Daily Cyber News

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

The United States Cybersecurity and Infrastructure Security Agency has officially added a newly revealed security flaw in FileZen to its Known Exploited Vulnerabilities (KEV) catalog after confirming that threat actors are actively abusing the issue in real world attacks. The vulnerability, identified as CVE-2026-25108, carries a CVSS v4 severity rating of 8.7 and involves an operating […]

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability Read More »

RoguePilot Vulnerability in GitHub Codespaces Allowed GitHub Copilot to Expose GITHUB_TOKEN

A now patched security flaw in GitHub Codespaces could have allowed attackers to hijack repositories by abusing Copilot through a malicious GitHub issue. The vulnerability, discovered by Orca Security, was named RoguePilot and responsibly disclosed to Microsoft. How the Attack Worked The weakness stemmed from how Codespaces integrates Copilot into developer workflows. When a user launches a

RoguePilot Vulnerability in GitHub Codespaces Allowed GitHub Copilot to Expose GITHUB_TOKEN Read More »

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware

A Russia aligned cyber threat group has been linked to a targeted social engineering campaign against a European financial institution, marking a potential expansion beyond its usual Ukraine focused operations. The activity has been attributed to UAC-0050, also known as DaVinci Group. Threat intelligence firm BlueVoyant tracks the cluster under the name Mercenary Akula. The attack reportedly targeted

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware Read More »

Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea aligned threat collective Lazarus Group, also tracked under alternative names such as Diamond Sleet and Pompilus, has been linked to fresh ransomware activity impacting organizations in the Middle East and the United States healthcare sector. According to research published by the Symantec and Carbon Black Threat Hunter Team, part of Broadcom, the group leveraged

Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks Read More »

UnsolicitedBooker Targets Central Asian Telecoms with LuciDoor and MarsSnake Backdoors

The threat cluster known as UnsolicitedBooker has expanded its targeting footprint, moving from earlier operations in Saudi Arabia to telecommunications providers in Kyrgyzstan and Tajikistan. Security researchers report that the campaign involves two custom backdoors, LuciDoor and MarsSnake, deployed through carefully crafted phishing operations. According to findings released by Positive Technologies, the attackers relied on uncommon

UnsolicitedBooker Targets Central Asian Telecoms with LuciDoor and MarsSnake Backdoors Read More »

Anthropic Claims Chinese AI Firms Used 16 Million Claude Queries to Replicate Its Model

Artificial intelligence firm Anthropic has revealed that three China based AI companies allegedly conducted large scale extraction campaigns targeting its Claude language model. According to the company, the activity involved millions of automated interactions designed to replicate Claude’s advanced capabilities. The organizations named in the disclosure include DeepSeek, Moonshot AI, and MiniMax. Anthropic claims the coordinated campaigns violated its terms

Anthropic Claims Chinese AI Firms Used 16 Million Claude Queries to Replicate Its Model Read More »

APT28 Targeted European Organizations with Webhook Based Macro Malware

A state sponsored cyber espionage group known as APT28 has been linked to a fresh cyber campaign directed at selected entities across Western and Central Europe. The operation, identified by the threat intelligence unit LAB52 of S2 Grupo, remained active from September 2025 through January 2026. Researchers have named the activity Operation MacroMaze, highlighting its structured yet deceptively simple

APT28 Targeted European Organizations with Webhook Based Macro Malware Read More »

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited

The U.S. Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency, has issued an urgent alert regarding two recently patched vulnerabilities affecting Roundcube Webmail. The agency confirmed that both flaws are now being actively exploited in real world attacks and has directed federal agencies to apply patches within three weeks. Roundcube has served as the default

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited Read More »

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb

Cybersecurity analysts have uncovered a sophisticated cryptojacking campaign that distributes a customized XMRig miner through pirated software bundles. The operation combines social engineering, privilege escalation, worm like propagation, and a time triggered logic bomb to maximize cryptocurrency mining performance on compromised systems. According to a technical assessment published by Trellix, the malware demonstrates a multi stage

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb Read More »

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have uncovered an active supply chain attack leveraging at least 19 malicious npm packages to harvest credentials, cryptocurrency private keys, CI secrets, and API tokens from developer environments. The campaign, named SANDWORM_MODE by Socket, exhibits worm like behavior similar to earlier Shai Hulud style attacks. The malware is designed not only to extract sensitive

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens Read More »