Tag: attack

Cyber Attack Hits European Commission Staff Mobile Systems

Feb 9, 2026 8:13 PM

Tags: attack, cyber, data-breach, infrastructure, mobile, phone

The European Commission reports a cyber attack on its central mobile infrastructure that may have exposed staff names and phone numbers. First seen on hackread.com Jump to article: hackread.com/cyber-attack-european-commission-staff-mobile-systems/
Ivanti Zero-Days Likely Deployed in EU and Dutch Hacks

Feb 9, 2026 8:13 PM

Tags: attack, cyberattack, endpoint, flaw, infrastructure, ivanti, mobile, theft, zero-day

Ivanti’s Endpoint Manager Mobile Flaws Under Active Exploitation. The European Commission fell victim to a cyberattack that could have allowed the theft of some staff personal information. The European Union’s executive body said Friday it detected on Jan. 30 an attack on its central infrastructure managing mobile devices. First seen on govinfosecurity.com Jump to article:…
Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR

Feb 9, 2026 5:14 PM

Tags: ai, attack, cyber, detection, ibm, intelligence, malicious, siem, soar, threat

Torrance, United States / California, February 9th, 2026, CyberNewswire Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR. The integration brings external, IP-based threat intelligence directly into IBM QRadar’s detection, investigation, and response workflows, enabling security teams to identify malicious activity faster…
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Feb 9, 2026 5:14 PM

Tags: access, attack, data-breach, exploit, microsoft, network, rce, remote-code-execution, threat

Microsoft has revealed that it observed a multi”‘stage intrusion that involved the threat actors exploiting internet”‘exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets.That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently First seen…
Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack

Feb 9, 2026 4:14 PM

Tags: attack, government, network, ransomware, service

BridgePay Network Solutions initially warned customers on Friday that it was dealing with system-wide outages and later said that it was working with the FBI and U.S. Secret Service forensic team to resolve a ransomware attack. First seen on therecord.media Jump to article: therecord.media/payment-tech-provider-texas-florida-govs-ransomware-attack
Dutch data watchdog snitches on itself after getting caught in Ivanti zero-day attacks

Feb 9, 2026 4:14 PM

Tags: attack, data, ivanti, zero-day

Staff data belonging to the regulator and judiciary’s governing body accessed First seen on theregister.com Jump to article: www.theregister.com/2026/02/09/dutch_data_protection_ivanti/
BridgePay Ransomware Causes Widespread Payment Outages

Feb 9, 2026 4:14 PM

Tags: attack, ransomware

A ransomware attack on BridgePay caused widespread U.S. payment outages, forcing some organizations to go cash-only. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/bridgepay-ransomware-causes-widespread-payment-outages/
Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

Feb 9, 2026 3:14 PM

Tags: access, attack, exploit, tool

Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare…
Hackers Abuse Apple PayPal Invoice Emails in DKIM Replay Attack Campaign

Feb 9, 2026 3:14 PM

Tags: apple, attack, authentication, cyber, dkim, email, exploit, finance, hacker, scam

A sophisticated way to bypass email security by weaponizing legitimate messages from trusted companies like Apple and PayPal. These attacks, known as DKIM replay attacks, exploit email authentication systems to deliver scams that appear completely authentic. The technique is deceptively simple. Attackers create accounts on platforms like Apple’s App Store or PayPal and manipulate user-controlled…
Shai-hulud: The Hidden Costs of Supply Chain Attacks

Feb 9, 2026 3:14 PM

Tags: attack, supply-chain, worm

Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/shai-hulud-hidden-cost-supply-chain-attacks
Active Exploitation of SolarWinds Web Help Desk RCE Used to Drop Custom Malware

Feb 9, 2026 2:13 PM

Tags: attack, cyber, exploit, malware, rce, remote-code-execution, threat, vulnerability

Threat actors are actively exploiting critical vulnerabilities in SolarWinds Web Help Desk (WHD) to deploy custom malware and establish persistent remote control. Security researchers observed these attacks starting on February 7, 2026, targeting organizations that had not yet applied the latest security patches. SolarWinds Web Help Desk RCE The intrusion leverages recently disclosed Remote Code…
ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware

Feb 9, 2026 2:13 PM

Tags: attack, cloud, cyber, exploit, group, malware, north-korea, service, threat

The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This new campaign highlights the group’s ability to abuse legitimate cloud services like pCloud and Yandex…
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

Feb 9, 2026 1:13 PM

Tags: access, attack, finance, kaspersky, phishing, rat, russia, spear-phishing, threat

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT.Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks…
BridgePay Confirms Ransomware Attack, No Card Data Compromised

Feb 9, 2026 1:13 PM

Tags: attack, data, ransomware, service

The services of Florida-based payments platform BridgePay are offline due to a ransomware attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bridgepay-confirms-ransomware/
Suspected sabotage disrupts trains in northern Italy as Winter Games begin

Feb 9, 2026 1:13 PM

Tags: attack, infrastructure, service

Italian authorities are investigating a series of suspected sabotage attacks on railway infrastructure in northern Italy that disrupted travel services during the opening days of the Winter Olympics. First seen on therecord.media Jump to article: therecord.media/italy-suspected-sabotage-winter-olympics-trains
AI security’s ‘Great Wall’ problem

Feb 9, 2026 1:13 PM

Tags: ai, attack, cloud, supply-chain

AI security requires more than cloud hardening. The real attack surface isn’t your infrastructure”, it’s the supply chains, agents, and humans that make up the system around it. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-threat-modeling-beyond-cloud-infrastructure-op-ed/
Hackers Abuse ClawHub Skills to Evade VirusTotal via Social Engineering

Feb 9, 2026 1:13 PM

Tags: attack, cyber, hacker, malicious, malware, skills, social-engineering, threat

A new evolution in ClawHub skill-based attacks that effectively sidesteps recent security measures. Rather than embedding base64-encoded payloads directly in SKILL.md files, threat actors have now shifted to a simpler approach: hosting malware on convincing lookalike websites and using skills purely as lures. A new iteration of an ongoing ClawHub malicious skills campaign is using…
APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware

Feb 9, 2026 12:13 PM

Tags: apt, attack, cyber, espionage, hacker, malware, service

APT activity across APAC is rising rapidly as geopolitical tensions continue to grow, and defenders are seeing more advanced tradecraft aimed at long-term access. Taiwan stood out as the most targeted environment, with 173 tracked attacks far higher than any other regional target highlighting its role as a focal point for espionage and strategic access.…
Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors

Feb 9, 2026 11:13 AM

Tags: attack, backdoor, cyber, defense, government, malicious, phishing, russia, threat

A threat cluster tracked as >>Vortex Werewolf<< (also known as SkyCloak) has been observed targeting Russian government and defense organizations. The attack begins not with a typical malicious attachment, but with a highly credible phishing link. Vortex Werewolf distributes URLs that masquerade as legitimate Telegram file-sharing resources. These links, often hosted on domains designed to…
Researchers Find 40,000+ Exposed OpenClaw Instances

Feb 9, 2026 11:13 AM

Tags: attack, data-breach

SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/researchers-40000-exposed-openclaw/
UAE Cyber Security Council Warns Stolen Logins Fuel Majority of Financial Cyberattacks

Feb 9, 2026 10:14 AM

Tags: access, attack, breach, credentials, cyber, cyberattack, cybercrime, finance, fraud, identity, login, password, theft, threat, unauthorized

The UAE Cyber Security Council has issued a renewed warning about the growing threat of financial cybercrime, cautioning that stolen login credentials remain the most common entry point for attacks targeting individuals, companies, and institutions. According to the council, around 60% of financial cyberattacks begin with the theft of usernames and passwords, making compromised credentials…
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
Black Basta Ransomware Integrates BYOVD Technique to Evade Defenses

Feb 9, 2026 9:14 AM

Tags: attack, cyber, defense, group, ransomware, software, tool, vulnerability

A recent campaign by the Black Basta ransomware group has revealed a significant shift in attack tactics. This is a departure from standard operations, where attackers typically deploy a separate tool to turn off security software before running the actual ransomware. In this specific campaign, the ransomware payload bundles a vulnerable driver known as the…
Cybersquatting Attacks Exploit Trusted Brands to Steal Customer Data and Spread Malware

Feb 9, 2026 8:14 AM

Tags: attack, business, cyber, data, exploit, identity, malware, scam

The nightmare scenario for any modern business is simple but devastating: scammers clone your website, steal your domain identity, and rob your customers. By the time the complaints roll in, the money is gone, and your reputation is left in tatters. This practice, known as cybersquatting, is no longer just a nuisance it is a…
Top 10 Best DDoS Protection Service Providers for 2026

Feb 8, 2026 7:14 PM

Tags: attack, cyber, ddos, finance, malicious, network, service

In the ever-evolving digital landscape of 2025, Distributed Denial of Service (DDoS) attacks have become more potent and frequent than ever. These attacks, which aim to overwhelm a website or network with a flood of malicious traffic, can bring down services, cause significant financial losses, and damage a company’s reputation. Today’s attacks are not just…
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server

Feb 8, 2026 6:14 PM

Tags: attack, botnet, cybersecurity, password, russia, theft, windows

Cybersecurity firm eSentire’s TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics. First seen on hackread.com Jump to article: hackread.com/uk-construction-firm-prometei-botnet-windows-server/
New tool blocks imposter attacks disguised as safe commands

Feb 8, 2026 5:14 PM

Tags: attack, open-source, tool

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-commands/
Security Affairs newsletter Round 562 by Pierluigi Paganini INTERNATIONAL EDITION

Feb 8, 2026 4:14 PM

Tags: attack, cisa, cyber, email, international, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…
Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast

Feb 8, 2026 11:14 AM

Tags: attack, awareness, open-source, supply-chain, threat, update, WeeklyReview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/08/week-in-review-notepad-supply-chain-attack-details-and-targets-patch-tuesday-forecast/
Italian university La Sapienza still offline to mitigate recent cyber attack

Feb 7, 2026 8:14 PM

Tags: access, attack, cyber, cyberattack

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts.…