Exploitation

BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data

A critical security flaw affecting BeyondTrust Remote Support and BeyondTrust Privileged Remote Access products is being actively exploited by threat actors to deploy web shells, backdoors, malware, and exfiltrate sensitive data. The vulnerability, tracked as CVE-2026-1731, carries a CVSS score of 9.9. Nature of the Vulnerability The flaw stems from a sanitization failure in the “thin-scc-wrapper” script, accessible via […]

BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data Read More »

Cline CLI 2.3.0 Supply Chain Attack Deployed OpenClaw on Developer Systems

A recent software supply chain incident impacted the open source AI coding assistant Cline CLI, after attackers published a compromised version to the npm registry that silently installed OpenClaw on developer systems. On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to release cline@2.3.0. The altered package included

Cline CLI 2.3.0 Supply Chain Attack Deployed OpenClaw on Developer Systems Read More »

ClickFix Campaign Exploits Compromised Websites to Deploy MIMICRAT Malware

Cybersecurity researchers have uncovered a sophisticated ClickFix campaign that leverages compromised legitimate websites to distribute a newly identified remote access trojan named MIMICRAT, also referred to as AstarionRAT. According to Elastic Security Labs, the operation demonstrates significant technical maturity. Attackers are using breached websites across various industries and regions as delivery infrastructure, deploying a multi stage

ClickFix Campaign Exploits Compromised Websites to Deploy MIMICRAT Malware Read More »

Critical Vulnerabilities Discovered in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have uncovered serious security vulnerabilities in four widely used Microsoft Visual Studio Code extensions. These flaws could allow attackers to steal sensitive local files and remotely execute malicious code on developers’ machines. The affected extensions, installed more than 125 million times collectively, include Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live

Critical Vulnerabilities Discovered in Four VS Code Extensions with Over 125 Million Installs Read More »

Dell RecoverPoint for VMs Zero Day CVE-2026-22769 Exploited Since Mid 2024

A severe security vulnerability in Dell RecoverPoint for Virtual Machines (VMs) has been actively exploited as a zero-day by a suspected China-linked threat group known as UNC6201 since mid-2024, according to findings from Google Mandiant and the Google Threat Intelligence Group (GTIG). The vulnerability, identified as CVE-2026-22769 with a maximum CVSS score of 10.0, stems

Dell RecoverPoint for VMs Zero Day CVE-2026-22769 Exploited Since Mid 2024 Read More »

Notepad++ Patches Hijacked Update Mechanism Exploited to Deliver Targeted Malware

The popular text editor Notepad++ has released a critical security update after its software update mechanism was abused in a targeted supply chain attack. The flaw allowed a China linked threat actor to selectively distribute malware to specific users by manipulating the update delivery process. The newly released version 8.9.2 introduces major security reinforcements designed to prevent

Notepad++ Patches Hijacked Update Mechanism Exploited to Deliver Targeted Malware Read More »

CISA Identifies Four Actively Exploited Security Vulnerabilities in Latest KEV Update

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with four newly flagged security flaws that are currently under active exploitation. The move signals heightened risk to organizations, particularly U.S. federal agencies, as the vulnerabilities affect widely used platforms including Google Chrome, Microsoft Windows, and enterprise collaboration systems. Newly Added

CISA Identifies Four Actively Exploited Security Vulnerabilities in Latest KEV Update Read More »

Microsoft Reveals DNS-Based ClickFix Attack Leveraging Nslookup for Malware Staging

Microsoft has uncovered a new evolution of the ClickFix social engineering technique, where attackers manipulate users into executing a DNS lookup command to retrieve malicious payloads. The campaign demonstrates how threat actors continue refining ClickFix methods to bypass traditional security defenses. How the DNS-Based ClickFix Variant Works In this newly observed attack chain, victims are

Microsoft Reveals DNS-Based ClickFix Attack Leveraging Nslookup for Malware Staging Read More »

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure

A large majority of recent exploitation attempts targeting a critical Ivanti Endpoint Manager Mobile, EPMM, vulnerability have been linked to a single IP address operating from bulletproof hosting infrastructure associated with PROSPERO. Threat intelligence company GreyNoise reported observing 417 exploitation sessions between February 1 and February 9, 2026, originating from eight distinct source IP addresses.

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure Read More »

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits

Cybersecurity researchers have uncovered a newly identified botnet operation named SSHStalker, which leverages the Internet Relay Chat, IRC, protocol as its command-and-control infrastructure. The campaign specifically targets Linux systems by exploiting outdated kernel vulnerabilities, many of which date back more than a decade. According to security firm Flare, the operation combines stealth-focused techniques with older Linux

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits Read More »