Daily Cyber News

DEAD#VAX Malware Campaign Spreads AsyncRAT Using IPFS-Hosted VHD Phishing Files

Threat hunters have revealed details of a sophisticated malware operation named DEAD#VAX, a stealth focused campaign that combines disciplined operational techniques with the abuse of legitimate Windows features to evade detection and deploy the AsyncRAT remote access trojan. According to researchers from Securonix, the campaign relies on IPFS hosted virtual hard disk files, advanced script obfuscation, […]

DEAD#VAX Malware Campaign Spreads AsyncRAT Using IPFS-Hosted VHD Phishing Files Read More »

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns

Threat actors with links to China have been connected to a new wave of cyber espionage operations aimed at government and law enforcement institutions across Southeast Asia during 2025. Check Point Research has attributed the activity to a previously undocumented threat cluster named Amaranth-Dragon, which researchers say shows notable overlaps with the APT41 ecosystem. Countries

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns Read More »

Microsoft Warns of Python Infostealers Targeting macOS Through Fake Ads and Installers

Microsoft has issued a warning that information stealing malware campaigns are rapidly expanding beyond Windows systems and increasingly targeting Apple macOS environments. According to the company, attackers are using cross platform programming languages such as Python and abusing trusted advertising and software distribution platforms to scale these attacks. Researchers from the Microsoft Defender Security Research

Microsoft Warns of Python Infostealers Targeting macOS Through Fake Ads and Installers Read More »

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real world attacks. The vulnerability, identified as CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data. Successful exploitation

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE Vulnerability to KEV Catalog Read More »

Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution via Image Metadata

Cybersecurity researchers have revealed a serious vulnerability affecting Ask Gordon, the AI assistant integrated into Docker Desktop and Docker CLI, that could allow attackers to execute code and steal sensitive information. The flaw, dubbed DockerDash by Noma Labs, was fixed in Docker version 4.50.0 released in November 2025. How DockerDash Works According to Sasi Levi, lead security researcher

Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution via Image Metadata Read More »

APT28 Leverages Microsoft Office CVE-2026-21509 in Espionage Oriented Malware Attacks

A Russia-linked state-sponsored hacking group known as APT28, also tracked as UAC-0001, has been linked to a new cyber espionage campaign that abuses a recently disclosed Microsoft Office vulnerability. The operation, internally referred to as Operation Neusploit, leverages CVE-2026-21509 to deliver sophisticated malware payloads against targeted regions. Exploitation Observed Shortly After Disclosure According to Zscaler ThreatLabz,

APT28 Leverages Microsoft Office CVE-2026-21509 in Espionage Oriented Malware Attacks Read More »

Hackers Exploit Metro4Shell RCE Vulnerability in React Native CLI npm Package

Cybersecurity researchers have identified active exploitation of a critical remote code execution vulnerability affecting the Metro Development Server used by the @react-native-community/cli npm package. The flaw allows unauthenticated attackers to execute arbitrary operating system commands on exposed systems. The vulnerability, tracked as CVE-2025-11953 and commonly referred to as Metro4Shell, carries a CVSS severity score of 9.8. According to VulnCheck, real

Hackers Exploit Metro4Shell RCE Vulnerability in React Native CLI npm Package Read More »

Notepad++ Hosting Breach Linked to China Linked Lotus Blossom Hacking Group

A China linked cyber espionage group tracked as Lotus Blossom has been attributed with medium confidence to the recent compromise of infrastructure used to host the Notepad++ project. The attribution comes from new technical findings released by cybersecurity firm Rapid7. According to the investigation, the intrusion allowed the state sponsored threat actor to deliver a

Notepad++ Hosting Breach Linked to China Linked Lotus Blossom Hacking Group Read More »

Researchers Discover 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

A recent security audit of ClawHub, the marketplace for OpenClaw skills, has uncovered 341 malicious skills among 2,857 reviewed entries, revealing new supply chain threats for OpenClaw users. The analysis was conducted by Koi Security with the assistance of an OpenClaw bot named Alex. ClawHub is designed to help OpenClaw users discover and install third-party

Researchers Discover 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users Read More »

OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link

A critical security vulnerability has been identified in OpenClaw, previously known as Clawdbot and Moltbot, that enables attackers to Customer Cabinetachieve remote code execution by tricking users into clicking a specially crafted link. The flaw has been assigned CVE-2026-25253 and carries a high CVSS score of 8.8. The issue was resolved in OpenClaw version 2026.1.29,

OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link Read More »