Threat

Hackers Exploit Metro4Shell RCE Vulnerability in React Native CLI npm Package

Cybersecurity researchers have identified active exploitation of a critical remote code execution vulnerability affecting the Metro Development Server used by the @react-native-community/cli npm package. The flaw allows unauthenticated attackers to execute arbitrary operating system commands on exposed systems. The vulnerability, tracked as CVE-2025-11953 and commonly referred to as Metro4Shell, carries a CVSS severity score of 9.8. According to VulnCheck, real […]

Hackers Exploit Metro4Shell RCE Vulnerability in React Native CLI npm Package Read More »

Notepad++ Hosting Breach Linked to China Linked Lotus Blossom Hacking Group

A China linked cyber espionage group tracked as Lotus Blossom has been attributed with medium confidence to the recent compromise of infrastructure used to host the Notepad++ project. The attribution comes from new technical findings released by cybersecurity firm Rapid7. According to the investigation, the intrusion allowed the state sponsored threat actor to deliver a

Notepad++ Hosting Breach Linked to China Linked Lotus Blossom Hacking Group Read More »

Researchers Discover 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

A recent security audit of ClawHub, the marketplace for OpenClaw skills, has uncovered 341 malicious skills among 2,857 reviewed entries, revealing new supply chain threats for OpenClaw users. The analysis was conducted by Koi Security with the assistance of an OpenClaw bot named Alex. ClawHub is designed to help OpenClaw users discover and install third-party

Researchers Discover 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users Read More »

OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link

A critical security vulnerability has been identified in OpenClaw, previously known as Clawdbot and Moltbot, that enables attackers to Customer Cabinetachieve remote code execution by tricking users into clicking a specially crafted link. The flaw has been assigned CVE-2026-25253 and carries a high CVSS score of 8.8. The issue was resolved in OpenClaw version 2026.1.29,

OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link Read More »

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The official update infrastructure of Notepad++ was compromised in a highly targeted cyber operation, resulting in malware being delivered to select users. The project’s lead developer, Don Ho, confirmed that the incident was caused by a hosting level breach rather than a flaw in the Notepad++ source code itself. According to Ho, attackers gained control

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users Read More »

eScan Antivirus Update Servers Compromised to Distribute Multi Stage Malware

The update infrastructure of eScan antivirus, a security product developed by Indian cybersecurity firm MicroWorld Technologies, has been compromised in a supply chain attack that allowed unknown threat actors to distribute multi-stage malware to both enterprise and consumer systems. According to Morphisec researcher Michael Gorelik, the attackers abused eScan’s legitimate update mechanism to push malicious

eScan Antivirus Update Servers Compromised to Distribute Multi Stage Malware Read More »

Open VSX Supply Chain Attack Used a Compromised Developer Account to Spread GlassWorm

Cybersecurity researchers have uncovered a supply chain attack targeting the Open VSX Registry, where unknown threat actors compromised a legitimate developer account to distribute malicious updates through trusted extensions. According to Socket security researcher Kirill Boychenko, on January 30, 2026, four well established Open VSX extensions published by a developer identified as “oorzc” were updated

Open VSX Supply Chain Attack Used a Compromised Developer Account to Spread GlassWorm Read More »

CERT Polska Details Coordinated Cyber Attacks on Over 30 Wind and Solar Farms

CERT Polska, Poland’s national computer emergency response team, has disclosed details of a coordinated cyber attack campaign that targeted more than 30 wind and photovoltaic energy farms, a private manufacturing sector company, and a major combined heat and power plant supplying heat to nearly half a million customers. The attacks occurred on December 29, 2025,

CERT Polska Details Coordinated Cyber Attacks on Over 30 Wind and Solar Farms Read More »

Mandiant Identifies ShinyHunters Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant has reported a significant rise in threat activity involving sophisticated voice phishing operations designed to compromise cloud-based software-as-a-service platforms. The activity shows strong tradecraft similarities to extortion campaigns historically associated with the financially motivated cybercrime group known as ShinyHunters. These attacks rely on advanced vishing techniques combined with fake credential harvesting websites that

Mandiant Identifies ShinyHunters Style Vishing Attacks Stealing MFA to Breach SaaS Platforms Read More »

Iran Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Cybersecurity researchers have uncovered a new cyber espionage campaign, dubbed RedKitten, that is believed to be linked to Iranian state aligned threat actors. The operation is targeting non governmental organizations, human rights defenders, and individuals documenting recent abuses linked to Iran’s internal unrest. The campaign was identified by French cybersecurity firm HarfangLab in January 2026 and appears to coincide with

Iran Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Read More »