Tag: malicious
-
Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users
Critical security flaws targeting Windows and Office users allow hackers to take complete control of a victim’s computer by clicking a malicious link or opening a file. Patch now. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/11/microsoft-says-hackers-are-exploiting-critical-zero-day-bugs-to-target-windows-and-office-users/
-
AI-Generated Malware Exploits React2Shell for Tiny Profit
LLM-Built Toolkit Hit 91 Hosts, Mined Funds in Monero. Security researchers detected artificial intelligence-generated malware exploiting the React2Shell vulnerability, allowing attackers with no coding expertise to build functional exploits. The attacker may have circumvented an AI model’s safeguards by framing the malicious coding request as homework. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-generated-malware-exploits-react2shell-for-tiny-profit-a-30734
-
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security
Microsoft patched an actively exploited Word flaw that bypasses OLE protections and executes malicious documents without standard warnings. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-21514-actively-exploited-word-flaw-evades-ole-security/
-
Malicious 7-Zip site distributes installer laced with proxy tool
A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-7-zip-site-distributes-installer-laced-with-proxy-tool/
-
AI agents spill secrets just by previewing malicious links
Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn First seen on theregister.com Jump to article: www.theregister.com/2026/02/10/ai_agents_messaging_apps_data_leak/
-
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phorpiex-phishing-global-group/
-
From Ransomware to Residency: Inside the Rise of the Digital Parasite
Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them?According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers…
-
“Digital Parasite” Warning as Attackers Favor Stealth for Extortion
Picus Security warns of the increasingly sophisticated ways malicious activity is staying hidden First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/digital-parasite-attackers-stealth/
-
Hackers Weaponize 7-Zip Downloads to Turn Home PCs Into Proxy Nodes
A fake website impersonating the popular 7-Zip file archiver has been distributing malicious software that secretly converts infected computers into residential proxy nodes. The counterfeit site has been operating undetected for an extended period, exploiting user trust in what appears to be legitimate software. The scam begins when users accidentally visit 7zip[.]com instead of the…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Threat Actors Weaponize Bing Ads for Azure Tech Support Scams
A sophisticated tech support scam campaign has emerged, exploiting malicious advertisements on Bing search results to redirect victims to fraudulent websites hosted on Microsoft’s Azure Blob Storage platform. The attack, first detected on February 2, 2026, affected users across 48 organizations in the United States within hours, demonstrating the effectiveness of weaponizing legitimate advertising channels…
-
Fancy Bear Exploits Microsoft Zero-Day to Deploy Backdoors and Email Stealers
Fancy Bear has launched a sophisticated campaign exploiting a critical zero-day vulnerability in Microsoft RTF files to target users across Central and Eastern Europe. The operation, dubbed >>Operation Neusploit,<< demonstrates the group's continued evolution in tradecraft and its strategic focus on regions of geopolitical interest to Russia. The group embedded malicious code within specially crafted…
-
Sanctioned Bulletproof Host Tied to DNS Hijacking
Shadow Aeza International Directed Traffic to Malicious Adtech. A financially motivated threat actor hacked dozens of domain name system resolvers, connecting them to the infrastructure of a Russian bulletproof hosting service sanctioned by the U.S. Department of Treasury for its criminal links, researchers found. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/sanctioned-bulletproof-host-tied-to-dns-hijacking-a-30723
-
Critical Fortinet FortiClientEMS flaw allows remote code execution
Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…
-
Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR
Torrance, United States / California, February 9th, 2026, CyberNewswire Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR. The integration brings external, IP-based threat intelligence directly into IBM QRadar’s detection, investigation, and response workflows, enabling security teams to identify malicious activity faster…
-
OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace
OpenClaw added VirusTotal scanning to its ClawHub marketplace to curb the spread of malicious AI agent skills. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openclaw-adds-virustotal-scanning-to-ai-agent-marketplace/
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
New RecoverIt Tool Abuses Windows Service Failure Recovery to Execute Malicious Payloads
A new offensive security tool named >>RecoverIt<< has been released, offering red teamers a stealthy method for lateral movement and persistence by abusing the Windows Service recovery mechanism. The tool circumvents traditional detection methods that focus on monitoring service creation and binary paths. For years, attackers have moved laterally across networks by creating or modifying…
-
Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors
A threat cluster tracked as >>Vortex Werewolf<< (also known as SkyCloak) has been observed targeting Russian government and defense organizations. The attack begins not with a typical malicious attachment, but with a highly credible phishing link. Vortex Werewolf distributes URLs that masquerade as legitimate Telegram file-sharing resources. These links, often hosted on domains designed to…
-
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Tags: api, cloud, cybersecurity, data-breach, docker, exploit, infrastructure, kubernetes, malicious, wormCybersecurity researchers have called attention to a “massive campaign” that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.The activity, observed around December 25, 2025, and described as “worm-driven,” leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed First seen on thehackernews.com Jump…
-
Detecting Ransomware Using Windows Minifilters to Intercept File Change Events
Tags: cyber, detection, encryption, endpoint, github, malicious, ransomware, strategy, tool, windowsA security researcher has released a new proof-of-concept (PoC) tool on GitHub designed to stop ransomware at the deepest level of the operating system. Part of a broader Endpoint Detection and Response (EDR) strategy named >>Sanctum,<< the project demonstrates how defenders can use Windows Minifilters to detect and intercept malicious file encryption before it destroys…
-
Top 10 Best DDoS Protection Service Providers for 2026
In the ever-evolving digital landscape of 2025, Distributed Denial of Service (DDoS) attacks have become more potent and frequent than ever. These attacks, which aim to overwhelm a website or network with a flood of malicious traffic, can bring down services, cause significant financial losses, and damage a company’s reputation. Today’s attacks are not just…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Analyzing Dead#Vax: Analyzing Multi-Stage VHD…
-
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
OpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem.”All skills published to ClawHub are now scanned using VirusTotal’s threat intelligence, including their new Code Insight capability,”…
-
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.”The focus is on high-ranking…
-
Malicious packages for dYdX cryptocurrency exchange empties user wallets
Incident is at least the third time the exchange has been targeted by thieves. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/02/malicious-packages-for-dydx-cryptocurrency-exchange-empties-user-wallets/