Tag: attack

LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)

Feb 4, 2026 6:14 PM

Tags: access, attack, breach, business, cloud, control, data, data-breach, endpoint, exploit, flaw, google, infrastructure, injection, intelligence, leak, malicious, rce, remote-code-execution, risk, saas, spam, sql, threat, update, vulnerability

Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
Ukraine tightens controls on Starlink terminals to counter Russian drones

Feb 4, 2026 6:14 PM

Tags: attack, control, Internet, military, russia, technology, ukraine

Ukraine has rolled out a verification system for Starlink satellite internet terminals used by civilians and the military after confirming that Russian forces have begun installing the technology on attack drones. First seen on therecord.media Jump to article: therecord.media/ukraine-tightens-starlink-controls-counter-russian-drones
CISA warns of five-year-old GitLab flaw exploited in attacks

Feb 4, 2026 5:13 PM

Tags: attack, cisa, cybersecurity, exploit, flaw, gitlab, government, infrastructure, update, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/
OT attacks surge as threat actors embrace cloud and AI, warns Forescout

Feb 4, 2026 4:13 PM

Tags: ai, attack, cloud, cyberattack, infrastructure, risk, service, technology, threat

Cyberattacks targeting operational technology (OT) environments rose sharply in 2025, according to new research from Forescout, highlighting growing risks to critical infrastructure as attackers adapt to cloud services, AI platforms and increasingly distributed attack infrastructure. Forescout’s 2025 Threat Roundup Report, produced by its research arm Vedere Labs, analysed more than 900 million cyberattacks observed globally…
New Amaranth Dragon cyberespionage group exploits WinRAR flaw

Feb 4, 2026 4:13 PM

Tags: attack, china, cyberespionage, espionage, exploit, flaw, government, group, law, threat, vulnerability

A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-amaranth-dragon-cyberespionage-group-exploits-winrar-flaw/
AI Drives Doubling of Phishing Attacks in a Year

Feb 4, 2026 4:13 PM

Tags: ai, attack, email, phishing

Cofense claims AI is making phishing emails more personalized and sophisticated First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-double-volume-phishing-attacks/
New AI-Powered Threat Allows Hackers to Gain AWS Admin Access in Minutes

Feb 4, 2026 3:13 PM

Tags: access, ai, attack, cloud, control, credentials, cyber, data-breach, hacker, service, threat

A highly sophisticated offensive cloud operation targeting an AWS environment.The attack was notable for its extreme speed taking less than 10 minutes to go from initial entry to full administrative control and its heavy reliance on AI automation. The threat actor initiated the attack by discovering valid credentials left exposed in public Simple Storage Service…
Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover

Feb 4, 2026 3:13 PM

Tags: ai, attack, automation, credentials, flaw, supply-chain, vulnerability

Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/two-critical-flaws-in-n8n-ai/
PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users

Feb 4, 2026 2:13 PM

Tags: attack, cyber, cyberattack, malicious, software, threat, tool

A new threat called PhantomVAI, a custom >>loader<>RunPE<<. This loader […] The post PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/phantomvai-custom-loader/
Russian hackers exploited a critical Office bug within days of disclosure

Feb 4, 2026 2:13 PM

Tags: access, attack, cisa, cloud, control, cve, data, data-breach, detection, email, espionage, exploit, flaw, framework, github, group, hacker, infection, intelligence, kev, malicious, malware, microsoft, mitigation, office, risk, russia, update, vulnerability, windows

One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
Info-Stealing malware expands from Windows to macOS

Feb 4, 2026 2:13 PM

Tags: attack, macOS, malware, microsoft, social-engineering, windows

Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake…
Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments

Feb 4, 2026 12:14 PM

Tags: access, attack, authentication, backup, breach, business, cloud, compliance, credentials, cybersecurity, data, endpoint, group, Hardware, identity, infrastructure, lessons-learned, network, password, phishing, phone, risk, service, technology, update, windows, zero-trust

Architecture decisions: Hybrid authentication flows and Windows Hello for Business: Once your prerequisites are in place, you face critical architectural decisions that will shape your deployment for years to come. The primary decision point is whether to use Windows Hello for Business, FIDO2 security keys or phone sign-in as your primary authentication mechanism.In my experience,…
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes

Feb 4, 2026 12:14 PM

Tags: access, ai, attack, automation, breach, cloud, credentials, data-breach, Intruder

Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach. First seen on hackread.com Jump to article: hackread.com/8-minute-takeover-ai-hijack-cloud-access/
Supply Chain Attack Exploits Notepad++ Update Mechanism to Push Targeted Malware

Feb 4, 2026 12:14 PM

Tags: attack, control, cyber, exploit, infrastructure, malware, supply-chain, update

Notepad++, a widely used text editor among developers, became the target of a sophisticated supply chain attack that compromised its update infrastructure for nearly 6 months. On February 2, 2026, the developers published a statement revealing that attackers gained control of the update mechanism due to a hosting provider-level incident occurring from June to September…
Why Zero-Day Downstream Mass Data Extortion Campaigns are Losing Their Bite

Feb 4, 2026 11:13 AM

Tags: attack, data, extortion, zero-day

Are we seeing the extinction of mass data exfiltration campaigns? The stats demonstrate these attacks are losing their efficacy. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/why-zero-day-downstream-mass-data-extortion-campaigns-are-losing-their-bite/
AI is Supercharging Work…and Your Attack Surface

Feb 4, 2026 10:13 AM

Tags: ai, attack, data, governance

AI boosts productivity, but weak data governance and shadow AI are expanding the enterprise attack surface. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/ai-is-supercharging-work-and-your-attack-surface/
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Feb 4, 2026 10:13 AM

Tags: apple, attack, macOS, microsoft, social-engineering, windows

Microsoft has warned that information-stealing attacks are “rapidly expanding” beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale.The tech giant’s Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since First seen on thehackernews.com Jump…
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks

Feb 4, 2026 9:13 AM

Tags: attack, cloud, cyber, cyberattack, defense, google, infrastructure, malicious, microsoft, phishing, service, tactics, threat

A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
Ingress-NGINX Flaw Enables Arbitrary Code Execution Attacks

Feb 4, 2026 8:13 AM

Tags: access, attack, cve, cyber, flaw, kubernetes, malicious, unauthorized, vulnerability

A high-severity vulnerability has been discovered in the Kubernetes ingress-nginx controller, allowing attackers to execute arbitrary code and potentially compromise entire clusters. Tracked as CVE-2026-24512, this high-severity flaw enables malicious actors to inject configuration directives through the ingress controller and gain unauthorized access to cluster secrets. Vulnerability Overview CVE-2026-24512 affects the ingress-nginx controller, a widely…
Critical Django Flaw Allows DoS and SQL Injection Attacks

Feb 4, 2026 8:13 AM

Tags: attack, cyber, dos, flaw, injection, open-source, service, software, sql, update, vulnerability

The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the popular Python web framework. Released on February 3, 2026, the updates fix severe flaws that could enable attackers to execute SQL injection attacks, cause denial-of-service conditions, and enumerate user accounts.”‹ Django is a widely used open-source Python…
From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent

Feb 4, 2026 6:13 AM

Tags: access, ai, api, attack, authentication, computer, container, control, crypto, cve, data, data-breach, detection, docker, email, flaw, github, group, Hardware, injection, Internet, leak, login, malicious, malware, open-source, password, privacy, remote-code-execution, risk, scam, skills, software, threat, tool, unauthorized, vulnerability

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users must prioritize to mitigate this enormous agentic AI security risk. Key takeaways Moltbot takes an…
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

Feb 4, 2026 12:13 AM

Tags: attack, hacker, infection, malicious, microsoft, office, russia

APT28’s attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-hackers-weaponize-office-bug-within-days
Infostealer Attacks Hit macOS, Abusing Python and Trusted Platforms

Feb 3, 2026 11:14 PM

Tags: attack, cloud, credentials, crypto, cyber, data, macOS, social-engineering, threat

A sharp rise in campaigns targeting macOS users, while attackers also ramp up Python”‘based stealers and abuse trusted platforms like WhatsApp and popular PDF utilities. These attacks focus on harvesting credentials, browser data, cloud keys, and cryptocurrency wallets, then quietly exfiltrating them to attacker”‘controlled infrastructure. On macOS, threat actors increasingly rely on social engineering and…
Fake Dropbox Phishing Campaign Targets Users, Steals Login Credentials

Feb 3, 2026 11:14 PM

Tags: attack, credentials, cyber, email, exploit, login, malicious, phishing

A sophisticated phishing campaign that uses a multi-stage approach to bypass email filtering and content-scanning systems. The attack exploits trusted platforms, benign file formats, and layered redirection techniques to harvest user credentials from unsuspecting victims successfully. The attack chain begins with a professionally crafted phishing email containing a PDF attachment. The malicious payload leverages legitimate…
Fake Party Invites Lure Victims Into Installing Malicious Remote Access Tools

Feb 3, 2026 11:14 PM

Tags: access, attack, cyber, email, malicious, social-engineering, tool, windows

A sophisticated social engineering campaign targeting Windows users across the UK, using fake event invitations to silently install ScreenConnect a legitimate remote access tool that attackers have weaponized to gain complete system control. The attack chain begins with deceptive simplicity: victims receive emails that look like personal invitations from friends or colleagues. These messages are…
Ivanti’s EPMM is under active attack, thanks to two critical zero-days

Feb 3, 2026 11:14 PM

Tags: attack, exploit, ivanti, threat, vulnerability, zero-day

Limited attacks occurred prior to Ivanti’s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit/
GlassWorm Infiltrates VSX Extensions With 22,000+ Downloads to Target Developers

Feb 3, 2026 11:14 PM

Tags: access, attack, breach, credentials, cyber, data-breach, supply-chain, unauthorized

A new GlassWorm-linked supply chain attack abusing the Open VSX Registry, this time via a suspected compromise of a legitimate publisher’s credentials rather than typosquatted packages. The Open VSX security team assessed the activity as consistent with leaked tokens or other unauthorized access to the publishing pipeline, underscoring how stolen developer credentials can be weaponized…
Critical React Native Metro dev server bug under attack as researchers scream into the void

Feb 3, 2026 9:14 PM

Tags: attack

Too slow react-ion time First seen on theregister.com Jump to article: www.theregister.com/2026/02/03/critical_react_native_metro_server/
CISA flags critical SolarWinds RCE flaw as exploited in attacks

Feb 3, 2026 9:14 PM

Tags: attack, cisa, exploit, flaw, rce, remote-code-execution, update, vulnerability

CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-critical-solarwinds-rce-flaw-as-actively-exploited/
Frequently Asked Questions About Notepad++ Supply Chain Compromise

Feb 3, 2026 8:13 PM

Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windows

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…