Cybersecurity threats are constantly evolving, and a recent campaign highlights a deceptive new tactic where attackers leverage Windows screensaver (.scr) files to compromise systems. This method allows threat actors to deploy legitimate Remote Monitoring and Management (RMM) tools, granting them…
Tag: Cyber Security News
CISA Warns of React Native Community Command Injection Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-11953 to its Known Exploited Vulnerabilities (KEV) catalog, flagging an OS command injection flaw in the React Native Community CLI as actively exploited in the wild. Added on February 5,…
F5 Patches Critical Vulnerabilities in BIG-IP, NGINX, and Related Products
F5 released its February 2026 Quarterly Security Notification on February 4, announcing several medium and low-severity CVEs, plus a security exposure affecting BIG-IP, NGINX, and container services. These issues primarily stem from denial-of-service (DoS) risks and configuration weaknesses, potentially disrupting…
Spam Campaign Distributes Fake PDFs, Installing Remote Monitoring Tools for Persistent Access
Security teams have discovered an active spam campaign that uses fake PDF documents to trick users into installing remote monitoring and management (RMM) software. The campaign targets organizations by sending emails containing PDF attachments that appear to be invoices, receipts,…
New Epstein Tool Searches LinkedIn Connections Against 3.5 Million Pages Epstein Files
A new open-source Python tool named EpsteIn enables users to check if their LinkedIn connections appear in over 3.5 million pages of Jeffrey Epstein court documents recently released by the U.S. Department of Justice. Developed by Christopher Finke, it runs…
New CentOS 9 Vulnerability Lets Attackers Escalate to Root Privileges – PoC Released
A critical use-after-free (UAF) vulnerability in the Linux kernel’s sch_cake queuing discipline (Qdisc) affects CentOS 9, allowing local users to gain root privileges. Security firm SSD Secure Disclosure published details on February 5, 2026, noting the flaw won first place…
170+ SolarWinds Help Desk Installations Vulnerable to RCE Attacks Exposed Online
Over 170 SolarWinds Web Help Desk installations remain vulnerable to a critical remote code execution (RCE) flaw that has been actively exploited in the wild and recently added to CISA’s Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2025-40551, carries…
Attackers Mimic RTO Challan Notifications to Deliver Android Malware
A sophisticated Android malware campaign targeting Indian users has emerged, disguising itself as legitimate Regional Transport Office (RTO) challan notifications. The malicious applications are distributed outside the Google Play Store, primarily through WhatsApp and similar messaging platforms, exploiting user trust…
Betterment Data Breach Exposes 1.4 million Customers Personal Details
Betterment has disclosed a social engineering–driven data breach that exposed personal information for approximately 1.4 million customer accounts, significantly expanding the fallout from a January 2026 security incident tied to fraudulent crypto scam messages. In early January 2026, Betterment, a…
Critical n8n Vulnerability Enables System Command Execution Via Weaponized Workflows
A critical remote code execution (RCE) vulnerability in n8n, the popular workflow automation platform. This flaw allows authenticated attackers to execute arbitrary system commands on the host server by leveraging weaponized workflows. The vulnerability represents a significant regression and expansion…
WatchGuard VPN Client for Windows Vulnerability Enables Command Execution With SYSTEM Privileges
A security advisory addressing a significant privilege-escalation vulnerability affecting its Mobile VPN with an IPSec client for Windows. The flaw, identified as WGSA-2026-00002, allows local attackers to execute arbitrary commands with SYSTEM-level privileges, potentially granting them unrestricted access to the…
ShadowSyndicate Using Server Transition Technique in Ransomware Attacks
ShadowSyndicate, a malicious activity cluster first identified in 2022, has evolved its infrastructure management techniques by adopting a server transition method that allows the threat actor to rotate SSH keys across multiple servers. This new approach makes it harder for…
Microsoft to Add Sysmon Threat Detection Feature Natively to Windows 11
A major upgrade has been announced to enhance capabilities for cybersecurity defenders and threat hunters in the Windows ecosystem. With the release of Windows 11 Insider Preview Build 26300.7733 (KB5074178) to the Dev Channel. The company is integrating the popular…
Beware of Weaponized Voicemail Messages that Allows Hackers to Remote Access to Your System
Cybercriminals are increasingly shifting tactics toward social engineering to bypass traditional security defenses, catching many users off guard. A sophisticated new campaign dubbed “Voicemail Trap” explicitly targets users with fake voicemail notifications designed to look like routine business communications. These…
DragonForce Ransomware Attacking Critical Business to Exfiltrate Sensitive Information
A new ransomware operation known as DragonForce has emerged as a major threat to organizations worldwide since its appearance in late 2023. This sophisticated malware campaign targets critical business infrastructure across multiple industries, using advanced techniques to encrypt files and…
Hackers Exploit SonicWall SSLVPN Credentials to Deploy EDR Killer and Bypass Security
Threat actors are actively leveraging compromised SonicWall SSLVPN credentials to breach networks and deploy a sophisticated “EDR killer” that can blind endpoint security solutions. In a campaign analyzed by Huntress in early February 2026, attackers utilized valid VPN accounts to…
Beware of Fake Traffic Ticket Portals that Harvest Your PII and Credit Card Data
A sophisticated phishing campaign targeting Canadian citizens has emerged, using fake traffic ticket payment portals to steal personal and financial information. The attackers employ SEO poisoning techniques to manipulate search engine results, ensuring their fraudulent websites appear legitimate when users…
Cisco Meeting Management Vulnerability Let Remote Attacker Upload Arbitrary Files
A high-severity security advisory has been issued for a critical vulnerability in Meeting Management software. This vulnerability allows authenticated remote attackers to upload harmful files and gain complete control over the affected system. The security flaw, identified as CVE-2026-20098, carries a…
New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support Scam Kit
A sophisticated new cyber threat has emerged within the digital advertising ecosystem, specifically targeting users through the vast reach of Facebook’s paid advertising platform. Malicious actors are increasingly weaponizing social media ads to bypass traditional security filters and deliver harmful…
Threat Actors Hacking NGINX Servers to Redirect Web Traffic to Malicious Servers
A sophisticated campaign in which threat actors are stealthily compromising NGINX servers to redirect web traffic to malicious destinations. The attackers, previously linked to “React2Shell” exploits, are now targeting NGINX configurations, specifically those using the Baota (BT) management panel, widely…