Cyber Security News

A sophisticated cyberattack campaign leveraging “ClickFix” social engineering has emerged, posing a severe threat to enterprise networks globally. These massive campaigns, which trick users into executing malicious code under the guise of resolving a fake technical error, have become increasingly prevalent. Recently, a large Polish organization fell victim to this scheme, demonstrating how a single […]

The post Fake CAPTCHA (ClickFix) Attack Chain Leads to Enterprise‑Wide Malware Infection in Organisations appeared first on Cyber Security News.

A sophisticated social engineering campaign is targeting macOS developers through fake Homebrew installation pages that deploy Cuckoo Stealer, a comprehensive credential-harvesting malware. The attack leverages the ClickFix technique, which tricks users into executing malicious Terminal commands disguised as legitimate software installation scripts. Unlike traditional exploits that target software vulnerabilities, this campaign exploits user trust and […]

The post ClickFix Abuses Legitimate Homebrew Workflow to Deploy Cuckoo Stealer on macOS for Credential Harvesting appeared first on Cyber Security News.

A security flaw in Microsoft 365 Copilot is causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, bypassing configured Data Loss Prevention (DLP) policies dxposing potentially sensitive organizational data to unauthorized AI processing. The issue, tracked under Microsoft reference CW1226324, was first flagged on February 4, 2026, and remains ongoing. […]

The post Microsoft 365 Copilot Flaw Allows AI Assistant to Summarize Sensitive Emails appeared first on Cyber Security News.

A faulty URL filtering rule update in Microsoft Exchange Online triggered a widespread false-positive storm beginning February 9, 2026, causing legitimate email messages to be incorrectly flagged as phishing and quarantined, disrupting email workflows for organizations globally. Microsoft tracked the incident under reference EX1227432. The issue was officially resolved on February 13, 2026, after a […]

The post Microsoft 365 Exchange URL Filtering Update Quarantines Legitimate Emails as Phishing appeared first on Cyber Security News.

North Korean threat actors have launched a sophisticated attack campaign targeting IT professionals in cryptocurrency, Web3, and artificial intelligence sectors. The ongoing operation, known as Contagious Interview, deploys remote access backdoors alongside trojanized MetaMask wallet extensions designed to steal digital assets from unsuspecting victims. The attackers disguise malicious code within fake job interview assessments through […]

The post Malware Campaign Delivers Remote Access Backdoor and Fake MetaMask Wallet to Steal Cryptocurrency Funds appeared first on Cyber Security News.

A new variant of the SysUpdate malware has emerged as a sophisticated threat targeting Linux systems with advanced command-and-control (C2) encryption capabilities. The malware was discovered during a Digital Forensics and Incident Response (DFIR) engagement when security teams detected the suspicious Linux binary in a client’s environment. This packed ELF64 executable uses an unknown obfuscated […]

The post New SysUpdate Variant Malware Discovered and Tool Developed to Decrypt Encrypted Linux C2 Traffic appeared first on Cyber Security News.

OpenClaw has released version 2026.2.17 with significant enhancements, including support for Anthropic’s Claude Sonnet 4.6 model. Expanded context windows, though the update arrives as the AI agent framework continues facing scrutiny over critical security vulnerabilities involving credential theft and remote code execution. The latest release introduces opt-in support for Anthropic’s 1-million-token context window via a […]

The post OpenClaw AI Framework v2026.2.17 Released with Anthropic Model Support and Security Fixes appeared first on Cyber Security News.

A large-scale supply chain poisoning campaign that targeted OpenClaw’s official marketplace, ClawHub, distributing 1,184 malicious “Skills” designed to steal data and establish backdoor access on compromised systems. OpenClaw, a fast-growing open-source AI agent platform, enables users to install plugin-like Skills from ClawHub. In late January 2026, multiple threat actors registered as marketplace developers. They began […]

The post ClawHavoc Poisoned OpenClaw’s ClawHub with 1,184 Malicious Skills, Enabling Data Theft and Backdoor Access appeared first on Cyber Security News.

16 zero-day vulnerabilities, including critical OS Command Injection, DOM-based XSS, SSRF, and Path Traversal flaws across Apryse WebViewer (formerly PDFTron) and Foxit PDF cloud services, affecting millions of enterprise users worldwide. The disclosure from Novee Security showcases its AI-augmented human-agent research workflow to demonstrate scalable zero-day discovery across widely deployed, complex PDF platforms. Both Apryse […]

The post 16 Zero-Day Vulnerabilities in Popular PDF Platforms Enable Code Execution and Data Exfiltration appeared first on Cyber Security News.

A new phishing campaign is targeting MetaMask users through carefully crafted emails that contain fake security incident reports designed to manipulate victims into compromising their accounts. The attack leverages social engineering tactics by creating a false sense of urgency around account security, specifically pushing users to enable two-factor authentication through malicious links. MetaMask, a widely […]

The post MetaMask Users Targeted with Phishing Emails Containing Forged Security Report to Evade Detection appeared first on Cyber Security News.

Palo Alto Networks announced a definitive agreement to acquire Koi Security, a leading innovator in Agentic Endpoint Security, marking a major expansion of its AI‑driven defense portfolio. The move underscores Palo Alto’s commitment to securing the emerging landscape of AI-enabled endpoints. Autonomous tools and agents operate with deep system privileges and often bypass traditional security mechanisms. As […]

The post Paloalto to Acquire Koi Security for Establishing Agentic Endpoint security appeared first on Cyber Security News.

Anthropic has officially launched Claude Sonnet 4.6, its most capable mid-tier model to date, delivering a comprehensive upgrade across coding, computer use, long-context reasoning, agent planning, knowledge work, and design, all at the same price point as its predecessor. The model is now the default on Free and Pro plans at claude.ai and Claude Cowork, […]

The post Anthropic Releases Claude Sonnet 4.6 with Improved Coding, Computer Use, and 1M Token Context Window appeared first on Cyber Security News.

A long-dormant Microsoft Windows vulnerability, CVE-2008-0015, has been added to the Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw, first disclosed more than a decade ago, impacts the Windows Video ActiveX Control component and poses a serious Remote Code Execution (RCE) risk. According to CISA, attackers are exploiting the vulnerability by leveraging maliciously […]

The post CISA Adds Windows Video ActiveX Control RCE Flaw to KEV Catalog Following Active Exploitation appeared first on Cyber Security News.

A critical Remote Code Execution (RCE) vulnerability in Mozilla Firefox was caused by a single-character typo in the SpiderMonkey JavaScript engine’s WebAssembly garbage collection code, where a developer mistakenly typed “&” (bitwise AND) instead of “|” (bitwise OR). Security researcher Erge discovered the flaw while examining the Firefox 149 Nightly source code for inspiration for […]

The post Single-Character Typo of “&” Instead of “|” Leads to 0-Day RCE in Firefox appeared first on Cyber Security News.

A new Booking.com‑themed phishing campaign is abusing trust in travel brands to steal money and sensitive data from both hotels and guests. The scheme can start as a service message, but it can end with payment fraud and card exposure. Early lures are sent to hotel reservation or support mailboxes and push staff to click […]

The post New Phishing Campaign Targets Booking.com Partners and Customers in Multi-Stage Financial Fraud Scheme appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a new iteration of the ‘ClickFix’ social engineering campaign, which now employs a sophisticated technique to evade detection by storing malware directly within a victim’s browser cache. This evolution represents a significant and dangerous shift in how threat actors bypass traditional endpoint security measures. By leveraging legitimate browser functionality, attackers can […]

The post Threat Actors Advertising New ‘ClickFix’ Payload That Stores Malware within Browser Cache appeared first on Cyber Security News.

Credit card fraud has persisted despite global mitigation efforts, evolving from scattered illegal trades into a highly organized Carding-as-a-Service (CaaS) economy. This underground structure now mirrors legitimate online marketplaces, providing criminals with streamlined access to stolen payment data, specialized tools, and customer support. The shift has effectively transformed financial crime into a resilient and accessible […]

The post Credit Card Fraud Emerges with a New Sophisticated Carding-as-a-Service Marketplaces appeared first on Cyber Security News.

DigitStealer, a sophisticated information-stealing malware targeting macOS systems, has recently surged in activity, drawing significant attention from the cybersecurity community. First emerging in late 2025, this malicious software specifically targets Apple M2 devices, distinguishing itself from generic threats. It operates primarily by harvesting sensitive user data, including information from 18 different cryptocurrency wallets, browser data, […]

The post DigitStealer Gains Attention as macOS-Targeting Infostealer Exposes Key Infrastructure Weaknesses appeared first on Cyber Security News.

A malicious fork of the legitimate macOS application Triton has surfaced on GitHub, exploiting open-source repositories to distribute malware. The fraudulent repository, created under the account “JaoAureliano,” appeared as a copy of the original Triton app developed by Otávio C. Instead of providing genuine software, the fork redirected users to download a ZIP file containing […]

The post Malware in the Wild as Malicious Fork of Legitimate Triton App Surfaces on GitHub appeared first on Cyber Security News.

At this very moment, a threat actor is probing the external attack surface of an organization that believes its defenses are sufficient. The company has deployed perimeter firewalls and endpoint detection and response (EDR) controls; however, these measures alone do not eliminate risk. Within hours or days, a single successful intrusion can escalate rapidly. An […]

The post How CISOs Can Prevent Incidents with the Right Threat Intelligence appeared first on Cyber Security News.