New Tool Blocks Imposter Attacks Disguised as Safe Commands
Tirith is a new open‑source, cross‑platform utility that monitors shell input to detect and block homoglyph‑based URL attacks and other deceptive command‑line tricks. It hooks into popular shells such as zsh, bash, fish, and PowerShell, inspecting every pasted command for Unicode look‑alikes, ANSI escapes, and risky pipe‑to‑shell patterns. The tool performs all analysis locally, adds sub‑millisecond overhead, and never modifies the original command or sends telemetry. Available via GitHub, npm, Homebrew, apt, and Docker, Tirith quickly gained traction with over 1,600 stars in its first week.
Payments Platform BridgePay Confirms Ransomware Attack Behind Outage
BridgePay Network Solutions confirmed a ransomware attack knocked its payment gateway offline, triggering a nationwide outage across core APIs, virtual terminals, and hosted pages. The breach began early Friday, prompting the company to involve the FBI, U.S. Secret Service, and...
CISA Warns of SmarterMail RCE Flaw Used in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical remote code execution vulnerability, CVE‑2026‑24423, in SmarterMail versions prior to build 9511. The flaw, exploitable via the ConnectToHub API, is being leveraged in active ransomware campaigns. SmarterTools patched the...
EDR, Email, and SASE Miss This Entire Class of Browser Attacks
Keep Aware warns that enterprise security tools—EDR, email gateways, and SASE—systematically miss a growing class of browser‑only attacks, including click‑fix UI social engineering, malicious extensions, man‑in‑the‑browser manipulations, and HTML smuggling. These techniques leave little forensic evidence because they exploit user...
Man Pleads Guilty to Hacking Nearly 600 Women’s Snapchat Accounts
Illinois resident Kyle Svara pleaded guilty in Boston federal court to phishing Snapchat access codes from roughly 570 women between May 2020 and February 2021, successfully infiltrating at least 59 accounts to steal nude photos. He marketed the stolen content...
Flickr Discloses Potential Data Breach Exposing Users' Names, Emails
Flickr disclosed a potential data breach after a vulnerability in a third‑party email service provider exposed user names, email addresses, IP locations and activity logs. The company acted quickly, shutting down the affected system within hours on February 5, 2026. While...
Spain's Ministry of Science Shuts Down Systems After Breach Claims
Spain's Ministry of Science, Innovation and Universities announced a partial shutdown of its electronic services after a technical incident that appears to be a cyberattack. A hacker using the alias “GordonFreeman” claimed to have exploited an IDOR flaw to gain...
Ransomware Gang Uses ISPsystem VMs for Stealthy Payload Delivery
Ransomware operators are exploiting ISPsystem’s VMmanager by deploying default Windows virtual machines that reuse identical hostnames and system identifiers. Sophos discovered the same hostnames across VMs used by multiple ransomware groups, including LockBit, Conti, BlackCat/ALPHV and Ursnif, as well as...
Microsoft to Shut Down Exchange Online EWS in April 2027
Microsoft announced that the Exchange Web Services (EWS) API for Exchange Online will be blocked on October 1, 2026 and fully retired on April 1, 2027. Administrators can create an allow‑list by August 2026 to bypass the October block, after which Microsoft will pre‑populate allow...
Italian University La Sapienza Goes Offline After Cyberattack
Rome’s La Sapienza, Europe’s largest university, suffered a cyberattack that forced a complete shutdown of its IT network. Authorities and the university’s technical task force identified the incident as a ransomware operation attributed to the pro‑Russian group Femwar02, using the...
Romanian Oil Pipeline Operator Conpet Discloses Cyberattack
Romanian pipeline operator Conpet disclosed a ransomware attack that crippled its corporate IT systems and took its public website offline, while its core transport operations remained unaffected. The Qilin gang claimed responsibility, alleging the theft of nearly 1 TB of internal...
When Cloud Logs Fall Short, the Network Tells the Truth
Cloud migrations create fragmented logs that leave blind spots, making real‑time visibility essential for security. Network telemetry provides a consistent, provider‑agnostic signal that overcomes log inconsistencies across multi‑cloud environments. By integrating traffic mirroring, flow logs, and TLS/DNS metadata, organizations can...
Data Breach at Fintech Firm Betterment Exposes 1.4 Million Accounts
Fintech platform Betterment disclosed a data breach affecting roughly 1.435 million accounts, exposing email addresses, names, birth dates, physical addresses, phone numbers, and employment details. Threat actors also launched a social‑engineering campaign, sending fraudulent cryptocurrency reward emails to compromised contacts....
Zendesk Spam Wave Returns, Floods Users with 'Activate Account' Emails
A fresh wave of spam is exploiting unsecured Zendesk support portals, flooding users worldwide with fake “Activate account” emails. Attackers submit tickets through open Zendesk forms, triggering automatic confirmation messages to large address lists. The campaign mirrors a January incident,...
Critical N8n Flaws Disclosed Along with Public Exploits
Multiple critical flaws identified as CVE‑2026‑25049 let any authenticated n8n user execute arbitrary code on the host server. The vulnerabilities stem from weak sandboxing of user‑written JavaScript and bypass the prior CVE‑2025‑68613 fix. Versions prior to 2.5.2 and 1.123.17 are...
CISA: VMware ESXi Flaw Now Exploited in Ransomware Attacks
CISA confirmed that ransomware gangs are exploiting a high‑severity VMware ESXi sandbox‑escape flaw, CVE‑2025‑22225, which Broadcom patched in March 2025 alongside two related vulnerabilities. The vulnerability enables an arbitrary kernel write, allowing attackers with privileged VMX process access to break...
CISA Warns of Five-Year-Old GitLab Flaw Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to patch the five‑year‑old GitLab SSRF vulnerability (CVE‑2021‑39935) after confirming it is being actively exploited. The flaw, fixed by GitLab in December 2021, allows unauthenticated users to access...
The Double-Edged Sword of Non-Human Identities
Flare’s 2025 analysis uncovered more than 10,000 Docker Hub images exposing API keys, cloud tokens, and AI model credentials. The leaks illustrate how non‑human identities—tokens, service accounts, and workload identities—are embedded in containers and can persist for years, as seen...
Microsoft Rolls Out Native Sysmon Monitoring in Windows 11
Microsoft has begun rolling out native Sysmon functionality to Windows 11 Insider builds in the Beta and Dev channels. The built‑in service mirrors the popular Sysinternals Sysmon tool, logging process, file and clipboard events to the Windows Event Log. It remains...
Coinbase Confirms Insider Breach Linked to Leaked Support Tool Screenshots
Coinbase confirmed an insider breach in which a contractor accessed the personal data of roughly thirty customers. The breach is tied to screenshots of an internal support tool that were leaked earlier this year. The incident occurred in December but...
Wave of Citrix NetScaler Scans Use Thousands of Residential Proxies
GreyNoise observed a coordinated reconnaissance campaign against Citrix NetScaler from Jan 28 to Feb 2, leveraging over 63,000 residential proxy IPs and a single Azure address. The scans generated 111,834 sessions, with 79% targeting Citrix Gateway honeypots and 64% originating from residential...
Iron Mountain: Data Breach Mostly Limited to Marketing Materials
Iron Mountain disclosed that the recent breach claimed by the Everest extortion gang was confined to a single folder of marketing materials on a public‑facing file‑sharing server. Attackers used a compromised login credential but did not deploy ransomware or access...
Hackers Exploit Critical React Native Metro Bug to Breach Dev Systems
Hackers are exploiting the critical CVE‑2025‑11953 flaw in the React Native Metro bundler to gain unauthenticated command execution on development machines. The vulnerability resides in the /open‑url HTTP endpoint, which accepts unsanitized POST data and can run arbitrary OS commands...
Mozilla Announces Switch to Disable All Firefox AI Features
Mozilla announced that Firefox 148, releasing on February 24, will include a global “Block AI enhancements” toggle, letting users disable all generative AI features or manage them individually. The AI controls panel covers five specific tools—browser translations, PDF alt‑text generation, AI‑enhanced tab...
Microsoft: January Update Shutdown Bug Affects More Windows PCs
Microsoft confirmed that a shutdown bug introduced by the January 15 cumulative update affects Windows 11 23H2 devices with System Guard Secure Launch and extends to Windows 10 22H2, Enterprise LTSC 2021 and 2019 when Virtual Secure Mode (VSM) is enabled. Emergency...
CTM360 Report Warns of Global Surge in Fake High-Yield Investment Scams
CTM360’s new report reveals a sharp global rise in fraudulent high‑yield investment programs, or HYIPs, promising unrealistic returns such as 40 % in 72 hours. Over 4,200 scam sites were cataloged in the past year, with December 2025 alone seeing 485 incidents—about 15...
Panera Bread Breach Impacts 5.1 Million Accounts, Not 14 Million Customers
A recent data breach at Panera Bread compromised roughly 5.1 million unique user accounts, far fewer than the 14 million records initially reported. The breach was carried out by the ShinyHunters extortion gang, which accessed Panera's systems through a Microsoft Entra single...
Microsoft Fixes Bug Causing Password Sign-In Option to Disappear
Microsoft has resolved a lock‑screen bug that hid the password sign‑in icon after Windows 11 updates released since August 2025. The issue primarily affected users with multiple authentication methods and was linked to the KB5064081 preview update and subsequent 24H2/25H2 builds. Microsoft...
NationStates Confirms Data Breach, Shuts Down Game Site
NationStates, a browser‑based government simulation game, confirmed a data breach after a player exploited a critical Remote Code Execution flaw in its new Dispatch Search feature. The attacker accessed production servers, copying email addresses, MD5‑hashed passwords, IP logs, and possibly...
Researcher Reveals Evidence of Private Instagram Profiles Leaking Photos
Security researcher Jatin Banga uncovered that Instagram’s private‑profile pages sometimes embed direct CDN links to private photos in the HTML response, exposing them to unauthenticated visitors. His testing showed about 28% of the private accounts he examined leaked such links....
Microsoft to Disable NTLM by Default in Future Windows Releases
Microsoft announced that NTLM authentication will be disabled by default in future Windows Server and client releases. The change follows a three‑phase transition—auditing tools in Windows 11 24H2 and Server 2025, introduction of IAKerb and a Local KDC in late 2026, and final...
Operation Switch Off Dismantles Major Pirate TV Streaming Services
Operation Switch Off, a joint effort by Europol, Eurojust and Interpol led by Italy’s Catania prosecutor and State Police, seized three industrial‑scale illegal IPTV services—IPTVItalia, migliorIPTV and DarkTV—across 14 countries. The crackdown dismantled servers in Romania and Africa, identified 31...
Microsoft Fixes Outlook Bug Blocking Access to Encrypted Emails
Microsoft has resolved a bug in classic Outlook that blocked users from opening emails encrypted with the “Encrypt Only” permission after a December 2025 update. The defect replaced the encrypted payload with a message_v2.rpmsg attachment, making the content unreadable in...
Hugging Face Abused to Spread Thousands of Android Malware Variants
Researchers at Bitdefender uncovered a new Android malware campaign that exploits the Hugging Face platform as a distribution hub for thousands of polymorphic APK variants. The dropper app, TrustBastion, masquerades as a security tool, redirects victims to a Hugging Face...
Ivanti Warns of Two EPMM Flaws Exploited in Zero-Day Attacks
Ivanti disclosed two critical code‑injection flaws (CVE‑2026‑1281 and CVE‑2026‑1340) in its Endpoint Manager Mobile (EPMM) platform, each scoring 9.8 on the CVSS scale and already leveraged in limited zero‑day attacks. The company issued immediate RPM‑based mitigations that require no downtime,...
Marquis Blames Ransomware Breach on SonicWall Cloud Backup Hack
Marquis Software Solutions, a Texas‑based provider to over 700 banks and credit unions, attributes its August 2025 ransomware incident to a breach of SonicWall’s MySonicWall cloud backup service. The attackers allegedly used firewall configuration files stolen from SonicWall to bypass Marquis’s...
Aisuru Botnet Sets New Record with 31.4 Tbps DDoS Attack
The Aisuru/Kimwolf botnet launched a hyper‑volumetric DDoS assault that peaked at 31.4 Tbps and 200 million requests per second, eclipsing its own 29.7 Tbps record. Cloudflare detected and automatically mitigated the attack on December 19, 2024, without triggering internal alerts. The campaign primarily hit...
France Fines Unemployment Agency €5 Million over Data Breach
France's data protection authority (CNIL) has imposed a €5 million fine on the national employment agency, France Travail, for a massive data breach. The breach, discovered in early 2024, exposed personal details of up to 43 million job seekers, including names, birth...
SolarWinds Warns of Critical Web Help Desk RCE, Auth Bypass Flaws
SolarWinds issued emergency patches for its Web Help Desk platform, fixing four critical vulnerabilities—two authentication bypass flaws (CVE‑2025‑40552, CVE‑2025‑40554), two remote code execution bugs (CVE‑2025‑40553, CVE‑2025‑40551), and a hard‑coded credentials issue (CVE‑2025‑40537). The flaws can be exploited remotely without authentication,...
Hackers Hijack Exposed LLM Endpoints in Bizarre Bazaar Operation
Researchers at Pillar Security uncovered a large‑scale cyber‑crime operation dubbed “Bizarre Bazaar” that hijacks exposed LLM endpoints. Over 40 days they logged 35,000 attack sessions, showing attackers exploit misconfigured AI APIs to mine cryptocurrency, resell access, exfiltrate data, and pivot...
Slovakian Man Pleads Guilty to Operating Darknet Marketplace
A Slovakian national, Alan Bill, pleaded guilty to operating the Kingdom Market darknet platform, which sold drugs, forged IDs, stolen data and cyber‑crime tools from March 2021 to December 2023. The marketplace listed about 42,000 illicit items and processed payments in privacy‑focused cryptocurrencies....
Chinese Mustang Panda Hackers Deploy Infostealers via CoolClient Backdoor
Chinese espionage group Mustang Panda has upgraded its CoolClient backdoor with new infostealer capabilities, including browser credential theft, clipboard monitoring, and active window tracking. The variant has been observed targeting government entities in Myanmar, Mongolia, Malaysia, Russia and Pakistan, delivered via...
WinRAR Path Traversal Flaw Still Exploited by Numerous Hackers
Multiple threat actors, including state‑sponsored groups and cybercriminals, are exploiting the high‑severity WinRAR path‑traversal vulnerability CVE‑2025‑8088. The flaw uses Alternate Data Streams to write malicious LNK, HTA, BAT or script files to arbitrary locations such as the Windows Startup folder,...
Critical Sandbox Escape Flaw Found in Popular Vm2 NodeJS Library
A critical‑severity vulnerability (CVE‑2026‑22709) has been discovered in the popular vm2 Node.js sandbox library, allowing attackers to bypass Promise sanitization and escape the sandbox. The flaw enables arbitrary code execution on the host system and affects versions prior to 3.10.3,...
From Cipher to Fear: The Psychology Behind Modern Ransomware Extortion
Modern ransomware has moved beyond file encryption to a pressure‑centric extortion model that weaponizes stolen data, regulatory threats, and reputation damage. 2025 saw ransomware groups fragment into affiliate networks, making attribution harder while scaling double‑extortion campaigns. Research shows SMBs in...
6 Okta Security Settings You Might Have Overlooked
Okta is the backbone of many SaaS‑first enterprises, making its security settings critical. The article outlines six often‑overlooked configurations—password policies, phishing‑resistant MFA, ThreatInsight, admin session ASN binding, session lifetimes, and behavior rules—that strengthen identity protection. It also highlights how continuous...
Hackers Can Bypass Npm’s Shai-Hulud Defenses via Git Dependencies
The recent discovery by Koi Security reveals that NPM’s handling of Git‑based dependencies can circumvent the post‑Shai‑Hulud “PackageGate” defenses, allowing malicious code execution even with the `--ignore‑scripts` flag. The bypass exploits a crafted `.npmrc` file that overrides the Git binary...
Microsoft Investigates Windows 11 Boot Failures After January Updates
Microsoft is investigating Windows 11 boot failures marked by the UNMOUNTABLE_BOOT_VOLUME stop code after the January 2026 Patch Tuesday cumulative update (KB5074109). The problem impacts Windows 11 version 25H2 and all editions of version 24H2 on physical devices, displaying a black crash screen and requiring...
Microsoft Releases Emergency OOB Update to Fix Outlook Freezes
Microsoft issued emergency out‑of‑band (OOB) updates on Saturday to address a critical Outlook freeze affecting PST files stored in cloud services such as OneDrive and Dropbox. The problem, introduced by the January 2026 Patch Tuesday roll‑out, caused Outlook to become...
Konni Hackers Target Blockchain Engineers with AI-Built Malware
North Korean hacker group Konni, linked to APT37, is deploying AI‑generated PowerShell malware to infiltrate blockchain developers. The campaign uses Discord‑hosted links that deliver a ZIP file containing a PDF lure and a malicious LNK shortcut. The shortcut triggers a...