanced Security Capabilities to Validate 500+ Critical Vulnerabilities
Claude Opus 4.6 Launches Enhanced Security Capabilities to Validate 500+ Critical Vulnerabilities Anthropic has released Claude Opus 4.6, marking a significant leap in the defensive application of artificial intelligence. Released yesterday, the model has already identified… Go to gbhackers.com
-
Payments platform BridgePay confirms ransomware attack behind outage
Payments platform BridgePay confirms ransomware attack behind outage A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay’s platform. […] Ax Sharma Go to bleepingcomputer
-
Germany warns of Signal account hijacking targeting senior figures
Germany warns of Signal account hijacking targeting senior figures Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. […] Bill Toulas Go to bleepingcomputer
-
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
DKnife Linux toolkit hijacks router traffic to spy, deliver malware A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. […] Bill Toulas Go to bleepingcomputer
-
CISA warns of SmarterMail RCE flaw used in ransomware attacks
CISA warns of SmarterMail RCE flaw used in ransomware attacks The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. […] Bill Toulas Go to bleepingcomputer
-
EDR, Email, and SASE Miss This Entire Class of Browser Attacks
EDR, Email, and SASE Miss This Entire Class of Browser Attacks Many modern attacks happen entirely inside the browser, leaving little evidence for traditional security tools. Keep Aware shows why EDR, email, and SASE miss browser-only attacks and how visibility changes prevention. […] Sponsored by Keep Aware Go to bleepingcomputer
-
nmapUnleashed Makes Nmap Scanning More Comfortable and Effective
nmapUnleashed Makes Nmap Scanning More Comfortable and Effective nmapUnleashed emerges as a powerful CLI wrapper enhancing Nmap’s capabilities for penetration testers and network auditors. Released in late January 2026 by developer Sharkeonix, this open-source tool streamlines complex scans while retaining full Nmap compatibility. nmapUnleashed, or “nu,” wraps Nmap to add multithreading, allowing up to customizable…
-
Cybercriminals Use Malicious Cybersquatting Attacks to Distribute Malware and Hijack Data
Cybercriminals Use Malicious Cybersquatting Attacks to Distribute Malware and Hijack Data Digital squatting has evolved from a simple trademark nuisance into a dangerous cybersecurity threat. In 2025, the World Intellectual Property Organization (WIPO) handled a record-breaking 6,200 domain disputes. This represents a 68% increase since 2020. Security experts warn that criminal networks are now using…
-
Claude Opus 4.6 Released with Improved Cybersecurity, Validating 500+ high-severity Vulnerabilities
Claude Opus 4.6 Released with Improved Cybersecurity, Validating 500+ high-severity Vulnerabilities Anthropic’s latest AI model autonomously identifies critical flaws in decades-old codebases, raising the stakes for both defenders and attackers Anthropic released Claude Opus 4.6 on February 5, 2026, with dramatically enhanced cybersecurity capabilities that have already identified more than 500 previously unknown high-severity vulnerabilities…
-
Transparent Tribe Hacker Group Attacking India’s Startup Ecosystem
Transparent Tribe Hacker Group Attacking India’s Startup Ecosystem The threat landscape for India’s technology sector has taken an unexpected turn. A Pakistan-based hacking group called Transparent Tribe has shifted its focus from traditional government targets to the country’s vibrant startup ecosystem, particularly companies working in cybersecurity and intelligence domains. The group, also tracked as APT36,…
-
Bulletproof Hosting Providers Leverage Legitimate ISPsystem to Supply Servers for Cybercriminals
Bulletproof Hosting Providers Leverage Legitimate ISPsystem to Supply Servers for Cybercriminals In the constantly shifting landscape of online threats, cybercriminals have found a new way to strengthen their attacks by hiding behind legitimate technology. Late in 2025, a series of ransomware incidents revealed that attackers were using virtual machines provisioned through ISPsystem, a popular platform…
-
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware…
-
CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12…
-
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been…
-
How Samsung Knox Helps Stop Your Network Security Breach
How Samsung Knox Helps Stop Your Network Security Breach As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations…
-
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the…
-
Friday Squid Blogging: Squid Fishing Tips
Friday Squid Blogging: Squid Fishing Tips This is a video of advice for squid fishing in Puget Sound. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
I Am in the Epstein Files
I Am in the Epstein Files Once. Someone named “Vincenzo lozzo” wrote to Epstein in email, in 2016: “I wouldn’t pay too much attention to this, Schneier has a long tradition of dramatizing and misunderstanding things.” The topic of the email is DDoS attacks, and it is unclear what I am dramatizing and misunderstanding. Rabbi…
-
iPhone Lockdown Mode Protects Washington Post Reporter
iPhone Lockdown Mode Protects Washington Post Reporter 404Media is reporting that the FBI could not access a reporter’s iPhone because it had Lockdown Mode enabled: The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after raiding the home of the reporter, Hannah Natanson,…
-
“Encrypt It Already” Campaign Pushes Big Tech to Prioritize E2E Encryption
“Encrypt It Already” Campaign Pushes Big Tech to Prioritize E2E Encryption The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption by default across their services, as privacy concerns mount amid increased AI use. Arielle Waldman Go to gbhackers.com
-
Shai-hulud: The Hidden Cost of Supply Chain Attacks
Shai-hulud: The Hidden Cost of Supply Chain Attacks Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify. Alexander Culafi Go to gbhackers.com
-
OpenClaw’s Gregarious Insecurities Make Safe Usage Difficult
OpenClaw’s Gregarious Insecurities Make Safe Usage Difficult Malicious “skills” and persnickety configuration settings are just some of the issues that security researchers have found when installing — and removing — the OpenClaw AI assistant. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful
Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful A disconnect exists between the organization’s cybersecurity needs and lists like CISA’s KEV Catalog. KEV Collider combines data from multiple open-source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities. Robert Lemos, Contributing Writer Go to gbhackers.com
-
China-Nexus Hackers Target Linux Devices to Redirect Traffic and Deploy Malware
China-Nexus Hackers Target Linux Devices to Redirect Traffic and Deploy Malware “DKnife,” a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework that turns Linux-based routers and edge devices into surveillance tools. Active since at least 2019, this… Go to gbhackers.com
-
RenEngine Loader Deploys Stealthy Multi-Stage Execution to Bypass Security Measures
RenEngine Loader Deploys Stealthy Multi-Stage Execution to Bypass Security Measures The malware family, RenEngine Loader, after discovering malicious logic embedded within what appears to be a legitimate Ren’Py-based game launcher. Active since April 2025, the operation… Go to gbhackers.com
-
OpenAI Launches Trusted Access to Strengthen Cybersecurity Protections
OpenAI Launches Trusted Access to Strengthen Cybersecurity Protections OpenAI has unveiled Trusted Access for Cyber, a new identity- and trust-based framework designed to enhance cybersecurity defenses while mitigating risks posed by its… Go to gbhackers.com
-
F5 Releases Urgent Security Fixes for Critical Vulnerabilities in BIG‑IP and NGINX
F5 Releases Urgent Security Fixes for Critical Vulnerabilities in BIG‑IP and NGINX F5 released its Quarterly Security Notification, addressing multiple security flaws across its product ecosystem. While F5 classifies the primary vulnerabilities as “Medium” severity under… Go to gbhackers.com
-
Zscaler Integrates SquareX to Deliver Stronger Browser Security Protections
Zscaler Integrates SquareX to Deliver Stronger Browser Security Protections Zscaler, Inc., a global leader in cloud security, has announced the successful acquisition of SquareX. This strategic move is designed to extend Zscaler’s Zero… Go to gbhackers.com
-
Flickr discloses potential data breach exposing users’ names, emails
Flickr discloses potential data breach exposing users’ names, emails Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA orders federal agencies to replace end-of-life edge devices
CISA orders federal agencies to replace end-of-life edge devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer receive security updates from manufacturers. […] Sergiu Gatlan Go to bleepingcomputer
-
Spain’s Ministry of Science shuts down systems after breach claims
Spain’s Ministry of Science shuts down systems after breach claims Spain’s Ministry of Science (Ministerio de Ciencia) announced a partial shutdown of its IT systems, affecting several citizen- and company-facing services. […] Bill Toulas Go to bleepingcomputer
-
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Ransomware gang uses ISPsystem VMs for stealthy payload delivery Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. […] Bill Toulas Go to bleepingcomputer
-
Microsoft to shut down Exchange Online EWS in April 2027
Microsoft to shut down Exchange Online EWS in April 2027 Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after nearly 20 years. […] Sergiu Gatlan Go to bleepingcomputer
-
Dutch Authorities Seized Servers of Windscribe VPN Provider
Dutch Authorities Seized Servers of Windscribe VPN Provider Dutch authorities seized a Windscribe VPN server located in the Netherlands as part of an undisclosed investigation. The Canadian provider quickly highlighted how its privacy-focused design thwarted any data recovery efforts. Windscribe disclosed the incident via social media, sharing an image of an empty server rack slot…
-
Hackers Leveraging Windows Screensaver to Deploy RMM Tools and Gain Remote Access to Systems
Hackers Leveraging Windows Screensaver to Deploy RMM Tools and Gain Remote Access to Systems Cybersecurity threats are constantly evolving, and a recent campaign highlights a deceptive new tactic where attackers leverage Windows screensaver (.scr) files to compromise systems. This method allows threat actors to deploy legitimate Remote Monitoring and Management (RMM) tools, granting them persistent…
-
New Epstein Tool Searches LinkedIn Connections Against 3.5 Million Pages Epstein Files
New Epstein Tool Searches LinkedIn Connections Against 3.5 Million Pages Epstein Files A new open-source Python tool named EpsteIn enables users to check if their LinkedIn connections appear in over 3.5 million pages of Jeffrey Epstein court documents recently released by the U.S. Department of Justice. Developed by Christopher Finke, it runs locally to prioritize…
-
Spam Campaign Distributes Fake PDFs, Installing Remote Monitoring Tools for Persistent Access
Spam Campaign Distributes Fake PDFs, Installing Remote Monitoring Tools for Persistent Access Security teams have discovered an active spam campaign that uses fake PDF documents to trick users into installing remote monitoring and management (RMM) software. The campaign targets organizations by sending emails containing PDF attachments that appear to be invoices, receipts, or important documents.…
-
F5 Patches Critical Vulnerabilities in BIG-IP, NGINX, and Related Products
F5 Patches Critical Vulnerabilities in BIG-IP, NGINX, and Related Products F5 released its February 2026 Quarterly Security Notification on February 4, announcing several medium and low-severity CVEs, plus a security exposure affecting BIG-IP, NGINX, and container services. These issues primarily stem from denial-of-service (DoS) risks and configuration weaknesses, potentially disrupting high-traffic environments like web application…
-
OfferUp scammers are out in force: Here’s what you should know
OfferUp scammers are out in force: Here’s what you should know The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. Go to eset
-
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched on Thursday, comes with…
-
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS…
-
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and…
-
The Buyer’s Guide to AI Usage Control
The Buyer’s Guide to AI Usage Control Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from…
-
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the…
-
Backdoor in Notepad++
Backdoor in Notepad++ Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users. Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until September 2. Even then, the attackers maintained credentials to the internal…
-
ISC Stormcast For Friday, February 6th, 2026 https://isc.sans.edu/podcastdetail/9798, (Fri, Feb 6th)
ISC Stormcast For Friday, February 6th, 2026 https://isc.sans.edu/podcastdetail/9798, (Fri, Feb 6th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Broken Phishing URLs, (Thu, Feb 5th)
Broken Phishing URLs, (Thu, Feb 5th) For a few days, many phishing emails that landed into my mailbox contain strange URLs. They are classic emails asking you to open a document, verify your pending emails, … But the format of the URLs is broken! In a URL, parameters are extra pieces of information added after…
-
Please Don’t Feed the Scattered Lapsus ShinyHunters
Please Don’t Feed the Scattered Lapsus ShinyHunters A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims…
-
Incognito Market admin sentenced to 30 years for running $105 million dark web drug empire
Incognito Market admin sentenced to 30 years for running $105 million dark web drug empire He promised “the best security there is” to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug…
-
EnCase Driver Weaponized as EDR Killers Persist
EnCase Driver Weaponized as EDR Killers Persist The forensic tool’s driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it. Rob Wright Go to gbhackers.com
-
Agentic AI Site ‘Moltbook’ Is Riddled With Security Risks
Agentic AI Site ‘Moltbook’ Is Riddled With Security Risks Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly accessible API. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Cyber Success Trifecta: Education, Certifications & Experience
Cyber Success Trifecta: Education, Certifications & Experience Colonel Georgeo Xavier Pulikkathara, CISO at iMerit discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of AI-driven cybersecurity evolution. Kristina Beek Go to gbhackers.com
-
DragonForce Ransomware Targets Critical Businesses to Exfiltrate Sensitive Data
DragonForce Ransomware Targets Critical Businesses to Exfiltrate Sensitive Data DragonForce is a ransomware group that emerged in late 2023 and has grown into a serious threat to businesses by combining data theft with… Go to gbhackers.com
-
Go 1.25.7 and Go 1.24.13 Released With Patches for Multiple Security Vulnerabilities
Go 1.25.7 and Go 1.24.13 Released With Patches for Multiple Security Vulnerabilities The Go team has officially released versions 1.25.7 and 1.24.13. These minor point releases address two distinct security vulnerabilities affecting the cmd/cgo command and the crypto/tls library. The updates are recommended… Go to gbhackers.com
-
Weaponized Voicemail Hack Allows Remote Access to Systems, Experts Warn
Weaponized Voicemail Hack Allows Remote Access to Systems, Experts Warn A sophisticated social engineering campaign that weaponizes fake voicemail notifications to trick victims into installing remote access tools. The attack begins when victims receive… Go to gbhackers.com
-
APT28 Hackers Exploit Microsoft Office Vulnerability to Target Government Agencies
APT28 Hackers Exploit Microsoft Office Vulnerability to Target Government Agencies Russian state-sponsored hackers, known as APT28 or Fancy Bear, have launched a new wave of cyberattacks targeting government and military organizations across Europe. This… Go to gbhackers.com
-
Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems
Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems A new cyber-espionage threat group dubbed Amaranth-Dragon. Active throughout 2025, this group has launched highly targeted attacks against government and law enforcement agencies across Southeast… Go to gbhackers.com
-
Hackers compromise NGINX servers to redirect user traffic
Hackers compromise NGINX servers to redirect user traffic A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker’s backend infrastructure. […] Bill Toulas Go to bleepingcomputer
-
Critical n8n flaws disclosed along with public exploits
Critical n8n flaws disclosed along with public exploits Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. […] Bill Toulas Go to bleepingcomputer
-
CISA: VMware ESXi flaw now exploited in ransomware attacks
CISA: VMware ESXi flaw now exploited in ransomware attacks CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA warns of five-year-old GitLab flaw exploited in attacks
CISA warns of five-year-old GitLab flaw exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
The Double-Edged Sword of Non-Human Identities
The Double-Edged Sword of Non-Human Identities Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. […] Sponsored by Flare Go to bleepingcomputer
-
APT28 Hackers Exploiting Microsoft Office Vulnerability to Compromise Government Agencies
APT28 Hackers Exploiting Microsoft Office Vulnerability to Compromise Government Agencies Russian state-sponsored actors known as APT28 have initiated a sophisticated cyber espionage campaign targeting high-value government and military entities across Europe. The primary targets include maritime and transport organizations in nations such as Poland, Ukraine, and Turkey. The attackers are actively exploiting a critical vulnerability…
-
New DesckVB RAT with Multi-stage Infection Chain and Plugin-Based Architecture
New DesckVB RAT with Multi-stage Infection Chain and Plugin-Based Architecture A sophisticated new threat has surfaced in the wild, identified as the DesckVB RAT version 2.9. This modular Remote Access Trojan, built on the .NET framework, has been observed in active malware campaigns throughout early 2026. Unlike simple backdoors, this threat demonstrates a high level…
-
Threat Actors Hacking NGINX Servers to Redirect Web Traffic to Malicious Servers
Threat Actors Hacking NGINX Servers to Redirect Web Traffic to Malicious Servers A sophisticated campaign in which threat actors are stealthily compromising NGINX servers to redirect web traffic to malicious destinations. The attackers, previously linked to “React2Shell” exploits, are now targeting NGINX configurations, specifically those using the Baota (BT) management panel, widely used in Asia.…
-
New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support Scam Kit
New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support Scam Kit A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebook’s paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…