Recent Posts
News•Feb 9, 2026
Attackers Abuse SolarWinds Web Help Desk to Install Zoho Agents and Velociraptor
On February 7, 2026, Huntress confirmed active exploitation of multiple critical vulnerabilities in SolarWinds Web Help Desk (WHD), including CVE‑2025‑40551 and CVE‑2025‑26399, which permit arbitrary code execution via untrusted deserialization. Attackers leveraged the flaw to install a Zoho ManageEngine remote‑management agent for persistence and used Velociraptor, routed through Cloudflare Workers, as a command‑and‑control platform. They performed domain discovery, disabled Windows Defender and the firewall, and established Cloudflare tunnels and scheduled tasks to maintain long‑term access. Mitigation guidance advises upgrading WHD to version 2026.1, restricting internet exposure, and rotating service credentials.
By Security Affairs
News•Feb 8, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83
Security Affairs released its Malware Newsletter Round 83, curating the latest research and incident reports across the global malware landscape. The edition spotlights 341 malicious capabilities uncovered in the ClawHavoc bot, APT28’s exploitation of CVE‑2026‑21509, and Amaranth‑Dragon’s weaponization of CVE‑2025‑8088 for...
By Security Affairs
News•Feb 6, 2026
Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks
A 2026 Mysterium VPN study uncovered nearly 5 million public web servers exposing Git repository metadata, with over 250,000 .git/config files leaking active deployment credentials. The misconfigurations allow attackers to reconstruct source code, steal secrets, and potentially gain cloud access. Affected...
By Security Affairs
News•Feb 4, 2026
Microsoft: Info-Stealing Malware Expands From Windows to macOS
Microsoft has observed a rapid rise in information‑stealing malware targeting macOS, a shift from its traditional Windows focus. Since late 2025, threat actors have deployed macOS‑specific stealers such as DigitStealer, MacSync and Atomic macOS Stealer, often written in Python and...
By Security Affairs
News•Jan 30, 2026
SmarterTools Patches Critical SmarterMail Flaw Allowing Code Execution
SmarterTools released build 9511 to remediate two critical SmarterMail flaws, CVE-2026-24423 and CVE-2026-23760, each scoring 9.3 on the CVSS scale. The first vulnerability allowed unauthenticated attackers to execute arbitrary OS commands via the ConnectToHub API, while the second bypassed authentication...
By Security Affairs
News•Jan 29, 2026
Google Targets IPIDEA in Crackdown on Global Residential Proxy Networks
Google and partners disrupted the IPIDEA residential proxy network, one of the world’s largest, by taking down domains, sharing intelligence, and enforcing Play Protect. The operation removed SDKs embedded in millions of Android, Windows, iOS, and WebOS apps, sharply reducing...
By Security Affairs
News•Jan 26, 2026
Emergency Microsoft Update Fixes In-the-Wild Office Zero-Day
Microsoft released emergency out‑of‑band updates to remediate CVE‑2026‑21509, a zero‑day flaw actively exploited in the wild. The vulnerability bypasses OLE security controls in Office 2016 through 2024 and Microsoft 365 Apps, allowing attackers to execute malicious code via crafted Office...
By Security Affairs
News•Jan 25, 2026
Nike Is Investigating a Possible Data Breach, After WorldLeaks Claims
Nike announced it is probing a potential cyber incident after the WorldLeaks group claimed to have accessed and exfiltrated roughly 1.4 TB of company data. The hacker collective, which evolved from the Hunters International ransomware gang, posted the alleged breach on...
By Security Affairs
News•Jan 25, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81
Security Affairs’ Malware Newsletter Round 81 curates the latest threats and research across the malware landscape. Highlights include the emergence of AI‑generated malware frameworks such as VoidLink, sophisticated evasion tactics like PDFSIDER’s DLL side‑loading, and supply‑chain abuse via a malicious...
By Security Affairs
News•Jan 24, 2026
U.S. CISA Adds a Flaw in Broadcom VMware vCenter Server to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the critical VMware vCenter Server flaw CVE-2024-37079 to its Known Exploited Vulnerabilities (KEV) catalog. The heap‑overflow bug in the DCERPC implementation carries a CVSS score of 9.8 and enables remote...
By Security Affairs
News•Jan 21, 2026
Zoom Fixed Critical Node Multimedia Routers Flaw
Zoom released security patches that fix a critical command‑injection flaw (CVE‑2026‑22844) in its Node Multimedia Routers (MMR). The vulnerability, rated 9.9 on the CVSS scale, could let a meeting participant execute arbitrary code on affected MMRs. Versions prior to 5.2.1716.0...
By Security Affairs
News•Jan 21, 2026
Crooks Impersonate LastPass in Campaign to Harvest Master Passwords
LastPass disclosed an active phishing campaign that began around January 19, 2026, in which attackers impersonated the service with urgent‑maintenance emails to harvest master passwords. The messages contain links to an Amazon S3‑hosted page that redirects to a counterfeit LastPass...
By Security Affairs
News•Jan 18, 2026
Hacktivists Hijacked Iran ’S State TV to Air Anti-Regime Messages and an Appeal to Protest From Reza Pahlavi
Hackers seized control of Iran’s Badr satellite on Jan 18, 2026, broadcasting a ten‑minute anti‑regime video featuring exiled Crown Prince Reza Pahlavi. The clip urged citizens to keep protesting and called on the military to join demonstrators. The intrusion occurred amid a...
By Security Affairs
News•Jan 16, 2026
Data Breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization Impacts 750,000 People
Canada’s self‑regulatory body, the Canadian Investment Regulatory Organization (CIRO), disclosed a data breach affecting roughly 750,000 individuals. The breach stemmed from a phishing attack in August 2025 that allowed threat actors to copy a limited set of investigative, compliance and...
By Security Affairs
News•Jan 15, 2026
China Bans U.S. and Israeli Cybersecurity Software over Security Concerns
China has ordered domestic firms to stop using cybersecurity software from more than a dozen U.S. and Israeli companies, citing national security risks. The list includes major U.S. vendors such as VMware, Palo Alto Networks, Fortinet, CrowdStrike and Israeli firms...
By Security Affairs
News•Jan 11, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs released Malware Newsletter Round 79, curating the latest research on global malware activity. Highlights include the VVS Discord stealer using Pyarmor for obfuscation, a botnet‑fueling broken system, malicious NPM packages delivering NodeCordRAT, and the Astaroth WhatsApp‑based worm targeting Brazil....
By Security Affairs
News•Jan 6, 2026
CERT/CC Warns of Critical, Unfixed Vulnerability in TOTOLINK EX200
CERT/CC has disclosed a critical, unpatched vulnerability (CVE-2025-65606) in the TOTOLINK EX200 Wi‑Fi range extender. The flaw resides in the firmware‑upload handler; a specially crafted firmware file triggers an error state that launches an unauthenticated root‑level telnet service. Exploitation requires...
By Security Affairs
News•Jan 6, 2026
Google Fixes Critical Dolby Decoder Bug in Android January Update
Google’s January 2026 Android security update patches CVE-2025-54957, a critical Dolby DD+ audio decoder flaw discovered by Project Zero in October 2025. The vulnerability, present in UDC versions 4.5‑4.13, enables an out‑of‑bounds write via integer overflow when processing a specially...
By Security Affairs
News•Jan 5, 2026
Russia-Linked APT UAC-0184 Uses Viber to Spy on Ukrainian Military in 2025
Russia‑linked APT group UAC‑0184 has resumed espionage against Ukraine’s military and the Verkhovna Rada by abusing the Viber messaging platform. The campaign distributes malicious ZIP archives that contain LNK shortcuts or PowerShell scripts, which trigger a multi‑stage infection chain ending...
By Security Affairs