2026 January(37) February(0) March(0) April(0) May(0) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 10.1.26 | China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines | Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have | APT | The Hacker News |
| 10.1.26 | Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations | Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear | APT | The Hacker News |
| 10.1.26 | Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions | Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that | Vulnerebility | The Hacker News |
| 10.1.26 | CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of | BigBrothers | The Hacker News |
| 9.1.26 | FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing | The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing | Hack | The Hacker News |
| 9.1.26 | Jaguar Land Rover wholesale volumes down 43% after cyberattack | Jaguar Land Rover (JLR) revealed this week that a September 2025 cyberattack led to a 43% decline in third-quarter wholesale volumes. | Hack | |
| 9.1.26 | Sedgwick confirms breach at government contractor subsidiary | Claims administration and risk management company Sedgwick has confirmed that its federal contractor subsidiary, Sedgwick Government Solutions, was the victim of a security breach. | Incindent | |
| 9.1.26 | How generative AI accelerates identity attacks against Active Directory | Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. | AI | |
| 9.1.26 | Are Copilot prompt injection flaws vulnerabilities or AI limits? | Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. | AI | |
| 9.1.26 | Cloud file-sharing sites targeted for corporate data theft attacks | A threat actor known as Zestix has been offering to corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. | Incindent | |
| 9.1.26 | ClickFix attack uses fake Windows BSOD screens to push malware | A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. | Hack | |
| 9.1.26 | US broadband provider Brightspeed investigates breach claims | Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. | Incindent | |
| 9.1.26 | VSCode IDE forks expose users to "recommended extension" attacks | Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions. | Hack | |
| 9.1.26 | Ledger customers impacted by third-party Global-e data breach | Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e. | Incindent | |
| 9.1.26 | Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome | As agentic AI adoption accelerates, identity is emerging as the primary security challenge. Token Security explains why AI agents behave like a new class of identity and why CISOs must manage their access, lifecycle, and risk. | AI | |
| 9.1.26 | NordVPN denies breach claims, says attackers have "dummy data" | NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing platform. | Incindent | |
| 8.1.26 | WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging | Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. | Social | The Hacker News |
| 8.1.26 | China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes | A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which | APT | The Hacker News |
| 8.1.26 | Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release | Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept | Exploit | The Hacker News |
| 8.1.26 | Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages | Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT . The names of the | Virus | The Hacker News |
| 8.1.26 | Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances | Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify , an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. | Vulnerebility | The Hacker News |
| 8.1.26 | OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls | Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about | AI | The Hacker News |
| 8.1.26 | CNCERT: Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors | Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors | Hack | Weixin.qq |
| 8.1.26 | CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. | Exploit | The Hacker News |
| 8.1.26 | Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches | A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick | Virus | The Hacker News |
| 8.1.26 | Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control | Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n , a popular workflow automation platform, that allows an unauthenticated remote | Vulnerebility | The Hacker News |
| 8.1.26 | n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions | Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution | Vulnerebility | The Hacker News |
| 8.1.26 | Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication | Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE). The | Vulnerebility | The Hacker News |
| 7.1.26 | Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing | Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute | Phishing | The Hacker News |
| 7.1.26 | Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers | A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS | Vulnerebility | The Hacker News |
| 7.1.26 | Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users | Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations | AI | The Hacker News |
| 7.1.26 | Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover | The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote | Vulnerebility | The Hacker News |
| 7.1.26 | Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat | Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix -style lures to display fixes for fake blue | Virus | The Hacker News |
| 7.1.26 | VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX | Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend | Hack | The Hacker News |
| 6.1.26 | New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands | A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system | Vulnerebility | The Hacker News |
| 6.1.26 | Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government | The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver | APT | The Hacker News |
| 6.1.26 | Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks | The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved | BotNet | The Hacker News |
| 5.1.26 | Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act | Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. | Cryptocurrency | The Hacker News |
| 5.1.26 | New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code | Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord | Virus | The Hacker News |
| 4.1.26 | Hackers claim to hack Resecurity, firm says it was a honeypot | The ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. | Cyber | |
| 4.1.26 | Covenant Health says May data breach impacted nearly 478,000 patients | The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. | Incindent | |
| 4.1.26 | Cryptocurrency theft attacks traced to 2022 LastPass breach | Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. | Cryptocurrency | |
| 4.1.26 | Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass | Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. | Exploit | |
| 4.1.26 | Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack | Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November. | Cryptocurrency | |
| 3.1.26 | The biggest cybersecurity and cyberattack stories of 2025 | 2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories of 2025. | Cyber | |
| 3.1.26 | New GlassWorm malware wave targets Macs with trojanized crypto wallets | A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. | Virus | |
| 3.1.26 | NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices | NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices | Security | |
| 3.1.26 | Hackers drain $3.9M from Unleash Protocol after multisig hijack | The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. | Cryptocurrency | |
| 3.1.26 | RondoDox botnet exploits React2Shell flaw to breach Next.js servers | The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. | BotNet | |
| 3.1.26 | IBM warns of critical API Connect auth bypass vulnerability | IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. | Vulnerebility | |
| 3.1.26 | Disney will pay $10 million to settle children's data privacy lawsuit | A federal judge has approved an order requiring Disney to pay a $10 million civil penalty to settle claims that it violated the Children's Online Privacy Protection Act by mislabeling videos and allowing data collection for targeted advertising. | Incindent | |
| 3.1.26 | New ErrTraffic service enables ClickFix attacks via fake browser glitches | A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following malicious instructions | Hack | |
| 3.1.26 | European Space Agency confirms breach of "external servers" | The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engineering activities. | BigBrothers | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Coupang to split $1.17 billion among 33.7 million data breach victims | Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. | Incindent | |
| 3.1.26 | Zoom Stealer browser extensions harvest corporate meeting intelligence | A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. | Virus | |
| 3.1.26 | US cybersecurity experts plead guilty to BlackCat ransomware attacks | Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023 | Ransom | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Coupang to split $1.17 billion among 33.7 million data breach victims | Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. | Incindent | |
| 3.1.26 | Hacker arrested for KMSAuto malware campaign with 2.8 million downloads | A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. | Virus | |
| 3.1.26 | Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack | Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses. | Cryptocurrency | |
| 3.1.26 | The Real-World Attacks Behind OWASP Agentic AI Top 10 | OWASP's new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to malicious MCP servers. Koi Security breaks down real-world incidents behind multiple categories, including two cases cited by OWASP, showing how agent tools and runtime behavior are being abused. | AI | |
| 3.1.26 | Romanian energy provider hit by Gentlemen ransomware attack | A ransomware attack hit Oltenia Energy Complex (Complexul Energetic Oltenia), Romania's largest coal-based energy producer, on the second day of Christmas, taking down its IT infrastructure. | Ransom | |
| 3.1.26 | Former Coinbase support agent arrested for helping hackers | A former Coinbase customer service agent was arrested in India for helping hackers earlier this year steal sensitive customer information from a company database. | Cryptocurrency | |
| 3.1.26 | Korean Air data breach exposes data of thousands of employees | Korean Air experienced a data breach affecting thousands of employees after Korean Air Catering & Duty-Free (KC&D), its in-flight catering supplier and former subsidiary, was recently hacked. | Incindent | |
| 3.1.26 | Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks | Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. | Exploit | |
| 3.1.26 | Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed | A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. | Vulnerebility | |
| 3.1.26 | Hacker claims to leak WIRED database with 2.3 million records | A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. | Incindent | |
| 3.1.26 | Massive Rainbow Six Siege breach gives players billions of credits | Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide. | Incindent | |
| 3.1.26 | Fake Grubhub emails promise tenfold return on sent cryptocurrency | Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. | Cryptocurrency | |
| 3.1.26 | Trust Wallet confirms extension hack led to $7 million crypto theft | Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers. | Cryptocurrency | |
| 3.1.26 | Fake MAS Windows activation domain used to spread PowerShell malware | A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader' | Virus | BleepingComputer |
| 3.1.26 | Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia | The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan | Virus | The Hacker News |
| 2.1.26 | Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign | Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's | CyberCrime | The Hacker News |
| 2.1.26 | RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers | Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. | BotNet | The Hacker News |