#  @TheHackersNews The Hacker News Multiple high-profile hacking incidents and vulnerabilities have been recently reported. North Korean hackers are using fake job interviews to spread malware, while Chinese hackers are targeting governments and defense contractors using various backdoors and exploits. Additionally, critical flaws have been discovered in various software, including Cisco VPN gear, SolarWinds Web Help Desk, and Supermicro BMC, which could allow attackers to gain unauthorized access. ### Engagements: [-------] [#](/creator/twitter::209811713/interactions)  - [--] Week [---------] -8.40% - [--] Month [---------] +50% - [--] Months [----------] +104% - [--] Year [----------] +32% ### Mentions: [---] [#](/creator/twitter::209811713/posts_active)  - [--] Week [---] -10% - [--] Month [---] +36% - [--] Months [-----] +30% - [--] Year [-----] +38% ### Followers: [---------] [#](/creator/twitter::209811713/followers)  - [--] Week [---------] +1.30% - [--] Month [---------] +5.80% - [--] Months [---------] +8.60% - [--] Year [---------] +9.50% ### CreatorRank: [------] [#](/creator/twitter::209811713/influencer_rank)  ### Social Influence **Social category influence** [technology brands](/list/technology-brands) 28.29% [stocks](/list/stocks) #4431 [countries](/list/countries) 10.08% [social networks](/list/social-networks) 5.04% [finance](/list/finance) 3.1% [cryptocurrencies](/list/cryptocurrencies) 1.55% **Social topic influence** [ai](/topic/ai) #2384, [$googl](/topic/$googl) #852, [microsoft](/topic/microsoft) #293, [systems](/topic/systems) #267, [crypto](/topic/crypto) #1950, [data](/topic/data) 3.88%, [tools](/topic/tools) #805, [china](/topic/china) 3.49%, [telegram](/topic/telegram) #386, [hidden](/topic/hidden) 3.1% **Top accounts mentioned or mentioned by** [@jackgoesvirtual](/creator/undefined) [@intelligencer41](/creator/undefined) [@securedotcom](/creator/undefined) [@ababino](/creator/undefined) [@kindnessuae](/creator/undefined) [@grok](/creator/undefined) [@huntresslabs](/creator/undefined) [@talossecurity](/creator/undefined) [@sanarsh11](/creator/undefined) [@transcrypts_](/creator/undefined) [@paliraj94187](/creator/undefined) [@dcicybersecnews](/creator/undefined) [@bteater51](/creator/undefined) [@_reverseai_](/creator/undefined) [@anantnetratech](/creator/undefined) [@activestates](/creator/undefined) [@orchidsecurity](/creator/undefined) [@watchtowrlabs](/creator/undefined) [@ethicalhack3r](/creator/undefined) [@cisagov](/creator/undefined) **Top assets mentioned** [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Microsoft Corp. (MSFT)](/topic/microsoft) [SolarWinds Corporation Common Stock (SWI)](/topic/$swi) [Zscaler Inc (ZS)](/topic/$zs) [Solana (SOL)](/topic/solana) ### Top Social Posts Top posts by engagements in the last [--] hours "Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent Quick Share flaw CVE-2024-10668 bypasses earlier fixes enabling DoS or unauthorized file delivery" [X Link](https://thehackernews.com/2025/04/google-patches-quick-share.html) 2025-04-03T08:21Z 1M followers, 24.1K engagements "Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via SAML abuse" [X Link](https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html) 2026-01-23T12:31Z 1M followers, 20.7K engagements "Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS crypto and developer data" [X Link](https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html) 2026-02-02T05:08Z 998.1K followers, 46.8K engagements "Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited Security Updates Released Ivanti released fixes for two actively exploited EPMM zero-day RCE flaws including CVE-2026-1281 added to CISAs KEV affecting versions before 12.8" [X Link](https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html) 2026-01-30T04:47Z 997.8K followers, 53.7K engagements "SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass SolarWinds fixed six Web Help Desk vulnerabilities including four critical flaws that allow unauthenticated remote code execution" [X Link](https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html) 2026-01-29T09:01Z 1M followers, 12.4K engagements "Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk" [X Link](https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html) 2026-02-04T07:12Z 993K followers, [--] engagements "Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos Microsoft confirms a 3-phase strategy to deprecate NTLM improve auditing prioritize Kerberos and disable NTLM by default in future Windows releases" [X Link](https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html) 2026-02-02T16:06Z 1M followers, 14.2K engagements "Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP Critical Apache HugeGraph vulnerability exploited in the wild. Urgent update required to prevent remote code execution attacks. Patch now available" [X Link](https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html) 2026-02-06T22:05Z 1M followers, [--] engagements "Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations Arctic Wolf reports automated attacks on FortiGate devices abusing FortiCloud SSO flaws to change firewall settings and steal configurations" [X Link](https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html) 2026-01-22T06:12Z 997.5K followers, 11.1K engagements "⚡ Weekly Recap: Firewall Flaws AI-Built Malware Browser Traps Critical CVEs & More Weekly cybersecurity recap covering emerging threats fast-moving attacks critical flaws and key security developments you need to track this week" [X Link](https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html) 2026-01-26T14:08Z 992.3K followers, 34.8K engagements "CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation urging organizations to apply patches" [X Link](https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html) 2026-01-24T08:10Z 994.2K followers, 38.2K engagements "China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since [----] Experts details PeckBirdy a JavaScript C2 framework used since [----] by China-aligned attackers to spread malware via fake updates & web injections" [X Link](https://thehackernews.com/2026/01/china-linked-hackers-have-used.html) 2026-01-27T09:04Z 995.7K followers, 16K engagements "Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access Experts uncovered malicious Chrome extensions that replace affiliate links exfiltrate data and steal ChatGPT authentication tokens from users" [X Link](https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html) 2026-01-30T13:47Z 1M followers, 22.9K engagements "Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run arbitrary code" [X Link](https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html) 2026-01-28T12:44Z 1M followers, 18.3K engagements "Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions Cybercriminals exploit Grok to bypass X ad protections spreading malware via hidden links amplified to millions" [X Link](https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html) 2025-08-16T05:35Z 1M followers, 38.4K engagements "Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware giving attackers persistent remote access to developer syst" [X Link](https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html) 2026-01-28T17:48Z 1M followers, 17.8K engagements "Ex-Google Engineer Convicted for Stealing [----] AI Trade Secrets for China Startup A U.S. jury convicted a former Google engineer of stealing over [----] AI trade secret documents to benefit China-linked companies DOJ says" [X Link](https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html) 2026-01-30T07:39Z 1M followers, 26.3K engagements "When Cloud Outages Ripple Across the Internet Cloud outages expose identity systems as critical failure points turning infrastructure disruptions into major business continuity risks" [X Link](https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html) 2026-02-03T11:36Z 996.5K followers, [----] engagements "New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands Critical n8n flaw CVE-2025-68668 allows authenticated users to run system commands via workflows; affects versions 1.0.0 to before 2.0.0 fixed in 2.0" [X Link](https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html) 2026-01-06T05:13Z 999.5K followers, 22.7K engagements "eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware Attackers breached eScan antivirus update infrastructure to push malicious updates deploying persistent malware on enterprise and consumer systems" [X Link](https://thehackernews.com/2026/02/escan-antivirus-update-servers.html) 2026-02-02T06:02Z 995.4K followers, [--] engagements "ThreatsDay Bulletin: Codespaces RCE AsyncRAT C2 BYOVD Abuse AI Cloud Intrusions & 15+ Stories ThreatsDay Bulletin: Key cyber updates on ransomware cloud intrusions phishing botnets supply-chain risks and nation-state threat activity" [X Link](https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html) 2026-02-05T13:05Z 1M followers, 63K engagements "Russian ELECTRUM Tied to December [----] Cyber Attack on Polish Power Grid Dragos attributes a December [----] Polish grid attack to ELECTRUM disrupting [--] DER sites without outages but damaging OT" [X Link](https://thehackernews.com/2026/01/russian-electrum-tied-to-december-2025.html) 2026-01-28T16:16Z 993.2K followers, 10.1K engagements "Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies block admin controls and hijack sessions for account takeover" [X Link](https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html) 2026-01-16T14:11Z 994.5K followers, 13.2K engagements "Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution A critical vm2 Node.js vulnerability (CVE-2026-22709 CVSS 9.8) allows sandbox escape via Promise handler bypass" [X Link](https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html) 2026-01-28T14:07Z 1M followers, 11.9K engagements "Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps Study of 100+ energy OT sites reveals unpatched devices flat networks and hidden assets with critical issues detected within minutes" [X Link](https://thehackernews.com/2026/01/survey-of-100-energy-systems-reveals.html) 2026-01-29T15:58Z 1M followers, [----] engagements "DarkSpectre Browser Extension Campaigns Exposed After Impacting [---] Million Users Worldwide A China-linked threat actor used malicious browser extensions over seven years to steal data and corporate intelligence from Chrome Edge and Firefox" [X Link](https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html) 2025-12-31T16:19Z 1M followers, 17.7K engagements "The Buyer’s Guide to AI Usage Control AI adoption is surging but enterprises lack visibilityAI Usage Control enables real-time governance of interactions and risks" [X Link](https://thehackernews.com/2026/02/the-buyers-guide-to-ai-usage-control.html) 2026-02-05T11:49Z 996.5K followers, [--] engagements "China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking Malware Delivery China-linked DKnife framework uses router-level AitM implants for traffic hijacking credential theft and malware delivery targeting edge devices" [X Link](https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html) 2026-02-06T14:57Z 1M followers, [----] engagements "Trend Micro Apex Central RCE Flaw Scores [---] CVSS in On-Prem Windows Versions Trend Micro patched a critical Apex Central on-prem Windows flaw (CVE-2025-69258) with CVSS [---] that allows remote code execution if access exists" [X Link](https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html) 2026-01-09T10:01Z 1M followers, 14.7K engagements "GootLoader Malware Uses [-------] Concatenated ZIP Archives to Evade Detection GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via Windows default extractor" [X Link](https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html) 2026-01-16T18:04Z 993.1K followers, 13.9K engagements "Matrix Push C2 Uses Browser Notifications for Fileless Cross-Platform Phishing Attacks Matrix Push C2 abuses browser notifications for fileless cross-platform phishing while Velociraptor misuse rises after a Windows Server flaw" [X Link](https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html) 2025-11-22T07:10Z 998.7K followers, 149.3K engagements "Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server Warlock ransomware breached SmarterTools via unpatched SmarterMail exploiting critical flaws to access Windows systems and deploy encryption payloads" [X Link](https://thehackernews.com/2026/02/warlock-ransomware-breaches.html) 2026-02-10T11:30Z 1M followers, [--] engagements "Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities Pakistan-linked hackers targeted Indian government entities using phishing Google services Golang malware and GitHub-based command-and-control" [X Link](https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html) 2026-01-27T16:46Z 1M followers, 13.4K engagements "⚡ Weekly Recap: AI Skill Malware 31Tbps DDoS Notepad++ Hack LLM Backdoors and More This weeks cyber recap covers AI risks supply-chain attacks major breaches DDoS spikes and critical vulnerabilities security teams must track" [X Link](https://thehackernews.com/2026/02/weekly-recap-ai-skill-malware-31tbps.html) 2026-02-09T13:55Z 1M followers, [--] engagements "Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed private meeting data" [X Link](https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html) 2026-01-19T17:22Z 993.5K followers, 113.4K engagements "Two Firms That Plotted Against WikiLeaks Finally Apologize Two Firms That Plotted Against WikiLeaks Finally Apologize Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities" [X Link](https://thehackernews.com/2011/02/two-firms-that-plotted-against.html) 2026-02-05T19:25Z 997.2K followers, [--] engagements "Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected Fortinet released updates for an actively exploited FortiOS SSO authentication bypass flaw CVE-2026-24858 now listed by CISA in KEV" [X Link](https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html) 2026-01-28T04:53Z 1M followers, 16K engagements "Rogue NuGet Package Poses as Tracer.Fody Steals Cryptocurrency Wallet Data A fake NuGet package mimicking Tracer.Fody stayed online for years stealing Stratis wallet files and passwords from Windows systems" [X Link](https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html) 2025-12-16T15:43Z 1M followers, 10.8K engagements "Researchers Find [------] Publicly Exposed Ollama AI Servers Across [---] Countries Over [------] publicly exposed Ollama AI servers across [---] countries with many enabling tool calling that allows code execution and LLMjacking abuse" [X Link](https://thehackernews.com/2026/01/researchers-find-175000-publicly.html) 2026-01-29T18:39Z 1M followers, 15.6K engagements "Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi Zero-click AirPlay vulnerabilities exposed in March [----] could let malware spread across networks undetected" [X Link](https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html) 2025-05-05T17:07Z 1M followers, 38.2K engagements "GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware GeoServer vulnerability exploited to deliver malware botnets and backdoors affecting global IT government and telecom sectors" [X Link](https://thehackernews.com/2024/09/geoserver-vulnerability-targeted-by.html) 2024-09-06T15:16Z 991.9K followers, [----] engagements "Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions Google releases critical Chrome update patching zero-day CVE-2025-10585 discovered Sept [--] to block active V8 JavaScript engine exploits worldwide" [X Link](https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html) 2025-09-18T05:51Z 999.5K followers, 145.2K engagements "Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution Apache OFBiz vulnerability CVE-2024-45195 patched preventing unauthenticated remote code execution on Linux and Windows" [X Link](https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html) 2024-09-06T05:22Z 994.3K followers, 11.8K engagements "How Samsung Knox Helps Stop Your Network Security Breach Discover how Samsung Knox enhances mobile network security with granular controls Zero Trust principles & seamless integration for a safer enterprise" [X Link](https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html) 2026-02-06T10:43Z 1M followers, [----] engagements "Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials browser data and cryptocurrency wallets on Windows" [X Link](https://thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html) 2026-01-20T20:16Z 1M followers, [---] engagements "Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App North Korean group Kimsuky uses QR code phishing sites posing as CJ Logistics to spread DocSwap Android malware with RAT capabilities" [X Link](https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html) 2025-12-18T07:45Z 1M followers, [----] engagements "Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day CVE-2026-21509 a security feature bypass flaw" [X Link](https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html) 2026-01-27T07:21Z 998.5K followers, 117.3K engagements "Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware A multi-stage phishing campaign targeting Russia abuses GitHub and Dropbox to disable Microsoft Defender and deploy Amnesia RAT and ransomware" [X Link](https://thehackernews.com/2026/01/multi-stage-phishing-campaign-targets.html) 2026-01-24T11:09Z 1M followers, 15.9K engagements "Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution CVE-2025-22604 in Cacti (CVSS 9.1) enables authenticated attackers to execute remote code. Upgrade to version 1.2.29 to mitigate the critical flaw" [X Link](https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html) 2025-01-29T10:21Z 995.2K followers, 19.3K engagements "SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers Microsoft links SolarWinds WHD exploits to RCE lateral movement and domain compromise in multi-stage attacks" [X Link](https://thehackernews.com/2026/02/solarwinds-web-help-desk-exploited-for.html) 2026-02-09T15:11Z 1M followers, [---] engagements "North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware OtterCookie v5 merges BeaverTail features with new keylogging and blockchain-based C2 tactics" [X Link](https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html) 2025-10-17T13:33Z 998.8K followers, 44.6K engagements "Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models Microsoft develops a lightweight scanner that detects backdoors in open-weight LLMs using three behavioral signals improving AI model security and tr" [X Link](https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.html) 2026-02-04T18:56Z 997.2K followers, [---] engagements "Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Iran-linked RedKitten uses malicious Excel files AI-generated macros and cloud services to spy on human rights NGOs and activists" [X Link](https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html) 2026-01-31T12:03Z 998.9K followers, 11.4K engagements "Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments Hackers exploit NFC technology and mobile payments enabling global fraud through Google Pay and Apple Pay" [X Link](https://thehackernews.com/2024/11/ghost-tap-hackers-exploiting-nfcgate-to.html) 2024-11-20T13:09Z 1M followers, 28.7K engagements "40000 Attacks in [--] Days: Critical Confluence RCE Under Active Exploitation Hackers are actively exploiting a critical Atlassian Confluence flaw (CVE-2023-22527) within days of its reveal" [X Link](https://thehackernews.com/2024/01/40000-attacks-in-3-days-critical.html) 2026-02-06T16:15Z 998.8K followers, [--] engagements "Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat A new PHALT#BLYX campaign targets European hotels using fake Booking.com emails ClickFix lures PowerShell and MSBuild to deploy DCRat malware" [X Link](https://thehackernews.com/2026/01/fake-booking-emails-redirect-hotel.html) 2026-01-06T17:29Z 1M followers, 28.1K engagements "Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic Microsofts Whisper Leak shows encrypted AI chats can secretly reveal user topics through subtle traffic patterns" [X Link](https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html) 2025-11-08T14:31Z 1M followers, 102.8K engagements "⚡ Weekly Recap: Proxy Botnet Office Zero-Day MongoDB Ransoms AI Hijacks & New Threats This weeks cybersecurity recap highlights key attacks zero-days and patches to keep you informed and secure" [X Link](https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html) 2026-02-02T13:22Z 1M followers, 10.2K engagements "Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends Infy hackers revived operations post-Iran blackout deploying Tornado malware Telegram C2 and WinRAR exploits" [X Link](https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html) 2026-02-05T10:29Z 1M followers, [----] engagements "Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas A critical Grist-Core flaw (CVE-2026-24002 CVSS 9.1) allows remote code execution through malicious formulas when Pyodide sandboxing is enabled" [X Link](https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html) 2026-01-27T10:38Z 996.3K followers, 11.1K engagements "Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks China-linked Mustang Panda used updated COOLCLIENT malware in [----] espionage to steal data from government and telecom targets across Asia and Russia" [X Link](https://thehackernews.com/2026/01/mustang-panda-deploys-updated.html) 2026-01-28T12:22Z 1M followers, [----] engagements "⚠ Update: Contagious Interview now uses OtterCandy a Node.js RAT + info-stealer tied to North Korean actors. Hides in npm/supply-chain lures uses socket.io C2 to steal browser passwords & crypto wallets. v2 adds Suiet/Trust/Rabby harvesting + Windows registry wipes. Read https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html" [X Link](https://x.com/TheHackersNews/status/1979795173694439702) 2025-10-19T06:22Z 1M followers, 23.6K engagements "🚨 Hackers found a new way to phish through browser notifications. A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal Netflix or TikTok. No downloads. No malware file. Just one click and your datas theirs. Learn more https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html" [X Link](https://x.com/TheHackersNews/status/1992128573902389635) 2025-11-22T07:10Z 998.7K followers, 107.8K engagements "💰 A fake NuGet package stole crypto wallets for more than five years. It copied a popular .NET tracing library and hid as a normal dependency. One extra letter in the author name led to about [----] downloads since [----]. It exfiltrated Stratis wallet JSON files and passwords to a Russian IP. 🔗 Read: https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html" [X Link](https://x.com/TheHackersNews/status/2000954995722821872) 2025-12-16T15:43Z 1M followers, 10.7K engagements "North Korealinked Kimsuky has been tied to a new Android malware campaign. The group is spreading a fresh DocSwap variant through QR codes on fake CJ Logistics sites. Once installed the app deploys a full RAT with access to messages calls files audio and camera. 🔗 Read analysis here https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html" [X Link](https://x.com/TheHackersNews/status/2001559399970804006) 2025-12-18T07:45Z 1M followers, [----] engagements "🚨 Trend Micro patched a critical flaw in on-prem Apex Central for Windows that can lead to SYSTEM-level code execution. CVE-2025-69258 (CVSS 9.8) allows a remote unauthenticated attacker with endpoint access to load a malicious DLL via MsgReceiver.exe. On-prem builds below [----] are affected. 🔗 Details https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html" [X Link](https://x.com/TheHackersNews/status/2009566225899077715) 2026-01-09T10:01Z 1M followers, 12.3K engagements "🚨 Researchers uncovered [--] malicious Chrome extensions masquerading as HR/ERP tools like Workday and NetSuite. They exfiltrate auth cookies and suppress access to security and admin pages via DOM manipulation. 🔗 Details here https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html" [X Link](https://x.com/TheHackersNews/status/2012165892571046254) 2026-01-16T14:11Z 994.5K followers, 11.3K engagements "🚨 Researchers found an indirect prompt injection flaw abusing Google Gemini via calendar invites. A hidden prompt in an event could trigger Gemini when asked about a schedule to summarize private meetings into a new calendar entryvisible to attackers in some enterprise setups. No user action required. 🔗 Read https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html" [X Link](https://x.com/TheHackersNews/status/2013301057523441720) 2026-01-19T17:22Z 993.4K followers, 113.1K engagements "🚨 Uncharted: The AI Safety & Security Summit hosted by Fuel iX. Hidden vulnerabilities and compliance challenges are emerging faster than ever. Access [--] expert-led sessions and a comprehensive report revealing risks in [--] generative AI models. 🔒 Uncover hidden dangers in frontier AI models ⚖ Learn legal frameworks balancing innovation with responsibility 🛡 Get proactive defense strategies from top CISOs 📄 Receive a detailed report on vulnerabilities and actionable strategies Access it now on-demand: https://thn.news/ai-summit-insights https://thn.news/ai-summit-insights" [X Link](https://x.com/TheHackersNews/status/2013598921269063725) 2026-01-20T13:06Z 1M followers, 43.1K engagements "🚨 Fortinet FortiGate under automated SSO abuse. Attackers exploit CVE-2025-59718/59719 to add admin users enable VPN access and export firewall configs within seconds per Arctic Wolf. 🔗 Learn whats happening and what to disable https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html" [X Link](https://x.com/TheHackersNews/status/2014219542931910906) 2026-01-22T06:12Z 997.5K followers, [----] engagements "🚨 Fortinet confirms active exploitation of CVE-2025-59718 / [-----] allowing FortiGate FortiCloud SSO bypass even on fully patched devices. Attackers abuse crafted SAML logins to gain admin access add persistent accounts enable VPN and steal configs. Disabling FortiCloud SSO is advised. 🔗 Details https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html" [X Link](https://x.com/TheHackersNews/status/2014677477956972938) 2026-01-23T12:31Z 997.7K followers, 17.5K engagements "🚨 CISA confirms active exploitation of a critical VMware vCenter Server flaw. CVE-2024-37079 allows remote code execution via a DCE/RPC heap overflow if an attacker has network access. 🔗 Details https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html" [X Link](https://x.com/TheHackersNews/status/2014974110988894569) 2026-01-24T08:10Z 994.2K followers, 34.1K engagements "⚠ A single spreadsheet formula can now lead to full server takeover in Grist-Core. The flaw CVE-2026-24002 (CVSS 9.1) breaks out of the Pyodide sandbox letting attackers run OS commands and access files and secrets. 🔗 Read https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html" [X Link](https://x.com/TheHackersNews/status/2016098414359150928) 2026-01-27T10:38Z 996.2K followers, [----] engagements "Indian government networks were targeted in two cyber campaigns linked to a Pakistan-based actor. Tracked by Zscaler as Gopher Strike and Sheet Attack the key tactic was India-only malware delivery filtered by IP and Windows systems to evade analysis. 🔗 Attack chain and tools explained https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html" [X Link](https://x.com/TheHackersNews/status/2016191123358941341) 2026-01-27T16:46Z 1M followers, 12.9K engagements "🔧 Fortinet issues patch update for actively exploited FortiOS SSO flaw. The fix addresses CVE-2026-24858 (CVSS 9.4) an SSO authentication bypass that can allow cross-tenant device access when FortiCloud SSO is enabled. CISA has added the issue to its KEV list setting a Jan [--] remediation deadline. 🔗 Details https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html" [X Link](https://x.com/TheHackersNews/status/2016374062818443536) 2026-01-28T04:53Z 998K followers, 10.3K engagements "🐍 Malicious PyPI spellchecker packages shipped a Python RAT. The payload was hidden in a dictionary file stayed dormant then executed after an update. spellcheckpy v1.2.0 activated it turning a simple import into remote access. 🔗 Read https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html" [X Link](https://x.com/TheHackersNews/status/2016451513103892874) 2026-01-28T10:01Z 1M followers, [----] engagements "⚠ n8n disclosed two sandbox escape flaws that let authenticated users seize control of automation servers. One issue is rated CVSS [---] and enables full RCE. Risk is higher in internal execution mode which n8n already advises against. 🔗 Details https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html" [X Link](https://x.com/TheHackersNews/status/2016492682294841524) 2026-01-28T12:44Z 995.5K followers, 10.9K engagements "🚨 A critical flaw in the vm2 Node.js library lets attackers escape the sandbox and run code on the host system. Tracked as CVE-2026-22709 (CVSS 9.8) the issue stems from improper Promise handler sanitization. 🔗 How the flaw works https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html" [X Link](https://x.com/TheHackersNews/status/2016513566954918354) 2026-01-28T14:07Z 1M followers, [----] engagements "🚨 Fake VS Code extension abused #Moltbots name to deliver remote access malware. It posed as an AI assistant despite Moltbot having no official VS Code plugin. Once installed it auto-ran on IDE launch and dropped ScreenConnect for persistent remote control. 🔗 Read https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html" [X Link](https://x.com/TheHackersNews/status/2016569015926493467) 2026-01-28T17:48Z 997.9K followers, 17K engagements "🚨 Fake ChatGPT Chrome add-on stole 459+ API keys: Keys sent to Telegram after logout or chat delete. Hidden Google access raised the real stakes. https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#::text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#::text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts" [X Link](https://x.com/TheHackersNews/status/2016824506661425293) 2026-01-29T10:43Z 992.1K followers, 22.4K engagements "⚠ Researchers map 175K publicly exposed Ollama LLM servers worldwide. Tool-calling turns exposed AI into a highest-severity execution risk. Full details: https://thehackernews.com/2026/01/researchers-find-175000-publicly.html https://thehackernews.com/2026/01/researchers-find-175000-publicly.html" [X Link](https://x.com/TheHackersNews/status/2016944276861755808) 2026-01-29T18:39Z 997.1K followers, 10.1K engagements "🔐 WARNING: Ivanti fixes exploited EPMM zero-days with CVSS [---] severity. Exploits enable code execution persistence and access to sensitive device data. Federal agencies face KEV deadlines; temporary patches dont persist across upgrades. Read https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html" [X Link](https://x.com/TheHackersNews/status/2017097266616844424) 2026-01-30T04:47Z 997.8K followers, 53.6K engagements "⚠ SmarterMail fixed a critical unauthenticated RCE in its email server software. The flaw CVE-2026-24423 (CVSS 9.3) lets attackers execute OS commands via a crafted remote server. It affects builds before [----]. 🔗 Fixed builds and attack mechanics https://thehackernews.com/2026/01/smartermail-fixes-critical.html https://thehackernews.com/2026/01/smartermail-fixes-critical.html" [X Link](https://x.com/TheHackersNews/status/2017133665302798502) 2026-01-30T07:11Z 995.6K followers, [----] engagements "The FBI has seized the RAMP cybercrime forum shutting down its Tor site and clearnet domain with DOJ coordination. Threat actors are already migrating to other platforms underscoring how fast the underground re-forms after takedowns. 🔗 Read https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown" [X Link](https://x.com/TheHackersNews/status/2017167395660694006) 2026-01-30T09:25Z 993.3K followers, [----] engagements "🛑 Chrome extensions are being abused at scale. Researchers uncovered tools that hijack affiliate links scrape shopping data steal ChatGPT login tokens and even deliver phishing pageswhile passing official store reviews. 🔗 Learn more about the affiliate fraud AI token theft and the browser as attack surface https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html" [X Link](https://x.com/TheHackersNews/status/2017233141791125605) 2026-01-30T13:47Z 1M followers, 20.7K engagements "🛑 A suspected Iran-aligned campaign targets NGOs and individuals documenting human rights abuses. HarfangLab tracks the activity as RedKitten using Excel files themed around deceased protesters to deliver malware. The tooling relies on GitHub Google Drive and Telegram for configuration and control with indicators suggesting parts of the code may be LLM-assisted. 🔗 Read https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html" [X Link](https://x.com/TheHackersNews/status/2017569442901930123) 2026-01-31T12:03Z 995.8K followers, 11.1K engagements "📱 Apple is testing a new iOS setting that reduces how precisely cellular networks can 📍 locate your device. Limit Precise Location restricts location data to a broad area instead of an exact address. 🔗 Learn how the setting works and where its available https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced" [X Link](https://x.com/TheHackersNews/status/2017830893642256520) 2026-02-01T05:22Z 995.4K followers, 24.3K engagements "⚠ WARNING: A supply chain attack spread malware via trusted VS Code extensions on Open VSX. Attackers hijacked a real developer account and pushed GlassWorm through four existing tools. 22000+ installs happened before removal. 🔗 Read https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html" [X Link](https://x.com/TheHackersNews/status/2018189816903692463) 2026-02-02T05:08Z 998.1K followers, 46.8K engagements "What if the hardest vulnerability to patch is self-doubt ICS environments are unforgiving. Responders cant afford hesitationbut they also can't ignore it. In ICS410 Justin Searle helps practitioners move from doubt to decisive action grounded in technical precision and OT situational awareness. Register for ICS410 at SANS Surge [----] (Feb 2328) and train live with Justin: #SCADA #ICS410 #OTincidentresponse #SANSLiveTraining https://thn.news/sans-surge-26 https://thn.news/sans-surge-26" [X Link](https://x.com/TheHackersNews/status/2018309877639295434) 2026-02-02T13:05Z 998.2K followers, 11.3K engagements "⚡ Microsoft will phase out NTLM in Windows through a three-step plan. Deprecated in June [----] NTLM remains widely used despite known security flaws. NTLM will be disabled by default in a future Windows release with Kerberos becoming the standard. 🔗 dtails https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html" [X Link](https://x.com/TheHackersNews/status/2018355361364000909) 2026-02-02T16:06Z 1M followers, 14.2K engagements "🔥 A high-severity RCE flaw in OpenClaw lets attackers take over the local agent with a single click. A crafted link can steal a gateway token via unvalidated WebSocket origins enabling full command execution even on localhost-only setups through the users browser. 🔗 Details and attack chain https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html" [X Link](https://x.com/TheHackersNews/status/2018362651102085353) 2026-02-02T16:35Z 1M followers, 29.9K engagements "🚨 China-linked Lotus Blossom compromised Notepad++ hosting infrastructure to hijack update traffic and deliver the Chrysalis backdoor Rapid7 reports. The issue affected older versions and was fixed with version 8.8.9 in December [----]. 🔗 Read https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html" [X Link](https://x.com/TheHackersNews/status/2018551195179335731) 2026-02-03T05:04Z 997.9K followers, 55.7K engagements "🕸 Exposed C2 server showed a complete BYOB botnet in the open 🧠 Droppers loaders and RATs for Windows Linux and macOS were publicly accessible revealing a multi-stage chain for evasion persistence and control. Crypto miners were also hosted. 🔗 Read https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#::text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#::text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure" [X Link](https://x.com/TheHackersNews/status/2018586411239371217) 2026-02-03T07:24Z 1M followers, [----] engagements "🔐 Major cloud outages didnt just break appsthey broke access. When shared cloud services fail identity systems fail too even if the IdP is running. Authentication depends on databases DNS and control planes. 🔗 How cloud outages cascade into identity failures https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html" [X Link](https://x.com/TheHackersNews/status/2018649704582553617) 2026-02-03T11:36Z 996.5K followers, [----] engagements "⚠ A critical flaw in Dockers Ask Gordon AI let container metadata execute real commands. A single malicious Docker LABEL could pass through the MCP gateway and run tools with user privileges. Fixed in version 4.50.0. 🔗 DockerDash details https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html" [X Link](https://x.com/TheHackersNews/status/2018727226968363333) 2026-02-03T16:44Z 995.4K followers, [----] engagements "🚨We tested [--] leading GenAI models for security vulnerabilities. All [--] failed. Attack success rates ranged from 1.13% to 64.13%. Every model demonstrated exploitable flaws that could turn AI systems into attack vectors. Key findings: - [--] frontier models tested - Hundreds of vulnerabilities found - 100% failure rate - Up to 64% attack success As GenAI transforms industries these results reveal a critical safety & security gap. Traditional security methods can't address the probabilistic nature of AI systems. Our report includes: ✅ Security profiles of all [--] models ✅ Analysis of the AI" [X Link](https://x.com/TheHackersNews/status/2019039164096983472) 2026-02-04T13:23Z 1M followers, [----] engagements "⚠ Attackers are hijacking live web traffic by weaponizing NGINX configs linked to React2Shell exploitation. Rogue proxy rules silently reroute user sessions through attacker infrastructureimpacting 🏛 gov 🎓edu and Asian 🌏 TLD sites. 🔗 Details https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html" [X Link](https://x.com/TheHackersNews/status/2019274400747647131) 2026-02-05T04:58Z 1M followers, [----] engagements "Passwords are sliding into legacy status. Passkeys AI governance and verifiable credentials are scaling as identity shifts to real-time trust per Rex Booth SailPoint. 🔐 [--] predictions reshaping identity security https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html" [X Link](https://x.com/TheHackersNews/status/2019319850531975278) 2026-02-05T07:59Z 1M followers, [----] engagements "💻 Iran-linked APT Infy paused C2 ops during Irans Jan internet blackout then rebuilt infrastructure as access returned. Timing ties activity to state network controls. Latest malware uses Telegram + HTTP for dual-channel C2. 🔗 Timeline tooling evolution infra rebuild https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html" [X Link](https://x.com/TheHackersNews/status/2019357681690063219) 2026-02-05T10:29Z 1M followers, [----] engagements "📦⚠ Is your container adoption outpacing your security maturity Youre not alone. @ActiveState's [----] State of Vulnerability Management & Remediation Report found 82% of DevSecOps leaders experienced a container-related breach last year and 87% expect one in [----]. Learn how to close the remediation gap and the role AI will play in securing your stack by [----]. 📥 Download the report https://thn.news/container-sec-guide https://thn.news/container-sec-guide" [X Link](https://x.com/TheHackersNews/status/2019392282466935019) 2026-02-05T12:46Z 1M followers, [----] engagements "🚨 ThreatsDay Bulletin is live. Watch out for dozens of critical signals showing where attacks are heading next. Codespaces RCE AI cloud intrusion AsyncRAT C2 BYOVD abuse .and 15+ more stories. All updates in one place https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html" [X Link](https://x.com/TheHackersNews/status/2019396866639847772) 2026-02-05T13:05Z 1M followers, 58.1K engagements "💻 Access & Persistence Sandbox escape RMM deployment SCR malware Credential theft Voicemail lure access SimpleHelp remote control Supply-chain config abuse Public bucket creds" [X Link](https://x.com/TheHackersNews/status/2019396869785616403) 2026-02-05T13:05Z 997.2K followers, [----] engagements "🌐 Infra & Ops SystemBC botnet DDoSia ops Crypto drainers ClickFix framework ErrTraffic TDS Botnet proxy layers Infra key reuse VPS hosting clusters" [X Link](https://x.com/TheHackersNews/status/2019396872771883095) 2026-02-05T13:05Z 1M followers, [----] engagements "🛰 Threat Actors & Campaigns Lazarus Nordics Typhoon overlap APT36 startups ShadowSyndicate infra Ransomware CVE surge Crimson RAT lures Crypto scam affiliates Strategic DDoS arrests Entire bulletin here https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html" [X Link](https://x.com/TheHackersNews/status/2019396875884150828) 2026-02-05T13:05Z 1M followers, [----] engagements "AI is foundational for security teams but operational relief still feels out of reach. Tines just launched Voice of Security [----] based on insights from 1800+ security leaders and practitioners. The data shows why workloads remain high and what it takes to unlock real AI impact 👇 https://thn.news/security-insights-24-x https://thn.news/security-insights-24-x" [X Link](https://x.com/TheHackersNews/status/2019411355040903509) 2026-02-05T14:02Z 1M followers, [----] engagements "🛡 Turn intel into action with a 6-stage Threat-Informed Defense pipeline. Map adversary TTPs simulate attacks validate controls and prioritize fixes that reduce real risk. 🔗 Download Guide (Framework steps + tooling) https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/ https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/" [X Link](https://x.com/TheHackersNews/status/2019721890265522535) 2026-02-06T10:36Z 1M followers, [----] engagements "🔐📱🔎 Enterprise security wasnt designed for mobile behavior. Devices move between corporate and public networks while handling sensitive data. Knox Firewall enforces per-app network controls restricting traffic by IP/domain with detailed access logs for investigations. 🔗 App rules traffic visibility logging depth https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html" [X Link](https://x.com/TheHackersNews/status/2019735324075913444) 2026-02-06T11:30Z 1M followers, [----] engagements "Cisco Talos exposed DKnife a China-linked AitM framework active since [----] on compromised routers and edge devices. It monitors traffic steals credentials and hijacks app/software updates to deploy ShadowPad and DarkNimbus on PCs and phones. 🔗 Modules and infection chain https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html" [X Link](https://x.com/TheHackersNews/status/2019787476748181656) 2026-02-06T14:57Z 1M followers, [----] engagements "To celebrate the ultimate partnership this Valentines Day @OrchidSecurity is sharing our "Security Sweetheart" candies. These aren't your typical grocery store hearts they are designed for the unique bond between the IAM + CISO. The Security Sweetheart Collection 🍬 Which one would you send to your security "other half" SSO [--] EVA: Because true love means only having to log in once. AUDIT ME: Total transparency is the foundation of any healthy relationship. NO SILOS: Breaking down walls is our love language. ZERO TRUST: It sounds harsh but in security its the ultimate form of devotion. MFA ME:" [X Link](https://x.com/TheHackersNews/status/2020823062380486678) 2026-02-09T11:32Z 1M followers, [----] engagements "Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows Critical n8n vulnerability CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data" [X Link](https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html) 2026-02-05T06:23Z 1M followers, 21.1K engagements "9 Identity Security Predictions for [----] Nine identity security predictions for [----] covering AI governance passwordless access decentralized identity IoT and post-quantum cryptography" [X Link](https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html) 2026-02-05T07:59Z 1M followers, 16.7K engagements "APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe" [X Link](https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html) 2026-02-03T09:13Z 1M followers, 22.5K engagements "ThreatsDay Bulletin: New RCEs Darknet Busts Kernel Bugs & 25+ More Stories Weekly ThreatsDay Bulletin with concise updates on cyber attacks exploits scams arrests and emerging security risks" [X Link](https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html) 2026-01-29T13:04Z 1M followers, 73.8K engagements "ThreatsDay Bulletin: AI Prompt RCE Claude 0-Click RenEngine Loader Auto 0-Days & 25+ Stories This weeks cybersecurity roundup covering emerging attacks malware trends infrastructure abuse and evolving intrusion activity" [X Link](https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html) 2026-02-12T11:52Z 1M followers, 64K engagements "83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure 83% of Ivanti EPMM exploits traced to one IP as automated scans target governments and enterprises" [X Link](https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html) 2026-02-12T07:36Z 1M followers, 12.5K engagements "🛑 CISA orders federal agencies to remove unsupported edge devices within [----] months. Unpatched firewalls routers IoT and perimeter gear are now flagged as prime entry pointsactively exploited by state-backed actors for network access. 🔗 Directive scope deadlines device list https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html" [X Link](https://x.com/TheHackersNews/status/2019769186755727757) 2026-02-06T13:44Z 1M followers, [----] engagements "🛠 Bloody Wolf tied to a spear-phishing campaign deploying NetSupport RAT across Central Asia and Russia. [--] victims across government finance manufacturing. Malicious PDFs drop loaders that persist via scripts + scheduled tasks. 🔗 Details https://thehackernews.com/2026/02/bloody-wolf-targets-uzbekistan-russia.html https://thehackernews.com/2026/02/bloody-wolf-targets-uzbekistan-russia.html" [X Link](https://x.com/TheHackersNews/status/2020814660438573469) 2026-02-09T10:58Z 1M followers, 11.4K engagements "🐧 Researchers uncovered SSHStalker a Linux botnet using IRC for control and mass SSH compromise. It exploits [--] legacy kernel flaws to infect unpatched systems wipes logs and maintains silent persistence. 🔗 Details https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html" [X Link](https://x.com/TheHackersNews/status/2021524467311317495) 2026-02-11T09:59Z 1M followers, 53.3K engagements "🚨 Microsoft Patches [--] Flaws [--] Actively Exploited in the Wild Fixes hit Windows Shell MSHTML Office and Remote Desktop with privilege escalation leading the risk landscape. 🔗 Read Full CVEs exploitation details & patch scope Hey @Grok summarize all six zero-days. https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html" [X Link](https://x.com/TheHackersNews/status/2021531896254025806) 2026-02-11T10:28Z 1M followers, [----] engagements "🤖 One bulletproof-hosted IP drove [---] of [---] Ivanti EPMM exploit attempts. Activity targeted CVSS [---] RCE flaws rotating 300+ user agents while scanning other enterprise platforms in parallel. Signals automated initial-access reconnaissance. 🔗 Read https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html" [X Link](https://x.com/TheHackersNews/status/2021850867188859296) 2026-02-12T07:36Z 1M followers, 12.1K engagements "A new enterprise study shows only 16% of orgs run Continuous Threat Exposure Management (CTEM). Those that do see 50% better attack surface visibility and stronger tooling adoption creating a widening security gap as environments scale. 🔗 Peer benchmarks and risk data breakdown https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html" [X Link](https://x.com/TheHackersNews/status/2021941252506423557) 2026-02-12T13:35Z 1M followers, [----] engagements "⚠ Fake recruiter coding tests pushed poisoned npm & PyPI dependencies to developers. Hidden packages deployed RAT access while separate implants stole browser & crypto wallet data. One library exceeded [-----] downloads before weaponization. 🔗 Read https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html" [X Link](https://x.com/TheHackersNews/status/2021992218232512811) 2026-02-12T16:58Z 1M followers, 12.2K engagements "Early exploitation already hitting BeyondTrust systems. Sharp telemetry from @watchtowrlabs with @ethicalhack3r detailing tradecraft; KEV updates from @CISAgov and threat links flagged by @rapid7 and @DomainTools exposing wider supply-chain risk. CISA adds exploited flaws in @Apple Notepad++ @solarwinds and @Microsoft to KEV catalog" [X Link](https://x.com/TheHackersNews/status/2022231469322555861) 2026-02-13T08:48Z 1M followers, [----] engagements "npm killed long-lived tokens after the Sha1-Hulud attack shifting to short-lived sessions and MFA by default. Security improved but MFA phishing and optional publish protections still leave gaps. Console access can still mean package compromise. 🔗 Where the new model still fails https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html" [X Link](https://x.com/TheHackersNews/status/2022261052050903436) 2026-02-13T10:46Z 1M followers, [----] engagements "⚠ Security firms uncovered coordinated abuse of Chrome extensions across business social and AI tools. From Meta ad accounts to Gmail inboxes attackers used add-ons to scrape data inject payloads and persist inside sessions. 🔗 Read https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html" [X Link](https://x.com/TheHackersNews/status/2022271300946035159) 2026-02-13T11:27Z 1M followers, [----] engagements "Worrying surge in malicious Chrome extensions stealing Meta VK Gmail and browsing data. Great work by @SocketSecurity @LayerxSecurity Koi Security QContinuum" [X Link](https://x.com/TheHackersNews/status/2022272693412954551) 2026-02-13T11:32Z 1M followers, [----] engagements "First Malicious Outlook Add-In Found Stealing 4000+ Microsoft Credentials First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page stealing 4000+ credentials in a supply chain attack" [X Link](https://thehackernews.com/2026/02/first-malicious-outlook-add-in-found.html) 2026-02-11T23:50Z 1M followers, 16K engagements "SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits Researchers uncover SSHStalker an IRC botnet exploiting legacy Linux flaws and SSH servers to build persistent covert access" [X Link](https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html) 2026-02-11T09:59Z 1M followers, 54.1K engagements "Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata Docker patched a critical Ask Gordon AI flaw enabling code execution and data theft via malicious image metadata in version 4.50.0" [X Link](https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html) 2026-02-03T16:44Z 1M followers, 10.5K engagements "The CTEM Divide: Why 84% of Security Programs Are Falling Behind Study of [---] enterprises shows CTEM adopters achieve 50% better attack surface visibility and stronger security outcomes amid rising breach costs" [X Link](https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html) 2026-02-12T10:56Z 1M followers, [----] engagements "Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach redirecting users to malicious downloads since June 2025" [X Link](https://thehackernews.com/2026/02/notepad-official-update-mechanism.html) 2026-02-02T08:59Z 1M followers, 318.9K engagements "Google Links China Iran Russia North Korea to Coordinated Defense Sector Cyber Operations State-backed hackers from China Russia Iran and North Korea target defense contractors using espionage malware hiring scams and edge exploits" [X Link](https://thehackernews.com/2026/02/google-links-china-iran-russia-north.html) 2026-02-13T16:25Z 1M followers, [----] engagements "On February [--] at 9:00 AM PT @Semgrep is hosting its first-ever virtual keynote - Semgrep Secure 2026: Code Security Rebuilt for the AI Era AI is now writing more code than humans and most of it is never reviewed line by line. That reality breaks the assumptions behind traditional AppSec tools which were built for a world where every line of code was human-authored and inspected. This isnt AI added to security. Its security rebuilt for how code is actually created today. Register now and join us live: https://thn.news/semgrep-secure-2026 https://thn.news/semgrep-secure-2026" [X Link](https://x.com/TheHackersNews/status/2021548212465836230) 2026-02-11T11:33Z 1M followers, [----] engagements "🤖🔐 Identity security is shifting from static controls to AI-run decisions. As outlined by SailPoint CISO Rex Booth AI-driven identity governance will automate access in real time replacing manual reviews and standing privileges. Passkeys and decentralized IDs will further reshape authentication. 🔗 [--] forecasts shaping access trust and risk https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html" [X Link](https://x.com/TheHackersNews/status/2021664511363887115) 2026-02-11T19:15Z 1M followers, [----] engagements "🔥 This weeks #ThreatsDayBulletin tracks intrusion tactics spreading across AI tools enterprise apps cloud and vehicles. Pattern: quiet access expanded through trusted systems. 🤖 Prompt abuse code exec 🧩 Loaders staged malware ☁ OAuth/cloud misuse 🛠 Enterprise RCEs 🚗 Auto zero-days 🔗 Full threat roundup https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html" [X Link](https://x.com/TheHackersNews/status/2021915321918243262) 2026-02-12T11:52Z 1M followers, 63.9K engagements "👨🏻💻 @PicusSecurity analyzed 1.1M malware samples to reveal a new era of Silent Residency. Encryption payloads down 38%. 80% of top techniques now focus on evasion. Malware uses trigonometry to bypass sandboxes. The Digital Parasite has arrived. Read the full Red Report 2026: #RedReport2026 #CyberSecurity #ThreatIntel #Malware https://thn.news/red-report-2026 https://thn.news/red-report-2026" [X Link](https://x.com/TheHackersNews/status/2021961883763503511) 2026-02-12T14:57Z 1M followers, [----] engagements "Researchers found the first malicious Microsoft Outlook add-in used in real attacks. Hackers hijacked an abandoned calendar plug-in claimed its expired domain and served a fake Microsoft loginstealing 4000+ credentials. The add-in still had mailbox read/write permissions. 🔗 Learn how. https://thehackernews.com/2026/02/first-malicious-outlook-add-in-found.html https://thehackernews.com/2026/02/first-malicious-outlook-add-in-found.html" [X Link](https://x.com/TheHackersNews/status/2022002083910889562) 2026-02-12T17:37Z 1M followers, 15.7K engagements "⚡ Google tracked multiple state groups using Gemini for vuln research exploit debugging and persona building across cyber operations. One malware strain even generated second-stage code via the API executed filelessly in memory. 🔗 Threat actor tactics malware and AI abuse cases https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html" [X Link](https://x.com/TheHackersNews/status/2022007585889718692) 2026-02-12T17:59Z 1M followers, 14.6K engagements "Sharp findings from @GoogleCloud on AI misuse in real attacks. Also notable research from @HuntressLabs and @praetorianlabs with insights from @stvemillertime and Farida Shafik on how fast adversaries are adapting" [X Link](https://x.com/TheHackersNews/status/2022201373778210983) 2026-02-13T06:49Z 1M followers, [----] engagements "This weeks ThreatsDay bulletin nails how attackers are sticking with quiet misuse of trusted tools for long-term access. Solid breakdowns from @TeamT5_Official (Taiwan APT surge) @cyfirma (LTX & Telegram hijacks) @zscaler (Marco & GuLoader) @HuntressLabs (RMM abuse) @bitdefender (data-theft ransomware) @LayerXSec (Claude RCE) @GreyNoiseIO (Telnet drop) @TalosSecurity (VoidLink) @TenableSecurity (Looker flaws) @Malwarebytes (trojanized 7-Zip). 🔥 This weeks #ThreatsDayBulletin tracks intrusion tactics spreading across AI tools enterprise apps cloud and vehicles. Pattern: quiet access expanded" [X Link](https://x.com/TheHackersNews/status/2022223136364933348) 2026-02-13T08:15Z 1M followers, [----] engagements "Solid new findings from @TalosSecurity and researchers @infosec_nick Aaron Boyd @asheermalhotra @_vventura on VoidLinks stealthy post-compromise playbook. Context from @CheckPointSW and @ontinuemxdr shows how AI-assisted malware frameworks are lowering the barrier for advanced cloud intrusions" [X Link](https://x.com/TheHackersNews/status/2022332360122126594) 2026-02-13T15:29Z 1M followers, [----] engagements "Over [--] Software Vendors Issue Security Fixes Across OS Cloud and Network Platforms Patch Tuesday delivers fixes for [--] Microsoft flaws six exploited zero-days plus critical SAP and Intel TDX vulnerabilities" [X Link](https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html) 2026-02-11T13:31Z 1M followers, [----] engagements "China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign UNC3886 targeted Singapores telecom operators via zero-day exploits rootkits and VMware systems; no customer data breach confirmed" [X Link](https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html) 2026-02-09T17:02Z 1M followers, 12.1K engagements "BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA BeyondTrust fixes CVSS [---] pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; [-----] instances exposed" [X Link](https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html) 2026-02-09T08:04Z 1M followers, [----] engagements "ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security ZAST.AI raised $6M after uncovering hundreds of zero-days and [---] CVEs using AI-generated PoC validation" [X Link](https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html) 2026-02-10T12:31Z 1M followers, [----] engagements "Apple Fixes Exploited Zero-Day Affecting iOS macOS and Apple Devices Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS macOS and Apple devices" [X Link](https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html) 2026-02-12T05:51Z 1M followers, 35.4K engagements "Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS [---] Vulnerability Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple Microsoft SolarWinds and Notepad++ flaws to KEV list" [X Link](https://thehackernews.com/2026/02/researchers-observe-in-wild.html) 2026-02-13T08:44Z 1M followers, [----] engagements "Microsoft Patches [--] Vulnerabilities Including Six Actively Exploited Zero-Days Microsoft patches [--] vulnerabilities including six actively exploited zero-days with CISA mandating urgent federal remediation" [X Link](https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html) 2026-02-11T10:28Z 1M followers, 13.1K engagements "Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools Researchers uncover Reynolds ransomware embedding a vulnerable BYOVD driver to kill EDR defenses signaling advanced evasion in ransomware attacks" [X Link](https://thehackernews.com/2026/02/reynolds-ransomware-embeds-byovd-driver.html) 2026-02-10T14:42Z 1M followers, 54.9K engagements "OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in v2026.1.29" [X Link](https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html) 2026-02-02T16:35Z 1M followers, 76.7K engagements "UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors Cisco Talos links UAT-9921 to VoidLink a modular Zig-based malware targeting Linux cloud systems with stealth plugins and C2 control" [X Link](https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html) 2026-02-13T15:24Z 1M followers, [----] engagements "From Ransomware to Residency: Inside the Rise of the Digital Parasite Ransomware declines as stealth credential theft and persistence dominate modern cyberattacks Picus Red Report [----] finds" [X Link](https://thehackernews.com/2026/02/from-ransomware-to-residency-inside.html) 2026-02-10T14:02Z 1M followers, [----] engagements "Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs Suspected Russian actor deploys CANFAIL malware via phishing targeting Ukrainian defense energy and aid sectors using LLM-assisted lures" [X Link](https://thehackernews.com/2026/02/google-ties-suspected-russian-actor-to.html) 2026-02-13T17:29Z 1M followers, [----] engagements "Malicious Chrome Extensions Caught Stealing Business Data Emails and Browsing History Malicious Chrome Extensions Caught Stealing Business Data Emails and Browsing History Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities" [X Link](https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html) 2026-02-13T11:27Z 1M followers, 30.6K engagements "Claude Opus [---] Finds 500+ High-Severity Flaws Across Major Open-Source Libraries Anthropics Claude Opus [---] identified 500+ unknown high-severity flaws in open-source projects advancing AI-driven vulnerability detection" [X Link](https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html) 2026-02-06T05:52Z 1M followers, 128K engagements "Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited" [X Link](https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html) 2026-02-10T04:39Z 1M followers, 41.3K engagements "Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.01.120.4 affected patched in newer releases" [X Link](https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html) 2025-12-23T07:37Z 1M followers, 324.7K engagements "Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group Rapid7 links China-linked Lotus Blossom to a [----] Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates fixed in v8.8.9" [X Link](https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html) 2026-02-03T04:58Z 1M followers, 140.8K engagements "TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure Worm-driven TeamPCP campaign exploits Docker Kubernetes Redis Ray and React2Shell to build proxy infrastructure for data theft and ransomware" [X Link](https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html) 2026-02-09T08:39Z 1M followers, 46.9K engagements "Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support Google finds nation-state hackers abusing Gemini AI for target profiling phishing kits malware staging and model extraction attacks" [X Link](https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html) 2026-02-12T17:59Z 1M followers, 14.7K engagements "Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic targeting Baota panels Asian TLDs and government domains" [X Link](https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html) 2026-02-05T04:58Z 1M followers, 17.3K engagements "Asian State-Backed Group TGR-STA-1030 Breaches [--] Government Infrastructure Entities Asian state-linked hackers breached [--] entities used phishing N-day exploits and rootkits for global espionage" [X Link](https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html) 2026-02-06T12:08Z 1M followers, 17.5K engagements "Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack" [X Link](https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html) 2026-02-06T08:43Z 1M followers, 23.4K engagements "North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations UNC1069 targets crypto firms via Telegram lures fake Zoom meetings and multi-stage malware to steal credentials browser data and funds" [X Link](https://thehackernews.com/2026/02/north-korea-linked-unc1069-uses-ai.html) 2026-02-11T06:52Z 1M followers, [----] engagements "DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies North Korean IT operatives use stolen LinkedIn accounts fake hiring flows and malware to secure remote jobs steal data and fund state programs" [X Link](https://thehackernews.com/2026/02/dprk-operatives-impersonate.html) 2026-02-10T17:46Z 1M followers, 12.4K engagements "Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers deploying RATs and data-stealing malware" [X Link](https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html) 2026-02-12T16:58Z 1M followers, 12.4K engagements "npm’s Update to Harden Their Supply Chain and Points to Consider npms token overhaul boosts security but MFA bypass phishing and console access still enable supply-chain attacks" [X Link](https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html) 2026-02-13T10:46Z 1M followers, [----] engagements "⚠ ALERT A critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform. CVE-2025-68613 lets authenticated users execute arbitrary code enabling full instance takeover data access and system-level actions. More than 103k exposed instances are observed globally. 🔗 Details https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html" [X Link](https://x.com/TheHackersNews/status/2003369435198030215) 2025-12-23T07:37Z 1M followers, 300.1K engagements "🔥 Anthropics Claude Opus [---] AI found 500+ previously unknown high-severity flaws in open-source code. Impacted: Ghostscript OpenSC CGIF. Bugs ranged from buffer overflows to memory corruption all validated and patched. 🔗 Details https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html" [X Link](https://x.com/TheHackersNews/status/2019650332595482782) 2026-02-06T05:52Z 1M followers, 72.6K engagements "Kaspersky uncovered three separate infection chains in the Notepad++ supply-chain breach. Attackers rotated C2s payloads and installers for four months targeting government finance and IT entities across multiple regions. Activity stopped in Nov [----]. 🔗 Read update here https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html#kaspersky-observes-3-infection-chains https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html#kaspersky-observes-3-infection-chains" [X Link](https://x.com/TheHackersNews/status/2019677440508035363) 2026-02-06T07:40Z 1M followers, 84.1K engagements "State-linked hackers breached 70+ government & critical infrastructure networks across [--] countries Unit [--] reports. Targets include law enforcement finance ministries and border control. Initial access via phishing loaders with payloads staged on GitHub. 🔗 Intrusion chain malware design targeting scope https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html" [X Link](https://x.com/TheHackersNews/status/2019744942999142467) 2026-02-06T12:08Z 1M followers, 17.2K engagements "⚡ BeyondTrust patched pre-auth RCE (CVE-2026-1731) in Remote Support and PRA. Attackers could run OS commands via crafted requests.11K exposed instances found. Patches released. 🔗 Versions affected fixes https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html" [X Link](https://x.com/TheHackersNews/status/2020770891710570615) 2026-02-09T08:04Z 1M followers, [----] engagements "🚨🛡 Fortinet Fixes Critical FortiClientEMS RCE (CVE-2026-21643 CVSS 9.1). SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available). 🔗 See affected versions and patch guidance https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html" [X Link](https://x.com/TheHackersNews/status/2021081522154156032) 2026-02-10T04:39Z 1M followers, 38.6K engagements "🕵♂⚠ Ransomware Persists But Encryption Is No Longer the Main Signal of Attack Picus reviewed 1.1M malware samples and found a shift toward stealth access over disruption. Encryption attacks fell 38% YoY as extortion moves to data theft and credential abuse. 🔗 Explore the full stealth-attack dataset https://thehackernews.com/2026/02/from-ransomware-to-residency-inside.html https://thehackernews.com/2026/02/from-ransomware-to-residency-inside.html" [X Link](https://x.com/TheHackersNews/status/2021223318461047175) 2026-02-10T14:02Z 1M followers, [----] engagements "🧑💻💻 North Korean operatives are using real LinkedIn accounts to land remote IT jobs in Western firms. With impersonated profiles and verified emails DPRK actors secure roles to fund weapons programs and conduct espionagesome gain admin access steal data and maintain persistence. 🔍 Read the full investigation https://thehackernews.com/2026/02/dprk-operatives-impersonate.html https://thehackernews.com/2026/02/dprk-operatives-impersonate.html" [X Link](https://x.com/TheHackersNews/status/2021279737830846952) 2026-02-10T17:46Z 1M followers, 11.9K engagements "🕵♂💰 North Korea-linked UNC1069 used deepfake Zoom calls to hack crypto firms. Posing via Telegram attackers lured victims into fake meetings triggering ClickFix commands that deployed multi-stage malware on macOS & Windows to steal wallets and credentials. 🔗 Read https://thehackernews.com/2026/02/north-korea-linked-unc1069-uses-ai.html https://thehackernews.com/2026/02/north-korea-linked-unc1069-uses-ai.html" [X Link](https://x.com/TheHackersNews/status/2021477381287051384) 2026-02-11T06:52Z 1M followers, [----] engagements "Security startup @zast_ai secured new backing to scale AI-driven vulnerability validation. Its research led to [---] CVE assignments after uncovering hundreds of zero-days. Affected targets included Azure SDK Apache Struts and Alibaba Nacos. 🔗 Funding research scope enterprise impact https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html" [X Link](https://x.com/TheHackersNews/status/2021510440468300249) 2026-02-11T09:03Z 1M followers, [----] engagements "🛠 Patch Tuesday extended across enterprise tech stacks with "60+ vendors" releasing coordinated security fixes. Widely used platforms from SAP and Windows to Chrome Linux Cisco and Fortinet patched zero-days SQL injection privilege escalation and auth bypass vulnerabilities. 🔗 Full vendor list and CVEs https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html" [X Link](https://x.com/TheHackersNews/status/2021577914412876080) 2026-02-11T13:31Z 1M followers, [----] engagements "Five attacks. Five lessons. One goal: resilience. From Boeing to Ascension cybersecurity experts from Halcyon examined #ransomware incidents that reshaped cyber strategy - and the takeaways defenders can apply today. Curious which decisions changed the outcome Swipe to see the high-level hits. Dont wait for an incident to learn from one. Download the full guide: https://thn.news/attacks-changed-everything https://thn.news/attacks-changed-everything" [X Link](https://x.com/TheHackersNews/status/2021585020855488719) 2026-02-11T14:00Z 1M followers, [----] engagements "🚨 Apple shipped emergency updates after confirming exploitation of a zero-day in dyld. The bug (CVE-2026-20700) could allow attackers to execute arbitrary code on vulnerable Apple devices. 🔗 Read: Fixes extend across iOS macOS visionOS and legacy platforms. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html" [X Link](https://x.com/TheHackersNews/status/2021824556672201113) 2026-02-12T05:51Z 1M followers, 35.2K engagements "Attack surfaces are growing. Threats are accelerating. Learn how leading teams are adopting ThreatInformed Defenseto align operations with real adversary behavior not hypotheticals. This guide breaks down @FiligranHQ's sixstage TID pipelineand shows how to: Prioritize defenses based on real threats Simulate adversary behavior to validate your posture Operationalize CTI with OpenCTI+ OpenAEV Build a continuous feedback loop that sharpens detection & response 🔗 Download the guide today https://thn.news/practical-threat-defense https://thn.news/practical-threat-defense" [X Link](https://x.com/TheHackersNews/status/2021906807007121485) 2026-02-12T11:18Z 1M followers, [----] engagements "New research from @ReversingLabs and Karlo Zanki exposing Lazarus recruiter lure plus findings from @JFrogSecurity and Guy Korolevski on npm stealers. Also notable work by OpenSourceMalware and PaulMcCarty tracking crypto extortion packages tied to fake firm Veltrix Capital" [X Link](https://x.com/TheHackersNews/status/2022202624221884929) 2026-02-13T06:54Z 1M followers, [----] engagements "Threat actors are actively exploiting CVE-2026-1731 (9.9) in BeyondTrust Remote Support & PRA. Attackers extract portal data then open WebSocket channels to trigger unauthenticated RCE. 🔗 Read Patches are out but exploitation started fast. https://thehackernews.com/2026/02/researchers-observe-in-wild.html https://thehackernews.com/2026/02/researchers-observe-in-wild.html" [X Link](https://x.com/TheHackersNews/status/2022230406423343295) 2026-02-13T08:44Z 1M followers, [----] engagements "Solid progress from @npmjs and @GHSecurityLab on token security after recent attacks. MFA phishing risks still lingermake it mandatory for publishes @chainguard_dev builds from source to avoid most known malware" [X Link](https://x.com/TheHackersNews/status/2022261763849302183) 2026-02-13T10:49Z 1M followers, [----] engagements "🛑 Researchers track UAT-9921 using the VoidLink modular malware framework against tech and finance targets. The Linux-focused toolkit enables stealth persistence scanning and lateral movement via post-compromise C2 implants. 🔗 Look inside the frameworks stealth and RBAC design https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html" [X Link](https://x.com/TheHackersNews/status/2022331103915425940) 2026-02-13T15:24Z 1M followers, [----] engagements "The SANS State of ICS/OT Security [----] Report reveals an industry advancing at two speeds. Detection is faster but recovery still lagswith one in five incidents taking over a month to restore operations. Get the intel 👉 #ICSsecurity #OTsecurity #OTincidentresponse #SANS https://thn.news/sans-ot-report https://thn.news/sans-ot-report" [X Link](https://x.com/TheHackersNews/status/2022334657866645564) 2026-02-13T15:38Z 1M followers, [----] engagements "Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware" [X Link](https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html) 2026-02-03T14:07Z 1M followers, 13.9K engagements "China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain hypervisor control" [X Link](https://thehackernews.com/2026/01/chinese-linked-hackers-exploit-vmware.html) 2026-01-09T17:44Z 1M followers, 15.4K engagements "Webinar The Smarter SOC Blueprint: Learn What to Build Buy and Automate Live webinar explains how modern SOCs decide what to build buy or automate to reduce tool sprawl and improve outcomes" [X Link](https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html) 2026-02-03T14:56Z 1M followers, 11.2K engagements "Apple Patches CVE-2025-43300 Zero-Day in iOS iPadOS and macOS Exploited in Targeted Attacks Apple patches CVE-2025-43300 zero-day in iOS iPadOS and macOS after active exploitation reports" [X Link](https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html) 2025-08-21T04:48Z 1M followers, 375.5K engagements "SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS [---] Score SmarterTools fixed critical SmarterMail flaws including CVSS [---] unauthenticated RCE and NTLM relay bugs urging users to update immediately" [X Link](https://thehackernews.com/2026/01/smartermail-fixes-critical.html) 2026-01-30T07:11Z 1M followers, 15.8K engagements "Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers Python infostealers are spreading from Windows to macOS via Google Ads ClickFix lures and fake installers to steal credentials and financial data" [X Link](https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html) 2026-02-04T07:44Z 1M followers, [----] engagements "A Cybercrime Merger Like No Other — Scattered Spider LAPSUS$ and ShinyHunters Join Forces Scattered Spider LAPSUS$ and ShinyHunters unite as Scattered LAPSUS$ Hunters reshaping cybercrime with Telegram extortion" [X Link](https://thehackernews.com/2025/11/a-cybercrime-merger-like-no-other.html) 2025-11-04T17:25Z 1M followers, 101.5K engagements "Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access A 9.8-severity flaw (CVE-2026-24061) in GNU InetUtils telnetd allows remote authentication bypass and root access in versions 1.9.3 to 2.7" [X Link](https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html) 2026-01-22T16:32Z 1M followers, 53.1K engagements "CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV ordering federal agencies to patch by February 2026" [X Link](https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html) 2026-02-04T05:57Z 1M followers, [----] engagements "New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems Critical OpenSSH vulnerability allows remote code execution on Linux systems. Patch now to protect against potential attacks on millions of exposed se" [X Link](https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html) 2024-07-02T05:32Z 1M followers, [----] engagements "GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs GlassWorm malware returns in VS Code extensions hiding via Unicode and reviving itself through blockchain" [X Link](https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html) 2025-11-10T08:53Z 1M followers, 107.2K engagements "Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files activating malware on import in version 1.2.0" [X Link](https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html) 2026-01-28T10:01Z 1M followers, [----] engagements "ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts Second-order prompt injection exploits ServiceNow agent discovery enabling unauthorized actions unless configurations and monitoring are tightened" [X Link](https://thehackernews.com/2025/11/servicenow-ai-agents-can-be-tricked.html) 2025-12-21T13:30Z 1M followers, 16.8K engagements "ShadyPanda Turns Popular Browser Extensions with [---] Million Installs Into Spyware ShadyPanda abused browser extensions for seven years turning 4.3M installs into a multi-phase surveillance and hijacking campaign" [X Link](https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html) 2025-12-01T17:34Z 1M followers, 64K engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@TheHackersNews The Hacker News
Multiple high-profile hacking incidents and vulnerabilities have been recently reported. North Korean hackers are using fake job interviews to spread malware, while Chinese hackers are targeting governments and defense contractors using various backdoors and exploits. Additionally, critical flaws have been discovered in various software, including Cisco VPN gear, SolarWinds Web Help Desk, and Supermicro BMC, which could allow attackers to gain unauthorized access.
Engagements: [-------] #
- [--] Week [---------] -8.40%
- [--] Month [---------] +50%
- [--] Months [----------] +104%
- [--] Year [----------] +32%
Mentions: [---] #
- [--] Week [---] -10%
- [--] Month [---] +36%
- [--] Months [-----] +30%
- [--] Year [-----] +38%
Followers: [---------] #
- [--] Week [---------] +1.30%
- [--] Month [---------] +5.80%
- [--] Months [---------] +8.60%
- [--] Year [---------] +9.50%
CreatorRank: [------] #
Social Influence
Social category influence technology brands 28.29% stocks #4431 countries 10.08% social networks 5.04% finance 3.1% cryptocurrencies 1.55%
Social topic influence ai #2384, $googl #852, microsoft #293, systems #267, crypto #1950, data 3.88%, tools #805, china 3.49%, telegram #386, hidden 3.1%
Top accounts mentioned or mentioned by @jackgoesvirtual @intelligencer41 @securedotcom @ababino @kindnessuae @grok @huntresslabs @talossecurity @sanarsh11 @transcrypts_ @paliraj94187 @dcicybersecnews @bteater51 @reverseai @anantnetratech @activestates @orchidsecurity @watchtowrlabs @ethicalhack3r @cisagov
Top assets mentioned Alphabet Inc Class A (GOOGL) Microsoft Corp. (MSFT) SolarWinds Corporation Common Stock (SWI) Zscaler Inc (ZS) Solana (SOL)
Top Social Posts
Top posts by engagements in the last [--] hours
"Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent Quick Share flaw CVE-2024-10668 bypasses earlier fixes enabling DoS or unauthorized file delivery"
X Link 2025-04-03T08:21Z 1M followers, 24.1K engagements
"Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via SAML abuse"
X Link 2026-01-23T12:31Z 1M followers, 20.7K engagements
"Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS crypto and developer data"
X Link 2026-02-02T05:08Z 998.1K followers, 46.8K engagements
"Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited Security Updates Released Ivanti released fixes for two actively exploited EPMM zero-day RCE flaws including CVE-2026-1281 added to CISAs KEV affecting versions before 12.8"
X Link 2026-01-30T04:47Z 997.8K followers, 53.7K engagements
"SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass SolarWinds fixed six Web Help Desk vulnerabilities including four critical flaws that allow unauthenticated remote code execution"
X Link 2026-01-29T09:01Z 1M followers, 12.4K engagements
"Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk"
X Link 2026-02-04T07:12Z 993K followers, [--] engagements
"Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos Microsoft confirms a 3-phase strategy to deprecate NTLM improve auditing prioritize Kerberos and disable NTLM by default in future Windows releases"
X Link 2026-02-02T16:06Z 1M followers, 14.2K engagements
"Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP Critical Apache HugeGraph vulnerability exploited in the wild. Urgent update required to prevent remote code execution attacks. Patch now available"
X Link 2026-02-06T22:05Z 1M followers, [--] engagements
"Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations Arctic Wolf reports automated attacks on FortiGate devices abusing FortiCloud SSO flaws to change firewall settings and steal configurations"
X Link 2026-01-22T06:12Z 997.5K followers, 11.1K engagements
"⚡ Weekly Recap: Firewall Flaws AI-Built Malware Browser Traps Critical CVEs & More Weekly cybersecurity recap covering emerging threats fast-moving attacks critical flaws and key security developments you need to track this week"
X Link 2026-01-26T14:08Z 992.3K followers, 34.8K engagements
"CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation urging organizations to apply patches"
X Link 2026-01-24T08:10Z 994.2K followers, 38.2K engagements
"China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since [----] Experts details PeckBirdy a JavaScript C2 framework used since [----] by China-aligned attackers to spread malware via fake updates & web injections"
X Link 2026-01-27T09:04Z 995.7K followers, 16K engagements
"Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access Experts uncovered malicious Chrome extensions that replace affiliate links exfiltrate data and steal ChatGPT authentication tokens from users"
X Link 2026-01-30T13:47Z 1M followers, 22.9K engagements
"Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run arbitrary code"
X Link 2026-01-28T12:44Z 1M followers, 18.3K engagements
"Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions Cybercriminals exploit Grok to bypass X ad protections spreading malware via hidden links amplified to millions"
X Link 2025-08-16T05:35Z 1M followers, 38.4K engagements
"Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware giving attackers persistent remote access to developer syst"
X Link 2026-01-28T17:48Z 1M followers, 17.8K engagements
"Ex-Google Engineer Convicted for Stealing [----] AI Trade Secrets for China Startup A U.S. jury convicted a former Google engineer of stealing over [----] AI trade secret documents to benefit China-linked companies DOJ says"
X Link 2026-01-30T07:39Z 1M followers, 26.3K engagements
"When Cloud Outages Ripple Across the Internet Cloud outages expose identity systems as critical failure points turning infrastructure disruptions into major business continuity risks"
X Link 2026-02-03T11:36Z 996.5K followers, [----] engagements
"New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands Critical n8n flaw CVE-2025-68668 allows authenticated users to run system commands via workflows; affects versions 1.0.0 to before 2.0.0 fixed in 2.0"
X Link 2026-01-06T05:13Z 999.5K followers, 22.7K engagements
"eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware Attackers breached eScan antivirus update infrastructure to push malicious updates deploying persistent malware on enterprise and consumer systems"
X Link 2026-02-02T06:02Z 995.4K followers, [--] engagements
"ThreatsDay Bulletin: Codespaces RCE AsyncRAT C2 BYOVD Abuse AI Cloud Intrusions & 15+ Stories ThreatsDay Bulletin: Key cyber updates on ransomware cloud intrusions phishing botnets supply-chain risks and nation-state threat activity"
X Link 2026-02-05T13:05Z 1M followers, 63K engagements
"Russian ELECTRUM Tied to December [----] Cyber Attack on Polish Power Grid Dragos attributes a December [----] Polish grid attack to ELECTRUM disrupting [--] DER sites without outages but damaging OT"
X Link 2026-01-28T16:16Z 993.2K followers, 10.1K engagements
"Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies block admin controls and hijack sessions for account takeover"
X Link 2026-01-16T14:11Z 994.5K followers, 13.2K engagements
"Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution A critical vm2 Node.js vulnerability (CVE-2026-22709 CVSS 9.8) allows sandbox escape via Promise handler bypass"
X Link 2026-01-28T14:07Z 1M followers, 11.9K engagements
"Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps Study of 100+ energy OT sites reveals unpatched devices flat networks and hidden assets with critical issues detected within minutes"
X Link 2026-01-29T15:58Z 1M followers, [----] engagements
"DarkSpectre Browser Extension Campaigns Exposed After Impacting [---] Million Users Worldwide A China-linked threat actor used malicious browser extensions over seven years to steal data and corporate intelligence from Chrome Edge and Firefox"
X Link 2025-12-31T16:19Z 1M followers, 17.7K engagements
"The Buyer’s Guide to AI Usage Control AI adoption is surging but enterprises lack visibilityAI Usage Control enables real-time governance of interactions and risks"
X Link 2026-02-05T11:49Z 996.5K followers, [--] engagements
"China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking Malware Delivery China-linked DKnife framework uses router-level AitM implants for traffic hijacking credential theft and malware delivery targeting edge devices"
X Link 2026-02-06T14:57Z 1M followers, [----] engagements
"Trend Micro Apex Central RCE Flaw Scores [---] CVSS in On-Prem Windows Versions Trend Micro patched a critical Apex Central on-prem Windows flaw (CVE-2025-69258) with CVSS [---] that allows remote code execution if access exists"
X Link 2026-01-09T10:01Z 1M followers, 14.7K engagements
"GootLoader Malware Uses [-------] Concatenated ZIP Archives to Evade Detection GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via Windows default extractor"
X Link 2026-01-16T18:04Z 993.1K followers, 13.9K engagements
"Matrix Push C2 Uses Browser Notifications for Fileless Cross-Platform Phishing Attacks Matrix Push C2 abuses browser notifications for fileless cross-platform phishing while Velociraptor misuse rises after a Windows Server flaw"
X Link 2025-11-22T07:10Z 998.7K followers, 149.3K engagements
"Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server Warlock ransomware breached SmarterTools via unpatched SmarterMail exploiting critical flaws to access Windows systems and deploy encryption payloads"
X Link 2026-02-10T11:30Z 1M followers, [--] engagements
"Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities Pakistan-linked hackers targeted Indian government entities using phishing Google services Golang malware and GitHub-based command-and-control"
X Link 2026-01-27T16:46Z 1M followers, 13.4K engagements
"⚡ Weekly Recap: AI Skill Malware 31Tbps DDoS Notepad++ Hack LLM Backdoors and More This weeks cyber recap covers AI risks supply-chain attacks major breaches DDoS spikes and critical vulnerabilities security teams must track"
X Link 2026-02-09T13:55Z 1M followers, [--] engagements
"Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed private meeting data"
X Link 2026-01-19T17:22Z 993.5K followers, 113.4K engagements
"Two Firms That Plotted Against WikiLeaks Finally Apologize Two Firms That Plotted Against WikiLeaks Finally Apologize Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities"
X Link 2026-02-05T19:25Z 997.2K followers, [--] engagements
"Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected Fortinet released updates for an actively exploited FortiOS SSO authentication bypass flaw CVE-2026-24858 now listed by CISA in KEV"
X Link 2026-01-28T04:53Z 1M followers, 16K engagements
"Rogue NuGet Package Poses as Tracer.Fody Steals Cryptocurrency Wallet Data A fake NuGet package mimicking Tracer.Fody stayed online for years stealing Stratis wallet files and passwords from Windows systems"
X Link 2025-12-16T15:43Z 1M followers, 10.8K engagements
"Researchers Find [------] Publicly Exposed Ollama AI Servers Across [---] Countries Over [------] publicly exposed Ollama AI servers across [---] countries with many enabling tool calling that allows code execution and LLMjacking abuse"
X Link 2026-01-29T18:39Z 1M followers, 15.6K engagements
"Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi Zero-click AirPlay vulnerabilities exposed in March [----] could let malware spread across networks undetected"
X Link 2025-05-05T17:07Z 1M followers, 38.2K engagements
"GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware GeoServer vulnerability exploited to deliver malware botnets and backdoors affecting global IT government and telecom sectors"
X Link 2024-09-06T15:16Z 991.9K followers, [----] engagements
"Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions Google releases critical Chrome update patching zero-day CVE-2025-10585 discovered Sept [--] to block active V8 JavaScript engine exploits worldwide"
X Link 2025-09-18T05:51Z 999.5K followers, 145.2K engagements
"Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution Apache OFBiz vulnerability CVE-2024-45195 patched preventing unauthenticated remote code execution on Linux and Windows"
X Link 2024-09-06T05:22Z 994.3K followers, 11.8K engagements
"How Samsung Knox Helps Stop Your Network Security Breach Discover how Samsung Knox enhances mobile network security with granular controls Zero Trust principles & seamless integration for a safer enterprise"
X Link 2026-02-06T10:43Z 1M followers, [----] engagements
"Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials browser data and cryptocurrency wallets on Windows"
X Link 2026-01-20T20:16Z 1M followers, [---] engagements
"Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App North Korean group Kimsuky uses QR code phishing sites posing as CJ Logistics to spread DocSwap Android malware with RAT capabilities"
X Link 2025-12-18T07:45Z 1M followers, [----] engagements
"Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day CVE-2026-21509 a security feature bypass flaw"
X Link 2026-01-27T07:21Z 998.5K followers, 117.3K engagements
"Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware A multi-stage phishing campaign targeting Russia abuses GitHub and Dropbox to disable Microsoft Defender and deploy Amnesia RAT and ransomware"
X Link 2026-01-24T11:09Z 1M followers, 15.9K engagements
"Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution CVE-2025-22604 in Cacti (CVSS 9.1) enables authenticated attackers to execute remote code. Upgrade to version 1.2.29 to mitigate the critical flaw"
X Link 2025-01-29T10:21Z 995.2K followers, 19.3K engagements
"SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers Microsoft links SolarWinds WHD exploits to RCE lateral movement and domain compromise in multi-stage attacks"
X Link 2026-02-09T15:11Z 1M followers, [---] engagements
"North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware OtterCookie v5 merges BeaverTail features with new keylogging and blockchain-based C2 tactics"
X Link 2025-10-17T13:33Z 998.8K followers, 44.6K engagements
"Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models Microsoft develops a lightweight scanner that detects backdoors in open-weight LLMs using three behavioral signals improving AI model security and tr"
X Link 2026-02-04T18:56Z 997.2K followers, [---] engagements
"Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Iran-linked RedKitten uses malicious Excel files AI-generated macros and cloud services to spy on human rights NGOs and activists"
X Link 2026-01-31T12:03Z 998.9K followers, 11.4K engagements
"Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments Hackers exploit NFC technology and mobile payments enabling global fraud through Google Pay and Apple Pay"
X Link 2024-11-20T13:09Z 1M followers, 28.7K engagements
"40000 Attacks in [--] Days: Critical Confluence RCE Under Active Exploitation Hackers are actively exploiting a critical Atlassian Confluence flaw (CVE-2023-22527) within days of its reveal"
X Link 2026-02-06T16:15Z 998.8K followers, [--] engagements
"Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat A new PHALT#BLYX campaign targets European hotels using fake Booking.com emails ClickFix lures PowerShell and MSBuild to deploy DCRat malware"
X Link 2026-01-06T17:29Z 1M followers, 28.1K engagements
"Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic Microsofts Whisper Leak shows encrypted AI chats can secretly reveal user topics through subtle traffic patterns"
X Link 2025-11-08T14:31Z 1M followers, 102.8K engagements
"⚡ Weekly Recap: Proxy Botnet Office Zero-Day MongoDB Ransoms AI Hijacks & New Threats This weeks cybersecurity recap highlights key attacks zero-days and patches to keep you informed and secure"
X Link 2026-02-02T13:22Z 1M followers, 10.2K engagements
"Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends Infy hackers revived operations post-Iran blackout deploying Tornado malware Telegram C2 and WinRAR exploits"
X Link 2026-02-05T10:29Z 1M followers, [----] engagements
"Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas A critical Grist-Core flaw (CVE-2026-24002 CVSS 9.1) allows remote code execution through malicious formulas when Pyodide sandboxing is enabled"
X Link 2026-01-27T10:38Z 996.3K followers, 11.1K engagements
"Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks China-linked Mustang Panda used updated COOLCLIENT malware in [----] espionage to steal data from government and telecom targets across Asia and Russia"
X Link 2026-01-28T12:22Z 1M followers, [----] engagements
"⚠ Update: Contagious Interview now uses OtterCandy a Node.js RAT + info-stealer tied to North Korean actors. Hides in npm/supply-chain lures uses socket.io C2 to steal browser passwords & crypto wallets. v2 adds Suiet/Trust/Rabby harvesting + Windows registry wipes. Read https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html"
X Link 2025-10-19T06:22Z 1M followers, 23.6K engagements
"🚨 Hackers found a new way to phish through browser notifications. A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal Netflix or TikTok. No downloads. No malware file. Just one click and your datas theirs. Learn more https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html"
X Link 2025-11-22T07:10Z 998.7K followers, 107.8K engagements
"💰 A fake NuGet package stole crypto wallets for more than five years. It copied a popular .NET tracing library and hid as a normal dependency. One extra letter in the author name led to about [----] downloads since [----]. It exfiltrated Stratis wallet JSON files and passwords to a Russian IP. 🔗 Read: https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html"
X Link 2025-12-16T15:43Z 1M followers, 10.7K engagements
"North Korealinked Kimsuky has been tied to a new Android malware campaign. The group is spreading a fresh DocSwap variant through QR codes on fake CJ Logistics sites. Once installed the app deploys a full RAT with access to messages calls files audio and camera. 🔗 Read analysis here https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html"
X Link 2025-12-18T07:45Z 1M followers, [----] engagements
"🚨 Trend Micro patched a critical flaw in on-prem Apex Central for Windows that can lead to SYSTEM-level code execution. CVE-2025-69258 (CVSS 9.8) allows a remote unauthenticated attacker with endpoint access to load a malicious DLL via MsgReceiver.exe. On-prem builds below [----] are affected. 🔗 Details https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html"
X Link 2026-01-09T10:01Z 1M followers, 12.3K engagements
"🚨 Researchers uncovered [--] malicious Chrome extensions masquerading as HR/ERP tools like Workday and NetSuite. They exfiltrate auth cookies and suppress access to security and admin pages via DOM manipulation. 🔗 Details here https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html"
X Link 2026-01-16T14:11Z 994.5K followers, 11.3K engagements
"🚨 Researchers found an indirect prompt injection flaw abusing Google Gemini via calendar invites. A hidden prompt in an event could trigger Gemini when asked about a schedule to summarize private meetings into a new calendar entryvisible to attackers in some enterprise setups. No user action required. 🔗 Read https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html"
X Link 2026-01-19T17:22Z 993.4K followers, 113.1K engagements
"🚨 Uncharted: The AI Safety & Security Summit hosted by Fuel iX. Hidden vulnerabilities and compliance challenges are emerging faster than ever. Access [--] expert-led sessions and a comprehensive report revealing risks in [--] generative AI models. 🔒 Uncover hidden dangers in frontier AI models ⚖ Learn legal frameworks balancing innovation with responsibility 🛡 Get proactive defense strategies from top CISOs 📄 Receive a detailed report on vulnerabilities and actionable strategies Access it now on-demand: https://thn.news/ai-summit-insights https://thn.news/ai-summit-insights"
X Link 2026-01-20T13:06Z 1M followers, 43.1K engagements
"🚨 Fortinet FortiGate under automated SSO abuse. Attackers exploit CVE-2025-59718/59719 to add admin users enable VPN access and export firewall configs within seconds per Arctic Wolf. 🔗 Learn whats happening and what to disable https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html"
X Link 2026-01-22T06:12Z 997.5K followers, [----] engagements
"🚨 Fortinet confirms active exploitation of CVE-2025-59718 / [-----] allowing FortiGate FortiCloud SSO bypass even on fully patched devices. Attackers abuse crafted SAML logins to gain admin access add persistent accounts enable VPN and steal configs. Disabling FortiCloud SSO is advised. 🔗 Details https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html"
X Link 2026-01-23T12:31Z 997.7K followers, 17.5K engagements
"🚨 CISA confirms active exploitation of a critical VMware vCenter Server flaw. CVE-2024-37079 allows remote code execution via a DCE/RPC heap overflow if an attacker has network access. 🔗 Details https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html"
X Link 2026-01-24T08:10Z 994.2K followers, 34.1K engagements
"⚠ A single spreadsheet formula can now lead to full server takeover in Grist-Core. The flaw CVE-2026-24002 (CVSS 9.1) breaks out of the Pyodide sandbox letting attackers run OS commands and access files and secrets. 🔗 Read https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html"
X Link 2026-01-27T10:38Z 996.2K followers, [----] engagements
"Indian government networks were targeted in two cyber campaigns linked to a Pakistan-based actor. Tracked by Zscaler as Gopher Strike and Sheet Attack the key tactic was India-only malware delivery filtered by IP and Windows systems to evade analysis. 🔗 Attack chain and tools explained https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html"
X Link 2026-01-27T16:46Z 1M followers, 12.9K engagements
"🔧 Fortinet issues patch update for actively exploited FortiOS SSO flaw. The fix addresses CVE-2026-24858 (CVSS 9.4) an SSO authentication bypass that can allow cross-tenant device access when FortiCloud SSO is enabled. CISA has added the issue to its KEV list setting a Jan [--] remediation deadline. 🔗 Details https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html"
X Link 2026-01-28T04:53Z 998K followers, 10.3K engagements
"🐍 Malicious PyPI spellchecker packages shipped a Python RAT. The payload was hidden in a dictionary file stayed dormant then executed after an update. spellcheckpy v1.2.0 activated it turning a simple import into remote access. 🔗 Read https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html"
X Link 2026-01-28T10:01Z 1M followers, [----] engagements
"⚠ n8n disclosed two sandbox escape flaws that let authenticated users seize control of automation servers. One issue is rated CVSS [---] and enables full RCE. Risk is higher in internal execution mode which n8n already advises against. 🔗 Details https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html"
X Link 2026-01-28T12:44Z 995.5K followers, 10.9K engagements
"🚨 A critical flaw in the vm2 Node.js library lets attackers escape the sandbox and run code on the host system. Tracked as CVE-2026-22709 (CVSS 9.8) the issue stems from improper Promise handler sanitization. 🔗 How the flaw works https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html"
X Link 2026-01-28T14:07Z 1M followers, [----] engagements
"🚨 Fake VS Code extension abused #Moltbots name to deliver remote access malware. It posed as an AI assistant despite Moltbot having no official VS Code plugin. Once installed it auto-ran on IDE launch and dropped ScreenConnect for persistent remote control. 🔗 Read https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html"
X Link 2026-01-28T17:48Z 997.9K followers, 17K engagements
"🚨 Fake ChatGPT Chrome add-on stole 459+ API keys: Keys sent to Telegram after logout or chat delete. Hidden Google access raised the real stakes. https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#::text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#::text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts"
X Link 2026-01-29T10:43Z 992.1K followers, 22.4K engagements
"⚠ Researchers map 175K publicly exposed Ollama LLM servers worldwide. Tool-calling turns exposed AI into a highest-severity execution risk. Full details: https://thehackernews.com/2026/01/researchers-find-175000-publicly.html https://thehackernews.com/2026/01/researchers-find-175000-publicly.html"
X Link 2026-01-29T18:39Z 997.1K followers, 10.1K engagements
"🔐 WARNING: Ivanti fixes exploited EPMM zero-days with CVSS [---] severity. Exploits enable code execution persistence and access to sensitive device data. Federal agencies face KEV deadlines; temporary patches dont persist across upgrades. Read https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html"
X Link 2026-01-30T04:47Z 997.8K followers, 53.6K engagements
"⚠ SmarterMail fixed a critical unauthenticated RCE in its email server software. The flaw CVE-2026-24423 (CVSS 9.3) lets attackers execute OS commands via a crafted remote server. It affects builds before [----]. 🔗 Fixed builds and attack mechanics https://thehackernews.com/2026/01/smartermail-fixes-critical.html https://thehackernews.com/2026/01/smartermail-fixes-critical.html"
X Link 2026-01-30T07:11Z 995.6K followers, [----] engagements
"The FBI has seized the RAMP cybercrime forum shutting down its Tor site and clearnet domain with DOJ coordination. Threat actors are already migrating to other platforms underscoring how fast the underground re-forms after takedowns. 🔗 Read https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown"
X Link 2026-01-30T09:25Z 993.3K followers, [----] engagements
"🛑 Chrome extensions are being abused at scale. Researchers uncovered tools that hijack affiliate links scrape shopping data steal ChatGPT login tokens and even deliver phishing pageswhile passing official store reviews. 🔗 Learn more about the affiliate fraud AI token theft and the browser as attack surface https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html"
X Link 2026-01-30T13:47Z 1M followers, 20.7K engagements
"🛑 A suspected Iran-aligned campaign targets NGOs and individuals documenting human rights abuses. HarfangLab tracks the activity as RedKitten using Excel files themed around deceased protesters to deliver malware. The tooling relies on GitHub Google Drive and Telegram for configuration and control with indicators suggesting parts of the code may be LLM-assisted. 🔗 Read https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html"
X Link 2026-01-31T12:03Z 995.8K followers, 11.1K engagements
"📱 Apple is testing a new iOS setting that reduces how precisely cellular networks can 📍 locate your device. Limit Precise Location restricts location data to a broad area instead of an exact address. 🔗 Learn how the setting works and where its available https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced"
X Link 2026-02-01T05:22Z 995.4K followers, 24.3K engagements
"⚠ WARNING: A supply chain attack spread malware via trusted VS Code extensions on Open VSX. Attackers hijacked a real developer account and pushed GlassWorm through four existing tools. 22000+ installs happened before removal. 🔗 Read https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html"
X Link 2026-02-02T05:08Z 998.1K followers, 46.8K engagements
"What if the hardest vulnerability to patch is self-doubt ICS environments are unforgiving. Responders cant afford hesitationbut they also can't ignore it. In ICS410 Justin Searle helps practitioners move from doubt to decisive action grounded in technical precision and OT situational awareness. Register for ICS410 at SANS Surge [----] (Feb 2328) and train live with Justin: #SCADA #ICS410 #OTincidentresponse #SANSLiveTraining https://thn.news/sans-surge-26 https://thn.news/sans-surge-26"
X Link 2026-02-02T13:05Z 998.2K followers, 11.3K engagements
"⚡ Microsoft will phase out NTLM in Windows through a three-step plan. Deprecated in June [----] NTLM remains widely used despite known security flaws. NTLM will be disabled by default in a future Windows release with Kerberos becoming the standard. 🔗 dtails https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html"
X Link 2026-02-02T16:06Z 1M followers, 14.2K engagements
"🔥 A high-severity RCE flaw in OpenClaw lets attackers take over the local agent with a single click. A crafted link can steal a gateway token via unvalidated WebSocket origins enabling full command execution even on localhost-only setups through the users browser. 🔗 Details and attack chain https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html"
X Link 2026-02-02T16:35Z 1M followers, 29.9K engagements
"🚨 China-linked Lotus Blossom compromised Notepad++ hosting infrastructure to hijack update traffic and deliver the Chrysalis backdoor Rapid7 reports. The issue affected older versions and was fixed with version 8.8.9 in December [----]. 🔗 Read https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html"
X Link 2026-02-03T05:04Z 997.9K followers, 55.7K engagements
"🕸 Exposed C2 server showed a complete BYOB botnet in the open 🧠 Droppers loaders and RATs for Windows Linux and macOS were publicly accessible revealing a multi-stage chain for evasion persistence and control. Crypto miners were also hosted. 🔗 Read https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#::text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#::text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure"
X Link 2026-02-03T07:24Z 1M followers, [----] engagements
"🔐 Major cloud outages didnt just break appsthey broke access. When shared cloud services fail identity systems fail too even if the IdP is running. Authentication depends on databases DNS and control planes. 🔗 How cloud outages cascade into identity failures https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html"
X Link 2026-02-03T11:36Z 996.5K followers, [----] engagements
"⚠ A critical flaw in Dockers Ask Gordon AI let container metadata execute real commands. A single malicious Docker LABEL could pass through the MCP gateway and run tools with user privileges. Fixed in version 4.50.0. 🔗 DockerDash details https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html"
X Link 2026-02-03T16:44Z 995.4K followers, [----] engagements
"🚨We tested [--] leading GenAI models for security vulnerabilities. All [--] failed. Attack success rates ranged from 1.13% to 64.13%. Every model demonstrated exploitable flaws that could turn AI systems into attack vectors. Key findings: - [--] frontier models tested - Hundreds of vulnerabilities found - 100% failure rate - Up to 64% attack success As GenAI transforms industries these results reveal a critical safety & security gap. Traditional security methods can't address the probabilistic nature of AI systems. Our report includes: ✅ Security profiles of all [--] models ✅ Analysis of the AI"
X Link 2026-02-04T13:23Z 1M followers, [----] engagements
"⚠ Attackers are hijacking live web traffic by weaponizing NGINX configs linked to React2Shell exploitation. Rogue proxy rules silently reroute user sessions through attacker infrastructureimpacting 🏛 gov 🎓edu and Asian 🌏 TLD sites. 🔗 Details https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html"
X Link 2026-02-05T04:58Z 1M followers, [----] engagements
"Passwords are sliding into legacy status. Passkeys AI governance and verifiable credentials are scaling as identity shifts to real-time trust per Rex Booth SailPoint. 🔐 [--] predictions reshaping identity security https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html"
X Link 2026-02-05T07:59Z 1M followers, [----] engagements
"💻 Iran-linked APT Infy paused C2 ops during Irans Jan internet blackout then rebuilt infrastructure as access returned. Timing ties activity to state network controls. Latest malware uses Telegram + HTTP for dual-channel C2. 🔗 Timeline tooling evolution infra rebuild https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html"
X Link 2026-02-05T10:29Z 1M followers, [----] engagements
"📦⚠ Is your container adoption outpacing your security maturity Youre not alone. @ActiveState's [----] State of Vulnerability Management & Remediation Report found 82% of DevSecOps leaders experienced a container-related breach last year and 87% expect one in [----]. Learn how to close the remediation gap and the role AI will play in securing your stack by [----]. 📥 Download the report https://thn.news/container-sec-guide https://thn.news/container-sec-guide"
X Link 2026-02-05T12:46Z 1M followers, [----] engagements
"🚨 ThreatsDay Bulletin is live. Watch out for dozens of critical signals showing where attacks are heading next. Codespaces RCE AI cloud intrusion AsyncRAT C2 BYOVD abuse .and 15+ more stories. All updates in one place https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html"
X Link 2026-02-05T13:05Z 1M followers, 58.1K engagements
"💻 Access & Persistence Sandbox escape RMM deployment SCR malware Credential theft Voicemail lure access SimpleHelp remote control Supply-chain config abuse Public bucket creds"
X Link 2026-02-05T13:05Z 997.2K followers, [----] engagements
"🌐 Infra & Ops SystemBC botnet DDoSia ops Crypto drainers ClickFix framework ErrTraffic TDS Botnet proxy layers Infra key reuse VPS hosting clusters"
X Link 2026-02-05T13:05Z 1M followers, [----] engagements
"🛰 Threat Actors & Campaigns Lazarus Nordics Typhoon overlap APT36 startups ShadowSyndicate infra Ransomware CVE surge Crimson RAT lures Crypto scam affiliates Strategic DDoS arrests Entire bulletin here https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html"
X Link 2026-02-05T13:05Z 1M followers, [----] engagements
"AI is foundational for security teams but operational relief still feels out of reach. Tines just launched Voice of Security [----] based on insights from 1800+ security leaders and practitioners. The data shows why workloads remain high and what it takes to unlock real AI impact 👇 https://thn.news/security-insights-24-x https://thn.news/security-insights-24-x"
X Link 2026-02-05T14:02Z 1M followers, [----] engagements
"🛡 Turn intel into action with a 6-stage Threat-Informed Defense pipeline. Map adversary TTPs simulate attacks validate controls and prioritize fixes that reduce real risk. 🔗 Download Guide (Framework steps + tooling) https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/ https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/"
X Link 2026-02-06T10:36Z 1M followers, [----] engagements
"🔐📱🔎 Enterprise security wasnt designed for mobile behavior. Devices move between corporate and public networks while handling sensitive data. Knox Firewall enforces per-app network controls restricting traffic by IP/domain with detailed access logs for investigations. 🔗 App rules traffic visibility logging depth https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html"
X Link 2026-02-06T11:30Z 1M followers, [----] engagements
"Cisco Talos exposed DKnife a China-linked AitM framework active since [----] on compromised routers and edge devices. It monitors traffic steals credentials and hijacks app/software updates to deploy ShadowPad and DarkNimbus on PCs and phones. 🔗 Modules and infection chain https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html"
X Link 2026-02-06T14:57Z 1M followers, [----] engagements
"To celebrate the ultimate partnership this Valentines Day @OrchidSecurity is sharing our "Security Sweetheart" candies. These aren't your typical grocery store hearts they are designed for the unique bond between the IAM + CISO. The Security Sweetheart Collection 🍬 Which one would you send to your security "other half" SSO [--] EVA: Because true love means only having to log in once. AUDIT ME: Total transparency is the foundation of any healthy relationship. NO SILOS: Breaking down walls is our love language. ZERO TRUST: It sounds harsh but in security its the ultimate form of devotion. MFA ME:"
X Link 2026-02-09T11:32Z 1M followers, [----] engagements
"Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows Critical n8n vulnerability CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data"
X Link 2026-02-05T06:23Z 1M followers, 21.1K engagements
"9 Identity Security Predictions for [----] Nine identity security predictions for [----] covering AI governance passwordless access decentralized identity IoT and post-quantum cryptography"
X Link 2026-02-05T07:59Z 1M followers, 16.7K engagements
"APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe"
X Link 2026-02-03T09:13Z 1M followers, 22.5K engagements
"ThreatsDay Bulletin: New RCEs Darknet Busts Kernel Bugs & 25+ More Stories Weekly ThreatsDay Bulletin with concise updates on cyber attacks exploits scams arrests and emerging security risks"
X Link 2026-01-29T13:04Z 1M followers, 73.8K engagements
"ThreatsDay Bulletin: AI Prompt RCE Claude 0-Click RenEngine Loader Auto 0-Days & 25+ Stories This weeks cybersecurity roundup covering emerging attacks malware trends infrastructure abuse and evolving intrusion activity"
X Link 2026-02-12T11:52Z 1M followers, 64K engagements
"83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure 83% of Ivanti EPMM exploits traced to one IP as automated scans target governments and enterprises"
X Link 2026-02-12T07:36Z 1M followers, 12.5K engagements
"🛑 CISA orders federal agencies to remove unsupported edge devices within [----] months. Unpatched firewalls routers IoT and perimeter gear are now flagged as prime entry pointsactively exploited by state-backed actors for network access. 🔗 Directive scope deadlines device list https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html"
X Link 2026-02-06T13:44Z 1M followers, [----] engagements
"🛠 Bloody Wolf tied to a spear-phishing campaign deploying NetSupport RAT across Central Asia and Russia. [--] victims across government finance manufacturing. Malicious PDFs drop loaders that persist via scripts + scheduled tasks. 🔗 Details https://thehackernews.com/2026/02/bloody-wolf-targets-uzbekistan-russia.html https://thehackernews.com/2026/02/bloody-wolf-targets-uzbekistan-russia.html"
X Link 2026-02-09T10:58Z 1M followers, 11.4K engagements
"🐧 Researchers uncovered SSHStalker a Linux botnet using IRC for control and mass SSH compromise. It exploits [--] legacy kernel flaws to infect unpatched systems wipes logs and maintains silent persistence. 🔗 Details https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html"
X Link 2026-02-11T09:59Z 1M followers, 53.3K engagements
"🚨 Microsoft Patches [--] Flaws [--] Actively Exploited in the Wild Fixes hit Windows Shell MSHTML Office and Remote Desktop with privilege escalation leading the risk landscape. 🔗 Read Full CVEs exploitation details & patch scope Hey @Grok summarize all six zero-days. https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html"
X Link 2026-02-11T10:28Z 1M followers, [----] engagements
"🤖 One bulletproof-hosted IP drove [---] of [---] Ivanti EPMM exploit attempts. Activity targeted CVSS [---] RCE flaws rotating 300+ user agents while scanning other enterprise platforms in parallel. Signals automated initial-access reconnaissance. 🔗 Read https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html"
X Link 2026-02-12T07:36Z 1M followers, 12.1K engagements
"A new enterprise study shows only 16% of orgs run Continuous Threat Exposure Management (CTEM). Those that do see 50% better attack surface visibility and stronger tooling adoption creating a widening security gap as environments scale. 🔗 Peer benchmarks and risk data breakdown https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html"
X Link 2026-02-12T13:35Z 1M followers, [----] engagements
"⚠ Fake recruiter coding tests pushed poisoned npm & PyPI dependencies to developers. Hidden packages deployed RAT access while separate implants stole browser & crypto wallet data. One library exceeded [-----] downloads before weaponization. 🔗 Read https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html"
X Link 2026-02-12T16:58Z 1M followers, 12.2K engagements
"Early exploitation already hitting BeyondTrust systems. Sharp telemetry from @watchtowrlabs with @ethicalhack3r detailing tradecraft; KEV updates from @CISAgov and threat links flagged by @rapid7 and @DomainTools exposing wider supply-chain risk. CISA adds exploited flaws in @Apple Notepad++ @solarwinds and @Microsoft to KEV catalog"
X Link 2026-02-13T08:48Z 1M followers, [----] engagements
"npm killed long-lived tokens after the Sha1-Hulud attack shifting to short-lived sessions and MFA by default. Security improved but MFA phishing and optional publish protections still leave gaps. Console access can still mean package compromise. 🔗 Where the new model still fails https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html"
X Link 2026-02-13T10:46Z 1M followers, [----] engagements
"⚠ Security firms uncovered coordinated abuse of Chrome extensions across business social and AI tools. From Meta ad accounts to Gmail inboxes attackers used add-ons to scrape data inject payloads and persist inside sessions. 🔗 Read https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html"
X Link 2026-02-13T11:27Z 1M followers, [----] engagements
"Worrying surge in malicious Chrome extensions stealing Meta VK Gmail and browsing data. Great work by @SocketSecurity @LayerxSecurity Koi Security QContinuum"
X Link 2026-02-13T11:32Z 1M followers, [----] engagements
"First Malicious Outlook Add-In Found Stealing 4000+ Microsoft Credentials First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page stealing 4000+ credentials in a supply chain attack"
X Link 2026-02-11T23:50Z 1M followers, 16K engagements
"SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits Researchers uncover SSHStalker an IRC botnet exploiting legacy Linux flaws and SSH servers to build persistent covert access"
X Link 2026-02-11T09:59Z 1M followers, 54.1K engagements
"Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata Docker patched a critical Ask Gordon AI flaw enabling code execution and data theft via malicious image metadata in version 4.50.0"
X Link 2026-02-03T16:44Z 1M followers, 10.5K engagements
"The CTEM Divide: Why 84% of Security Programs Are Falling Behind Study of [---] enterprises shows CTEM adopters achieve 50% better attack surface visibility and stronger security outcomes amid rising breach costs"
X Link 2026-02-12T10:56Z 1M followers, [----] engagements
"Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach redirecting users to malicious downloads since June 2025"
X Link 2026-02-02T08:59Z 1M followers, 318.9K engagements
"Google Links China Iran Russia North Korea to Coordinated Defense Sector Cyber Operations State-backed hackers from China Russia Iran and North Korea target defense contractors using espionage malware hiring scams and edge exploits"
X Link 2026-02-13T16:25Z 1M followers, [----] engagements
"On February [--] at 9:00 AM PT @Semgrep is hosting its first-ever virtual keynote - Semgrep Secure 2026: Code Security Rebuilt for the AI Era AI is now writing more code than humans and most of it is never reviewed line by line. That reality breaks the assumptions behind traditional AppSec tools which were built for a world where every line of code was human-authored and inspected. This isnt AI added to security. Its security rebuilt for how code is actually created today. Register now and join us live: https://thn.news/semgrep-secure-2026 https://thn.news/semgrep-secure-2026"
X Link 2026-02-11T11:33Z 1M followers, [----] engagements
"🤖🔐 Identity security is shifting from static controls to AI-run decisions. As outlined by SailPoint CISO Rex Booth AI-driven identity governance will automate access in real time replacing manual reviews and standing privileges. Passkeys and decentralized IDs will further reshape authentication. 🔗 [--] forecasts shaping access trust and risk https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html"
X Link 2026-02-11T19:15Z 1M followers, [----] engagements
"🔥 This weeks #ThreatsDayBulletin tracks intrusion tactics spreading across AI tools enterprise apps cloud and vehicles. Pattern: quiet access expanded through trusted systems. 🤖 Prompt abuse code exec 🧩 Loaders staged malware ☁ OAuth/cloud misuse 🛠 Enterprise RCEs 🚗 Auto zero-days 🔗 Full threat roundup https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html"
X Link 2026-02-12T11:52Z 1M followers, 63.9K engagements
"👨🏻💻 @PicusSecurity analyzed 1.1M malware samples to reveal a new era of Silent Residency. Encryption payloads down 38%. 80% of top techniques now focus on evasion. Malware uses trigonometry to bypass sandboxes. The Digital Parasite has arrived. Read the full Red Report 2026: #RedReport2026 #CyberSecurity #ThreatIntel #Malware https://thn.news/red-report-2026 https://thn.news/red-report-2026"
X Link 2026-02-12T14:57Z 1M followers, [----] engagements
"Researchers found the first malicious Microsoft Outlook add-in used in real attacks. Hackers hijacked an abandoned calendar plug-in claimed its expired domain and served a fake Microsoft loginstealing 4000+ credentials. The add-in still had mailbox read/write permissions. 🔗 Learn how. https://thehackernews.com/2026/02/first-malicious-outlook-add-in-found.html https://thehackernews.com/2026/02/first-malicious-outlook-add-in-found.html"
X Link 2026-02-12T17:37Z 1M followers, 15.7K engagements
"⚡ Google tracked multiple state groups using Gemini for vuln research exploit debugging and persona building across cyber operations. One malware strain even generated second-stage code via the API executed filelessly in memory. 🔗 Threat actor tactics malware and AI abuse cases https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html"
X Link 2026-02-12T17:59Z 1M followers, 14.6K engagements
"Sharp findings from @GoogleCloud on AI misuse in real attacks. Also notable research from @HuntressLabs and @praetorianlabs with insights from @stvemillertime and Farida Shafik on how fast adversaries are adapting"
X Link 2026-02-13T06:49Z 1M followers, [----] engagements
"This weeks ThreatsDay bulletin nails how attackers are sticking with quiet misuse of trusted tools for long-term access. Solid breakdowns from @TeamT5_Official (Taiwan APT surge) @cyfirma (LTX & Telegram hijacks) @zscaler (Marco & GuLoader) @HuntressLabs (RMM abuse) @bitdefender (data-theft ransomware) @LayerXSec (Claude RCE) @GreyNoiseIO (Telnet drop) @TalosSecurity (VoidLink) @TenableSecurity (Looker flaws) @Malwarebytes (trojanized 7-Zip). 🔥 This weeks #ThreatsDayBulletin tracks intrusion tactics spreading across AI tools enterprise apps cloud and vehicles. Pattern: quiet access expanded"
X Link 2026-02-13T08:15Z 1M followers, [----] engagements
"Solid new findings from @TalosSecurity and researchers @infosec_nick Aaron Boyd @asheermalhotra @_vventura on VoidLinks stealthy post-compromise playbook. Context from @CheckPointSW and @ontinuemxdr shows how AI-assisted malware frameworks are lowering the barrier for advanced cloud intrusions"
X Link 2026-02-13T15:29Z 1M followers, [----] engagements
"Over [--] Software Vendors Issue Security Fixes Across OS Cloud and Network Platforms Patch Tuesday delivers fixes for [--] Microsoft flaws six exploited zero-days plus critical SAP and Intel TDX vulnerabilities"
X Link 2026-02-11T13:31Z 1M followers, [----] engagements
"China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign UNC3886 targeted Singapores telecom operators via zero-day exploits rootkits and VMware systems; no customer data breach confirmed"
X Link 2026-02-09T17:02Z 1M followers, 12.1K engagements
"BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA BeyondTrust fixes CVSS [---] pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; [-----] instances exposed"
X Link 2026-02-09T08:04Z 1M followers, [----] engagements
"ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security ZAST.AI raised $6M after uncovering hundreds of zero-days and [---] CVEs using AI-generated PoC validation"
X Link 2026-02-10T12:31Z 1M followers, [----] engagements
"Apple Fixes Exploited Zero-Day Affecting iOS macOS and Apple Devices Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS macOS and Apple devices"
X Link 2026-02-12T05:51Z 1M followers, 35.4K engagements
"Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS [---] Vulnerability Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple Microsoft SolarWinds and Notepad++ flaws to KEV list"
X Link 2026-02-13T08:44Z 1M followers, [----] engagements
"Microsoft Patches [--] Vulnerabilities Including Six Actively Exploited Zero-Days Microsoft patches [--] vulnerabilities including six actively exploited zero-days with CISA mandating urgent federal remediation"
X Link 2026-02-11T10:28Z 1M followers, 13.1K engagements
"Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools Researchers uncover Reynolds ransomware embedding a vulnerable BYOVD driver to kill EDR defenses signaling advanced evasion in ransomware attacks"
X Link 2026-02-10T14:42Z 1M followers, 54.9K engagements
"OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in v2026.1.29"
X Link 2026-02-02T16:35Z 1M followers, 76.7K engagements
"UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors Cisco Talos links UAT-9921 to VoidLink a modular Zig-based malware targeting Linux cloud systems with stealth plugins and C2 control"
X Link 2026-02-13T15:24Z 1M followers, [----] engagements
"From Ransomware to Residency: Inside the Rise of the Digital Parasite Ransomware declines as stealth credential theft and persistence dominate modern cyberattacks Picus Red Report [----] finds"
X Link 2026-02-10T14:02Z 1M followers, [----] engagements
"Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs Suspected Russian actor deploys CANFAIL malware via phishing targeting Ukrainian defense energy and aid sectors using LLM-assisted lures"
X Link 2026-02-13T17:29Z 1M followers, [----] engagements
"Malicious Chrome Extensions Caught Stealing Business Data Emails and Browsing History Malicious Chrome Extensions Caught Stealing Business Data Emails and Browsing History Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities"
X Link 2026-02-13T11:27Z 1M followers, 30.6K engagements
"Claude Opus [---] Finds 500+ High-Severity Flaws Across Major Open-Source Libraries Anthropics Claude Opus [---] identified 500+ unknown high-severity flaws in open-source projects advancing AI-driven vulnerability detection"
X Link 2026-02-06T05:52Z 1M followers, 128K engagements
"Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited"
X Link 2026-02-10T04:39Z 1M followers, 41.3K engagements
"Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.01.120.4 affected patched in newer releases"
X Link 2025-12-23T07:37Z 1M followers, 324.7K engagements
"Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group Rapid7 links China-linked Lotus Blossom to a [----] Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates fixed in v8.8.9"
X Link 2026-02-03T04:58Z 1M followers, 140.8K engagements
"TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure Worm-driven TeamPCP campaign exploits Docker Kubernetes Redis Ray and React2Shell to build proxy infrastructure for data theft and ransomware"
X Link 2026-02-09T08:39Z 1M followers, 46.9K engagements
"Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support Google finds nation-state hackers abusing Gemini AI for target profiling phishing kits malware staging and model extraction attacks"
X Link 2026-02-12T17:59Z 1M followers, 14.7K engagements
"Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic targeting Baota panels Asian TLDs and government domains"
X Link 2026-02-05T04:58Z 1M followers, 17.3K engagements
"Asian State-Backed Group TGR-STA-1030 Breaches [--] Government Infrastructure Entities Asian state-linked hackers breached [--] entities used phishing N-day exploits and rootkits for global espionage"
X Link 2026-02-06T12:08Z 1M followers, 17.5K engagements
"Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack"
X Link 2026-02-06T08:43Z 1M followers, 23.4K engagements
"North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations UNC1069 targets crypto firms via Telegram lures fake Zoom meetings and multi-stage malware to steal credentials browser data and funds"
X Link 2026-02-11T06:52Z 1M followers, [----] engagements
"DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies North Korean IT operatives use stolen LinkedIn accounts fake hiring flows and malware to secure remote jobs steal data and fund state programs"
X Link 2026-02-10T17:46Z 1M followers, 12.4K engagements
"Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers deploying RATs and data-stealing malware"
X Link 2026-02-12T16:58Z 1M followers, 12.4K engagements
"npm’s Update to Harden Their Supply Chain and Points to Consider npms token overhaul boosts security but MFA bypass phishing and console access still enable supply-chain attacks"
X Link 2026-02-13T10:46Z 1M followers, [----] engagements
"⚠ ALERT A critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform. CVE-2025-68613 lets authenticated users execute arbitrary code enabling full instance takeover data access and system-level actions. More than 103k exposed instances are observed globally. 🔗 Details https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html"
X Link 2025-12-23T07:37Z 1M followers, 300.1K engagements
"🔥 Anthropics Claude Opus [---] AI found 500+ previously unknown high-severity flaws in open-source code. Impacted: Ghostscript OpenSC CGIF. Bugs ranged from buffer overflows to memory corruption all validated and patched. 🔗 Details https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html"
X Link 2026-02-06T05:52Z 1M followers, 72.6K engagements
"Kaspersky uncovered three separate infection chains in the Notepad++ supply-chain breach. Attackers rotated C2s payloads and installers for four months targeting government finance and IT entities across multiple regions. Activity stopped in Nov [----]. 🔗 Read update here https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html#kaspersky-observes-3-infection-chains https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html#kaspersky-observes-3-infection-chains"
X Link 2026-02-06T07:40Z 1M followers, 84.1K engagements
"State-linked hackers breached 70+ government & critical infrastructure networks across [--] countries Unit [--] reports. Targets include law enforcement finance ministries and border control. Initial access via phishing loaders with payloads staged on GitHub. 🔗 Intrusion chain malware design targeting scope https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html"
X Link 2026-02-06T12:08Z 1M followers, 17.2K engagements
"⚡ BeyondTrust patched pre-auth RCE (CVE-2026-1731) in Remote Support and PRA. Attackers could run OS commands via crafted requests.11K exposed instances found. Patches released. 🔗 Versions affected fixes https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html"
X Link 2026-02-09T08:04Z 1M followers, [----] engagements
"🚨🛡 Fortinet Fixes Critical FortiClientEMS RCE (CVE-2026-21643 CVSS 9.1). SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available). 🔗 See affected versions and patch guidance https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html"
X Link 2026-02-10T04:39Z 1M followers, 38.6K engagements
"🕵♂⚠ Ransomware Persists But Encryption Is No Longer the Main Signal of Attack Picus reviewed 1.1M malware samples and found a shift toward stealth access over disruption. Encryption attacks fell 38% YoY as extortion moves to data theft and credential abuse. 🔗 Explore the full stealth-attack dataset https://thehackernews.com/2026/02/from-ransomware-to-residency-inside.html https://thehackernews.com/2026/02/from-ransomware-to-residency-inside.html"
X Link 2026-02-10T14:02Z 1M followers, [----] engagements
"🧑💻💻 North Korean operatives are using real LinkedIn accounts to land remote IT jobs in Western firms. With impersonated profiles and verified emails DPRK actors secure roles to fund weapons programs and conduct espionagesome gain admin access steal data and maintain persistence. 🔍 Read the full investigation https://thehackernews.com/2026/02/dprk-operatives-impersonate.html https://thehackernews.com/2026/02/dprk-operatives-impersonate.html"
X Link 2026-02-10T17:46Z 1M followers, 11.9K engagements
"🕵♂💰 North Korea-linked UNC1069 used deepfake Zoom calls to hack crypto firms. Posing via Telegram attackers lured victims into fake meetings triggering ClickFix commands that deployed multi-stage malware on macOS & Windows to steal wallets and credentials. 🔗 Read https://thehackernews.com/2026/02/north-korea-linked-unc1069-uses-ai.html https://thehackernews.com/2026/02/north-korea-linked-unc1069-uses-ai.html"
X Link 2026-02-11T06:52Z 1M followers, [----] engagements
"Security startup @zast_ai secured new backing to scale AI-driven vulnerability validation. Its research led to [---] CVE assignments after uncovering hundreds of zero-days. Affected targets included Azure SDK Apache Struts and Alibaba Nacos. 🔗 Funding research scope enterprise impact https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html"
X Link 2026-02-11T09:03Z 1M followers, [----] engagements
"🛠 Patch Tuesday extended across enterprise tech stacks with "60+ vendors" releasing coordinated security fixes. Widely used platforms from SAP and Windows to Chrome Linux Cisco and Fortinet patched zero-days SQL injection privilege escalation and auth bypass vulnerabilities. 🔗 Full vendor list and CVEs https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html"
X Link 2026-02-11T13:31Z 1M followers, [----] engagements
"Five attacks. Five lessons. One goal: resilience. From Boeing to Ascension cybersecurity experts from Halcyon examined #ransomware incidents that reshaped cyber strategy - and the takeaways defenders can apply today. Curious which decisions changed the outcome Swipe to see the high-level hits. Dont wait for an incident to learn from one. Download the full guide: https://thn.news/attacks-changed-everything https://thn.news/attacks-changed-everything"
X Link 2026-02-11T14:00Z 1M followers, [----] engagements
"🚨 Apple shipped emergency updates after confirming exploitation of a zero-day in dyld. The bug (CVE-2026-20700) could allow attackers to execute arbitrary code on vulnerable Apple devices. 🔗 Read: Fixes extend across iOS macOS visionOS and legacy platforms. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html"
X Link 2026-02-12T05:51Z 1M followers, 35.2K engagements
"Attack surfaces are growing. Threats are accelerating. Learn how leading teams are adopting ThreatInformed Defenseto align operations with real adversary behavior not hypotheticals. This guide breaks down @FiligranHQ's sixstage TID pipelineand shows how to: Prioritize defenses based on real threats Simulate adversary behavior to validate your posture Operationalize CTI with OpenCTI+ OpenAEV Build a continuous feedback loop that sharpens detection & response 🔗 Download the guide today https://thn.news/practical-threat-defense https://thn.news/practical-threat-defense"
X Link 2026-02-12T11:18Z 1M followers, [----] engagements
"New research from @ReversingLabs and Karlo Zanki exposing Lazarus recruiter lure plus findings from @JFrogSecurity and Guy Korolevski on npm stealers. Also notable work by OpenSourceMalware and PaulMcCarty tracking crypto extortion packages tied to fake firm Veltrix Capital"
X Link 2026-02-13T06:54Z 1M followers, [----] engagements
"Threat actors are actively exploiting CVE-2026-1731 (9.9) in BeyondTrust Remote Support & PRA. Attackers extract portal data then open WebSocket channels to trigger unauthenticated RCE. 🔗 Read Patches are out but exploitation started fast. https://thehackernews.com/2026/02/researchers-observe-in-wild.html https://thehackernews.com/2026/02/researchers-observe-in-wild.html"
X Link 2026-02-13T08:44Z 1M followers, [----] engagements
"Solid progress from @npmjs and @GHSecurityLab on token security after recent attacks. MFA phishing risks still lingermake it mandatory for publishes @chainguard_dev builds from source to avoid most known malware"
X Link 2026-02-13T10:49Z 1M followers, [----] engagements
"🛑 Researchers track UAT-9921 using the VoidLink modular malware framework against tech and finance targets. The Linux-focused toolkit enables stealth persistence scanning and lateral movement via post-compromise C2 implants. 🔗 Look inside the frameworks stealth and RBAC design https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html"
X Link 2026-02-13T15:24Z 1M followers, [----] engagements
"The SANS State of ICS/OT Security [----] Report reveals an industry advancing at two speeds. Detection is faster but recovery still lagswith one in five incidents taking over a month to restore operations. Get the intel 👉 #ICSsecurity #OTsecurity #OTincidentresponse #SANS https://thn.news/sans-ot-report https://thn.news/sans-ot-report"
X Link 2026-02-13T15:38Z 1M followers, [----] engagements
"Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware"
X Link 2026-02-03T14:07Z 1M followers, 13.9K engagements
"China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain hypervisor control"
X Link 2026-01-09T17:44Z 1M followers, 15.4K engagements
"Webinar The Smarter SOC Blueprint: Learn What to Build Buy and Automate Live webinar explains how modern SOCs decide what to build buy or automate to reduce tool sprawl and improve outcomes"
X Link 2026-02-03T14:56Z 1M followers, 11.2K engagements
"Apple Patches CVE-2025-43300 Zero-Day in iOS iPadOS and macOS Exploited in Targeted Attacks Apple patches CVE-2025-43300 zero-day in iOS iPadOS and macOS after active exploitation reports"
X Link 2025-08-21T04:48Z 1M followers, 375.5K engagements
"SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS [---] Score SmarterTools fixed critical SmarterMail flaws including CVSS [---] unauthenticated RCE and NTLM relay bugs urging users to update immediately"
X Link 2026-01-30T07:11Z 1M followers, 15.8K engagements
"Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers Python infostealers are spreading from Windows to macOS via Google Ads ClickFix lures and fake installers to steal credentials and financial data"
X Link 2026-02-04T07:44Z 1M followers, [----] engagements
"A Cybercrime Merger Like No Other — Scattered Spider LAPSUS$ and ShinyHunters Join Forces Scattered Spider LAPSUS$ and ShinyHunters unite as Scattered LAPSUS$ Hunters reshaping cybercrime with Telegram extortion"
X Link 2025-11-04T17:25Z 1M followers, 101.5K engagements
"Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access A 9.8-severity flaw (CVE-2026-24061) in GNU InetUtils telnetd allows remote authentication bypass and root access in versions 1.9.3 to 2.7"
X Link 2026-01-22T16:32Z 1M followers, 53.1K engagements
"CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV ordering federal agencies to patch by February 2026"
X Link 2026-02-04T05:57Z 1M followers, [----] engagements
"New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems Critical OpenSSH vulnerability allows remote code execution on Linux systems. Patch now to protect against potential attacks on millions of exposed se"
X Link 2024-07-02T05:32Z 1M followers, [----] engagements
"GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs GlassWorm malware returns in VS Code extensions hiding via Unicode and reviving itself through blockchain"
X Link 2025-11-10T08:53Z 1M followers, 107.2K engagements
"Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files activating malware on import in version 1.2.0"
X Link 2026-01-28T10:01Z 1M followers, [----] engagements
"ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts Second-order prompt injection exploits ServiceNow agent discovery enabling unauthorized actions unless configurations and monitoring are tightened"
X Link 2025-12-21T13:30Z 1M followers, 16.8K engagements
"ShadyPanda Turns Popular Browser Extensions with [---] Million Installs Into Spyware ShadyPanda abused browser extensions for seven years turning 4.3M installs into a multi-phase surveillance and hijacking campaign"
X Link 2025-12-01T17:34Z 1M followers, 64K engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing