Daily Cyber News

Researchers Discover 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

Cybersecurity researchers have uncovered a large scale exposure of artificial intelligence infrastructure after identifying more than 175,000 publicly accessible Ollama AI servers operating across 130 countries. The findings come from a joint investigation conducted by SentinelOne SentinelLABS and Censys, which highlights the rapid growth of unmanaged AI compute environments on the public internet. According to […]

Researchers Discover 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries Read More »

Survey of Over 100 Energy Systems Reveals Critical OT Cybersecurity Gaps

A recent study conducted by OMICRON has uncovered serious cybersecurity shortcomings within operational technology networks used across substations, power plants, and control centers globally. The assessment, which analyzed more than 100 real world energy installations, reveals repeated technical, organizational, and functional weaknesses that continue to expose critical infrastructure to cyber threats. The research is based

Survey of Over 100 Energy Systems Reveals Critical OT Cybersecurity Gaps Read More »

SolarWinds Fixes Four Critical Web Help Desk Flaws Allowing Unauthenticated RCE and Authentication Bypass

SolarWinds has issued security updates to fix multiple vulnerabilities affecting SolarWinds Web Help Desk (WHD), including four critical flaws that could enable unauthenticated attackers to bypass authentication and execute arbitrary code on affected systems. The vulnerabilities pose a serious risk to organizations using the platform, as several of the issues can be exploited without valid credentials, potentially giving

SolarWinds Fixes Four Critical Web Help Desk Flaws Allowing Unauthenticated RCE and Authentication Bypass Read More »

Google Disrupts IPIDEA, One of the World’s Largest Residential Proxy Networks

Google has announced the disruption of IPIDEA, widely recognized as one of the largest residential proxy networks in operation. The takedown involved legal actions to seize dozens of domains used to control infected devices and route proxy traffic, rendering IPIDEA’s main website (www.ipidea.io) inaccessible. IPIDEA previously promoted itself as a leading IP proxy provider, claiming

Google Disrupts IPIDEA, One of the World’s Largest Residential Proxy Networks Read More »

Fake Moltbot AI Coding Assistant on VS Code Marketplace Distributes Malware

Cybersecurity researchers have uncovered a malicious Visual Studio Code extension that impersonated Moltbot, previously known as Clawdbot, and secretly installed malware on developer systems. The fake extension was distributed through Microsoft’s official VS Code Marketplace and falsely advertised itself as a free AI powered coding assistant. The extension, listed as “ClawdBot Agent, AI Coding Assistant” with the

Fake Moltbot AI Coding Assistant on VS Code Marketplace Distributes Malware Read More »

Critical vm2 Node.js Vulnerability Allows Sandbox Escape and Arbitrary Code Execution

A critical security vulnerability has been disclosed in the widely used vm2 Node.js library, exposing systems to sandbox escape and arbitrary code execution risks. If exploited successfully, attackers could execute malicious code directly on the host operating system, completely bypassing vm2’s intended isolation mechanisms. The flaw is tracked as CVE-2026-22709 and carries a CVSS score of 9.8, placing it among the

Critical vm2 Node.js Vulnerability Allows Sandbox Escape and Arbitrary Code Execution Read More »

Two High Severity n8n Vulnerabilities Allow Authenticated Remote Code Execution

Cybersecurity researchers have disclosed two serious security flaws in the n8n workflow automation platform that could allow authenticated attackers to achieve remote code execution (RCE) and potentially take full control of affected environments. The vulnerabilities were discovered by the JFrog Security Research team and impact n8n’s sandboxing mechanisms for both JavaScript and Python execution. Given n8n’s deep integration across enterprise automation

Two High Severity n8n Vulnerabilities Allow Authenticated Remote Code Execution Read More »

Fake Python Spellchecker Packages on PyPI Deliver Hidden Remote Access Trojan

Cybersecurity researchers have uncovered two malicious Python packages on the Python Package Index (PyPI) that posed as legitimate spellchecking tools while secretly delivering a remote access trojan (RAT). The packages, spellcheckerpy and spellcheckpy, have since been removed, but not before they were downloaded more than 1,000 times combined. According to Aikido researcher Charlie Eriksen, the malware was concealed

Fake Python Spellchecker Packages on PyPI Deliver Hidden Remote Access Trojan Read More »

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google has warned that multiple threat actors are actively exploiting a critical security vulnerability in WinRAR, despite the issue being patched months ago. The attacks involve a mix of nation state groups and financially motivated cybercriminals using the flaw to gain initial system access and deploy malware. According to the Google Threat Intelligence Group (GTIG), the vulnerability

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 Read More »

China Linked Hackers Have Been Using the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity analysts have uncovered a JavaScript based command and control framework known as PeckBirdy, which has been actively used by China-aligned advanced persistent threat groups since 2023 to compromise diverse environments. According to research published by Trend Micro, the framework has been deployed in attacks against Chinese online gambling platforms as well as targeted operations aimed

China Linked Hackers Have Been Using the PeckBirdy JavaScript C2 Framework Since 2023 Read More »