Daily Cyber News

Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution

Fortinet has released security updates to remediate a critical security flaw affecting FortiClientEMS that could allow attackers to execute arbitrary code without authentication. The vulnerability is tracked as CVE-2026-21643 and carries a CVSS score of 9.1, placing it among high impact enterprise security risks. According to Fortinet, the issue stems from improper handling of user […]

Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution Read More »

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations

Singapore’s Cyber Security Agency (CSA) has confirmed that a China linked cyber espionage group known as UNC3886 carried out a coordinated and targeted campaign against the country’s telecommunications sector. According to CSA, the operation was deliberate, highly organized, and carefully executed. All four major telecommunications providers in Singapore, M1, SIMBA Telecom, Singtel, and StarHub, were

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations Read More »

Bloody Wolf Targets Uzbekistan and Russia with NetSupport RAT via Spear-Phishing Campaign

Cybersecurity researchers have linked a targeted cyber campaign to the threat actor known as Bloody Wolf, which is actively infecting systems in Uzbekistan and Russia through spear-phishing emails that deliver the NetSupport Remote Access Trojan. The activity is being monitored by cybersecurity firm Kaspersky under the tracking name Stan Ghouls. The group has been operational

Bloody Wolf Targets Uzbekistan and Russia with NetSupport RAT via Spear-Phishing Campaign Read More »

TeamPCP Worm Abuses Cloud Infrastructure to Build Criminal Operations

Cybersecurity experts have uncovered a large and coordinated malicious campaign that abuses cloud native environments to construct infrastructure used for cybercrime operations. Researchers describe the activity as a worm driven operation that spreads automatically across exposed cloud services. The campaign was first observed around December 25, 2025, and relies on publicly exposed Docker APIs, Kubernetes

TeamPCP Worm Abuses Cloud Infrastructure to Build Criminal Operations Read More »

OpenClaw Integrates VirusTotal Scanning to Identify Malicious ClawHub Skills

OpenClaw, previously known as Moltbot and Clawdbot, has announced a new security partnership with Google-owned VirusTotal to strengthen defenses across its skill marketplace, ClawHub. The move is aimed at reducing the growing risk of malicious skills entering the rapidly expanding agentic AI ecosystem. According to OpenClaw founder Peter Steinberger and collaborators Jamieson O’Reilly and Bernardo Quintero, every

OpenClaw Integrates VirusTotal Scanning to Identify Malicious ClawHub Skills Read More »

German Agencies Warn of Signal Phishing Attacks Targeting Politicians, Military, and Journalists

Germany’s Federal Office for the Protection of the Constitution, known as BfV, together with the Federal Office for Information Security BSI, have issued a joint cybersecurity alert regarding an active phishing campaign abusing the Signal messaging platform. According to the advisory, the campaign is attributed to a likely state-sponsored threat actor and is specifically aimed at politicians, military officials, diplomats,

German Agencies Warn of Signal Phishing Attacks Targeting Politicians, Military, and Journalists Read More »

BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products

BeyondTrust has released security updates to remediate a critical vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. If exploited, the flaw could allow unauthenticated attackers to achieve remote code execution on vulnerable systems. In a security advisory published on February 6, 2026, BeyondTrust confirmed that Remote Support and certain legacy versions of Privileged Remote Access

BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products Read More »

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware

Cybersecurity researchers have uncovered a sophisticated adversary-in-the-middle framework named DKnife, which has been operated by China-linked threat actors since at least 2019. The framework is designed to compromise routers and edge devices, enabling large-scale traffic interception, credential theft, and targeted malware distribution. According to a report published by Cisco Talos, DKnife consists of multiple Linux-based implants

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware Read More »

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations

Cybersecurity researchers at Palo Alto Networks Unit 42 have uncovered a previously unknown state-backed cyber espionage group that has compromised at least 70 government and critical infrastructure organizations across 37 countries within the last year. The threat actor, tracked as TGR-STA-1030, has also conducted widespread reconnaissance activities targeting government-related infrastructure in 155 countries between November and

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations Read More »

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware

Cybersecurity researchers have uncovered a software supply chain attack involving compromised packages on npm and the Python Package Index (PyPI) that were used to distribute cryptocurrency wallet stealers and remote access malware. The malicious activity targeted developer tools associated with the dYdX v4 protocol, a decentralized exchange used for margin and perpetual trading. The affected package versions are listed below. Affected Packages

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware Read More »