ποΈ China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Chinaaligned threat actor has set its sights on European government and diplomatic organizations since mid2025, following a twoyear period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda. "This TA416 activity included multiple.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are increasingly using HTTP cookies as a control channel for PHPbased web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actorsupplied cookie values to gate execution,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π₯2π€―1
ποΈ 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files package.json, index.js, postinstall.js, has no description, repository,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
ποΈ Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Fortinet has released outofband patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE202635616 CVSS score 9.1, has been described as a preauthentication API access bypass leading to privilege escalation. "An improper access control vulnerability CWE284 in FortiClient EMS may allow an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π€1
π STX RAT Targets Finance Sector With Advanced Stealth Tactics π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
STX RAT Targets Finance Sector With Advanced Stealth Tactics
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods
π Bitcoin Depot Reports $3.6m Crypto Theft After System Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Bitcoin Depot has disclosed a cyberattack that led to the theft of more than 50 Bitcoin, worth 3.66m, after hackers accessed its internal systems.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Bitcoin Depot Reports $3.6m Crypto Theft After System Breach
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems
π STX RAT Targets Finance Sector With Advanced Stealth Tactics π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
STX RAT Targets Finance Sector With Advanced Stealth Tactics
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods
π’ Beyond wipers: Iran-backed cyber attacks and the threat to businesses π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Whats the real risk to business in the US and UK during this critical situation?.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Beyond wipers: Iran-backed cyber attacks and the threat to businesses
Whatβs the real risk to business in the US and UK during this critical situation?
π’ AI is raising the stakes for cyber professionals β Claude Mythos just took things to another level π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
AI efficiency gains work both ways, and threat actors are already capitalizing on powerful new tools.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
AI is raising the stakes for cyber professionals β Claude Mythos just took things to another level
AI efficiency gains work both ways, and threat actors are already capitalizing on powerful new tools
π’ Zephyr Energy hackers swiped Β£700,000 after redirecting a contractor payment π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Payment to a Zephyr Energy contractor was siphoned off, but the incident has been contained and new security measures implemented.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Zephyr Energy hackers swiped Β£700,000 after redirecting a contractor payment
Payment to a Zephyr Energy contractor was siphoned off, but the incident has been contained and new security measures implemented
π¦Ώ Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A critical Adobe Acrobat zeroday has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available. The post Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet
A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available.
π¦Ώ New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Apple warns of a new scam targeting millions of iPhone users. Learn the red flags, how it works, and how to protect your account and finances. The post New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts
Apple warns of a new scam targeting millions of iPhone users. Learn the red flags, how it works, and how to protect your account and finances.
π¦Ώ Massive Data Breach Exposes 337K LAPD-Linked Records π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A massive breach exposed 337K LAPDlinked files, raising concerns over thirdparty risk, sensitive data exposure, and law enforcement cybersecurity gaps. The post Massive Data Breach Exposes 337K LAPDLinked Records appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Massive Data Breach Exposes 337K LAPD-Linked Records
A massive breach exposed 337K LAPD-linked files, raising concerns over third-party risk, sensitive data exposure, and law enforcement cybersecurity gaps.
ποΈ GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments IDEs on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.codewakatimeactivitytracker," which masquerades as WakaTime, a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Browser Extensions Are the New AI Consumption Channel That No One Is Talking About ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
While much of the discussion on AI security centers around protecting shadow AI and GenAI consumption, there's a wideopen window nobody's guarding AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's .π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google has made Device Bound Session Credentials DBSC generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical security vulnerability in Marimo, an opensource Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE202639987 CVSS score 9.3, a preauthenticated remote code execution vulnerability impacting all versions of Marimo prior to and including.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments IDEs on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.codewakatimeactivitytracker," which masquerades as WakaTime, a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Browser Extensions Are the New AI Consumption Channel That No One Is Talking About ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
While much of the discussion on AI security centers around protecting shadow AI and GenAI consumption, there's a wideopen window nobody's guarding AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's .π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about a nowpatched security vulnerability in a widely used thirdparty Android software development kit SDK called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity