Daily Cyber News

German Agencies Warn of Signal Phishing Attacks Targeting Politicians, Military, and Journalists

Germany’s Federal Office for the Protection of the Constitution, known as BfV, together with the Federal Office for Information Security BSI, have issued a joint cybersecurity alert regarding an active phishing campaign abusing the Signal messaging platform. According to the advisory, the campaign is attributed to a likely state-sponsored threat actor and is specifically aimed at politicians, military officials, diplomats, […]

German Agencies Warn of Signal Phishing Attacks Targeting Politicians, Military, and Journalists Read More »

BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products

BeyondTrust has released security updates to remediate a critical vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. If exploited, the flaw could allow unauthenticated attackers to achieve remote code execution on vulnerable systems. In a security advisory published on February 6, 2026, BeyondTrust confirmed that Remote Support and certain legacy versions of Privileged Remote Access

BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products Read More »

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware

Cybersecurity researchers have uncovered a sophisticated adversary-in-the-middle framework named DKnife, which has been operated by China-linked threat actors since at least 2019. The framework is designed to compromise routers and edge devices, enabling large-scale traffic interception, credential theft, and targeted malware distribution. According to a report published by Cisco Talos, DKnife consists of multiple Linux-based implants

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware Read More »

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations

Cybersecurity researchers at Palo Alto Networks Unit 42 have uncovered a previously unknown state-backed cyber espionage group that has compromised at least 70 government and critical infrastructure organizations across 37 countries within the last year. The threat actor, tracked as TGR-STA-1030, has also conducted widespread reconnaissance activities targeting government-related infrastructure in 155 countries between November and

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations Read More »

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware

Cybersecurity researchers have uncovered a software supply chain attack involving compromised packages on npm and the Python Package Index (PyPI) that were used to distribute cryptocurrency wallet stealers and remote access malware. The malicious activity targeted developer tools associated with the dYdX v4 protocol, a decentralized exchange used for margin and perpetual trading. The affected package versions are listed below. Affected Packages

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware Read More »

AISURU and Kimwolf Botnet Launch Record-Breaking 31.4 Tbps DDoS Attack

Cybersecurity researchers have attributed a record-breaking distributed denial-of-service attack to the AISURU and Kimwolf botnet, which generated traffic peaks of 31.4 terabits per second and lasted approximately 35 seconds, making it one of the largest DDoS attacks ever recorded. Cloudflare confirmed that the attack occurred in November 2025 and was automatically detected and mitigated by its systems. The company said the incident

AISURU and Kimwolf Botnet Launch Record-Breaking 31.4 Tbps DDoS Attack Read More »

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends

The Iranian state-linked threat group known as Infy, also tracked as Prince of Persia, has resumed cyber operations after a temporary pause that coincided with Iran’s nationwide internet shutdown in early January 2026. Researchers say the group reappeared with new command-and-control (C2) servers, reinforcing assessments that Infy operates with state backing. According to a report released by SafeBreach, the

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends Read More »

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows

A severe security vulnerability has been disclosed in the n8n workflow automation platform that could allow attackers to execute arbitrary system commands on affected servers. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), bypasses prior safeguards introduced to fix CVE-2025-68613, which was patched in December 2025. According to n8n maintainers, an authenticated user with workflow creation or modification privileges can

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows Read More »

Malicious NGINX Configurations Power a Large-Scale Web Traffic Hijacking Campaign

Cybersecurity researchers have identified an active campaign in which attackers exploit NGINX installations and management platforms such as Baota (BT) Panel to hijack web traffic on a large scale. The operation manipulates web requests, routing them through infrastructure controlled by threat actors. Datadog Security Labs reported that the campaign leverages React2Shell (CVE-2025-55182, CVSS score: 10.0) exploits alongside malicious NGINX configurations to

Malicious NGINX Configurations Power a Large-Scale Web Traffic Hijacking Campaign Read More »

Microsoft Builds a Scanner to Identify Backdoors in Open-Weight Large Language Models

Microsoft has introduced a lightweight security scanner designed to detect hidden backdoors in open-weight large language models (LLMs), aiming to strengthen trust and safety across artificial intelligence systems. According to Microsoft’s AI Security team, the scanner relies on three observable behavioral signals that can reliably indicate whether a model has been compromised, while keeping false

Microsoft Builds a Scanner to Identify Backdoors in Open-Weight Large Language Models Read More »