News
-
Russia moves to block WhatsApp after national DNS exclusions limit access
Russian authorities moved to block WhatsApp by excluding its domains from the national DNS, leaving the service reachable only via VPNs or external DNS. The move follows earlier throttling and registration restrictions.
-
Abandoned Outlook add-in hijacked to phish about 4,000 Microsoft accounts
An abandoned Outlook add-in listed in Microsoft’s store was hijacked to host phishing pages that stole credentials from about 4,000 users, a technical analysis found. Users should remove the add-in and reset passwords.
-
Critical RCE flaw in WPvivid Backup & Migration affects more than 900,000 installs
A critical RCE vulnerability in the WPvivid Backup & Migration plugin impacts versions up to 0.9.123 and more than 900,000 installs. Upgrade to version 0.9.124 to remediate CVE-2026-1357.
-
Lazarus supply chain campaign plants malicious packages on npm and PyPI
Researchers found malicious npm and PyPI packages tied to the Lazarus Group in a recruitment themed campaign active since May 2025. One npm package exceeded 10,000 downloads before a malicious update was published.
-
30 fake AI Chrome extensions with 300,000 installs steal credentials and email content
Thirty malicious Chrome extensions with more than 300,000 installs posed as AI assistants to steal credentials, Gmail content, and voice transcripts according to a technical analysis by LayerX. Users should remove suspicious extensions and reset passwords if compromised.
-
Apple issues updates to fix exploited dyld zero-day across iOS, macOS and other platforms
Apple released multiple OS updates to fix an exploited dyld memory corruption zero-day, CVE-2026-20700. The advisory credits Google Threat Analysis Group. Users should install the published updates for their devices.
-
Researchers identify first malicious Outlook add-in that stole over 4,000 credentials
Researchers found the first malicious Outlook add-in in the wild, where a hijacked add-in domain hosted a fake sign in page and captured more than 4,000 credentials, exposing gaps in marketplace content monitoring.
-
Cross platform RAT campaigns target Indian defense and government aligned organisations
Multiple campaigns used Geta RAT, Ares RAT and DeskRAT to compromise Windows and Linux systems at Indian defense and government aligned organizations in late 2025 and early 2026.
-
Crazy ransomware gang abuses employee monitoring and SimpleHelp to maintain access
A technical analysis by Huntress found Crazy gang operators abused Net Monitor and SimpleHelp to keep access, move files, execute commands, and prepare ransomware. Initial access used compromised SSL VPN credentials and defenders should enforce multifactor authentication.
-
New Linux botnet SSHStalker uses IRC C2 and scanned nearly 7,000 hosts
SSHStalker is a Linux botnet that uses IRC for command and control and performed nearly 7,000 SSH scans in January. It compiles C bots on infected hosts and persists via one minute cron jobs. Operators should monitor compilers and block IRC outbound traffic.
