Threat

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb

Cybersecurity analysts have uncovered a sophisticated cryptojacking campaign that distributes a customized XMRig miner through pirated software bundles. The operation combines social engineering, privilege escalation, worm like propagation, and a time triggered logic bomb to maximize cryptocurrency mining performance on compromised systems. According to a technical assessment published by Trellix, the malware demonstrates a multi stage […]

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb Read More »

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have uncovered an active supply chain attack leveraging at least 19 malicious npm packages to harvest credentials, cryptocurrency private keys, CI secrets, and API tokens from developer environments. The campaign, named SANDWORM_MODE by Socket, exhibits worm like behavior similar to earlier Shai Hulud style attacks. The malware is designed not only to extract sensitive

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens Read More »

MuddyWater Targets MENA Organizations Using GhostFetch, CHAR, and HTTP_VIP

The Iranian state aligned threat group MuddyWater, also tracked as Earth Vetala, Mango Sandstorm, and MUDDYCOAST, has initiated a fresh cyber espionage campaign aimed at organizations and individuals across the Middle East and North Africa region. The latest operation, named Operation Olalampo, demonstrates the group’s continued evolution in malware development and operational tactics. According to

MuddyWater Targets MENA Organizations Using GhostFetch, CHAR, and HTTP_VIP Read More »

AI Assisted Threat Actor Compromises Over 600 FortiGate Devices Across 55 Countries

Amazon Threat Intelligence has reported a sophisticated cyber campaign in which a Russian-speaking, financially motivated threat actor leveraged commercial generative AI tools to compromise over 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, demonstrates how AI is increasingly lowering the barrier to entry for cybercriminals with limited

AI Assisted Threat Actor Compromises Over 600 FortiGate Devices Across 55 Countries Read More »

CISA Adds Two Actively Exploited Roundcube Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-risk vulnerabilities affecting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of active exploitation, underscoring the urgency for organizations to patch affected systems promptly. Details of the Vulnerabilities The newly listed vulnerabilities include: Dubai-based cybersecurity company FearsOff,

CISA Adds Two Actively Exploited Roundcube Vulnerabilities to KEV Catalog Read More »

Amazon Says AI Assisted Hacker Breached 600 Fortinet Firewalls in Five Weeks

Amazon has reported a global hacking campaign in which a Russian-speaking threat actor leveraged generative AI tools to breach more than 600 Fortinet FortiGate firewalls in 55 countries over five weeks. The attacks, carried out between January 11 and February 18, 2026, relied on weak credentials and exposed management interfaces rather than zero-day exploits, highlighting

Amazon Says AI Assisted Hacker Breached 600 Fortinet Firewalls in Five Weeks Read More »

PayPal Reveals Six Month Data Breach Exposing User Information

Digital payments giant PayPal has disclosed a data security incident that exposed sensitive customer information for nearly six months. The issue stemmed from a software error within its small business lending platform, raising renewed concerns about data governance, financial technology security, and regulatory compliance. Software Error Behind Prolonged Data Exposure According to PayPal, the incident

PayPal Reveals Six Month Data Breach Exposing User Information Read More »

Data Breach at French Bank Registry Affects 1.2 Million Accounts

France’s financial authorities have revealed a major cybersecurity breach affecting approximately 1.2 million bank account records. The incident targeted the country’s centralized bank account registry, raising serious concerns about data protection, identity theft, and financial fraud. Officials have launched a full investigation while strengthening national cybersecurity defenses. Unauthorized Access to National Bank Registry The French

Data Breach at French Bank Registry Affects 1.2 Million Accounts Read More »

Mississippi Medical Center Shuts Down All Clinics Following Ransomware Attack

A major healthcare provider in the United States has temporarily closed all its clinic locations following a disruptive cyberattack. The University of Mississippi Medical Center (UMMC) confirmed that a ransomware incident forced it to shut down multiple IT systems while emergency protocols were activated to maintain patient care. Authorities at the federal level are now

Mississippi Medical Center Shuts Down All Clinics Following Ransomware Attack Read More »

BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data

A critical security flaw affecting BeyondTrust Remote Support and BeyondTrust Privileged Remote Access products is being actively exploited by threat actors to deploy web shells, backdoors, malware, and exfiltrate sensitive data. The vulnerability, tracked as CVE-2026-1731, carries a CVSS score of 9.9. Nature of the Vulnerability The flaw stems from a sanitization failure in the “thin-scc-wrapper” script, accessible via

BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data Read More »