Tag: malicious
-
Docker AI Bug Lets Image Metadata Trigger Attacks
AI Assistant Executes Hidden Commands Embedded in Docker Image Labels. A vulnerability in Docker’s Ask Gordon AI assistant allows attackers to execute malicious commands by hiding them in the container application development platform’s image metadata, said security researchers. Dubbed DockerDash, the vulnerability exploits a failure across Docker’s AI execution chain. First seen on govinfosecurity.com Jump…
-
Six more vulnerabilities found in n8n automation platform
CVE-2026-21893, a command injection hole in the community edition of n8n. An unauthenticated user with administration permission could execute arbitrary system commands on the n8n host.”The risk is amplified by the trust typically placed in community extensions,” Upwinds said in its commentary, “making this a high-impact attack path that directly bridges application-level functionality with host-level…
-
OpenClaw’s Gregarious Insecurities Make Safe Usage Difficult
Malicious skills and persnickety configuration settings are just some of the issues that security researchers have found when installing, and removing, the OpenClaw AI assistant. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/openclaw-insecurities-safe-usage-difficult
-
RenEngine Loader Deploys Stealthy Multi-Stage Execution to Bypass Security Measures
The malware family, RenEngine Loader, after discovering malicious logic embedded within what appears to be a legitimate Ren’Py-based game launcher. Active since April 2025, the operation has already compromised over 400,000 victims globally, with a localized focus on India, the United States, and Brazil. The campaign currently infects approximately 5,000 new machines daily by hiding malicious…
-
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.The compromised versions of the two packages are listed below -@dydxprotocol/v4-client-js (npm) – 3.4.1, 1.22.1, 1.15.2, 1.0.31& First…
-
The blind spot every CISO must see: Loyalty
Tags: access, ai, ciso, corporate, data, espionage, exploit, finance, framework, gartner, government, intelligence, jobs, malicious, monitoring, risk, strategy, tool, training, vulnerability, zero-trustHow the misread appears in practice: Recent examples illustrate the point. In the US federal sphere, abrupt terminations under workforce reduction initiatives have left former employees with lingering access to sensitive systems, amplifying the potential for data exposure or retaliation. Corporate cases show a similar dynamic: engineers or executives who have spent years building institutional…
-
Four new vulnerabilities found in Ingress NGINX
Tags: access, api, authentication, container, cve, cybersecurity, data, exploit, group, injection, jobs, kubernetes, malicious, risk, service, strategy, vulnerabilitycustom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the auth-url annotation may be accessed even when authentication fails.CVE-2026-24512 is a configuration injection vulnerability where the rules.http.paths.path Ingress field can be used to inject configuration into nginx.…
-
Chrome Vulnerabilities Allow Code Execution, Browser Crashes
Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites. The post Chrome Vulnerabilities Allow Code Execution, Browser Crashes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-security-update-february-2026/
-
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-gang-uses-ispsystem-vms-for-stealthy-payload-delivery/
-
OpenClaw AI Agent Sparks Global Security Alarm
Open-Source Tool Security ‘Dumpster Fire,’ Experts Warn. An open-source AI assistant that exploded in popularity over the past month is exposing users to data theft, malicious code and runaway costs. Users can add functions called skills that connect assistants with different services – and hackers have been quick to add malicious examples. First seen on…
-
Attackers Use Legitimate Forensic Driver to Disable Endpoint Security, Huntress Warns
Tags: attack, cybercrime, endpoint, incident response, malicious, software, threat, tool, vulnerabilityCybercriminals are increasingly turning trusted software against defenders, according to new research from Huntress, which has uncovered a real-world attack in which threat actors used a legitimate but vulnerable driver to disable endpoint security tools before deploying further malicious activity. In a detailed incident response analysis, Huntress researchers observed attackers abusing an outdated EnCase forensic…
-
Malicious Commands in GitHub Codespaces Enable RCE
Flaws in GitHub Codespaces allow RCE via crafted repositories or pull requests First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-commands-in-github/
-
n8n Vulnerability Allows Remote Attackers to Hijack Systems via Malicious Workflow Execution
n8n has released urgent security updates to address a critical vulnerability that exposes host systems to Remote Code Execution (RCE). Tracked as CVE-2026-25049, this flaw allows authenticated attackers to escape the expression evaluation sandbox and execute arbitrary system commands, potentially leading to a complete compromise of the underlying infrastructure. This disclosure comes shortly after the remediation…
-
Sanctioned Bulletproof Host Linked to Hijacking of Old Home Routers
Compromised home routers in 30+ countries had DNS traffic redirected, sending users to malicious sites while normal browsing appeared unaffected. First seen on hackread.com Jump to article: hackread.com/sanctioned-bulletproof-host-hijack-old-home-routers/
-
The silent security gap in enterprise AI adoption
Tags: access, ai, api, backup, breach, business, cloud, compliance, computer, computing, control, credentials, cryptography, data, data-breach, encryption, exploit, finance, group, healthcare, infrastructure, malicious, risk, service, technology, threat, toolInfoWorld explains in its analysis of why AI is all about inference now.This shift has happened quickly. In many organizations, AI systems have moved from pilot projects to core infrastructure in less than two years. Yet security architectures have not evolved at the same pace. The result is a widening gap between where sensitive data…
-
AI is driving a new kind of phishing at scale
Email remains a primary entry point for attackers, and security teams continue to manage high volumes of malicious messages that change form across campaigns. Attackers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/ai-driven-phishing-threats-increase/
-
Threat Actors Exploiting NGINX Servers to Redirect Web Traffic to Malicious Sites
A new cyber campaign where attackers are hijacking web servers to redirect visitors to malicious websites . The campaign targets NGINX, a popular web server software, and specifically focuses on servers using the Baota (BT) management panel. The attackers, linked to previous >>React2Shell<< activity, modify the server's configuration files to secretly intercept traffic . How…
-
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands.The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect…
-
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure.Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX First seen…
-
Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure.Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX First seen…
-
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
-
Russian hackers exploited a critical Office bug within days of disclosure
One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
-
PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users
A new threat called PhantomVAI, a custom >>loader<>RunPE<<. This loader […] The post PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/phantomvai-custom-loader/
-
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks
A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
-
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don’t end up getting…
-
Shadow DNS Operation Abuses Compromised Routers to Manipulate Internet Traffic
A sophisticated shadow DNS network that hijacks internet traffic by compromising home and business routers. The operation, active since mid-2022, manipulates DNS resolution through malicious resolvers hosted by Aeza International (AS210644), a bulletproof hosting provider sanctioned by the U.S. Treasury Department in July 2025. The threat campaign targets older router models, modifying their DNS configuration…