144 posts were published in the last hour 22:36 : CVE-2025-22225 in VMware ESXi now used in active ransomware attacks 22:6 : OpenClaw or Open Door? Prompt Injection Creates AI Backdoors 21:32 : What’s new in post-quantum cryptography in RHEL…
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
Ransomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirms that ransomware gangs are exploiting the VMware ESXi sandbox escape flaw CVE-2025-22225. The vulnerability is an arbitrary write issue…
OpenClaw or Open Door? Prompt Injection Creates AI Backdoors
Zenity researchers show how indirect prompt injection can turn OpenClaw into a persistent AI backdoor without exploiting a software flaw. The post OpenClaw or Open Door? Prompt Injection Creates AI Backdoors appeared first on eSecurity Planet. This article has been…
What’s new in post-quantum cryptography in RHEL 10.1
In May 2025, Red Hat Enterprise Linux 10 (RHEL) shipped with the first steps toward post-quantum cryptography (PQC) to protect against attacks by quantum computers, which will make attacks on existing classic cryptographic algorithms such as RSA and elliptic curves…
AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say
LLMs automated most phases of the attack A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.… This article has been indexed…
IT Gives, Security Takes Away, and Configuration Drift Is the Hidden Cost
There’s an old joke in enterprise tech: IT giveth, and security taketh away. At its best, IT exists to empower people – to give employees faster, better, smarter tools to do their jobs. As we know no good deed goes…
Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes
An ingress-nginx flaw could allow code execution and access to Kubernetes Secrets. The post Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Ingress-Nginx Vulnerability…
Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring
A Taiwanese man was sentenced to 30 years for running Incognito Market, a major darknet drug site that sold over $105 million in illegal drugs. Rui-Siang Lin (24) was sentenced to 30 years in prison for running Incognito Market, a…
Notepad++ Users, You May Have Been Hacked by China
Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver backdoored version of the popular free source code editor and note-taking app for Windows. This article has been indexed from Security Latest Read the original article: Notepad++ Users, You…
The ‘Absolute Nightmare’ in Your DMs: OpenClaw Marries Extreme Utility with ‘Unacceptable’ Risk
It is the artificial intelligence (AI) assistant that users love and security experts fear. OpenClaw, the agentic AI platform created by Peter Steinberger, is tearing through the tech world, promising a level of automation that legacy chatbots like ChatGPT can’t…
Tribal Health Clinics in California Report Patient Data Exposure
Patients receiving care at several tribal healthcare clinics in California have been warned that a cyber incident led to the exposure of both personal identification details and private medical information. The clinics are operated by a regional health organization…
IT Security News Hourly Summary 2026-02-04 21h : 1 posts
1 posts were published in the last hour 19:32 : ACFW firewall test prologue – still failing at the basics
ACFW firewall test prologue – still failing at the basics
The results of our soon-to-be-published Advanced Cloud Firewall (ACFW) test are hard to ignore. Some vendors are failing badly at the basics like SQL injection, command injection, Server-Side Request Forgery (SSRF) and API abuse with block percentages under 20%, sometimes…
Top open source and commercial threat intelligence feeds
<p>Cybersecurity threat intelligence feeds play an important role in security. They detail current attacks and their sources. These characteristics, better known as <a href=”https://www.techtarget.com/searchsecurity/definition/Indicators-of-Compromise-IOC”>indicators of compromise</a>, include, among other factors, IP addresses, domain names, URLs, email addresses, malware file hashes…
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft and clever abuse of legitimate system features” to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known…
Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant’s AI Security team said the scanner…
Chrome Vulnerabilities Allow Code Execution and Browser Crashes
Google has patched two high-severity Chrome flaws that could allow code execution or browser crashes. The post Chrome Vulnerabilities Allow Code Execution and Browser Crashes appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
False Negatives Are a New SOC Headache. Here’s the Fast Way to Fix It
False negatives are becoming the most expensive “quiet” failure in SOCs. In 2026, AI-generated phishing and multi-stage malware chains are built to look clean on the outside, behave normally at first, and only reveal intent after real interaction. The result…
Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
The Interlock ransomware group has emerged as a distinct threat in the cybersecurity landscape, particularly targeting the education sector in the United States and United Kingdom. Unlike many contemporary ransomware operations that function under a Ransomware-as-a-Service (RaaS) model, Interlock operates…
PhantomVAI Custom Loader Uses RunPE Utility to Attack Users
A sophisticated custom loader named PhantomVAI has emerged in global phishing campaigns, delivering various stealers and remote access trojans (RATs) to compromised systems. This malware loader operates by masquerading as legitimate software and employing process hollowing techniques to inject malicious…
SystemBC Botnet Hijacked 10,000 Devices Worldwide to Use for DDoS Attacks
The SystemBC malware family, a persistent threat first documented in 2019, has evolved into a massive botnet infrastructure controlling over 10,000 hijacked devices globally. Functioning primarily as a SOCKS5 proxy and a backdoor, this malware enables threat actors to mask…
Critical SolarWinds Web Help Desk bug under attack
US agencies told to patch by Friday Attackers are exploiting a critical SolarWinds Web Help Desk bug – less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That’s according to America’s lead cyber-defense agency, which set…
Managed SaaS Threat Detection | AppOmni Scout
AppOmni Scout – Managed Threat Detection Service Expertise to detect SaaS and AI threats and protect your critical data SaaS and AI threat detection led by threat experts Security teams don’t have the resources for timely detection to protect critical…
Detecting backdoored language models at scale
We’re releasing new research on detecting backdoors in open-weight language models and highlighting a practical scanner designed to detect backdoored models at scale and improve overall trust in AI systems. The post Detecting backdoored language models at scale appeared first…