OpenWebUI Servers Targeted for Extensive Cryptomining
OpenWebUI, a widely used open‑source AI interface, is being exploited through CVE‑2025‑63391, a flaw that allows unauthenticated script uploads. Attackers have compromised roughly 12,000 internet‑exposed instances, injecting Python backdoors that run cryptocurrency miners and steal credentials. About half of the servers lacking authentication show active malware, concentrating in the United States, China and Germany. Researchers urge immediate hardening measures to stop further exploitation.
Lack of CISA Leadership Amid DHS Shutdown Raises Risks, Cyber Pros Say
The U.S. Cybersecurity and Infrastructure Security Agency is operating with roughly one‑third of its staff as the DHS shutdown sidelines 1,500 employees and leaves the agency without a permanent director. Despite the staffing squeeze, CISA continues to issue critical alerts—such...
Beast Ransomware’s Toolkit Revealed by Exposed Directory
Team Cymru uncovered an open directory linked to the Beast ransomware group that exposed the gang’s complete ransomware‑as‑a‑service toolkit. The leak reveals the use of common reconnaissance scanners, credential‑dumping utilities such as Mimikatz, lateral‑movement tools like PsExec and AnyDesk, and...
Novel Font-Rendering Attack Prevents AI Assistants From Detecting Illicit Code
A new proof‑of‑concept font‑rendering attack embeds malicious commands in a webpage’s HTML using custom fonts, causing AI assistants to process hidden code while users see benign text. Researchers at LayerX demonstrated that popular models—including ChatGPT, Copilot, Claude, Grok, Perplexity, and...
Advanced Phishing Intrusion Against Security Firm Exec Detailed
Outpost24 disclosed a sophisticated phishing campaign that targeted a C‑suite executive using the newly emerged Kratos phishing‑as‑a‑service kit. The attackers sent a spoofed JP Morgan email containing a “review document” link that first redirected through Cisco Secure Web and Nylas, then...
KakaoTalk Weaponized in Konni Spear-Phishing Campaign
North Korean APT group Konni weaponized South Korea's KakaoTalk in a sophisticated spear‑phishing campaign. The group sent emails posing as a lecturer on North Korean human‑rights issues, tricking recipients into running a malicious shortcut that installed remote‑access malware. After compromising...
Phishing Emails Target AI Defenses with Unique Obfuscation
Cybercriminals are deploying a new email obfuscation method to bypass NLP‑based phishing filters. The tactic inserts hundreds of line breaks and large blocks of benign graymail or random text after the malicious payload, diluting the malicious signal and inflating email...
Global Cybercrime Clampdown Disrupts over 45K Illicit IP Addresses
Operation Synergia III, coordinated by Interpol, removed over 45,000 malicious IP addresses between July 2025 and January 2026, involving law‑enforcement agencies from 72 countries and private partners like Trend Micro and Group‑IB. The campaign also seized 212 servers, apprehended 94 individuals, and opened investigations into...
Instagram-Powered Iranian Influence Operation Against US Dismantled
Meta announced the removal of nearly 300 Instagram and Facebook accounts linked to an Iranian influence operation that masqueraded as journalists and commentators. The fake personas collectively attracted about 41,000 followers before disseminating anti‑U.S. and anti‑Israel political messages. Engagement on...
Development of Coruna iOS Exploit Kit Pinned on US Military Contractor
U.S. defense contractor L3Harris, through its Trenchant surveillance‑tech division, was identified as a developer of the Coruna iOS exploit kit. Former employees disclosed that the kit, comprising roughly two dozen components originally built for a government surveillance client, has been...
Iran War to Escalate US Organizations' Cyber Risk
The escalating U.S.–Israel conflict with Iran is expected to heighten cyber threats against U.S. public finance issuers, according to Fitch Ratings. Hacktivist and state‑backed actors may increase DDoS, ransomware, and data‑wiping attacks targeting critical infrastructure. Municipalities, which traditionally lag in...
NZ Businesses Report Surge in AI-Related Security Incidents
A Kordia survey of nearly 250 New Zealand firms with 50+ employees shows a sharp rise in AI‑related security incidents. Shadow AI now ranks among the top three cyber risks for 24% of respondents, up from 16% a year earlier. Attacks...
Report: APAC Second Most Targeted Region as Attackers Exploit Basic Gaps
The 2026 IBM X‑Force Threat Intelligence Index shows Asia‑Pacific as the world’s second‑most targeted region, responsible for 27% of tracked cyber incidents. Attackers are leveraging basic security gaps, with AI tools speeding vulnerability discovery and automation. Malware accounts for 45%...
Organizations Track Response, Not Prevention, Survey Finds
A new Malanta survey of 100 security professionals shows enterprises are still focused on response rather than prevention despite investing heavily in threat intelligence. Companies typically run five to eight feeds—some up to 53—with 71% reporting overlapping data and 100%...
Insider Threats: Malicious and Negligent Incidents on the Rise
Recent research highlighted by Tech Radar shows insider threats are climbing sharply. A Mimecast survey of 2,500 IT leaders found 42% of firms reported more malicious insider incidents, matching the same rise in negligent events. Companies now endure an average...
From Alerts to Action: Making Public–Private Threat Intel Actually Useful - Ian Washburn - CSP #222
In the March 9 2026 CSP #222 episode, Deputy CISO Ian Washburn critiques the flood of generic threat alerts from public‑sector feeds such as CISA, MS‑ISAC and CIS. He argues that funding realignments and revised distribution models could transform raw alerts into timely,...
Codific Highlights Five Key Cyber Risks to Power Grids
Codific’s new analysis outlines five recurring cyber‑attack pathways that threaten power‑grid operations, from spear‑phishing and credential theft to remote‑access exploitation, ransomware, and the misuse of legitimate industrial commands. The report stresses that most disruptive incidents follow familiar patterns rather than...
UnsolicitedBooker Targets Telecoms in Central Asia with New Backdoors
The China‑aligned threat group UnsolicitedBooker has begun targeting telecommunications providers in Kyrgyzstan and Tajikistan. The campaign employs two custom backdoors, LuciDoor and MarsSnake, delivered through phishing emails that embed malicious Office macros and loaders such as LuciLoad. These implants can...
Georgia Tech Researchers Highlight Vulnerabilities in Threat Intelligence Sharing
Georgia Tech researchers have uncovered critical weaknesses in the global threat‑intelligence supply chain, highlighting how inconsistent data quality and limited sharing impede rapid response. Their study, presented at the NDSS Symposium, found that while 67% of vendors sandbox suspicious binaries,...
New UAC-0050 Social Engineering Campaign Discovered
Russia‑linked threat group UAC‑0550, also known as DaVinci Group, launched a sophisticated social‑engineering campaign against a European financial institution that supports Ukraine. The attackers sent legal‑themed phishing emails from a counterfeit Ukrainian judicial domain, directing victims to download a ZIP...
CarGurus Purportedly Breached by ShinyHunters
CarGurus disclosed that approximately 1.7 million corporate files were taken by the ShinyHunters hacking group after a voice‑phishing attack compromised its single‑sign‑on credentials on Feb 13. The attackers threatened to publish the data unless negotiations were reached by Feb 20. ShinyHunters has previously...
Remote Access Abuse Drives Majority of Breaches
Arctic Wolf’s 2026 Threat Report reveals a dramatic shift toward data‑only extortion, which surged from 2% to 22% of incidents in 2025. Remote‑access tool abuse initiated 65% of non‑BEC breaches, while AI‑enhanced phishing powered 85% of BEC attacks. Ransomware remains common,...
Dataminr Report: Cyber Risk Shifted in 2025 with Increased Threat Actor Activity and Mega-Loss Events
Dataminr’s 2026 Cyber Threat Landscape Report shows a dramatic shift in cyber risk during 2025, with threat‑actor alerts soaring 225% year‑over‑year. Identity‑based intrusions now account for nearly 30% of attacks, driven by an 84% rise in infostealer malware and AI‑enhanced...
How to Transform Your SOC Through XDR and MDR
In a recent Palo Alto Networks webcast, experts highlighted that modern attackers compress breach timelines to under an hour, overwhelming traditional SOC processes. They argued that XDR platforms like Cortex XDR solve the data‑silo problem by unifying telemetry across endpoints,...
CISA Adds SolarWinds, Microsoft, Apple, Notepad++ Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, covering SolarWinds Web Help Desk, Microsoft Configuration Manager, Apple operating systems, and Notepad++. The SolarWinds flaw (CVE‑2025‑40536) and the Microsoft SQL‑injection...
Attribution of Sprawling Cyberespionage Campaign Allegedly Held Back Amid China Retaliation Fears
Palo Alto Networks' Unit 42 researchers linked the sprawling TGR‑STA‑1030 cyberespionage campaign to an Asian state‑aligned group, but chose not to publicly attribute it to China. Sources say the decision was driven by fears of retaliation, as Palo Alto's security software...
Google Gemini Weaponized in State-Sponsored Attacks
Google’s Gemini large‑language model is being weaponized by multiple state‑sponsored threat actors, according to the Google Threat Intelligence Group. North Korean UNC2970 and several Chinese groups such as Mustang Panda, Judgment Panda, APT41 and UNC795 are using Gemini for rapid...
From Perimeter to Protocol: Reducing Telecom Attack Surface with Privacy-First Mobile Technology
Telecom operators are confronting nation‑state campaigns such as Salt Typhoon and Volt Typhoon that exploit signaling and subscriber identity systems, rendering traditional perimeter defenses inadequate. In a briefing hosted by the Institute for Critical Infrastructure Technology, experts advocated privacy‑first mobile‑carrier...
Cyberintelligence Institute Launches CYROS App to Warn Against Cyber Threats
The Cyberintelligence Institute (CII) has released CYROS, a free smartphone app that warns users of emerging cyber threats such as ransomware, phishing, and digital sabotage. The platform aggregates alerts from Germany's Federal Office for Information Security, consumer‑protection groups, and security...