Zero Day Wire - Zero Day Wire (Page 7)

Alerts

Google Patches First Chrome Zero-Day of 2026 After Active Exploitation of CSS Use-After-Free Flaw (CVE-2026-2441)

Google has released emergency Chrome updates to address CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS handling that was being actively exploited before a fix was available — marking the first Chrome zero-day of 2026. CVE-2026-2441 The vulnerability (CVSS 8.8) allows a remote attacker to execute arbitrary code

Alerts

BeyondTrust CVSS 9.9 Pre-Auth RCE Now Exploited in the Wild as Attackers Target Remote Access Infrastructure

Threat actors have begun actively exploiting a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances, with exploitation detected across global sensor networks overnight. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," said Ryan Dewhurst, head of threat

Breaches

Qilin Ransomware Gang Breaches Romania's National Oil Pipeline Operator Conpet, Claims 1TB Data Theft

Romania's national oil pipeline operator Conpet S.A. has confirmed that the Qilin ransomware group breached its corporate IT infrastructure and stole company data in an attack last week, marking another critical infrastructure target hit by the increasingly aggressive ransomware operation. Conpet S.A. is a strategic company

Threats

Lazarus Group Poisons npm and PyPI With Fake Recruitment Campaign Deploying Token-Based RAT

The North Korea-linked Lazarus Group has been planting malicious packages across both npm and PyPI repositories through an elaborate fake recruitment campaign targeting developers in the blockchain and cryptocurrency space, deploying a modular remote access trojan with a command-and-control mechanism unique to North Korean operations. ReversingLabs researchers discovered the campaign,

Breaches

30 Fake AI Chrome Extensions With 300,000 Installs Caught Stealing Credentials, Gmail Data, and Audio

Thirty malicious Chrome extensions with a combined 300,000 installations have been caught masquerading as AI assistants while stealing credentials, email content, browsing data, and even activating voice recognition to capture audio from victim environments. Researchers at browser security platform LayerX discovered the campaign, dubbed AiFrame, and confirmed all 30

Breaches

Comcast Agrees to $117.5M Settlement Over Citrix Bleed Breach That Exposed 31.6 Million Customers

Comcast has agreed to pay $117.5 million to settle a class action lawsuit stemming from the October 2023 data breach in which attackers exploited the Citrix Bleed vulnerability to compromise the personal information of 31.6 million customers. US District Judge John Milton Younge granted preliminary approval on January

China's APT31 Used Gemini AI and Hexstrike to Automate Vulnerability Analysis Against US Targets

China's APT31 used Google's Gemini AI chatbot combined with the Hexstrike red-teaming framework to automate vulnerability analysis and plan cyberattacks against specific US-based targets, according to Google's latest AI Threat Tracker report. APT31 — also tracked as Violet Typhoon, Zirconium, and Judgment Panda — is a

Threats

Single Bulletproof Hosting IP Behind 83% of Ivanti EPMM Exploitation as Sleeper Shells Target MDM Infrastructure

A single IP address on bulletproof hosting infrastructure is responsible for 83% of all exploitation attempts targeting the critical Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have already compromised multiple European government agencies. Threat intelligence firm GreyNoise recorded 417 exploitation sessions from 8 unique source IPs between February 1-9, with

Breaches

First Malicious Outlook Add-In Discovered in the Wild After Abandoned Domain Hijack Steals 4,000 Credentials

Researchers at Koi Security have discovered what they describe as the first known malicious Microsoft Outlook add-in detected in the wild — a supply chain attack that exploited an abandoned developer domain to serve a phishing kit directly inside Outlook, stealing over 4,000 Microsoft credentials. The campaign, codenamed AgreeToSteal, targeted

Alerts

Apple Patches First Zero-Day of 2026 After Google TAG Discovers Exploitation in Targeted Attacks

Apple has released security updates across its entire product ecosystem to address a zero-day vulnerability that the company says has been exploited in "extremely sophisticated" attacks targeting specific individuals. The vulnerability, tracked as CVE-2026-20700, is a memory corruption flaw in dyld — Apple's Dynamic Link Editor responsible

Threats

Crazy Ransomware Operator Weaponizes Employee Monitoring Software for Stealth Persistence

A Crazy ransomware affiliate is abusing legitimate employee monitoring software and remote support tools to maintain stealth persistence inside corporate networks, blending malicious activity with normal administrative operations before deploying ransomware. Researchers at Huntress investigated multiple intrusions where the threat actor deployed Net Monitor for Employees Professional alongside the SimpleHelp

Breaches

Dutch Police Arrest Third Suspect Behind JokerOTP Phishing Platform That Caused $10M in Losses

Netherlands police have arrested a 21-year-old man from Dordrecht suspected of selling access to the JokerOTP phishing automation platform — a tool designed to intercept one-time passwords through automated voice calls that tricked victims into handing over their MFA codes. The arrest is the third in a three-year investigation that dismantled