Daily Cyber News

MuddyWater Targets MENA Organizations Using GhostFetch, CHAR, and HTTP_VIP

The Iranian state aligned threat group MuddyWater, also tracked as Earth Vetala, Mango Sandstorm, and MUDDYCOAST, has initiated a fresh cyber espionage campaign aimed at organizations and individuals across the Middle East and North Africa region. The latest operation, named Operation Olalampo, demonstrates the group’s continued evolution in malware development and operational tactics. According to […]

MuddyWater Targets MENA Organizations Using GhostFetch, CHAR, and HTTP_VIP Read More »

AI Assisted Threat Actor Compromises Over 600 FortiGate Devices Across 55 Countries

Amazon Threat Intelligence has reported a sophisticated cyber campaign in which a Russian-speaking, financially motivated threat actor leveraged commercial generative AI tools to compromise over 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, demonstrates how AI is increasingly lowering the barrier to entry for cybercriminals with limited

AI Assisted Threat Actor Compromises Over 600 FortiGate Devices Across 55 Countries Read More »

CISA Adds Two Actively Exploited Roundcube Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-risk vulnerabilities affecting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of active exploitation, underscoring the urgency for organizations to patch affected systems promptly. Details of the Vulnerabilities The newly listed vulnerabilities include: Dubai-based cybersecurity company FearsOff,

CISA Adds Two Actively Exploited Roundcube Vulnerabilities to KEV Catalog Read More »

Amazon Says AI Assisted Hacker Breached 600 Fortinet Firewalls in Five Weeks

Amazon has reported a global hacking campaign in which a Russian-speaking threat actor leveraged generative AI tools to breach more than 600 Fortinet FortiGate firewalls in 55 countries over five weeks. The attacks, carried out between January 11 and February 18, 2026, relied on weak credentials and exposed management interfaces rather than zero-day exploits, highlighting

Amazon Says AI Assisted Hacker Breached 600 Fortinet Firewalls in Five Weeks Read More »

PayPal Reveals Six Month Data Breach Exposing User Information

Digital payments giant PayPal has disclosed a data security incident that exposed sensitive customer information for nearly six months. The issue stemmed from a software error within its small business lending platform, raising renewed concerns about data governance, financial technology security, and regulatory compliance. Software Error Behind Prolonged Data Exposure According to PayPal, the incident

PayPal Reveals Six Month Data Breach Exposing User Information Read More »

Data Breach at French Bank Registry Affects 1.2 Million Accounts

France’s financial authorities have revealed a major cybersecurity breach affecting approximately 1.2 million bank account records. The incident targeted the country’s centralized bank account registry, raising serious concerns about data protection, identity theft, and financial fraud. Officials have launched a full investigation while strengthening national cybersecurity defenses. Unauthorized Access to National Bank Registry The French

Data Breach at French Bank Registry Affects 1.2 Million Accounts Read More »

Mississippi Medical Center Shuts Down All Clinics Following Ransomware Attack

A major healthcare provider in the United States has temporarily closed all its clinic locations following a disruptive cyberattack. The University of Mississippi Medical Center (UMMC) confirmed that a ransomware incident forced it to shut down multiple IT systems while emergency protocols were activated to maintain patient care. Authorities at the federal level are now

Mississippi Medical Center Shuts Down All Clinics Following Ransomware Attack Read More »

BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data

A critical security flaw affecting BeyondTrust Remote Support and BeyondTrust Privileged Remote Access products is being actively exploited by threat actors to deploy web shells, backdoors, malware, and exfiltrate sensitive data. The vulnerability, tracked as CVE-2026-1731, carries a CVSS score of 9.9. Nature of the Vulnerability The flaw stems from a sanitization failure in the “thin-scc-wrapper” script, accessible via

BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data Read More »

Cline CLI 2.3.0 Supply Chain Attack Deployed OpenClaw on Developer Systems

A recent software supply chain incident impacted the open source AI coding assistant Cline CLI, after attackers published a compromised version to the npm registry that silently installed OpenClaw on developer systems. On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to release cline@2.3.0. The altered package included

Cline CLI 2.3.0 Supply Chain Attack Deployed OpenClaw on Developer Systems Read More »

ClickFix Campaign Exploits Compromised Websites to Deploy MIMICRAT Malware

Cybersecurity researchers have uncovered a sophisticated ClickFix campaign that leverages compromised legitimate websites to distribute a newly identified remote access trojan named MIMICRAT, also referred to as AstarionRAT. According to Elastic Security Labs, the operation demonstrates significant technical maturity. Attackers are using breached websites across various industries and regions as delivery infrastructure, deploying a multi stage

ClickFix Campaign Exploits Compromised Websites to Deploy MIMICRAT Malware Read More »