Threats
Security researchers at Aikido Security have discovered a malicious Visual Studio Code extension masquerading as "ClawdBot Agent," a fake version of the popular AI coding assistant. The extension functions as a fully working AI tool while silently deploying remote access malware to Windows machines. The real ClawdBot team
Breaches
Security firm Morphisec has uncovered a supply chain compromise affecting eScan antivirus software, where attackers distributed malicious updates through the vendor's legitimate update infrastructure. Discovered on January 20, 2026, the attack targeted both enterprise and consumer editions of the MicroWorld Technologies product, deploying multi-stage malware to endpoints worldwide.
Alerts
A critical vulnerability in SandboxJS, a widely used library for safely executing untrusted JavaScript code, allows attackers to completely escape the sandbox environment and achieve remote code execution on the host system. Tracked as CVE-2026-23830 and carrying a maximum CVSS score of 10.0, the flaw stems from an incomplete
Threats
The financially motivated threat actor TA584 has significantly escalated its initial access operations, adopting a high-speed attack model built around short-lived campaigns, rapid infrastructure changes, and aggressive social engineering techniques, according to research published by Proofpoint. The evolution reflects a broader shift in modern cybercrime where speed and adaptability now
Threats
Threat actors are actively exploiting a critical remote code execution vulnerability in React Server Components to compromise systems across multiple industries worldwide, deploying cryptocurrency miners, botnets, and remote access tools, according to research from BI.ZONE Threat Detection and Response. The vulnerability, tracked as CVE-2025-55182 and commonly referred to as
Alerts
The OpenSSL project has released a sweeping security update addressing twelve vulnerabilities across the widely-used cryptographic library, including a high-severity stack buffer overflow that could potentially enable remote code execution on vulnerable systems. The headline flaw, tracked as CVE-2025-15467, affects CMS AuthEnvelopedData parsing and carries high severity. Organizations running OpenSSL
Threats
A critical coding error in the Sicarii ransomware, possibly introduced through over-reliance on AI-assisted development tools, renders decryption impossible for both victims and the ransomware operators themselves, according to researchers at Halcyon's Ransomware Research Center. The flaw means that paying the ransom will not result in data recovery.
Alerts
A critical remote code execution vulnerability in n8n, the popular open-source workflow automation platform, allows authenticated users to bypass sandbox protections and execute arbitrary code on the main node with a CVSS severity score of 9.9, according to research published by JFrog Security. The vulnerability, tracked as CVE-2026-1470, was
Breaches
The acting director of the Cybersecurity and Infrastructure Security Agency uploaded sensitive government contracting documents into a public version of ChatGPT last summer, triggering multiple automated security warnings designed to prevent theft or unintentional disclosure of government material, according to a report by Politico citing four Department of Homeland Security
Threats
A Vietnamese cybercrime actor is using artificial intelligence to develop malware tools powering an ongoing phishing campaign that delivers PureRAT and other payloads through fake job opportunity lures, according to research published by Symantec. Multiple tools used by the attacker bear hallmarks of AI-assisted development, including detailed comments with numbered
Threats
A newly disclosed attack technique allows threat actors to abuse Microsoft Outlook add-ins to silently exfiltrate sensitive email data from organizations without generating any audit logs or forensic traces, according to research published by Varonis Threat Labs. The attack method, dubbed Exfil Out&Look, exploits a visibility gap in
Alerts
Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS, FortiManager, and FortiAnalyzer that allows attackers with a FortiCloud account to access devices registered to other customers' accounts. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild. The flaw,