Cyber Security News

A sophisticated espionage campaign attributed to the Chinese Advanced Persistent Threat (APT) group Lotus Blossom (also known as Billbug). The threat actors compromised the infrastructure hosting the popular text editor Notepad++ to deliver a custom, previously undocumented backdoor named “Chrysalis”. This campaign, discovered by Rapid7 researcher Ivan Feigl, primarily targets organizations in the government, telecommunications, […]

The post Notepad++ Hack Detailed Along With the IoCs and Custom Malware Used appeared first on Cyber Security News.

A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when security researchers detected its deployment at a Polish energy firm. Unlike typical ransomware that encrypts files for monetary gain, DynoWiper operates with a single […]

The post DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data appeared first on Cyber Security News.

On December 29, 2025, Poland faced a coordinated assault targeting more than 30 wind and solar farms, alongside a large combined heat and power plant and a manufacturing facility. The attacks occurred during severe winter weather, when temperatures dropped and snowstorms threatened the nation’s energy stability. All operations had purely destructive intentions, designed to damage […]

The post 30 Wind and Solar Farms in Poland Faced Coordinated Cyberattacks appeared first on Cyber Security News.

A newly formed Russian hacker alliance known as Russian Legion has launched a coordinated cyberattack campaign against Denmark, threatening critical infrastructure and government services. The alliance, which includes Cardinal, The White Pulse, Russian Partizan, and Inteid, publicly announced its formation on January 27, 2026, marking a significant escalation in state-aligned hacktivist operations targeting Western nations. […]

The post Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack appeared first on Cyber Security News.

A previously unknown hacktivist group called Punishing Owl has emerged with sophisticated cyberattacks targeting Russian government security agencies. The group first surfaced on December 12, 2025, when it announced the successful breach of a Russian government security agency’s network. The attackers published stolen internal documents on a data leak site and duplicated the files on […]

The post New Punishing Owl Hacker Group Targeting Networks of Russian Government Security Agency appeared first on Cyber Security News.

21,000+ publicly exposed instances of an open-source personal AI assistant, raising significant concerns about unprotected access to sensitive user configurations and personal data. OpenClaw, a rapidly emerging personal AI assistant created by Austrian developer Peter Steinberger, has experienced explosive growth since late January 2026. The project, which underwent multiple branding iterations, initially launched as Clawdbot […]

The post 21,000+ OpenClaw AI Instances With Personal Configurations Exposed Online appeared first on Cyber Security News.

A long-running online nation simulation game has been taken temporarily offline following a security breach that compromised its central production server. The team estimates the downtime will last 2 to 5 days as they rebuild core infrastructure and audit the codebase for additional issues. According to an official disclosure posted on 30 January 2026 at […]

The post NationStates Suffers Databreach – Game site Temporarily Offline appeared first on Cyber Security News.

A new wave of attacks targeting Windows systems has emerged through a sophisticated remote access trojan known as Pulsar RAT. This malware establishes persistence using the per-user Run registry key, enabling automatic execution each time an infected user logs into their system. The threat represents a dangerous combination of stealth, persistence, and data theft capabilities […]

The post Pulsar RAT Attacking Windows Systems via Per-user Run Registry Key and Exfiltrates Sensitive Details appeared first on Cyber Security News.

The Russia-linked threat group UAC-0001, also known as APT28, has been actively exploiting a critical zero-day vulnerability in Microsoft Office. The group is using this flaw to deploy sophisticated malware against Ukrainian government entities and European Union organizations. The vulnerability, identified as CVE-2026-21509, was disclosed by Microsoft on January 26, 2026, with warnings about active […]

The post Hackers Exploiting Microsoft Office 0-day Vulnerability to Deploy Malware appeared first on Cyber Security News.

Microsoft has acknowledged a strange user interface bug affecting specific Windows environments where the password sign-in option appears to vanish from the lock screen. The issue, which originated with updates released in late 2025, primarily impacts managed IT infrastructures and enterprise devices rather than personal home computers. The flaw first surfaced after installing the August […]

The post Windows 11 Bug Hides Password Sign-in Option From the Lock Screen appeared first on Cyber Security News.

The cybersecurity landscape has entered a dangerous new phase where autonomous AI agents are transforming from simple automation tools into sophisticated criminal operators. These self-directed systems now execute complex cyberattacks without human oversight, marking a fundamental shift in how digital threats emerge and spread across networks worldwide. The convergence of three critical platforms has created […]

The post Autonomous AI Agents Are Becoming the New Operating System of Cybercrime appeared first on Cyber Security News.

A critical advisory addressing a severe SQL injection vulnerability affecting multiple Johnson Controls industrial control system products. The vulnerability, tracked as CVE-2025-26385, carries a maximum CVSS v3 severity score of 10.0, indicating the highest level of risk to affected infrastructure. The flaw stems from improper neutralization of special elements used in command injection, allowing remote […]

The post Critical Johnson Controls Products Vulnerabilities Enables Remote SQL Injection Attacks appeared first on Cyber Security News.

A critical vulnerability in Moltbook, the nascent AI agent social network launched late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for its registered entities amid hype over 1.5 million “users.” Researchers revealed an exposed database misconfiguration allowing unauthenticated access to agent profiles, enabling bulk data extraction. This […]

The post Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys appeared first on Cyber Security News.

E-signatures are now part of your security posture. In 2026, most organizations sign contracts, approvals, onboarding packets, and financial documents electronically. That increases exposure to account takeover, identity theft, document tampering, and audit gaps especially when teams rely on weak methods like a pasted signature image or email-only approval. This guide explains what cybersecurity teams […]

The post Essential E-Signature Solutions for Cybersecurity in 2026 appeared first on Cyber Security News.

AutoPentestX, an open-source automated penetration testing toolkit for Linux systems, enables comprehensive security assessments from a single command. Developed by Gowtham Darkseid and released in November 2025, it generates professional PDF reports while emphasizing safe, non-destructive testing. AutoPentestX targets Kali Linux, Ubuntu, and Debian-based distributions, automating OS detection, port scanning, service enumeration, and vulnerability checks. […]

The post AutoPentestX – Automated Penetration Testing Toolkit Designed for Linux systems appeared first on Cyber Security News.

A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked as CVE-2025-0921, affects supervisory control and data acquisition infrastructure widely deployed across automotive, energy, and manufacturing sectors. Vulnerability Overview CVE-2025-0921 stems from an execution-with-unnecessary-privileges weakness in multiple services within Mitsubishi […]

The post SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations appeared first on Cyber Security News.

The latest update to the Metasploit Framework this week provides a significant enhancement for penetration testers and red teamers, introducing seven new exploit modules targeting commonly used enterprise software. The highlight of this release is a sophisticated trio of modules directed at FreePBX, alongside critical remote code execution (RCE) capabilities for Cacti and SmarterMail. This […]

The post Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail appeared first on Cyber Security News.

A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The campaign, active from late 2025 through early 2026, focuses primarily on victims in Thailand and Vietnam, marking a strategic shift toward region-specific operations. The attackers exploit unpatched […]

The post UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS appeared first on Cyber Security News.

A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and unauthorized access to external systems. Ollama, an open-source framework designed to run artificial intelligence models locally, has become unexpectedly exposed due to simple configuration changes that administrators make without fully […]

The post 175,000 Exposed Ollama Hosts Enable Code Execution and External System Access appeared first on Cyber Security News.

A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of espionage campaigns conducted by APT42, an Iranian state-sponsored cyber-espionage group that has been actively targeting high-value senior defense and government officials worldwide. The threat […]

The post TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome appeared first on Cyber Security News.