Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new phishing kit called Starkiller has emerged on the dark web as a commercial‑grade, subscription‑based service. It proxies live login pages through attacker‑controlled infrastructure, eliminating static HTML templates and allowing real‑time credential capture. By routing authentication traffic through the proxy, the kit can forward MFA codes to the legitimate service, effectively bypassing multi‑factor protection. The platform supports dozens of high‑profile brands and includes features such as session monitoring and keylogging.
Cryptojacking Campaign Exploits Driver to Boost Monero Mining
Security firm Trellix uncovered a new cryptojacking operation that spreads through pirated software installers and installs a customized XMRig miner. The malware uses a controller named Explorer.exe for persistence and a signed driver (WinRing0x64.sys, CVE‑2020‑14979) to gain kernel access, boosting...
Over-Privileged AI Drives 4.5 Times Higher Incident Rates
Teleport’s 2026 State of AI in Enterprise Infrastructure Security report reveals that AI workloads with excessive access rights suffer a 4.5‑times higher incident rate than those governed by least‑privilege controls. Seventy percent of surveyed security leaders say AI systems enjoy...
OysterLoader Evolves With New C2 Infrastructure and Obfuscation
OysterLoader, a C++‑based multi‑stage malware loader also known as Broomstick and CleanUp, has been updated through early 2026 with enhanced command‑and‑control infrastructure and obfuscation techniques. The loader now employs a three‑step HTTP/HTTPS handshake, custom Base64 alphabets, and a modified LZMA...
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
Operation DoppelBrand, attributed to the financially motivated GS7 group, launched a large‑scale phishing campaign against Fortune 500 financial and technology firms between December 2025 and January 2026. The attackers registered over 150 look‑alike domains, used automated SSL certificates and rotating registrars, and cloned...
Munich Security Conference: Cyber Threats Lead G7 Risk Index, Disinformation Ranks Third
The Munich Security Index 2026 released at the MSC shows G7 nations rank cyber‑attacks as their top security risk for the second consecutive year. Disinformation campaigns sit in third place, while economic crises occupy the second slot. In contrast, the...
World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
World Leaks, a high‑profile extortion group, has introduced a new Rust‑written malware called RustyRocket, according to Accenture research. The tool provides stealthy persistence on both Windows and Linux systems, using heavily obfuscated, multi‑layered encrypted tunnels to exfiltrate data and proxy...
AI Skills Represent Dangerous New Attack Surface, Says TrendAI
TrendAI, the new business unit of Trend Micro, warns that AI skills—executable artifacts that blend human‑readable text with LLM instructions—represent a dangerous attack surface. These skills, used in products like Anthropic’s Agent Skills, OpenAI’s GPT Actions, and Microsoft’s Copilot Plugins, can...
“Digital Parasite” Warning as Attackers Favor Stealth for Extortion
Picus Security’s Red Report 2026, based on analysis of over 1.1 million malicious files and 15.5 million actions, shows threat actors now favor stealthy persistence and silent data exfiltration for extortion. Process injection remains the top technique for the third consecutive year, accounting...
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure
The UK National Cyber Security Centre (NCSC) has issued an urgent alert to critical national infrastructure (CNI) providers, warning of "severe" cyber‑attacks that could disrupt essential services. The warning follows a coordinated malware strike on Poland’s energy grid in December,...
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
Ontinue’s February 9 report details VoidLink, a Linux‑based command‑and‑control framework that can infiltrate enterprise and multi‑cloud environments. The implant adapts to AWS, Azure, GCP, Alibaba and Tencent clouds, harvesting credentials, escaping containers and employing kernel‑level stealth via eBPF or loadable modules....
Social Media Platforms Earn Billions From Scam Ads
European social media platforms earned nearly £3.8bn ($5.2bn) from scam ads in 2025, driven by almost one trillion impressions across eleven markets. Scam‑related posts represented about 10% of the 993bn ad views, inflating platform revenue while undermining user trust. Juniper...
US Agencies Told to Scrap End of Support Edge Devices
CISA issued a directive requiring all federal agencies to retire edge devices that have reached end‑of‑support within the next 12 months. The rule targets routers, switches, firewalls, and IoT endpoints that are no longer receiving vendor patches. Agencies must inventory,...
Smartphones Now Involved in Nearly Every Police Investigation
A new Cellebrite report shows digital evidence, especially from smartphones, now underpins almost every police investigation. Ninety‑five percent of law‑enforcement practitioners consider it essential, and 97% identify smartphones as the top source, up from 73% in 2024. Consequently, 62% of...
AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+
Pindrop’s 2025 report reveals a 1,210% surge in AI‑enabled voice and virtual‑meeting fraud, dwarfing the 195% rise in traditional scams. Synthetic voice bots and deepfake executives are now bypassing contact‑center IVRs and infiltrating remote interviews, financial transactions, and other trust‑based...
Global SystemBC Botnet Found Active Across 10,000 Infected Systems
Silent Push has identified more than 10,000 active SystemBC infections across data‑centre and government servers in the US, Europe and Asia. The multi‑platform proxy malware turns compromised hosts into SOCKS5 relays, a technique frequently observed before ransomware campaigns. A previously unknown...
New Technical Markers Reveal Expanding ShadowSyndicate Cybercriminal Infrastructure
Group‑IB uncovered new technical markers that expand the ShadowSyndicate cybercrime infrastructure, adding two fresh SSH fingerprints and revealing server‑transfer tactics that link dozens of servers to a single operator. The cluster consistently reuses OpenSSH keys and hosts on the same...
AI Drives Doubling of Phishing Attacks in a Year
Cofense reports that phishing attacks doubled in 2025, with security filters catching one malicious email every 19 seconds, up from one every 42 seconds in 2024. The surge is driven by AI, which threat actors now use as a core...
SQL Injection Flaw Affects 40,000 WordPress Sites
A SQL injection vulnerability (CVE‑2025‑67987) was found in the Quiz and Survey Master (QSM) WordPress plugin affecting versions up to 10.3.1. The flaw allowed any logged‑in user with Subscriber‑level access to inject arbitrary SQL via the `_is_linking_` REST API parameter,...
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
A critical security flaw named DockerDash was disclosed in Docker's Ask Gordon AI assistant, allowing unverified Docker image metadata to become executable instructions. The vulnerability, identified by Noma Labs, enables remote code execution in cloud and CLI environments and data...
Researchers Warn of New “Vect” RaaS Variant
Researchers have identified a new ransomware‑as‑a‑service (RaaS) group called Vect, which has already hit organizations in Brazil and South Africa. The group markets a custom‑built C++ ransomware that uses ChaCha20‑Poly1305 encryption, claiming speeds 2.5 times faster than AES‑256‑GCM. Vect advertises...
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russian‑linked group Fancy Bear leveraged the high‑severity CVE‑2026‑21509 Office flaw days after Microsoft disclosed it, targeting Ukrainian ministries and EU bodies. The malicious Word document triggered a WebDAV call that installed a DLL via COM hijacking, ultimately launching the Covenant...
Labyrinth Chollima Evolves Into Three North Korean Hacking Groups
Labyrinth Chollima has split into three distinct North Korean hacking groups—Labyrinth Chollima, Golden Chollima, and Pressure Chollima—according to CrowdStrike. While Labyrinth Chollima continues espionage against defense, manufacturing and critical‑infrastructure firms, the new Golden and Pressure factions focus on cryptocurrency theft. Each group employs a unique...
New AI-Developed Malware Campaign Targets Iranian Protests
HarfangLab uncovered the RedKitten campaign, an AI‑assisted operation delivering the SloppyMIO malware to Iranian human‑rights activists and NGOs. The attack uses shock‑value Excel files masquerading as forensic records to lure victims into enabling macros. Once activated, SloppyMIO pulls additional payloads...
National Crime Agency and NatWest Issue Joint Warning Over Invoice Fraud Threat
NatWest Bank and the UK National Crime Agency have launched a joint awareness campaign to combat invoice fraud, a cyber‑crime that siphons millions from businesses each year. The partnership highlights the scale of the threat, citing September 2025 data where...
Operation Winter SHIELD: FBI Issues Call to Arms for Organizations to Improve Cybersecurity
The FBI has launched Operation Winter SHIELD, a cyber‑resilience campaign that outlines ten concrete actions for organizations to harden both IT and OT environments. The initiative aligns with the U.S. National Cyber Strategy and draws on recent investigations of cyber‑criminal and...
New CISA Guidance Targets Insider Threat Risks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a new infographic aimed at helping critical‑infrastructure operators and state, local, tribal and territorial (SLTT) governments manage insider threats. The guidance outlines a four‑stage model—plan, organize, execute, maintain—and stresses building multidisciplinary...
US Data Breaches Hit Record High but Victim Numbers Decline
The Identity Theft Resource Center recorded a record 3,332 data compromises in the United States for 2025, a 5 % rise over the previous year. Despite more incidents, victim notices fell sharply to 279 million, the lowest level since 2014, as the...
Number of Cybersecurity Pros Surges 194% in Four Years
The UK cybersecurity workforce has exploded, rising 194% between December 2021 and June 2025 to reach 83,700 professionals. This makes cyber the fifth‑fastest‑growing occupation and the most rapidly expanding IT role, outpacing the sector’s average 9.6% growth. Despite the surge, a talent...
Critical and High Severity N8n Sandbox Flaws Allow RCE
Two critical sandbox bypasses were discovered in the n8n workflow automation platform, affecting its JavaScript expression engine (CVE‑2026‑1470, CVSS 9.9) and Python Code node (CVE‑2026‑0863, CVSS 8.5). Both flaws let authenticated users escape the sandbox and execute arbitrary commands on the host...
Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign
Researchers at Symantec and Carbon Black have uncovered a PureRAT trojan campaign that is being authored with artificial‑intelligence tools. The malware is distributed through phishing emails masquerading as job offers and contains code comments and emojis typical of AI‑generated scripts....
AI Security Threats Loom as Enterprise Usage Jumps 91%
Zscaler’s ThreatLabz 2026 AI Security Report reveals a 91% surge in enterprise AI usage, encompassing 989.3 billion transactions across more than 3,400 applications in 2025. Despite this rapid adoption, every AI system examined harbored critical vulnerabilities, with 90% compromised within 90...
Researchers Uncover 454,000+ Malicious Open Source Packages
Security vendor Sonatype reported that developers downloaded 9.8 trillion open‑source components in 2025, yet 454,648 of the packages were newly identified as malicious. The report describes a shift from opportunistic spam to industrialized, often state‑sponsored campaigns that use typosquatting, namespace confusion,...
Over 80% of Ethical Hackers Now Use AI
Bugcrowd’s latest report shows that 82% of ethical hackers now rely on AI, up from 64% a year earlier. The adoption enables faster, broader assessments and higher‑quality vulnerability reports, with automation and deep code analysis cited as primary use cases....
EScan Antivirus Supply Chain Breach Delivers Signed Malware
On January 20 2026, MicroWorld Technologies’ eScan antivirus was compromised through its legitimate update infrastructure, delivering digitally signed malware to global endpoints. The multi‑stage payload installed a 64‑bit backdoor, persisted via disguised scheduled tasks, and altered hosts and registry settings to block...
CISA Releases List of Post-Quantum Cryptography Product Categories
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its first list of hardware and software product categories that support or are transitioning to post‑quantum cryptography (PQC) standards. The list, compiled with the NSA, follows Executive Order 14306 and targets cloud...
Researchers Uncover “Haxor” SEO Poisoning Marketplace
Security researchers uncovered the HaxorSEO (HxSEO) marketplace, a Telegram and WhatsApp‑based service that sells over 1,000 malicious backlinks from compromised, decades‑old domains. Each listing includes trust scores such as domain authority and is priced at $6, allowing threat actors to...
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
US law firm Hagens Berman is urging investors to join a class action against Coupang over a massive June 2025 cyber‑attack that exposed personal data of 33.7 million customers. The breach prompted a police raid, the resignation of CEO Park Dae‑Joon,...
NHS Issues Open Letter Demanding Improved Cybersecurity Standards From Suppliers
The UK National Health Service has issued an open letter to suppliers, demanding proactive cybersecurity collaboration across the health and social care system. The initiative builds on last year’s voluntary supply‑chain charter and aligns with the Cyber Security and Resilience...
Critical Appsmith Flaw Enables Account Takeovers
A critical authentication flaw (CVE‑2026‑22794) was discovered in Appsmith’s low‑code platform. The vulnerability stems from the password‑reset endpoint trusting the client‑supplied Origin header, allowing attackers to craft malicious reset links and capture tokens. Exploitation enables full account takeover, including admin...
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
A critical vulnerability (CVE‑2025‑67968) in the RealHomes CRM plugin, bundled with a popular WordPress real‑estate theme, affected over 30,000 sites. Versions 1.0.0 and earlier allowed any logged‑in subscriber to upload arbitrary files via a CSV import endpoint, enabling potential full...
Over 160,000 Companies Notify Regulators of GDPR Breaches
Over 160,000 companies reported GDPR breaches in 2025, a 22% increase year‑over‑year. Daily average notifications jumped to 443, the first time since 2018 that the figure exceeded 400. Germany, the Netherlands and Poland accounted for the highest breach counts, while...
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
A sophisticated loan‑phishing campaign in Peru, uncovered by Group‑IB, uses fake loan applications to harvest valid bank card numbers and six‑digit PINs. The operation impersonates a leading Peruvian bank across 16 dedicated domains and more than 370 related sites, employing...
Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
Gartner predicts that within the next two years up to 50% of global enterprises will adopt zero‑trust data governance as AI‑generated content floods books, code repositories, and research papers. The feedback loop of large language models training on prior AI...
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey reveals cyber risk has risen to a top‑three threat alongside macroeconomic volatility, with 31 % of CEOs rating their firms as highly or extremely exposed to significant financial loss from cyber attacks in the coming year....
AI Supercharges Attacks in Cybercrime's New 'Fifth Wave'
Group‑IB warns that cybercrime has entered a fifth wave powered by weaponized AI, accelerating attacks with generative tools. Dark‑web marketplaces now sell synthetic identity kits and deep‑fake‑as‑a‑service for as little as $5, while AI‑enhanced phishing kits automate victim targeting and...
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals
The TamperedChef campaign uses malvertising to deliver trojanized PDF manuals that install a backdoor-infostealer on victim networks. Researchers at Sophos observed widespread targeting across Europe, especially in Germany, the UK and France, focusing on firms that rely on specialized technical...
Account Compromise Surged 389% in 2025, Says eSentire
eSentire’s 2025 Year in Review reports a 389 % year‑over‑year surge in account compromise, now accounting for 55 % of all attacks. Credential theft dominates, representing 75 % of malicious activity, with Microsoft 365 as the prime target. Phishing‑as‑a‑Service (PHaaS) kits drove 63 % of...
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has identified a coordinated exploitation campaign by the Linux‑based RondoDox botnet targeting HPE OneView’s critical CVE‑2025‑37164 vulnerability. The flaw, scored 10.0 on the CVSS scale, allows unauthenticated remote code execution via the ExecuteCommand REST endpoint. In early...
Global Agencies Release New Guidance to Secure Industrial Networks
The U.S. Cybersecurity and Infrastructure Security Agency, the U.K. National Cyber Security Centre, and the FBI released a joint set of security principles for operational technology (OT) environments. The guidance addresses the expanding attack surface caused by increased connectivity between...
