Cybersecurity Center

Cybersecurity News

  • Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware (Wednesday January 28, 2026)
    Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts. The extension, named "ClawdBot Agent - AI Coding Assistant" ("clawdbot.clawdbot-agent") (HackerNews)
  • Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid (Wednesday January 28, 2026)
    The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology (OT) cybersecurity company Dragos, in a new intelligence brief published Tuesday, described the late December 2025 activity as the first major cyber attack targeting distributed energy (HackerNews)
  • Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution (Wednesday January 28, 2026)
    Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below - CVE-2026-1470 (CVSS score: 9.9) - An eval injection vulnerability that could allow an authenticated user to bypass the Expression (HackerNews)
  • From Triage to Threat Hunts: How AI Accelerates SecOps (Wednesday January 28, 2026)
    If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We have instead seen the emergence of a practical reality. (HackerNews)
  • Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution (Wednesday January 28, 2026)
    A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system. "In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch (HackerNews)
  • Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks (Wednesday January 28, 2026)
    Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, Polaris, and Twill Typhoon) with the intrusions primarily directed against government entities located (HackerNews)
  • Password Reuse in Disguise: An Often-Missed Risky Workaround (Wednesday January 28, 2026)
    When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remains far more ordinary. Near-identical password reuse continues to slip past security controls, often (HackerNews)
  • Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 (Wednesday January 28, 2026)
    Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated (HackerNews)
  • Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan (Wednesday January 28, 2026)
    Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy, are no longer available on PyPI, but not before they were collectively downloaded a little over 1,000 times. "Hidden inside the Basque (HackerNews)
  • Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected (Wednesday January 28, 2026)
    Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it's (HackerNews)
  • WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware (Tuesday January 27, 2026)
    Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for (HackerNews)
  • Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities (Tuesday January 27, 2026)
    Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) (HackerNews)
  • ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services (Tuesday January 27, 2026)
    Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera. "Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths," (HackerNews)
  • CTEM in Practice: Prioritization, Validation, and Outcomes That Matter (Tuesday January 27, 2026)
    Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure. Which exposures truly matter? Can attackers exploit them? Are our defenses effective? Continuous Threat Exposure (HackerNews)
  • Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation (Tuesday January 27, 2026)
    Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office. "Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized (HackerNews)
  • Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas (Tuesday January 27, 2026)
    A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs. "One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead," (HackerNews)
  • China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023 (Tuesday January 27, 2026)
    Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicious activities targeting Asian government entities and private organizations, according to Trend Micro (HackerNews)
  • Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware (Monday January 26, 2026)
    Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat (HackerNews)
  • Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code (Monday January 26, 2026)
    Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio (HackerNews)
  • ⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More (Monday January 26, 2026)
    Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals. (HackerNews)
  • Winning Against AI-Based Attacks Requires a Combined Defensive Approach (Monday January 26, 2026)
    If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade (HackerNews)
  • Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers (Monday January 26, 2026)
    The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check (HackerNews)
  • Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware (Saturday January 24, 2026)
    A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign," Fortinet FortiGuard Labs researcher Cara Lin said in a technical breakdown published this week. "These documents and (HackerNews)
  • New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector (Saturday January 24, 2026)
    The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025. The attack was unsuccessful, the country's energy minister, Milosz Motyka, said last week. "The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack on (HackerNews)
  • Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents (Saturday January 24, 2026)
    AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?” Unlike users or applications, AI agents are often deployed quickly, shared broadly, (HackerNews)
  • CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog (Saturday January 24, 2026)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow in the (HackerNews)
  • CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities (Friday January 23, 2026)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 (CVSS score: 8.8) - A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a (HackerNews)
  • Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls (Friday January 23, 2026)
    Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new (HackerNews)
  • TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order (Friday January 23, 2026)
    TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok's Chinese (HackerNews)
  • Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access (Friday January 23, 2026)
    Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust," KnowBe4 Threat (HackerNews)
  • Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms (Friday January 23, 2026)
    Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness," the Microsoft Defender Security Research Team said. (HackerNews)
  • New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack (Thursday January 22, 2026)
    Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter (HackerNews)
  • Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access (Thursday January 22, 2026)
    A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7. "Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass (HackerNews)
  • ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories (Thursday January 22, 2026)
    Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasis (HackerNews)
  • Filling the Most Common Gaps in Google Workspace Security (Thursday January 22, 2026)
    Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one. Securing the cloud office in this scenario is all about (HackerNews)
  • Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts (Thursday January 22, 2026)
    A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating the latter's project description verbatim in an attempt to deceive unsuspecting users into thinking that they are (HackerNews)
  • SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release (Thursday January 22, 2026)
    A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible disclosure by the exposure management (HackerNews)
  • Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations (Thursday January 22, 2026)
    Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin account from (HackerNews)
  • Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex (Thursday January 22, 2026)
    Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 (CVSS score: 8.2), could permit an unauthenticated remote attacker to execute arbitrary commands on the (HackerNews)
  • North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews (Wednesday January 21, 2026)
    As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America. The new findings (HackerNews)
  • Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws (Wednesday January 21, 2026)
    Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844 (HackerNews)
  • Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff (Wednesday January 21, 2026)
    Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets. The truth? Most MSSPs are running harder, not smarter. And it’s breaking their margins. That’s where the quiet revolution is happening: AI isn’t just writing reports or surfacing risks — it’s rebuilding how security services are (HackerNews)
  • Exposure Assessment Platforms Signal a Shift in Focus (Wednesday January 21, 2026)
    Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to secure a modern (HackerNews)
  • Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs (Wednesday January 21, 2026)
    Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or (HackerNews)
  • VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code (Wednesday January 21, 2026)
    The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. That's according to new findings from Check Point Research, which identified operational security blunders by malware's author that provided clues to its developmental origins. The latest insight makes (HackerNews)
  • LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords (Wednesday January 21, 2026)
    LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The (HackerNews)
  • CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution (Wednesday January 21, 2026)
    A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: 6.5), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025. Binary-parser is a (HackerNews)
  • North Korea-Linked Hackers Target Developers via Malicious VS Code Projects (Tuesday January 20, 2026)
    The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said. "This activity involved (HackerNews)
  • Kimwolf Botnet Lurking in Corporate, Govt. Networks (Tuesday January 20, 2026)
    A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks. (KrebsOnSecurity)
  • Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution (Tuesday January 20, 2026)
    A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. "These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README, (HackerNews)
  • Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading (Tuesday January 20, 2026)
    Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers "weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script," ReliaQuest said in a report shared with (HackerNews)
  • Patch Tuesday, January 2026 Edition (Wednesday January 14, 2026)
    Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today. (KrebsOnSecurity)
  • Who Benefited from the Aisuru and Kimwolf Botnets? (Thursday January 08, 2026)
    Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf's spread. (KrebsOnSecurity)
  • The Kimwolf Botnet is Stalking Your Local Network (Friday January 02, 2026)
    The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date. (KrebsOnSecurity)
  • Happy 16th Birthday, KrebsOnSecurity.com! (Monday December 29, 2025)
    KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services. (KrebsOnSecurity)
  • Dismantling Defenses: Trump 2.0 Cyber Year in Review (Friday December 19, 2025)
    The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all. (KrebsOnSecurity)
  • Most Parked Domains Now Serving Malicious Content (Tuesday December 16, 2025)
    Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware. (KrebsOnSecurity)
  • Microsoft Patch Tuesday, December 2025 Edition (Tuesday December 09, 2025)
    Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. (KrebsOnSecurity)
  • Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill (Saturday December 06, 2025)
    A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine. (KrebsOnSecurity)
  • SMS Phishers Pivot to Points, Taxes, Fake Retailers (Thursday December 04, 2025)
    China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.