Tag: threat
-
Unpatched SolarWinds WHD instances under active attack
Internet”‘exposed and vulnerable SolarWinds Web Help Desk (WHD) instances are under attack by threat actors looking to gain an initial foothold into target organizations’ … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/solarwinds-whd-under-active-attack/
-
TeamPCP Turns Cloud Misconfigurations Into a Self-Propagating Cybercrime Platform
Tags: api, attack, cloud, cyber, cybercrime, data-breach, docker, group, infrastructure, kubernetes, malware, threat, vulnerabilityTeamPCP, operating under aliases including PCPcat, ShellForce, and DeadCatx3, emerged in late 2025 as a cloud-native cybercrime operation that transforms misconfigured infrastructure into automated attack platforms. Unlike traditional malware groups, this threat actor doesn’t break into systems they walk through doors left open by exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell-vulnerable…
-
APT36 Targets Linux Systems With New Tools Designed to Disrupt Services
Critical infrastructure worldwide faces mounting threats from sophisticated, state-sponsored >>espionage ecosystems.<< These well-funded organizations deploy various tools designed to disrupt essential services and gather intelligence. Some launch denial-of-service (DDoS) attacks against transport hubs and supply chains. In contrast, others seek geopolitical advantage by mining sensitive information and bypassing traditional security measures. For over a decade,…
-
Threat Actors Weaponize Bing Ads for Azure Tech Support Scams
A sophisticated tech support scam campaign has emerged, exploiting malicious advertisements on Bing search results to redirect victims to fraudulent websites hosted on Microsoft’s Azure Blob Storage platform. The attack, first detected on February 2, 2026, affected users across 48 organizations in the United States within hours, demonstrating the effectiveness of weaponizing legitimate advertising channels…
-
Singapore Takes Down Chinese Hackers Targeting Telco Networks
Operation Cyber Guardian was Singapore’s largest and longest running anti-cyber threat law enforcement operation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/singapore-takes-down-china-hackers/
-
FIIG Securities Fined AU$2.5 Million Following Prolonged Cybersecurity Failures
Australian fixed-income firm FIIG Securities has been fined AU$2.5 million after the Federal Court found it failed to adequately protect client data from cybersecurity threats over a period exceeding four years. The penalty follows a major FIIG cyberattack in 2023 that resulted in the theft and exposure of highly sensitive personal and financial information belonging to thousands of clients. First seen on thecyberexpress.com…
-
How to govern agentic AI so as not to lose control
assisting and start acting. We will witness a qualitative leap towards agent-based or agentive AI, capable of making autonomous decisions, managing complex workflows, and executing end-to-end tasks without constant intervention. However, this autonomy carries with it a serious warning for businesses: the ability to operate alone exponentially multiplies the impact of any error or security…
-
Threat Actors Using Ivanti EPMM Flaws to Install Stealth Backdoors
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Unlike typical attacks that immediately steal data or deploy ransomware, this campaign focuses on silence and persistence. Stealth Backdoors The attackers…
-
Fallout from latest Ivanti zero-days spreads to nearly 100 victims
Shadowserver scans have identified 86 compromised instances, and researchers warn multiple threat groups are involved. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-zero-day-vulnerabilities-netherlands-european-commission-shadowserver/
-
Sanctioned Bulletproof Host Tied to DNS Hijacking
Shadow Aeza International Directed Traffic to Malicious Adtech. A financially motivated threat actor hacked dozens of domain name system resolvers, connecting them to the infrastructure of a Russian bulletproof hosting service sanctioned by the U.S. Department of Treasury for its criminal links, researchers found. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/sanctioned-bulletproof-host-tied-to-dns-hijacking-a-30723
-
Chinese cyberspies breach Singapore’s four largest telcos
The Chinese threat actor tracked as UNC3886 breached Singapore’s four largest telecommunication service providers, Singtel, StarHub, M1, and Simba, at least once last year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-cyberspies-breach-singapores-four-largest-telcos/
-
TeamPCP Turns Cloud Infrastructure into Crime Bots
The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-cloud-infrastructure-crime-bots
-
Zscaler Bolsters Zero-Trust Arsenal with Acquisition of Browser Security Firm SquareX
Cloud security titan Zscaler Inc. has acquired SquareX, a pioneer in browser-based threat protection, in an apparent move to step away from traditional, clunky security hardware and toward a seamless, browser-native defense. The acquisition, which did not include financial terms, integrates SquareX’s browser detection and response technology into Zscaler’s Zero Trust Exchange platform. Unlike traditional..…
-
AI Agents Are Creating Insider Security Threat Blind Spots, Research Finds
AI agents are creating insider security blind spots, and vendors are racing to catch up. The post AI Agents Are Creating Insider Security Threat Blind Spots, Research Finds appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-agent-security-beyondid-research/
-
Zscaler Bolsters Zero-Trust Arsenal with Acquisition of Browser Security Firm SquareX
Cloud security titan Zscaler Inc. has acquired SquareX, a pioneer in browser-based threat protection, in an apparent move to step away from traditional, clunky security hardware and toward a seamless, browser-native defense. The acquisition, which did not include financial terms, integrates SquareX’s browser detection and response technology into Zscaler’s Zero Trust Exchange platform. Unlike traditional..…
-
Zscaler Bolsters Zero-Trust Arsenal with Acquisition of Browser Security Firm SquareX
Cloud security titan Zscaler Inc. has acquired SquareX, a pioneer in browser-based threat protection, in an apparent move to step away from traditional, clunky security hardware and toward a seamless, browser-native defense. The acquisition, which did not include financial terms, integrates SquareX’s browser detection and response technology into Zscaler’s Zero Trust Exchange platform. Unlike traditional..…
-
AI Revolution Reshapes CISO Spending for 2026: Security Leaders Prioritize Defense Automation
The cybersecurity landscape is undergoing a fundamental shift as chief information security officers (CISOs) shift their 2026 budgets to artificial intelligence (AI) and realign traditional defense strategies. Nearly 80% of senior security executives are prioritizing AI-driven solutions to counter increasingly sophisticated threats, a new report from Glilot Capital Partners reveals. The survey, which polled leaders..…
-
FTC data highlights online threats to consumers and businesses
The commission listed several steps companies can take to fend off attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ftc-ransomware-scams-fraud-report/811705/
-
Threat actors target SolarWinds Web Help Desk flaw
Researchers say hackers are using remote monitoring and other tools in compromised environments. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-actors-target-solarwinds-web-help-desk-flaw/811702/
-
Flaw in Anthropic Claude Extensions Can Lead to RCE in Google Calendar: LayerX
LayerX researchers say that a security in Anthropic’s Claude Desktop Extensions can be exploited to allow threat actors to place a RCE vulnerability into Google Calendar, the latest report to highlight the risks that come with giving AI models with full system privileges unfettered access to sensitive data. First seen on securityboulevard.com Jump to article:…
-
Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR
Torrance, United States / California, February 9th, 2026, CyberNewswire Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR. The integration brings external, IP-based threat intelligence directly into IBM QRadar’s detection, investigation, and response workflows, enabling security teams to identify malicious activity faster…
-
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Microsoft has revealed that it observed a multi”‘stage intrusion that involved the threat actors exploiting internet”‘exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets.That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently First seen…
-
Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR
Torrance, United States / California, 9th February 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/criminal-ip-integrates-with-ibm-qradar-to-deliver-real-time-threat-intelligence-across-siem-and-soar/
-
Node.js LTX Stealer Emerges as New Threat to Login Credentials
A new, sophisticated malware campaign dubbed >>LTX Stealer.<< This malware represents a shift in attacker techniques, utilizing legitimate software frameworks and cloud services to hide its activities and steal sensitive user data. By mimicking standard Windows processes, LTX Stealer is designed to operate quietly, making it difficult for traditional antivirus systems to detect. The malware…
-
âš¡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths.A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps,…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
Active Exploitation of SolarWinds Web Help Desk RCE Used to Drop Custom Malware
Threat actors are actively exploiting critical vulnerabilities in SolarWinds Web Help Desk (WHD) to deploy custom malware and establish persistent remote control. Security researchers observed these attacks starting on February 7, 2026, targeting organizations that had not yet applied the latest security patches. SolarWinds Web Help Desk RCE The intrusion leverages recently disclosed Remote Code…
-
ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware
The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This new campaign highlights the group’s ability to abuse legitimate cloud services like pCloud and Yandex…