A new cyber campaign where attackers are hijacking web servers to redirect visitors to malicious websites . The campaign targets NGINX, a popular web server software, and specifically focuses on servers using the Baota (BT) management panel. The attackers, linked…
Smart glasses are back, privacy issues included
AI smart glasses are the latest addition to fashion, and they include a camera, a microphone, AI, and privacy risks. After Google Glass failed to gain traction more than a decade ago, the category is seeing renewed interest as companies…
New DesckVB RAT Unveiled with Multi-Stage Infection Chain and Plugin-Based Architecture
A sophisticated strain of the DeskVB Remote Access Trojan (RAT) has been identified in the wild, showcasing a highly modular architecture and a complex, multi-stage infection chain. While the malware family itself is not entirely new, this latest iteration (v2.9.0.0)…
Amaranth-Dragon Exploiting WinRAR Vulnerability to Gain Persistent to Victim Systems
A sophisticated cyber-espionage group known as Amaranth-Dragon has launched a series of highly targeted attacks against government and law enforcement agencies across Southeast Asia. Active throughout 2025, these campaigns have demonstrated a keen interest in geopolitical intelligence, often timing their…
Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands
The cybersecurity landscape has darkened with the sophisticated evolution of the KongTuke campaign. Active since mid-2025, this threat actor group has continuously refined its techniques to bypass conventional enterprise security filters. Their primary weapon remains the “ClickFix” strategy, a social…
New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support #Scam Kit
A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebookâs paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure. Datadog Security Labs said it observed threat…
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate…
New 3-Step Malvertising Chain Exploits Facebook Ads to Promote Tech Support Scam Kit
A new, sophisticated malvertising campaign targeting users in the United States. This attack leverages Facebookâs massive paid advertising platform to lure victims into a tech support scam (TSS) kit. The campaign is notable for its rapid infrastructure rotation and a…
Satya Nadella decides Microsoft needs an engineering quality czar
Picks chap who used to lead Redmondâs security, lures replacement from Google Microsoft CEO Satya Nadella has decided Microsoft needs an engineering quality czar, and shifted Charlie Bell, the companyâs executive veep for security, into the job.âĤ This article has…
AI is driving a new kind of phishing at scale
Email remains a primary entry point for attackers, and security teams continue to manage high volumes of malicious messages that change form across campaigns. Attackers generate large numbers of messages with small variations in wording, structure, and delivery paths. AI…
Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure. Datadog Security Labs said it observed threat…
Measuring AI use becomes a business requirement
Enterprise teams already run dozens of AI tools across daily work. Usage stretches from code generation and analytics to customer support drafting and internal research. Oversight remains uneven across roles, functions, and industries. A new Larridin survey of enterprise leaders…
Cybersecurity planning keeps moving toward whole-of-society models
National governments already run cybersecurity through a mix of ministries, regulators, law enforcement, and private operators that own most critical systems. In that environment, guidance circulating among policymakers outlines how national cybersecurity strategies increasingly tie together risk management, workforce planning,…
CISA Confirms VMware ESXi 0-Day Vulnerability Exploited in Ransomware Operations
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting VMware ESXi to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-22225, this zero-day flaw allows attackers to escape security sandboxes. It is currently being leveraged in…
Microsoft to Integrate Sysmon Threat Detection Natively into Windows 11
Microsoft has officially begun rolling out native System Monitor (Sysmon) functionality to Windows 11, marking a significant shift for threat hunters and security operations centers (SOCs). Released via the Windows 11 Insider Preview Build 26300.7733 (Dev Channel) on February 3,…
Cisco Warns of Meeting Management Flaw Enabling Arbitrary File Upload by Remote Attackers
Cisco has released a security advisory detailing a high-severity vulnerability in Cisco Meeting Management (CMM). The flaw, caused by improper input validation, allows authenticated remote attackers to upload arbitrary files and potentially execute commands with root privileges. The vulnerability is located…
Cyberattackers Exploit DNS TXT Records in ClickFix Script to Execute Malicious PowerShell Commands
A new evolution in the “ClickFix” social engineering campaigns, dubbed KongTuke. This latest variant, observed actively since late December 2025, distinguishes itself by leveraging DNS TXT records to stage and retrieve malicious payloads, marking a significant shift in evasion tactics. The “ClickFix” technique…
WatchGuard VPN Client Flaw on Windows Enables SYSTEMâLevel Command Execution
WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands…
IT Security News Hourly Summary 2026-02-05 06h : 2 posts
2 posts were published in the last hour 4:7 : Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device 4:7 : CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks
Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device
TP-Link has released urgent firmware updates for its Archer BE230 Wi-Fi 7 routers to address multiple high-severity security flaws. These vulnerabilities could allow authenticated attackers to execute arbitrary operating system (OS) commands, effectively granting them complete administrative control over the…
CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently confirmed that ransomware groups are actively exploiting CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability. This flaw, patched by Broadcom in March 2025, enables attackers to escape virtual machine isolation and…
ISC Stormcast For Thursday, February 5th, 2026 https://isc.sans.edu/podcastdetail/9796, (Thu, Feb 5th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, February 5th, 2026…
IT Security News Hourly Summary 2026-02-05 03h : 2 posts
2 posts were published in the last hour 2:2 : Betterment – 1,435,174 breached accounts 1:9 : Top AI Tools for Red Teaming in 2026