Daily Cyber News

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The official update infrastructure of Notepad++ was compromised in a highly targeted cyber operation, resulting in malware being delivered to select users. The project’s lead developer, Don Ho, confirmed that the incident was caused by a hosting level breach rather than a flaw in the Notepad++ source code itself. According to Ho, attackers gained control […]

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users Read More »

eScan Antivirus Update Servers Compromised to Distribute Multi Stage Malware

The update infrastructure of eScan antivirus, a security product developed by Indian cybersecurity firm MicroWorld Technologies, has been compromised in a supply chain attack that allowed unknown threat actors to distribute multi-stage malware to both enterprise and consumer systems. According to Morphisec researcher Michael Gorelik, the attackers abused eScan’s legitimate update mechanism to push malicious

eScan Antivirus Update Servers Compromised to Distribute Multi Stage Malware Read More »

Open VSX Supply Chain Attack Used a Compromised Developer Account to Spread GlassWorm

Cybersecurity researchers have uncovered a supply chain attack targeting the Open VSX Registry, where unknown threat actors compromised a legitimate developer account to distribute malicious updates through trusted extensions. According to Socket security researcher Kirill Boychenko, on January 30, 2026, four well established Open VSX extensions published by a developer identified as “oorzc” were updated

Open VSX Supply Chain Attack Used a Compromised Developer Account to Spread GlassWorm Read More »

CERT Polska Details Coordinated Cyber Attacks on Over 30 Wind and Solar Farms

CERT Polska, Poland’s national computer emergency response team, has disclosed details of a coordinated cyber attack campaign that targeted more than 30 wind and photovoltaic energy farms, a private manufacturing sector company, and a major combined heat and power plant supplying heat to nearly half a million customers. The attacks occurred on December 29, 2025,

CERT Polska Details Coordinated Cyber Attacks on Over 30 Wind and Solar Farms Read More »

Mandiant Identifies ShinyHunters Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant has reported a significant rise in threat activity involving sophisticated voice phishing operations designed to compromise cloud-based software-as-a-service platforms. The activity shows strong tradecraft similarities to extortion campaigns historically associated with the financially motivated cybercrime group known as ShinyHunters. These attacks rely on advanced vishing techniques combined with fake credential harvesting websites that

Mandiant Identifies ShinyHunters Style Vishing Attacks Stealing MFA to Breach SaaS Platforms Read More »

Iran Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Cybersecurity researchers have uncovered a new cyber espionage campaign, dubbed RedKitten, that is believed to be linked to Iranian state aligned threat actors. The operation is targeting non governmental organizations, human rights defenders, and individuals documenting recent abuses linked to Iran’s internal unrest. The campaign was identified by French cybersecurity firm HarfangLab in January 2026 and appears to coincide with

Iran Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Read More »

SmarterMail Patches Critical Unauthenticated RCE Vulnerability with CVSS 9.3 Score

SmarterTools has released security updates for its SmarterMail email platform, addressing multiple vulnerabilities, including a critical unauthenticated remote code execution flaw that could allow attackers to run arbitrary commands on affected systems. The most severe issue is tracked as CVE-2026-24423 and carries a CVSS score of 9.3, indicating a high risk to unpatched deployments. Unauthenticated RCE via ConnectToHub

SmarterMail Patches Critical Unauthenticated RCE Vulnerability with CVSS 9.3 Score Read More »

Researchers Uncover Chrome Extensions Exploiting Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered a cluster of malicious Google Chrome extensions designed to hijack affiliate links, exfiltrate user data, and steal OpenAI ChatGPT authentication tokens. These extensions exploit the trust users place in popular e-commerce and AI-related browser tools to gain persistent access to sensitive information. Amazon Ads Blocker and Affiliate Hijacking One notable extension, Amazon

Researchers Uncover Chrome Extensions Exploiting Affiliate Links and Stealing ChatGPT Access Read More »

China Linked UAT 8099 Targets IIS Servers in Asia Using BadIIS SEO Malware

Cybersecurity researchers have uncovered a new malicious campaign attributed to a China linked threat actor tracked as UAT 8099. The activity, observed between late 2025 and early 2026, targeted vulnerable Microsoft Internet Information Services servers across multiple Asian countries. The campaign was identified by Cisco Talos, which reported that the attacks primarily focused on IIS

China Linked UAT 8099 Targets IIS Servers in Asia Using BadIIS SEO Malware Read More »

Two Ivanti EPMM Zero Day RCE Vulnerabilities Actively Exploited, Security Updates Released

Ivanti has released urgent security updates to fix two critical vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM), both of which have been actively exploited as zero day attacks. One of the flaws has also been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  Known Exploited Vulnerabilities catalog, highlighting the severity of the threat.

Two Ivanti EPMM Zero Day RCE Vulnerabilities Actively Exploited, Security Updates Released Read More »