# ![@The_Cyber_News Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::1165106855879704577.png) @The_Cyber_News Cyber Security News

Cyber Security News posts on X about microsoft, ai, update, in the the most. They currently have [------] followers and [---] posts still getting attention that total [------] engagements in the last [--] hours.

### Engagements: [------] [#](/creator/twitter::1165106855879704577/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1165106855879704577/c:line/m:interactions.svg)

- [--] Week [-------] +104%
- [--] Month [---------] -14%
- [--] Months [---------] +3,908%
- [--] Year [---------] +6,734%

### Mentions: [--] [#](/creator/twitter::1165106855879704577/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1165106855879704577/c:line/m:posts_active.svg)

- [--] Week [--] +20%
- [--] Month [---] +14%
- [--] Months [---] +141%
- [--] Year [---] +143%

### Followers: [------] [#](/creator/twitter::1165106855879704577/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1165106855879704577/c:line/m:followers.svg)

- [--] Week [------] +1.90%
- [--] Month [------] +11%
- [--] Months [------] +127%
- [--] Year [------] +249%

### CreatorRank: [-------] [#](/creator/twitter::1165106855879704577/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1165106855879704577/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  48% [stocks](/list/stocks)  34% [social networks](/list/social-networks)  9% [countries](/list/countries)  4% [finance](/list/finance)  2% [currencies](/list/currencies)  1% [cryptocurrencies](/list/cryptocurrencies)  1% [ncaa football](/list/ncaa-football)  1%

**Social topic influence**
[microsoft](/topic/microsoft) #1140, [ai](/topic/ai) 12%, [update](/topic/update) #5272, [in the](/topic/in-the) 8%, [gain](/topic/gain) #1234, [systems](/topic/systems) #212, [products](/topic/products) 6%, [windows](/topic/windows) 5%, [vmware](/topic/vmware) 3%, [whatsapp](/topic/whatsapp) 3%

**Top accounts mentioned or mentioned by**
[@catgirl_root](/creator/undefined) [@t15_v](/creator/undefined) [@sanarsh11](/creator/undefined) [@upgradeoptions](/creator/undefined) [@thecybernews](/creator/undefined) [@a_is_anon](/creator/undefined) [@yogsoth0](/creator/undefined) [@s3n4t0r_0x0](/creator/undefined) [@tenohtoo](/creator/undefined) [@grok](/creator/undefined) [@between_anxiety](/creator/undefined) [@hellresistor](/creator/undefined) [@trellix](/creator/undefined) [@asafcrypto61](/creator/undefined) [@cishetloser](/creator/undefined) [@fmquasi](/creator/undefined) [@nikolateslairbx](/creator/undefined) [@ransomleak](/creator/undefined) [@onuroktay](/creator/undefined) [@segoslavia](/creator/undefined)

**Top assets mentioned**
[Microsoft Corp. (MSFT)](/topic/microsoft) [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Meta Platforms, Inc. (META)](/topic/meta-platforms) [Bitcoin (BTC)](/topic/bitcoin)
### Top Social Posts
Top posts by engagements in the last [--] hours

"⚠ Hackers Hijacked Notepad++ Update Servers to Redirect Users to Malicious Servers Source: The developer of Notepad++ has confirmed that a targeted attack by a likely Chinese state-sponsored threat actor compromised the project's former shared hosting infrastructure between June and December [----]. The breach allowed attackers to intercept and selectively redirect update traffic to malicious servers exploiting a weakness in how the software validated update packages before the release of version 8.8.9. The compromise occurred at the infrastructure level rather than through a vulnerability in"  
[X Link](https://x.com/The_Cyber_News/status/2018209099243213190)  2026-02-02T06:25Z 45K followers, 51.3K engagements


"🚨 Palo Alto Networks Firewall Vulnerability Allows Attacker to Force Firewalls into a Reboot Loop Source: A critical denial-of-service (DoS) flaw in Palo Alto Networks PAN-OS software could let unauthenticated attackers crash firewalls into endless reboot cycles potentially crippling enterprise networks. Dubbed CVE-2026-0229 the vulnerability lurks in the Advanced DNS Security (ADNS) feature. An attacker sends a maliciously crafted packet to trigger a system reboot. Repeated exploitation forces the firewall into maintenance mode halting traffic inspection and exposing organizations to"  
[X Link](https://x.com/The_Cyber_News/status/2022134339006595471)  2026-02-13T02:22Z 45K followers, 17.1K engagements


"🚨 CISA Warns of Notepad++ Code Execution Vulnerability Exploited in Attacks Source: CISA has added CVE-2025-15556 to its Known Exploited Vulnerabilities (KEV) catalog highlighting active exploitation of a critical code execution flaw in Notepad++ a widely used open-source text editor popular among developers and IT professionals. Attackers can intercept or redirect update traffic tricking users into installing malicious payloads that execute arbitrary code with user-level privileges. Threat actors could leverage man-in-the-middle (MitM) techniques on unsecured networks to serve tampered"  
[X Link](https://x.com/The_Cyber_News/status/2022193016342294716)  2026-02-13T06:16Z 45K followers, [----] engagements


"🚨 Hackers Actively Exploiting Cisco and Citrix 0-Day in the Wild to Deploy Webshell Read more: An advanced hacking group is actively exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems. These attacks spotted in real-world operations allow hackers to deploy custom webshells and gain deep access to corporate networks. The attack was uncovered by Amazon's MadPot honeypot service a tool designed to lure and study cyber threats. It caught attempts to exploit a Citrix flaw known as "Citrix Bleed Two" (CVE-2025-5777) before anyone knew about it publicly."  
[X Link](https://x.com/The_Cyber_News/status/1988785156279398548)  2025-11-13T01:45Z 45K followers, [----] engagements


"🔐 Microsoft Shares BitLocker Keys with FBI to Unlock Encrypted Laptops in Fraud Investigation Source: Microsoft gave U.S. federal agents the digital keys needed to unlock three encrypted laptops linked to a massive COVID unemployment scam in Guam. This case shows how cloud-stored encryption keys can help law enforcement but also raises big privacy worries for everyday users. Early last year in [----] FBI investigators in Guam got a search warrant for Microsoft. They wanted recovery keys for three laptops tied to a plot stealing funds from the islands COVID relief program. Crooks had handled"  
[X Link](https://x.com/The_Cyber_News/status/2015013724713865565)  2026-01-24T10:48Z 45K followers, 25.1K engagements


"🚨 CISA Warns of Critical VMware vCenter RCE Vulnerability Exploited in Attacks Source: CISA has added a critical vulnerability affecting Broadcoms VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that active exploitation of CVE-2024-37079 has been detected in the wild posing a significant risk to enterprise environments that rely on vCenter for virtualization management. Successful exploitation allows a malicious actor with network access to the vCenter Server to execute remote code potentially gaining full control over the affected system."  
[X Link](https://x.com/The_Cyber_News/status/2015251198966993218)  2026-01-25T02:31Z 44.2K followers, 13.3K engagements


"🔐 New Lawsuit Claims that Meta Can Read All the WhatsApp Users' Messages Source: A new class-action lawsuit accuses Meta Platforms of misleading billions of WhatsApp users by claiming their messages are protected by unbreakable end-to-end encryption. The suit alleges the company secretly stores analyzes and grants employee access to chat contents via internal tools. They argue that unencrypted metadata can identify users but that stored message content undermines psychological well-being in digital relationships. #cybersecuritynews #whatsApp https://cybersecuritynews.com/whatsapp-lawsuit/"  
[X Link](https://x.com/The_Cyber_News/status/2015990342466834453)  2026-01-27T03:28Z 44.7K followers, 108.6K engagements


"🚨 Hackers Exploit Teams' Functionality to Steal Credentials Mimicking Microsoft Services Source: A sophisticated phishing campaign has been identified in which threat actors are abusing legitimate Microsoft Teams functionality to distribute malicious content that appears to originate from trusted Microsoft services. By leveraging the platform's "Invite a Guest" feature and crafting deceptive team names attackers are bypassing traditional email security controls to deliver fraudulent billing notifications directly to victims' inboxes. #cybersecuritynews #microsoftteams"  
[X Link](https://x.com/The_Cyber_News/status/2016327768905286056)  2026-01-28T01:49Z 44.2K followers, 15.4K engagements


"🚨 Fortinet Confirms FortiCloud SSO Flaw Actively Exploited in the Wild Source: 📌 Fortinet has confirmed a critical authentication bypass vulnerability in its FortiCloud SSO feature actively exploited in the wild under CVE-2026-24858. 📌According to an advisory published on January [--] [----] the flaw affects FortiOS FortiManager FortiAnalyzer and FortiProxy. 📌Attackers possessing a FortiCloud account and a registered device can log into other devices registered to different accounts if FortiCloud SSO is enabled. 📌Fortinet temporarily disabled its FortiCloudSingle Sign-On (SSO)service after"  
[X Link](https://x.com/The_Cyber_News/status/2016460167567769727)  2026-01-28T10:35Z 44.4K followers, [----] engagements


"🛡WhatsApp New Strict Account Settings to Protect Your Account from Hackers Source: ➡ WhatsApp has introduced Strict Account Settings a lockdown-style security feature designed to protect users from highly sophisticated cyber-attacks. ➡ The new privacy feature is specifically tailored for individuals who may be targets of advanced threats including journalists activists and public figures who face elevated cybersecurity risks. ➡ The instant messaging platform which already provides default end-to-end encryption for all personal messages and calls continues to build additional layers of"  
[X Link](https://x.com/The_Cyber_News/status/2016549607279677824)  2026-01-28T16:31Z 44.2K followers, [----] engagements


"🛠 AutoPentestX - Automated Penetration Testing Toolkit Designed for Linux systems Source: AutoPentestX an open-source automated penetration testing toolkit for Linux systems enables comprehensive security assessments from a single command. AutoPentestX targets Kali Linux Ubuntu and Debian-based distributions automating OS detection port scanning service enumeration and vulnerability checks. It integrates Nmap for network scans Nikto and SQLMap for web testing and CVE lookups for risk scoring based on CVSS metrics. The toolkit stores results in an SQLite database and supports Metasploit RC"  
[X Link](https://x.com/The_Cyber_News/status/2017586123623829715)  2026-01-31T13:09Z 44.4K followers, 14.5K engagements


"🤖 Moltbook AI Vulnerability Exposes Email Addresses Login Tokens and API Keys Source: A critical vulnerability in Moltbook the nascent AI agent social network launched late January [----] by Octane AI's Matt Schlicht exposes email addresses login tokens and API keys for its registered entities amid hype over [---] million "users." Researchers revealed an exposed database misconfiguration allowing unauthenticated access to agent profiles enabling bulk data extraction. This flaw coincides with no rate limiting on account creation where a single OpenClaw agent reportedly registered [------] fake AI"  
[X Link](https://x.com/The_Cyber_News/status/2017773839435108802)  2026-02-01T01:35Z 44.9K followers, 12.7K engagements


"🚨 Notepad++ Hack Detailed Along With the IoCs and Custom Malware Used Source: A sophisticated espionage campaign attributed to the Chinese Advanced Persistent Threat (APT) group Lotus Blossom (also known as Billbug). The threat actors compromised the infrastructure hosting the popular text editor Notepad++ to deliver a custom previously undocumented backdoor named "Chrysalis". The investigation began with a security incident stemming from the execution of a malicious file named update.exe which was downloaded from a suspicious IP address (95.179.213.0) following the legitimate execution of"  
[X Link](https://x.com/The_Cyber_News/status/2018508084147322921)  2026-02-03T02:13Z 44.2K followers, 17.2K engagements


"🚨 Microsoft Office 0-day Exploited by APT28 Hacker Group to Deploy Malware Source: The Russia-linked threat group UAC-0001 also known as APT28 has been actively exploiting a critical zero-day vulnerability in Microsoft Office. The group is using this flaw to deploy sophisticated malware against Ukrainian government entities and European Union organizations. The vulnerability identified as CVE-2026-21509 was disclosed by Microsoft on January [--] [----] with warnings about active exploitation in the wild. Within [--] hours of Microsofts public disclosure threat actors had already weaponized the"  
[X Link](https://x.com/The_Cyber_News/status/2018588775988056562)  2026-02-03T07:34Z 44.4K followers, [----] engagements


"⚠ Hikvision Wireless Access Points Flaw Enables Malicious Command Execution Source: A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw tracked as CVE-2026-0709 stems from insufficient input validation in device firmware potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems. The vulnerability carries a CVSS v3.1 base score of [---] indicating a high-severity threat. Attackers who can authenticate to the device can send specially crafted packets"  
[X Link](https://x.com/The_Cyber_News/status/2018726323305488471)  2026-02-03T16:40Z 44.4K followers, [----] engagements


"🚨 React Server Components Vulnerability Exploited in the Wild to Deploy Malicious Payloads Source: Threat actors are actively leveraging this critical vulnerability to deploy cryptominers and establish persistent remote access. While the total number of unique sources attempting exploitation reached [----] traffic has heavily consolidated. Two specific IP addresses generated 56% of all observed malicious sessions indicating automated large-scale infrastructure rather than manual testing. Attackers are specifically targeting development ports likely looking for misconfigured instances where"  
[X Link](https://x.com/The_Cyber_News/status/2018869970449629541)  2026-02-04T02:11Z 44.2K followers, [----] engagements


"⚠ Chrome Vulnerabilities Let Attackers Execute Arbitrary Code and Crash System Source: Google has released a critical security update for the Chrome Stable channel addressing two high-severity vulnerabilities that expose users to potential arbitrary code execution (ACE) and denial-of-service (DoS) attacks. The update pushes the browser version to 144.0.7559.132/.133 for Windows and macOS and 144.0.7559.132 for Linux. Successful exploitation of these vulnerabilities typically requires a user to visit a specially crafted website which can trigger the exploit within the browser's renderer"  
[X Link](https://x.com/The_Cyber_News/status/2018941260011069654)  2026-02-04T06:54Z 44.9K followers, [----] engagements


"🚨 Hackers Using AI to Get AWS Admin Access Within [--] Minutes Source: Threat actors leveraging artificial intelligence tools have compressed the cloud attack lifecycle from hours to mere minutes. The adversaries escalated from initial credential theft to full administrative privileges in less than [--] minutes by using large language models (LLMs) to automate reconnaissance generate malicious code and execute real-time attack decisions. The operation targeted an Amazon Web Services (AWS) environment demonstrating how AI assistance has fundamentally transformed the speed and sophistication of"  
[X Link](https://x.com/The_Cyber_News/status/2019088768180117564)  2026-02-04T16:40Z 45K followers, 17K engagements


"🚨 Cisco Meeting Management Vulnerability Grants "root" Access to Attackers Source: A high-severity security advisory has been issued for a critical vulnerability in Meeting Management software. This vulnerability allows authenticated remote attackers to upload harmful files and gain complete control over the affected system. The security flaw identified as CVE-2026-20098 carries a high severity rating because it enables root access the highest level of administrative permission on a device. If an attacker successfully exploits this weakness they can bypass security restrictions and take"  
[X Link](https://x.com/The_Cyber_News/status/2019355512886657419)  2026-02-05T10:20Z 44.4K followers, [----] engagements


"🛡 Hackers Leveraging Windows Screensavers to Gain Remote Access to Systems Source: Cybersecurity threats are constantly evolving and a recent campaign highlights a deceptive new tactic where attackers leverage Windows screensavers (.scr) files to compromise systems. This method allows threat actors to deploy legitimate Remote Monitoring and Management (RMM) tools granting them persistent remote access while effectively bypassing standard security controls. By utilizing trusted software and cloud services these attackers can blend their malicious activities into normal network traffic making"  
[X Link](https://x.com/The_Cyber_News/status/2019956230882832468)  2026-02-07T02:07Z 44.9K followers, [----] engagements


"🛡 OpenClaw Partners with VirusTotal to Secure AI Agent Skill Marketplace Source: OpenClaw announced today a partnership with VirusTotal Google's threat intelligence platform to implement automated security scanning for all skills published to ClawHub its AI agent marketplace. All skills published to ClawHub will now undergo automatic scanning using VirusTotal's threat intelligence database and Code Insight capability an LLM-powered security analysis tool. Skills flagged as malicious will be immediately blocked from download while suspicious content receives warning labels. A compromised"  
[X Link](https://x.com/The_Cyber_News/status/2020060737402728744)  2026-02-07T09:03Z 45K followers, [----] engagements


"⚡ Microsoft Data Center Power Outage Disrupts Windows [--] Updates and Store Functionality Source: Microsoft has confirmed that a significant power outage at one of its West US data centers triggered widespread service disruptions yesterday leaving thousands of Windows [--] users unable to access the Microsoft Store or complete Windows Updates. The incident which began early Saturday morning highlights the fragility of centralized cloud infrastructure even amidst robust redundancy protocols. The disruption began at approximately 08:00 UTC on February [--] [----]. Users across multiple regions but"  
[X Link](https://x.com/The_Cyber_News/status/2020316072180871209)  2026-02-08T01:57Z 44.8K followers, [----] engagements


"🛡 LocalGPT A Secure Local Device Focused AI Assistant Built in Rust Source: In an era where AI assistants like ChatGPT and Claude dominate cloud infrastructures exposing user data to remote breaches a new Rust-based tool called LocalGPT promises a fortress-like alternative. LocalGPT runs entirely on local devices keeping sensitive memory and tasks off the cloud. Inspired by and compatible with the OpenClaw framework it emphasizes persistent memory autonomous operations and minimal dependencies making it a cybersecurity standout for enterprises and privacy-conscious users. #cybersecuritynews"  
[X Link](https://x.com/The_Cyber_News/status/2020390791043248337)  2026-02-08T06:54Z 44.9K followers, 12.4K engagements


"📰 Cybersecurity Weekly Newsletter Notepad++ hack Office 0-Day ESXi 0-day Ransomware Attacks and More Source: Notepad++ users face a supply-chain nightmare after a malicious update; Microsoft Office's latest 0-day is ripe for exploitation; and ESXi servers are under siege from ruthless ransomware gangs. We've dissected these incidents plus fresh intel on emerging tactics patches to deploy now and strategies to fortify your defenses. Dive in to stay one step ahead. This week's highlights include actively exploited zero-days in Microsoft Office and React Native tools plus critical patches for"  
[X Link](https://x.com/The_Cyber_News/status/2020539141189206469)  2026-02-08T16:44Z 45K followers, [----] engagements


"🐞 SolarWinds Web Help Desk RCE Vulnerability to Deploy Custom Tools Source: Active exploitation of a remote code execution (RCE) vulnerability in SolarWinds Web Help Desk (WHD) is accelerating with attackers rapidly weaponizing compromised instances to deploy legitimate but heavily abused administrative tooling. The attack chain began with wrapper.exe the WHD service wrapper spawning java.exe the underlying Tomcat-based application. From there the Java process executed cmd.exe to silently install a remote MSI payload. This activity aligns closely with Microsofts February [--] advisory"  
[X Link](https://x.com/The_Cyber_News/status/2020693087778185534)  2026-02-09T02:55Z 44.9K followers, [----] engagements


"🛡 Ransomware With Windows Minifilter by Intercepting File Filter and Change Events Source: Ransomware continues to be the most financially damaging type of cyberattack affecting organizations around the world. One of the most effective tools for monitoring in Windows is the minifilter driver. By sitting directly in the file system I/O pipeline a minifilter can observe intercept and even block malicious file operations in real time providing a crucial early-warning layer for endpoint detection and response (EDR) systems. The Filter Manager a kernel-mode component provides a rich API for"  
[X Link](https://x.com/The_Cyber_News/status/2020761788187562024)  2026-02-09T07:28Z 45K followers, [----] engagements


"🛡 Hackers Exploiting Ivanti EPMM Devices to Deploy Dormant Backdoors Source: Hackers are actively exploiting Ivanti Endpoint Manager Mobile (EPMM) appliances to plant dormant backdoors that can sit unused for days or weeks. Ivanti recently disclosed two critical EPMM flaws CVE-2026-1281 and CVE-2026-1340 spanning authentication bypass and remote code execution in different packages (aftstore and appstore). Acrossintrusions observed the latest wave successful exploitation consistently resulted in a dropped artifact at the path /mifs/403.jsp. The filename and location are not new in"  
[X Link](https://x.com/The_Cyber_News/status/2020905052815360228)  2026-02-09T16:58Z 45K followers, [----] engagements


"🤖 Augustus LLM Vulnerability Scanner With 210+ Attacks Across [--] LLM Providers Source: Augustus is a new open-source vulnerability scanner designed to secure Large Language Models (LLMs) against an evolving landscape of adversarial threats. Built by Praetorian Augustus aims to bridge the gap between academic research tools and production-grade security testing offering a single-binary solution that can launch over [---] distinct adversarial attacks against [--] LLM providers. As enterprises race to integrate Generative AI into their products security teams have struggled with tooling that is"  
[X Link](https://x.com/The_Cyber_News/status/2021140548871127324)  2026-02-10T08:33Z 45K followers, [----] engagements


"🛡 CISA Orders Removal of Unsupported Active Network Edge Devices Source: CISA has issued Binding Operational Directive (BOD) 26-02 ordering Federal Civilian Executive Branch (FCEB) agencies to eliminate "end of support" (EOS) edge devices from their networks. This directive developed in coordination with the Office of Management and Budget (OMB) addresses the significant security risks posed by unsupported hardware that resides on network boundaries such as firewalls routers and VPN gateways. CISA defines "edge devices" as technology located on a network's boundary that is accessible from"  
[X Link](https://x.com/The_Cyber_News/status/2019817507092336982)  2026-02-06T16:56Z 45K followers, [----] engagements


"🚨 Google Warns of Hackers Leveraging Gemini AI for All Stages of Cyberattacks Source: Threat actors have begun leveraging Google's Gemini API to dynamically generate C# code for multi-stage malware evading traditional detection methods. HONESTCUE operates as a downloader and launcher that queries Gemini's API with hard-coded prompts to fetch self-contained C# source code. This code implements stage-two functionality such as downloading payloads from URLs hosted on CDNs like Discord without leaving disk artifacts. Threat actors integrate Gemini across phases from reconnaissance to tooling."  
[X Link](https://x.com/The_Cyber_News/status/2021924754630869385)  2026-02-12T12:30Z 45K followers, [----] engagements


"🚨 New Clickfix Exploit Tricks Users into Changing DNS Settings for Malware Installation Source: A new evolution in the ClickFix social engineering campaign which now employs a custom DNS hijacking technique to deliver malware. This attack method tricks users into executing malicious commands that utilize DNS lookups to fetch the next stage of the infection allowing attackers to bypass traditional detection methods and blend in with normal network traffic. ClickFix attacks rely on deceiving users through fake error messages such as bogus CAPTCHA prompts or "fix this issue" notifications on"  
[X Link](https://x.com/The_Cyber_News/status/2022724691946016898)  2026-02-14T17:28Z 45K followers, [----] engagements


"⚠ Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts Source: A significant security breach has compromised approximately [----] million Instagram user accounts exposing sensitive personal information that is now circulating on the dark web. The breach encompasses a wide range of personal information that could put affected users at serious risk. Compromised data includes usernames email addresses phone numbers and physical addresses. This combination of information makes users particularly vulnerable to identity theft phishing and social engineering. #cybersecuritynews #databreach"  
[X Link](https://x.com/The_Cyber_News/status/2009888674293657933)  2026-01-10T07:22Z 45K followers, 866.3K engagements


"🚨 Fortinet SSO Vulnerability Actively Exploited to Hack Firewalls & Gain Admin Access Source: A critical vulnerability in Fortinet's Single Sign-On (SSO) feature for FortiGate firewalls tracked as CVE-2025-59718 is under active exploitation. Attackers are leveraging it to create unauthorized local admin accounts granting full administrative access to internet-exposed devices. Multiple users have reported identical attack patterns prompting Fortinet's PSIRT forensics team to investigate. The flaw persists despite patches enabling privilege escalation on firewalls using SAML or FortiCloud SSO"  
[X Link](https://x.com/The_Cyber_News/status/2014170465884127452)  2026-01-22T02:57Z 45K followers, 20.6K engagements


"🚨 CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks Source: CISA has issued a warning about a critical authentication bypass vulnerability in multiple Fortinet products actively exploited in the wild. Tracked as CVE-2026-24858 the flaw allows attackers with a FortiCloud account to hijack sessions on devices registered to other accounts when FortiCloud Single Sign-On (SSO) is enabled. Attackers exploit this by leveraging a compromised or controlled FortiCloud account tied to a registered device. They can then authenticate to unrelated FortiAnalyzer"  
[X Link](https://x.com/The_Cyber_News/status/2017065918187393166)  2026-01-30T02:42Z 45K followers, [----] engagements


"🚨 CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks Source: CISA recently confirmed that ransomware groups are actively exploiting CVE-2025-22225 a high-severity VMware ESXi sandbox escape vulnerability. This flaw patched by Broadcom in March [----] enables attackers to escape virtual machine isolation and deploy ransomware across hypervisors. CVE-2025-22225 is an arbitrary write vulnerability in VMware ESXi rated Important with a CVSS score of [---]. A malicious actor with privileges in the VMX process can trigger an arbitrary kernel write breaking out of the sandbox"  
[X Link](https://x.com/The_Cyber_News/status/2019238013361090801)  2026-02-05T02:33Z 45K followers, 27.1K engagements


"⚠ CentOS [--] Vulnerability Lets Attackers Escalate to Root Privileges - PoC Released Source: A critical use-after-free (UAF) vulnerability in the Linux kernel's sch_cake queuing discipline (Qdisc) affects CentOS [--] allowing local users to gain root privileges. The issue arises in the cake_enqueue function of the CAKE Qdisc which returns NET_XMIT_SUCCESS even after dropping packets due to buffer limits. This misleads parent classful Qdiscs like HFSC leading to improper state management and a UAF when dequeuing packets. Attackers can exploit this for arbitrary code execution in kernel context"  
[X Link](https://x.com/The_Cyber_News/status/2019603446966653118)  2026-02-06T02:45Z 45K followers, [----] engagements


"🛡 F5 Patches Critical Vulnerabilities in BIG-IP NGINX and Related Products Source: F5 released Security Notification covering several medium and low-severity CVEs plus a security exposure affecting BIG-IP NGINX and container services. These issues primarily stem from denial-of-service (DoS) risks and configuration weaknesses potentially disrupting high-traffic environments like web application firewalls (WAF) and Kubernetes ingress. While no active exploits are reported prompt patching is urged for internet-facing deployments to mitigate DoS chains or unauthorized access. #cybersecuritynews"  
[X Link](https://x.com/The_Cyber_News/status/2019659357466898507)  2026-02-06T06:28Z 45K followers, [----] engagements


"⚠ Dutch Authorities Seized Servers of Windscribe VPN Provider Source: Dutch authorities seized a Windscribe VPN server located in the Netherlands as part of an undisclosed investigation. The Canadian provider quickly highlighted how its privacy-focused design thwarted any data recovery efforts. Windscribe disclosed the incident via social media sharing an image of an empty server rack slot and noting that Dutch officials executed a warrant without prior notice. The server a standard VPN node was physically removed by law enforcement seeking potential logs tied to criminal activity."  
[X Link](https://x.com/The_Cyber_News/status/2019707709151654072)  2026-02-06T09:40Z 45K followers, [----] engagements


"🛠 Shannon AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities in [--] Minutes Source: Shannon is a fully autonomous AI pentesting tool for web applications that identifies attack vectors via code analysis and validates them with live browser exploits. Unlike traditional static analysis tools that merely flag potential issues Shannon operates as a fully autonomous penetration tester that identifies attack vectors and actively executes real-world exploits to validate them. Shannon emulates human red team tactics across reconnaissance vulnerability analysis exploitation and"  
[X Link](https://x.com/The_Cyber_News/status/2019777360313434478)  2026-02-06T14:17Z 45K followers, 18.2K engagements


"⚠ Critical FortiClientEMS Vulnerability Let Attackers Execute Malicious Code Remotely Source: Fortinet has issued a critical security advisory warning administrators to immediately patch instances of FortiClientEMS its central management solution for endpoint protection. The vulnerability tracked as CVE-2026-21643 carries a CVSSv3 score of [---] and could allow unauthenticated remote attackers to execute arbitrary code or unauthorized commands on affected servers. The flaw is categorized as an SQL Injection (SQLi) vulnerability formally identified as an "improper neutralization of special"  
[X Link](https://x.com/The_Cyber_News/status/2020799300918460638)  2026-02-09T09:57Z 45K followers, 23.6K engagements


"🚨 [-----] OpenClaw Control Panels with Full System Access Exposed to the Internet Source: A critical security failure in the rapidly adopting "agentic AI" ecosystem has left tens of thousands of personal and corporate AI assistants fully exposed to the public internet. [-----] instances of the popular OpenClaw framework (formerly known as Moltbot) are vulnerable to Remote Code Execution (RCE) allowing attackers to take full control of the host machines. The core issue stems from OpenClaws default configuration which binds the service to 0.0.0.0:18789 listening on all network interfaces rather"  
[X Link](https://x.com/The_Cyber_News/status/2021079327878848523)  2026-02-10T04:30Z 45K followers, [----] engagements


"🚨 CISA Adds Six Microsoft 0-Day Flaws to KEV Catalog Following Active Exploitation Source: CISA has urgently expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding six zero-day vulnerabilities all affecting Microsoft products. This move underscores escalating threats from nation-state actors and cybercriminals actively exploiting these flaws in the wild. Evidence of active exploitation gathered from vendor reports threat intelligence and incident response trigger additions. These six entries highlight persistent vulnerabilities in the Microsoft ecosystem as prime attack vectors"  
[X Link](https://x.com/The_Cyber_News/status/2021631019636637851)  2026-02-11T17:02Z 45K followers, [----] engagements


"🛡Israeli Spyware Firm Exposes Paragon Spyware Control Panel on LinkedIn Source: An Israeli spyware firm Paragon Solutions accidentally exposed its secretive Graphite control panel in a LinkedIn post drawing sharp criticism from cybersecurity experts. The blunder offers a rare glimpse into the tools operations targeting encrypted communications. The image was posted by Paragons general counsel on LinkedIn on February [--] [----]. The screenshot revealed a dashboard displaying a Czech phone number labeled Valentina active interception logs from February [--] [----] and interfaces for monitoring"  
[X Link](https://x.com/The_Cyber_News/status/2021899358820860272)  2026-02-12T10:49Z 45K followers, [----] engagements


"🛡 Zimbra Security Update Patch for XSS XXE & LDAP Injection Vulnerabilities Source: Zimbra released version 10.1.16 on February [--] [----] tackling high-severity vulnerabilities including cross-site scripting (XSS) XML external entity (XXE) and LDAP injection. Labelled as high-patch severity and deployment risk this update urges admins to upgrade immediately to shield deployments from exploits. Attackers could inject malicious scripts via unsanitized inputs potentially stealing user sessions or data. Now enhanced input validation blocks these attacks restoring stable mail rendering without"  
[X Link](https://x.com/The_Cyber_News/status/2022515083063218386)  2026-02-14T03:35Z 45K followers, [----] engagements


"🛠 🛡 PentestAgent - AI Penetration Testing Tool With Attack Playbooks & HexStrike Integration Source: PentestAgent an open-source AI agent framework from developer Masic (GH05TCREW) has introduced enhanced capabilities including prebuilt attack playbooks and seamless HexStrike integration. PentestAgent operates through a terminal user interface (TUI) offering modes for assisted chats autonomous agents and multi-agent crews making it accessible for pentesters seeking AI augmentation without sacrificing control. PentestAgent comes with its structured attack playbooks predefined workflows for"  
[X Link](https://x.com/The_Cyber_News/status/2022897497874829491)  2026-02-15T04:55Z 45K followers, [----] engagements


"⚠ Windows [--] KB5074109 Update Breaks Systems Source: Microsoft's January [----] Windows [--] security update KB5074109 has triggered multiple system stability issues including lockups and black screens prompting users to uninstall it. Reports highlight graphics regressions and app failures affecting both consumer and enterprise setups. KB5074109 targets Windows [--] versions 24H2 (build 26200.7623) and 25H2 (build 26100.7623) delivering over [---] security fixes including three zero-days alongside non-security improvements like NPU power optimization. #cybersecurityNews"  
[X Link](https://x.com/The_Cyber_News/status/2014577586467127458)  2026-01-23T05:55Z 45K followers, 260K engagements


"🛠 nmapUnleashed Makes Nmap Scanning More Comfortable and Effective Source: nmapUnleashed emerges as a powerful CLI wrapper enhancing Nmap's capabilities for penetration testers and network auditors. nmapUnleashed or "nu" wraps Nmap to add multithreading allowing up to customizable parallel scans (default [--] threads) for faster execution across large networks. It introduces a persistent dashboard for real-time monitoring of queued active aborted and completed scans complete with network throughput warnings to prevent bandwidth overload. Users benefit from automatic timeouts manual abort"  
[X Link](https://x.com/The_Cyber_News/status/2020032433098485832)  2026-02-07T07:10Z 45K followers, 13.7K engagements


"🤖Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10000+ Users to Remote Attacks Source: A new critical vulnerability has exposed a fundamental architectural flaw in how Large Language Models (LLMs) handle trust boundaries. The zero-click remote code execution (RCE) flaw in Claude Desktop Extensions (DXT) allows attackers to compromise a system using nothing more than a maliciously crafted Google Calendar event. The exploit requires no complex prompt engineering or direct interaction from the victim to trigger the payload. The attack vector is shockingly simple: a Google Calendar"  
[X Link](https://x.com/The_Cyber_News/status/2020871140584079751)  2026-02-09T14:43Z 45K followers, 21.7K engagements


"🛡 Windows Error Reporting Service Flaw Let Attackers Elevate Privileges PoC Released Source: A critical security flaw in Windows Error Reporting Service has been discovered allowing attackers with standard user access to escalate their privileges to SYSTEM-level control. CVE-2026-20817 patched by Microsoft in January [----] represents a significant threat to Windows environments due to its low attack complexity and potential for complete system compromise. The flaw exists in the Windows Error Reporting Service (wersvc.dll) which runs with NT AUTHORITYSYSTEM privileges and listens for client"  
[X Link](https://x.com/The_Cyber_News/status/2021253120211419439)  2026-02-10T16:01Z 45K followers, [----] engagements


"🛡 Microsoft Patch Tuesday February [----] [--] Vulnerabilities Fixed Including [--] Zero-days Source: Microsoft released its February [----] Patch Tuesday updates on February [--] addressing [--] vulnerabilities including six zero-days across Windows Office Azure and developer tools. The updates fix issues in products like Windows Remote Desktop Services Microsoft Defender Azure services GitHub Copilot Visual Studio Code Microsoft Exchange and Office apps. Severity ratings include two Critical flaws and numerous Important ones with types including remote code execution (RCE) elevation of privilege (EoP)"  
[X Link](https://x.com/anyuser/status/2021288672646267292)  2026-02-10T18:22Z 45K followers, [----] engagements


"⚠ FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication Source: Fortinet has disclosed a high-severity authentication bypass vulnerability in FortiOS tracked as CVE-2026-22153 (FG-IR-25-1052) that could allow unauthenticated attackers to sidestep LDAP authentication for Agentless VPN or Fortinet Single Sign-On (FSSO) policies. The flaw resides in the fnbamd daemon and requires specific LDAP server configurations enabling unauthenticated binds. The issue stems from improper handling of LDAP authentication requests. An attacker could exploit this under certain"  
[X Link](https://x.com/The_Cyber_News/status/2021398601809936564)  2026-02-11T01:39Z 45K followers, 32.9K engagements


"🚨 Windows Remote Desktop Services0-Day Vulnerability Exploited in the Wild Source: Microsoft has patched CVE-2026-21533 a zero-day elevation of privilege vulnerability in Windows Remote Desktop Services (RDS) that attackers are exploiting in the wild to gain SYSTEM-level access. The flaw stems from improper privilege management and was addressed in the February [----] Patch Tuesday updates released on February [--]. It requires no user interaction and affects the unchanged scope impacting confidentiality integrity and availability at high levels. The vulnerability arises from flawed privilege"  
[X Link](https://x.com/The_Cyber_News/status/2021454025523437592)  2026-02-11T05:19Z 45K followers, 57.2K engagements


"🚨 Windows Notepad Vulnerability Allows Attackers to Execute Code Remotely Source: Microsoft has patched a critical remote code execution (RCE) flaw in the Windows Notepad app tracked as CVE-2026-20841 which could let attackers run malicious code on victims machines. The bug affects the modern Windows Notepad app available via the Microsoft Store. An unauthorized attacker could exploit it over a network by tricking users into opening a booby-trapped Markdown (.md) file. Once loaded a malicious link inside the file prompts the app to handle unverified protocols. Clicking the link triggers"  
[X Link](https://x.com/The_Cyber_News/status/2021510506775724265)  2026-02-11T09:03Z 45K followers, 22.2K engagements


"🚨 Microsoft Office Word 0-day Vulnerability Actively Exploited in the Wild Source: A critical zero-day vulnerability in Microsoft Word tracked as CVE-2026-21514 was disclosed on February [--] [----] allowing attackers to bypass essential security protections. CVE-2026-21514 exploits a weakness in how Microsoft Word handles security decisions based on untrusted inputs categorized as CWE-807. The vulnerability specifically bypasses Object Linking and Embedding (OLE) mitigations implemented by Microsoft to protect users from malicious COM/OLE controls. These OLE controls enable documents to embed"  
[X Link](https://x.com/The_Cyber_News/status/2021770865000820814)  2026-02-12T02:18Z 45K followers, 23K engagements


"🚨 Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals Source: Apple released iOS [----] and iPadOS [----] on February [--] [----] patching over [--] vulnerabilities including a critical zero-day in the dyld component actively exploited in targeted attacks. The update addresses CVE-2026-20700 a memory-corruption flaw discovered by Google's Threat Analysis Group which enables arbitrary code execution for attackers with memory-write access. Dyld Apple's Dynamic Link Editor handles loading and linking of dynamic libraries across iOS macOS and other platforms. This"  
[X Link](https://x.com/The_Cyber_News/status/2021822072339804492)  2026-02-12T05:42Z 45K followers, 19.3K engagements


"🛡 $44 Evilmouse Executes Commands and Compromises Systems Upon Connection Source: A $44 hardware implant disguised as an ordinary computer mouse. This device acts as a covert keystroke injector akin to the Hak5 Rubber Ducky but leverages the innocuous form factor of a mouse to bypass basic user awareness training. Plug it in and it autonomously runs payloads that execute commands deliver reverse shells or worse without arousing suspicion. Evilmouse preserves the host mouses optical sensor and buttons via an integrated USB hub ensuring cursor movement and clicks work normally."  
[X Link](https://x.com/The_Cyber_News/status/2022032710206730465)  2026-02-12T19:39Z 45K followers, 48.9K engagements


"🚨 [----] Windows Servers Compromised by BADIIS Malware in Large-Scale Cyberattack Source: A sophisticated cyber campaign has compromised over [----] Windows servers globally using a potent malware strain known as BADIIS. This operation targets Internet Information Services (IIS) environments transforming legitimate infrastructure into a massive network for SEO poisoning. By hijacking these servers threat actors manipulate search engine results to promote illicit gambling platforms and fraudulent cryptocurrency sites effectively monetizing compromised systems while evading traditional security"  
[X Link](https://x.com/The_Cyber_News/status/2022244790491054341)  2026-02-13T09:41Z 45K followers, [----] engagements


"🛡 OpenClaw 2026.2.12 Released With Fix for 40+ Security Issues Source: OpenClaw Version 2026.2.12 is a major security-focused update that fixes more than [--] vulnerabilities and strengthens protection across the AI agent platform. The update improves hooks browser control scheduling messaging channels and gateway security. The main goal of this release is defense-in-depth. It follows serious concerns about exposed OpenClaw agents token-stealing remote code execution (RCE) chains and unsafe default deployments. This includes hostname allowlists per-request URL limits and audit logging for"  
[X Link](https://x.com/The_Cyber_News/status/2022302234546167993)  2026-02-13T13:29Z 45K followers, [----] engagements


"⚠ Threat Actor Allegedly Selling OpenSea 0-day Exploit Chain on Hacking Forums Source: A threat actor is reportedly selling a purported critical severity zero-day exploit chain targeting OpenSea for $100000 USD in Bitcoin or Monero. The listing claims the vulnerability remains unpatched and undisclosed raising alarms in the NFT community. The exploit allegedly targets flaws in OpenSea's Seaport protocol order validation logic across Ethereum Mainnet Polygon and Blast networks. It enables attackers to force-transfer high-value NFTs for zero ETH bypassing listing approvals and functioning on"  
[X Link](https://x.com/The_Cyber_News/status/2022580452209418346)  2026-02-14T07:55Z 45K followers, [----] engagements


"⚠ Windows [--] KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop Source: Microsoft's February [--] [----] security update KB5077181 for Windows [--] versions 24H2 (build 26200.7840) and 25H2 (build 26100.7840) has triggered widespread reports of critical boot failures just days after deployment. Users describe devices entering infinite restart loops often exceeding [--] cycles preventing access to the desktop. This cumulative update delivers essential security fixes alongside quality improvements from prior releases like KB5074109. #cybersecuritynews #windows11"  
[X Link](https://x.com/The_Cyber_News/status/2023000925179367498)  2026-02-15T11:46Z 45K followers, [----] engagements


"🚨 Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild Source: Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393 the flaw allows unauthenticated attackers to execute arbitrary root-level commands via crafted HTTP requests to the Spam Quarantine feature. The vulnerability stems from insufficient validation of HTTP requests in the Spam Quarantine feature of Cisco AsyncOS Software enabling remote command execution with root"  
[X Link](https://x.com/The_Cyber_News/status/2012157425638318204)  2026-01-16T13:38Z 41.3K followers, [----] engagements


"💻 Windows [--] PCs Fail to Shut Down After January Security Update Source: Microsoft's January [--] [----] security update for Windows [--] has triggered a frustrating bug: affected PCs refuse to shut down or hibernate instead restarting. The issue is caused by KB5073455 which targets OS Build [----------] on Windows [--] version 23H2. It was first reported on January [--] and arises from interference with Secure Launch a virtualization-based security (VBS) feature designed to protect boot processes from firmware threats such as rootkits. #CybersecurityNews #Windows11 #WindowsUpdate"  
[X Link](https://x.com/The_Cyber_News/status/2012213969159913955)  2026-01-16T17:22Z 42.1K followers, 26.7K engagements


"🛠 Argus - Python-powered Toolkit for Information Gathering and Reconnaissance Source: Argus is a comprehensive Python-based toolkit designed for reconnaissance tasks in cybersecurity. The developers recently released version [---] expanding it to include [---] modules. This tool consolidates network analysis web app scanning and threat intelligence into one interface. Users access modules through an interactive CLI that supports searching favorites and batch runs. Network and infrastructure modules cover DNS records open ports SSL chain analysis and traceroute from [--] to [--]. Web application"  
[X Link](https://x.com/The_Cyber_News/status/2012490160806723681)  2026-01-17T11:40Z 43K followers, 14.9K engagements


"🔐 Lets Encrypt has made 6-day IP-based TLS certificates Generally Available Source: Lets Encrypt a key provider of free TLS certificates has rolled out short-lived and IP address-based certificates for general use. These new options became available starting in early [----] addressing long-standing issues in certificate security. Short-lived certificates last just [---] hours about six and a half days while IP-based ones tie directly to IP addresses instead of domain names. Users activate them by choosing the "short-lived" profile in their ACME client. #cybersecurityNews"  
[X Link](https://x.com/The_Cyber_News/status/2012563634413863402)  2026-01-17T16:32Z 42.9K followers, 11.2K engagements


"🔐 Authentication Failures in RDP Connections Following Microsoft January Security Update Source: Microsoft has released an out-of-band emergency update to resolve a critical issue affecting Remote Desktop connections on Windows client devices. The problem emerged immediately following the installation of the January [----] security update identified as KB5074109. Administrators and users reported widespread credential prompt failures when attempting to sign in via the Windows App significantly disrupting access to Azure Virtual Desktop and Windows [---] environments. The original update released"  
[X Link](https://x.com/The_Cyber_News/status/2012824345966788687)  2026-01-18T09:48Z 43.1K followers, 21.5K engagements


"🚨 Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations - PoC Released Source: A critical flaw in Windows Kerberos authentication that significantly expands the attack surface for credential relay attacks in Active Directory environments. By abusing how Windows clients handle DNS CNAME responses during Kerberos service ticket requests attackers can coerce systems into requesting tickets for attacker-controlled services bypassing traditional protections. An attacker positioned on-path to intercept DNS traffic can exploit this to force victims into requesting service tickets for"  
[X Link](https://x.com/The_Cyber_News/status/2013164390577750353)  2026-01-19T08:19Z 42K followers, 13.6K engagements


"🚨 Cisco Unified Communications 0-day RCE Exploited in the Wild to Gain Root Access Source: Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability CVE-2026-20045 actively exploited in the wild. Affecting key Unified Communications products this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS potentially gaining root access. The issue stems from improper validation of user-supplied input in HTTP requests to the web-based management interface. An attacker sends crafted HTTP requests that bypass authentication execute commands at"  
[X Link](https://x.com/The_Cyber_News/status/2014230297815159093)  2026-01-22T06:55Z 43K followers, [----] engagements


"🛡 Hundreds of Exposed Clawdbot Gateways Leave API Keys & Private Chats Vulnerable Source: Clawdbot the surging open-source AI agent gateway faces escalating security concerns with hundreds of unauthenticated instances exposed online and multiple code flaws that enable credential theft and remote code execution. Services like Shodan and Censys index HTTP fingerprints such as favicons or specific phrases enabling rapid discovery. Similar scans revealed over [---] exposed Gateways on port [-----] many of which were unauthenticated. #cybersecurityNews #vulnerability"  
[X Link](https://x.com/The_Cyber_News/status/2015836731766198561)  2026-01-26T17:18Z 43K followers, [---] engagements


"🚨 CISA Warns Threat Hunting Staff to Stop Using Censys & VirusTotal Read more: ✅ Hundreds of Cybersecurity and Infrastructure Security Agency (CISA) staff were notified this week that the organization is discontinuing critical cybersecurity tools used for threat hunting operations. ✅ Amid broader reductions across the cyber defense agency CISA's threat hunting division plans to cease use of Google-owned VirusTotal on April [--]. The division already halted use of Censys a cyber threat intelligence service in late March. ✅ This comes after another controversy where CISA briefly indicated it"  
[X Link](https://x.com/The_Cyber_News/status/1914628123905151074)  2025-04-22T10:31Z 43.1K followers, [----] engagements


"🚨 CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks Source: CISA has added a critical zero-day vulnerability in Google Chromium's ANGLE graphics engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-14174 the flaw allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page potentially leading to arbitrary code execution in browsers. CVE-2025-14174 resides in ANGLE Chromium's OpenGL ES interface layer where improper bounds checking allows memory corruption. A crafted webpage can invoke the flaw during rendering"  
[X Link](https://x.com/The_Cyber_News/status/1999828413687955459)  2025-12-13T13:07Z 43.4K followers, [----] engagements


"🚨 Free Converter Apps that Convert your Clean System to Infected in Seconds Source: Malicious file converter applications distributed through deceptive advertisements are infecting thousands of systems with persistent remote access trojans (RATs). These seemingly legitimate productivity tools perform their advertised functions while secretly installing backdoors that give attackers continuous access to victim computers. When users search for file conversion tools like "Word to PDF converter" or image converters these ads appear at the top of search results making them appear trustworthy."  
[X Link](https://x.com/The_Cyber_News/status/2013253454328946690)  2026-01-19T14:13Z 43.1K followers, [----] engagements


"⚠ Everest Ransomware Group Allegedly Claims to Have Breached McDonalds India Source: The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonalds India allegedly exfiltrating [---] GB of sensitive data. The threat actors posted details of the breach on their dark web leak site on January [--] [----] threatening to publicly release the stolen information if the company fails to respond within a specified deadline. According to the ransomware groups claims the breach compromised a massive volume of internal company documents and customer personal data."  
[X Link](https://x.com/The_Cyber_News/status/2013801868821172361)  2026-01-21T02:32Z 43.2K followers, [----] engagements


"⚠ Microsoft Teams External Domain Anomalies Allow Defenders to Detect Attackers Source: Microsoft is rolling out a new security feature called the External Domains Anomalies Report for Teams designed to help IT administrators identify and respond to suspicious external communications before they escalate into data breaches. The External Domains Anomalies Report uses pattern analysis to establish baselines of normal communication behavior and flags deviations that could indicate security concerns. This feature arrives amid threats from actors like Black Basta which have intensified social"  
[X Link](https://x.com/The_Cyber_News/status/2013904280089243767)  2026-01-21T09:19Z 43.5K followers, [----] engagements


"🛡 New PixelCode Attack Smuggles Malware via Image Pixel Encoding Source: A novel malware delivery technique dubbed PixelCode has been demonstrated showing how malicious executables can be encoded directly into video frames. The approach allows threat actors to host these videos on legitimate platforms such as YouTube helping the malware evade traditional detection mechanisms. The PixelCode technique transforms binary executable files into visual pixel data effectively disguising malware as harmless multimedia content. By converting each byte of an executable into structured color matrices"  
[X Link](https://x.com/The_Cyber_News/status/2014009350898188691)  2026-01-21T16:17Z 43.3K followers, 11K engagements


"🛡 Microsoft Releases Out-of-Band Update to Fix Windows [--] File System and Outlook Freezes Source: An out-of-band (OOB) cumulative update KB5078127 to address critical file system compatibility issues affecting Windows [--] users. The update resolves widespread problems introduced by the January [--] [----] security update (KB5074109) that caused application freezes and cloud storage failures across multiple platforms. Users reported severe issues when attempting to open or save files to OneDrive Dropbox and other cloud services. The most significant fix addresses file system corruption affecting"  
[X Link](https://x.com/The_Cyber_News/status/2015805829140898288)  2026-01-26T15:15Z 43.2K followers, [----] engagements


"Attackers discovering these endpoints can immediately: Execute Arbitrary Shell Commands: Access the host system with the privileges of the Clawdbot container often running as root. Hijack Communications: Read emails manage calendars and send messages on behalf of the user across integrated platforms like Slack and Telegram. Exfiltrate API Keys: Dump valid keys for OpenAI Anthropic and other LLM providers directly from the configuration. https://twitter.com/i/web/status/2015839435548663977 https://twitter.com/i/web/status/2015839435548663977"  
[X Link](https://x.com/The_Cyber_News/status/2015839435548663977)  2026-01-26T17:29Z 43.2K followers, [----] engagements


"⚠ Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation Source: A critical privilege-escalation vulnerability has been discovered in Check Points Harmony SASE (Secure Access Service Edge) Windows client software affecting versions prior to [----]. Tracked as CVE-2025-9142 the flaw allows local attackers to write or delete files outside the intended certificate working directory potentially leading to system-level compromise. The vulnerability exists within the Service component of Perimeter81 software (Perimeter81.Service.exe) which operates with SYSTEM privileges."  
[X Link](https://x.com/The_Cyber_News/status/2016672137768292502)  2026-01-29T00:38Z 43.4K followers, [----] engagements


"⚠ CISA Chief Uploaded Sensitive Documents into Public ChatGPT Source: The acting director of the Cybersecurity and Infrastructure Security Agency (CISA) uploaded sensitive contracting documents marked "for official use only" into the public version of ChatGPT last summer triggering multiple automated security alerts designed to prevent data exfiltration from federal networks four Department of Homeland Security (DHS) officials told Politico. At the time ChatGPT remained blocked for other DHS staff. The uploads occurred in early August [----] with cybersecurity sensors repeatedly flagging them"  
[X Link](https://x.com/The_Cyber_News/status/2016726332315750751)  2026-01-29T04:13Z 43.4K followers, 15.8K engagements


"@The_Cyber_News New RDP Exploit Allows Attackers to Take Over Windows More Details: The Remote Desktop Protocol (RDP) is widely used to connect to and control another computer over a network providing full access to its desktop and resources. This vulnerability enables attackers to gain unauthorized control over Windows systems and hijack browser activity posing a significant threat to individual and enterprise data security. The exploit arises from the improper handling and storage of RDP bitmap cache files which are designed to enhance performance during remote desktop sessions. These files"  
[X Link](https://x.com/The_Cyber_News/status/1884910876492484742)  2025-01-30T10:25Z 44.3K followers, [---] engagements


"🚨 One-Click Telegram Flaw Exposes Real IP Addresses Source: A stealthy flaw in Telegrams mobile clients that lets attackers unmask users real IP addresses with a single click even those hiding behind proxies. Dubbed a one-click IP leak the vulnerability turns seemingly innocuous username links into potent tracking weapons. The issue hinges on Telegrams automatic proxy validation mechanism. When users encounter a disguised proxy link often embedded behind a username (e.g. t.me/proxyserver=attacker-controlled) the app pings the proxy server before adding it. #CybersecurityNews"  
[X Link](https://x.com/The_Cyber_News/status/2010763017798238449)  2026-01-12T17:17Z 43.7K followers, 43.8K engagements


"🚨 Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks Source: Fortinet FortiSIEM vulnerability CVE-2025-64155 is under active exploitation as confirmed by Defused through their honeypot deployments. This critical OS command injection flaw enables unauthenticated remote code execution posing severe risks to enterprise security monitoring systems. Proof-of-concept code is public on GitHub demonstrating full RCE chains. Exploit attempts log in /opt/phoenix/log/phoenix.log as PHL_ERROR entries showing attacker URLs and file paths. #cybersecurityNews"  
[X Link](https://x.com/The_Cyber_News/status/2011850882686861362)  2026-01-15T17:20Z 43.7K followers, [----] engagements


"⚠ Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections Source: A critical zero-day vulnerability in Cloudflare's Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. The requests targeting the /.well-known/acme-challenge/ directory could reach origins even when customer-configured WAF rules explicitly blocked all other traffic. The vulnerability was detected while reviewing applications where WAF configurations blocked global access and permitted only specific"  
[X Link](https://x.com/The_Cyber_News/status/2013287254916296806)  2026-01-19T16:27Z 44K followers, 120.4K engagements


"🚨 CISA Releases BRICKSTORM Analysis with New YARA Rules for VMware vSphere Source: CISA issued a malware analysis report on BRICKSTORM a sophisticated backdoor linked to Chinese state-sponsored cyber operations. BRICKSTORM represents a serious threat because it enables attackers to maintain long-term access to compromised systems without detection. BRICKSTORM gains initial access through compromised web servers located in demilitarized zones. Attackers upload the malware to VMware vCenter servers after moving laterally through networks using stolen service account credentials and Remote"  
[X Link](https://x.com/The_Cyber_News/status/2013872528196788356)  2026-01-21T07:13Z 43.7K followers, [----] engagements


"🚨 Fortinet Confirms Active Exploitation of FortiCloud SSO Authentication Bypass Flaw Source: Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass vulnerability with a new automated campaign targeting even fully patched FortiGate devices. These flaws affect FortiOS FortiWeb FortiProxy and FortiSwitchManager allowing admin access without credentials. Patches were issued but recent incidents on updated firmware like 7.4.10 indicate a persistent or variant issue applicable to all SAML SSO implementations. Fortinet urges disabling FortiCloud SSO and shared IOCs."  
[X Link](https://x.com/The_Cyber_News/status/2014676051281231930)  2026-01-23T12:26Z 44.2K followers, [----] engagements


"⚠ Microsoft Teams to Share Location With Employer Based on Wi-Fi Network Source: Microsoft is preparing to deploy a significant potentially controversial update to Microsoft Teams that automatically detects and displays a users physical work location based on the Wi-Fi network they connect to. According to the latest update on the Microsoft [---] Roadmap (ID 488800) this feature is scheduled to begin rolling out in March [----] for Worldwide (Standard Multi-Tenant) cloud instances. The update targets both Desktop and Mac platforms aiming to streamline coordination in hybrid work environments by"  
[X Link](https://x.com/The_Cyber_News/status/2015100924168159453)  2026-01-24T16:34Z 44.1K followers, 15.9K engagements


"🚨 Hackers Use rn Typo Trick to Impersonate Microsoft & Marriott in New Phishing Attack Source: A sophisticated "homoglyph" phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter "m" with the combination "rn" (r + n) creating fake websites that look nearly identical to the real ones. This technique known as typosquatting or a homoglyph attack exploits the way modern fonts display text. In many fonts the letters "r" and "n" are placed next to each other (rn) look visually indistinguishable from the letter "m""  
[X Link](https://x.com/The_Cyber_News/status/2015311622198473189)  2026-01-25T06:31Z 43.7K followers, [----] engagements


"⚠ Microsoft Investigating Boot Failure Issues With Windows [--] version 25H2 Source: Microsoft has launched an urgent investigation into severe stability issues plaguing the January [----] security update for Windows [--] following reports that the patch is causing critical boot failures on physical devices. The update identified as KB5074109 was intended to bring security enhancements to Windows [--] versions 25H2 and 24H2 but has instead triggered a wave of "UNMOUNTABLE_BOOT_VOLUME" errors that render affected systems unusable. The primary issue under investigation involves devices entering a boot"  
[X Link](https://x.com/The_Cyber_News/status/2015624212862677233)  2026-01-26T03:13Z 44K followers, 49.1K engagements


"⚠ New Instagram Vulnerability Exposes Private Posts to Anyone Source: A critical server-side vulnerability in Instagrams infrastructure allowed unauthenticated attackers to access private photos and captions without a login or follower relationship. The vulnerability stemmed from a failure in Instagrams server-side authorization logic rather than a simple caching error. The vulnerability which was reportedly patched silently by Meta in October [----] relied on a specific configuration of HTTP headers to bypass privacy controls on the mobile web interface. #cybersecurityNews"  
[X Link](https://x.com/The_Cyber_News/status/2015727241221804294)  2026-01-26T10:03Z 44K followers, 52.8K engagements


"🛡 Clawdbot Gateways Exposed - Hundreds of API Keys and Private Chats Vulnerable Source: Clawdbot the surging open-source AI agent gateway faces escalating security concerns with hundreds of unauthenticated instances exposed online and multiple code flaws that enable credential theft and remote code execution. Services like Shodan and Censys index HTTP fingerprints such as favicons or specific phrases enabling rapid discovery. Similar scans revealed over [---] exposed Gateways on port [-----] many of which were unauthenticated. #cybersecurityNews #vulnerability #Clawdbot"  
[X Link](https://x.com/The_Cyber_News/status/2015839232930283853)  2026-01-26T17:28Z 44K followers, 26.4K engagements


"🚨 Microsoft Office Zero-day Vulnerability Actively Exploited in Attacks Source: Microsoft released emergency out-of-band security updates on January [--] [----] to address CVE-2026-21509 a zero-day security feature bypass vulnerability in Microsoft Office that attackers are actively exploiting. CVE-2026-21509 enables local attackers to bypass Office protections after tricking users into opening malicious files via phishing or social engineering. Microsoft Threat Intelligence Center (MSTIC) confirmed exploitation detection marking it as the second actively exploited zero-day patched this month"  
[X Link](https://x.com/The_Cyber_News/status/2016074346197102892)  2026-01-27T09:02Z 44K followers, [----] engagements


"🔐 OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code Source: OpenSSL patched [--] vulnerabilities on January [--] [----] including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in parsing untrusted data. The most serious issue CVE-2025-15467 hits CMS AuthEnvelopedData parsing with AEAD ciphers like AES-GCM. Attackers craft oversized IVs in ASN.1 parameters causing stack overflows before authentication checks. This leads to crashes or potential remote code execution on apps handling untrusted"  
[X Link](https://x.com/The_Cyber_News/status/2016391186328780968)  2026-01-28T06:01Z 43.7K followers, [----] engagements


"⚠Microsoft [---] Outlook Add-ins Weaponized to Exfiltrate Sensitive Email Data Source: A significant architectural blind spot in the Microsoft [---] ecosystem that allows threat actors to exfiltrate sensitive email data without leaving forensic traces. Dubbed "Exfil Out&Look" this attack technique leverages the Outlook add-in framework to intercept outgoing communications stealthily. Unlike traditional exploitation methods that rely on software vulnerabilities this technique abuses legitimate features within Outlook Web Access (OWA) to bypass Unified Audit Logs effectively rendering the"  
[X Link](https://x.com/The_Cyber_News/status/2016855508691669348)  2026-01-29T12:46Z 43.7K followers, [----] engagements


"🚨 Hackers Exploiting Vulnerable IIS Servers to Inject Malicious Web Shells Source: A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The attackers exploit unpatched IIS servers to inject malicious web shells execute PowerShell scripts and deploy the BadIIS malware which now includes hardcoded regional configurations tailored to specific countries. The threat campaign demonstrates operational overlap with the previously documented WEBJACK"  
[X Link](https://x.com/The_Cyber_News/status/2017304733875413481)  2026-01-30T18:31Z 44.2K followers, 18.3K engagements


"⚠Semantic Chaining Jailbreak Attack Bypasses Grok [--] & Gemini Nano Security Source: Following the recent Echo Chamber Multi-Turn Jailbreak NeuralTrust researchers have disclosed Semantic Chaining a potent vulnerability in the safety mechanisms of multimodal AI models like Grok [--] and Gemini Nano Banana Pro. This multi-stage prompting technique evades filters to produce prohibited text and visual content highlighting flaws in intent-tracking across chained instructions. Semantic Chaining weaponizes models inferential and compositional strengths against their guardrails. Rather than direct"  
[X Link](https://x.com/The_Cyber_News/status/2017440409702863248)  2026-01-31T03:30Z 43.9K followers, [----] engagements


"🚨 GhostChat Spyware Attacks Android Users Via WhatsApp to Exfiltrate Sensitive Details Source: A new Android spyware campaign has emerged targeting users in Pakistan through a sophisticated romance scam that uses fake dating profiles to steal personal information. The malicious application known as GhostChat disguises itself as a legitimate chat platform while secretly running surveillance operations in the background. This attack represents a dangerous trend where cybercriminals combine social engineering tactics with advanced spyware capabilities to compromise mobile devices and access"  
[X Link](https://x.com/The_Cyber_News/status/2018154586704638299)  2026-02-02T02:48Z 44K followers, [----] engagements


"⚠ F5 Released Security Updates Covering Multiple Products Following Recent Hack Read more: F5 Networks a leading provider of application security and delivery solutions has disclosed a significant security breach involving a nation-state threat actor prompting the release of critical updates for its core products. In response F5 has rolled out patches across BIG-IP F5OS BIG-IQ APM clients and BIG-IP Next for Kubernetes to safeguard customers amid heightened risks. F5 published its Quarterly Security Notification detailing [--] vulnerabilities addressed in the latest releases many tied to the"  
[X Link](https://x.com/The_Cyber_News/status/1979089938030153869)  2025-10-17T07:39Z 44.4K followers, [----] engagements


"🔐 Kali Linux [------] Released With [--] New Hacking Tools and Wifipumpkin3 Source: Kali Linux [------] released with substantial desktop environment improvements full Wayland support across virtual machines and three powerful new hacking tools including the much-anticipated Wifipumpkin3. Released on December [--] [----] this update focuses on modernizing the user experience while maintaining Kalis position as the premier penetration testing platform. The release brings GNOME [--] KDE Plasma [---] and refreshed Xfce theming alongside kernel [----] and critical infrastructure updates. #cybersecuritynews"  
[X Link](https://x.com/The_Cyber_News/status/1999536652906299690)  2025-12-12T17:47Z 44.8K followers, 16.7K engagements


"Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers Read more: Clorox Company has filed a $380 million lawsuit against IT services provider Cognizant Technology Solutions. Partial call transcripts filed with the suit show one agent volunteering Let me provide the password to you after the hacker said he couldnt log in. The lawsuit accuses Cognizants help-desk agents of inadvertently providing hackers with access to Cloroxs network during a security breach in August [----]. This intrusion severely disrupted operations and led to months of product shortages."  
[X Link](https://x.com/The_Cyber_News/status/1947990571756236890)  2025-07-23T12:01Z 45K followers, [---] engagements


"🚨 Hackers Exploiting Three-Year-Old FortiGate Vulnerability to Bypass 2FA on Firewalls Source: Hackers are abusing a long-patched Fortinet FortiGate flaw from July [----] slipping past two-factor authentication (2FA) on firewalls and potentially granting unauthorized access to VPNs and admin consoles. Dubbed FG-IR-19-283 (CVE-2020-12812) the issue stems from a mismatch in how FortiGate devices handle usernames compared with LDAP directories. FortiGate treats usernames as case-sensitive by default while most LDAP servers like Active Directory ignore case. Attackers exploit this in misconfigured"  
[X Link](https://x.com/The_Cyber_News/status/2004083087777628669)  2025-12-25T06:53Z 45K followers, 10.2K engagements


"🚨 FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data Source: A new wave of automated malicious activity targeting FortiGate firewall devices. Beginning January [--] [----] threat actors have been observed executing unauthorized configuration changes establishing persistence through generic accounts and exfiltrating sensitive firewall configuration data. The initial access methods remain unconfirmed but the tactics mirror prior SSO abuse. Detections are active alerting customers to suspicious activity. Fortinet has yet to confirm if existing patches fully mitigate this"  
[X Link](https://x.com/The_Cyber_News/status/2014325028737921290)  2026-01-22T13:11Z 45K followers, 11.2K engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing