Threats
FortiGuard Incident Response has documented a new tool in Interlock ransomware's arsenal — a bring-your-own-vulnerable-driver (BYOVD) process killer that abuses a zero-day vulnerability in a gaming anti-cheat kernel driver to terminate EDR and AV processes before ransomware deployment. The activity was observed during an intrusion against a North American
Threats
Sysdig's Threat Research Team has published a detailed analysis of a cloud intrusion in which a threat actor went from stolen credentials to full AWS administrative access in under 10 minutes — with strong indicators that large language models were used throughout the operation to automate reconnaissance, generate exploitation
Alerts
The Django project has issued security releases across all supported versions — Django 6.0.2, 5.2.11, and 4.2.28 — addressing six vulnerabilities, three of which are high-severity SQL injection flaws that could allow attackers to execute arbitrary SQL commands against backend databases. All three SQL injection CVEs
Breaches
Step Finance, one of the most widely used DeFi dashboard and analytics platforms on Solana, has disclosed that attackers stole approximately $40 million in digital assets after compromising devices belonging to company executives. The breach was detected on January 31 during APAC hours. Step Finance described the attacker as a
Threats
Daylight Security has published findings from a real-world intrusion in which BlueNoroff — the financially motivated subgroup of North Korea's Lazarus Group — used live social engineering over Microsoft Teams to compromise a macOS endpoint, steal Keychain credentials, and stage data for exfiltration. The entire attack was operator-driven in real
Alerts
A critical vulnerability in OpenClaw — the viral open-source AI assistant trusted by over 100,000 developers — allows attackers to achieve full remote code execution on a victim's machine through a single webpage visit. No user interaction beyond loading the page is required. CVE-2026-25253 (CVSS 8.8) affects all
Threats
A months-long offensive investigation by Red Asgard's threat research team has produced one of the most detailed public examinations of North Korea's Contagious Interview campaign infrastructure ever published. The findings — spanning four malware families, approximately 20 previously undocumented C2 servers, a novel binary protocol, and unauthenticated
Alerts
Russian state-sponsored hacking group APT28 weaponized a critical Microsoft Office zero-day vulnerability within 24 hours of public disclosure, launching targeted attacks against Ukrainian government agencies and European Union institutions. Ukraine's Computer Emergency Response Team (CERT-UA) detected exploitation attempts beginning January 27 — just one day after Microsoft published details
Threats
Chinese state-sponsored threat actors compromised the update infrastructure for Notepad++, the popular open-source text editor with tens of millions of Windows users, and maintained access for nearly six months while selectively targeting victims with malicious updates. The Notepad++ development team confirmed the breach today, stating that attackers intercepted update requests
Threats
Mandiant has published a detailed analysis of an escalation in threat activity linked to ShinyHunters-branded extortion operations. The campaigns leverage evolved voice phishing (vishing) techniques and victim-branded credential harvesting pages to compromise single sign-on credentials and enroll unauthorized devices into victim MFA solutions — enabling access to cloud SaaS environments for
Threats
Security researchers have uncovered a coordinated espionage campaign targeting Android users in Pakistan through a spyware operation that combines romance-themed social engineering, mobile surveillance, and WhatsApp account hijacking. ESET researchers track the Android component as GhostChat, a spyware that masquerades as a dating application while exfiltrating sensitive data and enabling
Threats
Security researchers have uncovered a sophisticated Linux post-exploitation framework that operates entirely in memory, leaving no persistent artifacts on disk while providing operators with extensive capabilities for long-term intrusion operations. Cyble Research & Intelligence Labs tracks the activity as ShadowHS, reflecting its fileless execution model and lineage from the original