Recent Posts
News•Feb 27, 2026
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
North Korean APT ScarCruft launched the Ruby Jumper campaign, employing a chain of malware that includes RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE and BLUELIGHT. The first‑stage payload uses a malicious LNK file to execute PowerShell, which carves and runs additional components. RESTLEAF authenticates to Zoho WorkDrive with a valid token to fetch shellcode, while THUMBSBD and VIRUSTASK weaponize removable media to bridge air‑gapped systems. The operation demonstrates a sophisticated blend of cloud‑based C2 and offline propagation techniques.
By The Hacker News
News•Feb 27, 2026
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are distributing trojanized gaming utilities through browsers and chat platforms to install a Java‑based remote‑access trojan (RAT). The downloader stages a portable Java runtime, executes a malicious JAR via PowerShell and cmstp.exe, then deletes itself and configures Microsoft...
By The Hacker News
News•Feb 26, 2026
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
Cisco Talos has identified a new threat cluster, UAT-10027, delivering a novel backdoor called Dohdoor that leverages DNS‑over‑HTTPS for command‑and‑control. The malware uses DLL side‑loading through legitimate Windows executables and drops a Cobalt Strike beacon that unhooks NTDLL calls to evade...
By The Hacker News
News•Feb 25, 2026
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
Scattered LAPSUS$ Hunters (SLH) is paying women $500 to $1,000 per call to conduct voice‑phishing attacks against IT help desks. The group supplies pre‑written scripts and leverages legitimate proxy services and tunneling tools to evade detection. These vishing campaigns aim...
By The Hacker News
News•Feb 25, 2026
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
The article outlines five common triage failures that inflate business risk, from decisions made without execution evidence to manual, error‑prone processes. It shows how interactive sandboxes—exemplified by ANY.RUN—provide rapid execution evidence, enabling analysts to reach evidence‑backed verdicts within seconds. Reported...
By The Hacker News
News•Feb 25, 2026
Manual Processes Are Putting National Security at Risk
More than half of national‑security agencies still move classified data by hand, a practice the CYBER360 report flags as a strategic liability. Manual transfers introduce human error, audit gaps, and exploitable seams that adversaries can weaponize. Legacy platforms, protracted procurement...
By The Hacker News
News•Feb 24, 2026
Identity Prioritization Isn't a Backlog Problem - It's a Risk Math Problem
Identity programs still rank remediation like IT tickets, ignoring context. The article argues that true prioritization must treat identity risk as a function of controls posture, hygiene, business impact, and user intent, not just checklist completion. When these factors align,...
By The Hacker News
News•Feb 23, 2026
APT28 Targeted European Entities Using Webhook-Based Macro Malware
Russia‑linked APT28 launched Operation MacroMaze, a campaign against Western and Central European entities from September 2025 through January 2026. The attackers delivered spear‑phishing documents containing a macro that calls a webhook.site URL, acting as a tracking‑pixel to verify document opening. The macro drops...
By The Hacker News
News•Feb 23, 2026
How Exposed Endpoints Increase Risk Across LLM Infrastructure
Enterprises deploying private Large Language Models are rapidly adding inference APIs, model‑management dashboards, and tool‑calling endpoints. Each new endpoint widens the attack surface, especially when permissions are excessive and credentials remain static. Exposed endpoints let attackers hijack non‑human identities, enabling...
By The Hacker News
News•Feb 23, 2026
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Iranian APT group MuddyWater has launched Operation Olalampo, targeting organizations across the Middle East and North Africa. The campaign, first seen on Jan 26, 2026, deploys new malware families—GhostFetch, HTTP_VIP, the Rust backdoor CHAR, and the GhostBackDoor implant—delivered via macro‑laden Office...
By The Hacker News
News•Feb 21, 2026
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
EC‑Council announced its Enterprise AI Credential Suite, adding four role‑based AI certifications and an updated Certified CISO v4 program. The launch targets the estimated $5.5 trillion global AI risk exposure and a U.S. reskilling gap of 700,000 workers. It aligns with recent...
By The Hacker News