A custom Windows packer dubbed pkr_mtsi is fueling large-scale malvertising and SEO‑poisoning campaigns that deliver a broad range of information‑stealing and remote‑access malware, according to new research. First observed in the wild on April 24, 2025, the packer remains active and has continuously…
Critical n8n Vulnerability Allows Authenticated Remote Code Execution
A critical security vulnerability has been discovered in n8n, the popular workflow automation tool, potentially allowing authenticated attackers to execute arbitrary code on the host server. Identified as CVE-2026-21877, this high-severity vulnerability affects both self-hosted and n8n Cloud instances, posing a…
Hackers Using Malicious QR Codes for Phishing via HTML Table
Threat actors are continuing to refine “quishing” phishing delivered through QR codes by shifting from traditional image-based payloads to “imageless” QR codes rendered directly in email HTML, a tactic designed to sidestep security tools that focus on decoding QR images.…
Hackers Using Malicious Imageless QR Codes to Render Phishing Attack Via HTML Table
A recent phishing campaign is abusing QR codes in a new way, turning simple HTML tables into working codes that redirect users to malicious sites. Instead of embedding a QR image in the email body, the attackers build the code…
IT Security News Hourly Summary 2026-01-07 21h : 3 posts
3 posts were published in the last hour 19:13 : Critical n8n Vulnerability Enables Authenticated RCE 19:13 : CISA Adds Two Known Exploited Vulnerabilities to Catalog 19:13 : Randall Munroe’s XKCD ‘Fishing’
Critical n8n Vulnerability Enables Authenticated RCE
A critical n8n vulnerability allows authenticated users to execute arbitrary code, putting automation workflows at risk. The post Critical n8n Vulnerability Enables Authenticated RCE appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2009-0556 Microsoft Office PowerPoint Code Injection Vulnerability CVE-2025-37164 HPE OneView Code Injection Vulnerability These types of vulnerabilities are frequent attack vectors…
Randall Munroe’s XKCD ‘Fishing’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Fishing’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall Munroe’s XKCD…
CISO’s guide to nonhuman identity security
<p>Nonhuman identity security has become a pressing concern as the number of machine-driven identities connecting to corporate networks continues to surge.</p> <p>According to some analysts, NHIs now exceed human accounts by factors of 10x to 50x in many organizations, especially…
ESA calls cops as crims lift off 500 GB of files, say security black hole still open
Two weeks, two major data leaks … not a good look for the European Space Agency exclusive The European Space Agency on Wednesday confirmed yet another massive security breach, and told The Register that the data thieves responsible will be…
Windows Packer pkr_mtsi Powers Widespread Malvertising Campaigns Delivering Multiple Malware Families
A sophisticated Windows packer known as pkr_mtsi has emerged as a powerful tool for delivering multiple malware families through widespread malvertising campaigns. First detected on April 24, 2025, this malicious packer continues to operate actively, distributing trojanized installers disguised as…
Stalkerware slinger pleads guilty for selling snooper software to suspicious spouses
pcTattletale boss Bryan Fleming faces up to 15 years in prison when sentenced later this year The US government has secured a guilty plea from a stalkerware maker in federal court, marking just the second time in more than a…
NDSS 2025 – Automatic Insecurity: Exploring Email Auto-configuration In The Wild
Session 8A: Email Security Authors, Creators & Presenters: Shushang Wen (School of Cyber Science and Technology, University of Science and Technology of China), Yiming Zhang (Tsinghua University), Yuxiang Shen (School of Cyber Science and Technology, University of Science and Technology…
Why AI Changes the Risk Model for Application Security
As AI becomes embedded in everyday development workflows, the security model for applications is shifting fast — and not always in ways teams are prepared for. James Wickett, CEO of DryRun Security, breaks down why “AI everywhere” is forcing organizations…
Fighting Deep Fakes: Think Like the Attacker
Deepfakes have moved from novelty to a practical weapon — and Brian Long, CEO of Adaptive Security, says most organizations still aren’t built to handle what comes next. Long explains why AI-driven impersonation has become one of the fastest-growing forms…
Explore the latest Microsoft Incident Response proactive services for enhanced resilience
The new proactive services from Microsoft Incident Response turn security uncertainty into readiness with expert‑led preparation and advanced intelligence. The post Explore the latest Microsoft Incident Response proactive services for enhanced resilience appeared first on Microsoft Security Blog. This article…
10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin
On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin with more than 10,000 active installations. This vulnerability can be leveraged to trigger a full site reset…
1M Customer Records Allegedly Stolen in Brightspeed Breach
Brightspeed is investigating claims that the Crimson Collective stole data from more than one million customers. The post 1M Customer Records Allegedly Stolen in Brightspeed Breach appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads
Malicious Windows packer named pkr_mtsi used as a flexible malware loader in malvertising campaigns This article has been indexed from www.infosecurity-magazine.com Read the original article: Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads
IT Security News Hourly Summary 2026-01-07 18h : 13 posts
13 posts were published in the last hour 16:36 : Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent 16:36 : From Tycoon2FA to Lazarus Group – Inside ANY.RUN’s Biggest Discoveries of 2025 16:36 : GoBruteforcer Botnet brute-forces…
Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent
A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data, and user activity. The post Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent appeared first on TechRepublic. This article has…
From Tycoon2FA to Lazarus Group – Inside ANY.RUN’s Biggest Discoveries of 2025
ANY.RUN, the interactive malware analysis platform, has wrapped up 2025 with impressive growth figures and significant contributions to the cybersecurity community. The company’s annual report reveals how its global user base collectively spent over 400,000 hours analyzing threats—equivalent to more…
GoBruteforcer Botnet brute-forces Passwords for FTP, MySQL, and phpMyAdmin on Linux Servers
A sophisticated Go-based botnet dubbed GoBruteforcer is aggressively targeting Linux servers worldwide, brute-forcing weak passwords on internet-exposed services including FTP, MySQL, PostgreSQL, and phpMyAdmin. Check Point Research recently documented a new 2025 variant of the malware that demonstrates significant technical…
CrazyHunter Ransomware Attacking Healthcare Sector with Advanced Evasion Techniques
CrazyHunter ransomware has emerged as a critical and evolving threat that specifically targets healthcare organizations and sensitive medical infrastructure. This Go-developed malware represents a significant escalation in ransomware sophistication, employing advanced encryption methods and delivery mechanisms designed to bypass modern…