Aggregator

A sophisticated attack is targeting Windows Server systems using Prometei, a Russian-linked botnet that has been active since 2016. This multi-functional malware combines cryptocurrency mining, credential theft, and remote-control capabilities to maintain long-term access to compromised systems. The Prometei botnet infiltrates systems by exploiting weak or default credentials via Remote Desktop Protocol (RDP). Once attackers […]

The post Prometei Botnet Attacking Windows Server to Gain Remote Access and Deploy Malware appeared first on Cyber Security News.

A severe sandbox escape vulnerability has been discovered in the JavaScript library, enabling attackers to execute arbitrary code on host systems. The flaw, tracked as CVE-2026-25881 with a critical CVSS score of 8.3/10, affects all versions up to 0.8.30 and has been patched in version 0.8.31. The vulnerability exploits a weakness in SandboxJS’s protection mechanism. […]

The post Critical SandboxJS Vulnerability Allows Remote Host Takeover – PoC Released appeared first on Cyber Security News.

Cybercriminals have developed a sophisticated attack campaign that exploits user trust in artificial intelligence platforms to distribute the Atomic macOS Stealer (AMOS), marking a dangerous evolution in social engineering tactics. This new threat combines legitimate AI chatbot services from ChatGPT and Grok with paid Google advertising to lure unsuspecting Mac users into executing malicious terminal […]

The post Threat Actors Weaponize ChatGPT, Grok and Leverages Google Ads to Distribute macOS AMOS Stealer appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Shadowserver Foundation has warned. Some of it is automated scanning for vulnerable systems, but according to Greynoise and Defused, a suspected initial access broker has been prepping unpatched instances with a “sleeper” webshell for follow-on exploitation by other threat actors. “On February 9, Defused Cyber reported a campaign deploying dormant in-memory Java class loaders to compromised … More →

The post Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells appeared first on Help Net Security.

Microsoft has begun updating Secure Boot certificates originally issued in 2011 to ensure that Windows devices continue to verify boot software as older certificates reach the end of their lifecycle and begin expiring in June 2026. How Secure Boot certificate updates work For most individuals and businesses that allow Microsoft to manage updates, the new certificates will install automatically with monthly Windows updates, requiring no additional action. For specialized systems, such as servers and IoT … More →

The post Microsoft begins Secure Boot certificate update for Windows devices appeared first on Help Net Security.