Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Tue Feb 03 2026

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortly...

The Hacker News

New phishing attack leverages PDFs and Dropbox

Tue Feb 03 2026

Even as they become ever more stealthy with AI-driven tools, threat actors are not giving up on simple, tried-and-true phishing — because it still works.

CSO Online

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

Mon Feb 02 2026

A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It's an extension to the OpenClaw project, a self-hosted artificial intelligence (AI) assistant...

The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Mon Feb 02 2026

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to...

The Hacker News

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Mon Feb 02 2026

Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options. The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad...

The Hacker News

How risk culture turns cyber teams predictive

Mon Feb 02 2026

The first time you’ll hear, “We’re always in incident mode,” it won’t be said with drama.

CSO Online

This stealthy Windows RAT holds live conversations with its operators

Mon Feb 02 2026

Security researchers at Point Wild have disclosed a new Windows malware campaign that uses a multi-stage infection chain to establish persistent, memory-resident access on compromised systems and stea

CSO Online

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

Mon Feb 02 2026

Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to stay ahead. This week’s recap brings you the...

The Hacker News

Securing the Mid-Market Across the Complete Threat Lifecycle

Mon Feb 02 2026

For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done. The challenge is that many security tools add complexity and cost that most mid-market businesses...

The Hacker News

ICE and Qatari Security Forces at the Winter Olympics Put Italians on Edge

Mon Feb 02 2026

The influx of security personnel from around the world is sparking concern among Italians ahead of the Milano Cortina Olympic Games.

Wired

Why non-human identities are your biggest security blind spot in 2026

Mon Feb 02 2026

Last month, while running a routine access audit on our Azure environment, I came across a service account called svc-dataloader-poc.

CSO Online

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

Mon Feb 02 2026

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org," developer Don Ho said. "The compromise occurred at the hosting...

The Hacker News

Deutschland und Israel trainieren Abwehr von Cyberangriff

Mon Feb 02 2026

Bundesinnenminister Alexander Dobrindt mit dem israelischen Ministerpräsidenten Benjamin Netanjahu bei der Pressekonferenz.

CSO Online

CSO Barry Hensley on staying a step ahead of the cyber threat landscape

Mon Feb 02 2026

IT security was a critical element of retired US Col.

CSO Online

Im Fokus: Emerging Technologies

Mon Feb 02 2026

CSO Online

When responsible disclosure becomes unpaid labor

Mon Feb 02 2026

Responsible disclosure is built on an assumption that “doing the right thing” will be met with timely action, fair treatment, and professional respect, if not a bounty award.

CSO Online

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

Mon Feb 02 2026

The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. "Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise...

The Hacker News

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Mon Feb 02 2026

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm...

The Hacker News

Das nächste große Security-Schlachtfeld

Mon Feb 02 2026

Wenn Quantum Computing und KI in der Praxis zusammenkommen, bricht ein neues Zeitalter an – auch und vor allem in Sachen Cybersecurity.

CSO Online

Enterprise Spotlight: Manufacturing Reimagined

Sun Feb 01 2026

CSO Online

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Sat Jan 31 2026

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It's said to coincide with the nationwide unrest in Iran that began towards the end of 2025,...

The Hacker News

Jeffrey Epstein Had a ‘Personal Hacker,’ Informant Claims

Sat Jan 31 2026

Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more.

Wired

How to Film ICE

Sat Jan 31 2026

Filming federal agents in public is legal, but avoiding a dangerous—even deadly—confrontation isn’t guaranteed. Here’s how to record ICE and CBP agents as safely as possible and have an impact.

Wired

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Sat Jan 31 2026

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim...

The Hacker News

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

Sat Jan 31 2026

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country. The incident took place on December 29, 2025. The agency has attributed the attacks to...

The Hacker News

Ivanti patches two actively exploited critical vulnerabilities in EPMM

Fri Jan 30 2026

IT software company Ivanti released patches for its Endpoint Manager Mobile (EPMM) product to fix two new remote code execution vulnerabilities already under attack in the wild.

CSO Online

Startup Amutable plotting Linux security overhaul to counter hacking threats

Fri Jan 30 2026

If there’s one thing guaranteed to grab attention in the computer security world, it’s announcing yourself without fully explaining what it is you plan to do.

CSO Online

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Fri Jan 30 2026

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome...

The Hacker News

Hugging Face infra abused to spread Android RAT in a large-scale malware campaign

Fri Jan 30 2026

An Android malware campaign is reportedly abusing Hugging Face’s public hosting infrastructure to distribute a remote access trojan (RAT).

CSO Online

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Fri Jan 30 2026

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently...

The Hacker News

Badges, Bytes and Blackmail

Fri Jan 30 2026

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly...

The Hacker News

Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup

Fri Jan 30 2026

A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday. Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containing...

The Hacker News

The CSO guide to top security conferences

Fri Jan 30 2026

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have

CSO Online

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

Fri Jan 30 2026

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API...

The Hacker News

Human risk management: CISOs’ solution to the security awareness training paradox

Fri Jan 30 2026

Cybersecurity guru Bruce Scheier is often quoted as saying, “People are the weakest link in the security chain.

CSO Online

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Fri Jan 30 2026

Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog. The critical-severity vulnerabilities are listed below - CVE-2026-1281 (CVSS score:...

The Hacker News

Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits

Fri Jan 30 2026

Shadow AI, the secret, unapproved use of AI by employees, isn’t going away.

CSO Online

ShinyHunters ramp up new vishing campaign with 100s in crosshairs

Thu Jan 29 2026

Notorious extortion group ShinyHunters released tens of GB of files it claims to have stolen from dating apps Hinge, Match, OkCupid and Bumble.

CSO Online

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

Thu Jan 29 2026

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These systems, which span both cloud and residential networks across the world, operate outside the...

The Hacker News

ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed

Thu Jan 29 2026

WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere.

Wired

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account

Thu Jan 29 2026

AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had with the company’s stuffed animals.

Wired

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

Thu Jan 29 2026

This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being worked on. Trusted platforms turning into weak spots. What looks routine on...

The Hacker News

Critical RCE bugs expose the n8n automation platform to host‑level compromise

Thu Jan 29 2026

Two critical sandbox escape flaws in the popular n8n workflow automation platform are allowing authenticated users to achieve remote code execution on affected instances.

CSO Online

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

Thu Jan 29 2026

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats. The findings are based on...

The Hacker News

CISA chief uploaded sensitive government files to public ChatGPT

Thu Jan 29 2026

The acting director of the US Cybersecurity and Infrastructure Security Agency uploaded sensitive government contracting documents to a public version of ChatGPT last summer, triggering automated secu

CSO Online

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

Thu Jan 29 2026

Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That’s why for CISOs, it’s key to prioritize decisions that reduce dwell time and protect their company from risk.  Three strategic steps you can take this year for better results: 1. Focus on today's...

The Hacker News

EU’s answer to CVE solves dependency issue, adds fragmentation risks

Thu Jan 29 2026

The security community has offered broad support for the creation of an EU-hosted vulnerability database as a means of reducing dependence on US databases.

CSO Online

Reports of GDPR violations have risen sharply

Thu Jan 29 2026

According to a recent report by law firm DLA Piper, organizations are increasingly being reported for violations of the General Data Protection Regulation (GDPR).

CSO Online

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

Thu Jan 29 2026

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows - CVE-2025-40536 (CVSS score: 8.1) - A security control bypass vulnerability that could allow an unauthenticated...

The Hacker News

Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks

Thu Jan 29 2026

Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of writing, IPIDEA's website ("www.ipidea.io") is no longer accessible. It...

The Hacker News

NIST’s AI guidance pushes cybersecurity boundaries

Thu Jan 29 2026

For years, US cybersecurity guidance rested on a reassuring premise: New technologies introduce new wrinkles, but not fundamentally new problems.

CSO Online

10 Anzeichen für einen schlechten CSO

Thu Jan 29 2026

Sind IT-Mitarbeiter unzufrieden, kann das an schlechten Führungskräften oder an einer unzureichenden IT-Strategie liegen.

CSO Online

SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams

Thu Jan 29 2026

SolarWinds is yet again disclosing security vulnerabilities in one of its widely-used products.

CSO Online

Crooks are hijacking and reselling AI infrastructure: Report

Thu Jan 29 2026

For years, CSOs have worried about their IT infrastructure being used for unauthorized cryptomining.

CSO Online

ICE Is Using Palantir’s AI Tools to Sort Through Tips

Wed Jan 28 2026

ICE has been using an AI-powered Palantir system to summarize tips sent to its tip line since last spring, according to a newly released Homeland Security document.

Wired

Here’s the Company That Sold DHS ICE’s Notorious Face Recognition App

Wed Jan 28 2026

Immigration agents have used Mobile Fortify to scan the faces of countless people in the US—including many citizens.

Wired

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Wed Jan 28 2026

A critical vulnerability has been patched in vm2, a widely used library for the Node.

CSO Online

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

Wed Jan 28 2026

Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts. The extension, named "ClawdBot Agent - AI Coding Assistant" ("clawdbot.clawdbot-agent")...

The Hacker News

Palo Alto unveils Quantum-Safe Security to mitigate cryptographic risk

Wed Jan 28 2026

Palo Alto Networks unveiled its Quantum-Safe Security solution at the company’s virtual Quantum-Safe Summit Tuesday.

CSO Online

Russia-Aligned ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

Wed Jan 28 2026

The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology (OT) cybersecurity company Dragos, in a new intelligence brief published Tuesday, described the late December 2025 activity as the first major cyber attack targeting distributed energy...

The Hacker News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Wed Jan 28 2026

Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below - CVE-2026-1470 (CVSS score: 9.9) - An eval injection vulnerability that could allow an authenticated user to bypass the Expression...

The Hacker News

6 Best VPN Services (2026), Tested and Reviewed

Wed Jan 28 2026

Every VPN says it’s the best, but only some of them are telling the truth.

Wired

From Triage to Threat Hunts: How AI Accelerates SecOps

Wed Jan 28 2026

If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We have instead seen the emergence of a practical reality....

The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

Wed Jan 28 2026

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system. "In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch...

The Hacker News

Critical FortiCloud SSO zero‑day forces emergency service disablement at Fortinet

Wed Jan 28 2026

Fortinet has disclosed a critical authentication bypass zero-day vulnerability affecting its FortiCloud single sign-on feature after the company took the emergency step of temporarily disabling the cl

CSO Online

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

Wed Jan 28 2026

Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, Polaris, and Twill Typhoon) with the intrusions primarily directed against government entities located...

The Hacker News

Sicarii ransomware locks your data and throws away the keys

Wed Jan 28 2026

A newly observed Sicarii ransomware strain contains a critical encryption key handling defect that can leave encrypted data unrecoverable, even if a victim pays the ransom or uses a provided decryptor.

CSO Online

Password Reuse in Disguise: An Often-Missed Risky Workaround

Wed Jan 28 2026

When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remains far more ordinary. Near-identical password reuse continues to slip past security controls, often...

The Hacker News

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Wed Jan 28 2026

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated...

The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Wed Jan 28 2026

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy, are no longer available on PyPI, but not before they were collectively downloaded a little over 1,000 times. "Hidden inside the Basque...

The Hacker News

Always-on privileged access is pervasive — and fraught with risks

Wed Jan 28 2026

Privileged access management (PAM) has always been about ensuring least privilege.

CSO Online

Delegation is a risk decision every leader makes, not an ops choice

Wed Jan 28 2026

You make delegation decisions every day.

CSO Online

Skills CISOs need to master in 2026

Wed Jan 28 2026

Three decades ago, when Steve Katz became the world’s first CISO at Citicorp/Citigroup, he quickly realized that his role was more than solving problems with tech.

CSO Online

Diese Unternehmen hat es schon erwischt

Wed Jan 28 2026

Lesen Sie, welche Unternehmen in Deutschland aktuell von Cyberangriffen betroffen sind.

CSO Online

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Wed Jan 28 2026

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it's...

The Hacker News