News
-
North Korean operatives apply to remote jobs using real LinkedIn accounts, security post says
North Korean operatives are applying for remote jobs using real LinkedIn accounts they impersonate, using verified workplace details to appear legitimate. Employers are advised to validate candidate email control and confirm account ownership before hiring.
-
Reynolds ransomware bundles vulnerable driver to disable EDR tools
Researchers disclosed Reynolds ransomware that bundles a vulnerable NsecSoft NSecKrnl driver used to disable endpoint security. The driver is linked to CVE-2025-68947 with a CVSS score of 5.7.
-
Warlock ransomware breaches network through unpatched SmarterMail instance
A SmarterTools community advisory says the Warlock gang breached an unpatched SmarterMail instance on January 29, 2026, affecting about 12 Windows servers and a secondary data center. Updates and isolation were recommended to limit spread.
-
Conduent breach exposed personal data of nearly 17,000 Volvo employees
Nearly 17,000 US Volvo employees had personal data exposed after a Conduent breach. A Maine Attorney General filing shows 16,991 people were affected, with intruder access dated October 21, 2024 to January 13, 2025.
-
Report: Claude Desktop Extensions run unsandboxed, enabling zero-click RCE
A LayerX Security technical analysis found Claude Desktop Extensions run unsandboxed with full system privileges, enabling zero-click remote code execution via a malicious Google Calendar entry when MCP permissions are granted.
-
China-linked UNC3886 targeted Singapore telcos, agency says
Singapore’s Cyber Security Agency said UNC3886 targeted all four major telcos using a zero-day and rootkits. Authorities closed access points and expanded monitoring and found no evidence of customer data loss.
-
SecurityScorecard: 135,000 plus internet-exposed OpenClaw instances found
SecurityScorecard’s STRIKE team found more than 135,000 internet-exposed OpenClaw instances and tens of thousands vulnerable to a known RCE bug. Users are urged to restrict network bindings and limit agent access.
-
Ivanti EPMM zero-days exploited in breach affecting Dutch data protection authority
A letter to the Dutch parliament said attackers exploited Ivanti EPMM vulnerabilities on 29 January, causing a breach that affected employees at the Dutch Data Protection Authority and the Council for the Judiciary with contact details possibly exposed.
-
DKnife targets network gateways in long-running AitM campaign
DKnife is a modular adversary-in-the-middle framework that has operated on network gateways since at least 2019. It inspects and manipulates traffic to hijack updates and deliver malware to downstream devices.
-
Bloody Wolf campaign installs NetSupport RAT in Uzbekistan and Russia
A spear-phishing campaign installed NetSupport RAT on about 50 devices in Uzbekistan and 10 in Russia using PDF-based loaders that enforce install limits and set persistent autorun scripts while Mirai payloads were staged.
