Aggregator

Attackers have launched a widespread campaign called ClickFix that steals Facebook account credentials by tricking users into handing over their session tokens. Rather than using complex malware or software exploits, the attack relies on social engineering to guide victims through a fake verification process. This campaign has grown significantly since early 2025 and continues to […]

The post New ClickFix Campaign Hijacks Facebook Sessions Using Fake Verification Pages appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

Key Findings: Introduction Check Point Research (CPR) identified an ongoing phishing campaign that we associate with KONNI, a North Korean–linked threat actor active since at least 2014. KONNI is best known for targeting organizations and individuals in South Korea, with a focus on diplomatic channels, international relations, NGOs, academia, and government. The group typically relies […]

The post KONNI Adopts AI to Generate PowerShell Backdoors appeared first on Check Point Research.

A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2026-22755, affects dozens of camera models and poses significant risks to organizations relying on legacy surveillance infrastructure. The vulnerability exists in the upload_map.cgi script, where user-supplied filenames are processed through an unsanitized snprintf() function […]

The post Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code appeared first on Cyber Security News.

Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started with phishing emails with “NEW PROPOSAL – NDA” in the subject line, coming from a compromised email address belonging to a trusted organization. The subject line and the SharePoint link URL included in the email are unlikely to raise suspicion with users, and will often dodge traditional email‑centric detection mechanisms. Users … More →

The post Energy sector orgs targeted with AiTM phishing campaign appeared first on Help Net Security.

You must login to view this content

A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establishing persistence through generic accounts, and exfiltrating sensitive firewall configuration data. This campaign echoes a December 2025 incident involving malicious SSO logins shortly after Fortinet disclosed critical vulnerabilities CVE-2025-59718 and CVE-2025-59719. […]

The post FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cisco Unified Communications products. Tracked as CVE-2026-20045, the flaw enables code injection attacks that grant attackers user-level access to the underlying OS, followed by full root privilege escalation. Added […]

The post CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.