Huntress researchers Anna Pham, Tanner Filip & Dani Lopez look into a new ClickFix variant dubbed “CrashFix” that intentionally crashes the browser then baits users into running malicious commands, and ModeloRAT. huntress.com/blog/malicious…

Fortinet researchers found a phishing campaign delivering a new variant of Remcos, a commercial lightweight RAT with a wide range of capabilities, including system resource management, remote surveillance, network management & Remcos agent management. fortinet.com/blog/threat-re…

Infoblox researchers managed to snoop on the communications of an affiliate advertising push notification system whose DNS records were left misconfigured, allowing the researchers to receive a copy of every ad they sent victims, and recorded metrics. infoblox.com/blog/threat-in…

ClearFake is a malware campaign that displays fake CAPTCHA challenges on compromised websites. Their use of legitimate infrastructure has its consequences. 1/2

Oracle RCE Vulnerability CVSS 10.0 - affecting Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS nvd.nist.gov/vuln/detail/CV… oracle.com/security-alert…

🚨 AI is no longer just enhancing cyberattacks; it’s industrializing them. Group-IB’s first Weaponized AI report reveals how cybercriminals are operationalizing artificial intelligence to drive a fifth wave of cybercrime. Skills that once required human expertise, such as

Check this out 👇 🤓

New wave of suspected 0day attacks hitting FortiGate firewalls via malicious SSO logins. Attackers exfil configs, create persistence accounts (secadmin, itadmin, backup…), grant VPN access – all in seconds. Very similar to Dec 2025 campaign tied to FortiCloud SSO bypasses

Call for Papers is now open for #VB2026! We're looking for engaging, insightful, and original talks for the 36th VB Conference, taking place 14–16 October 2026 in Seville, Spain 🇪🇸 📅 Deadline: 9 April 2026 📝 Submit your abstract 👉tinyurl.com/5xra8a3v

🚩 Security Bug in Stealc Malware Panel Exposes Operator Data and Victim Lists thehackernews.com/2026/01/securi… Researchers have discovered a configuration error in the back-end panel used to manage Stealc malware campaigns that inadvertently exposed sensitive operator data and victim

eSentire Threat Response Unit identified an ongoing campaign deploying a sophisticated, multistage backdoor for the likely purpose of long-term espionage. The campaign targets residents of India with phishing emails that impersonate India's Income Tax dept esentire.com/blog/weaponize…

⚠️ New research drop: We’ve uncovered a suspected state-affiliated campaign that’s flown under the radar for ~4 years with some C2 still active today. 😈 We now control one of their C2 domains and have been sinkholing + analysing traffic. ctrlaltintel.com/threat%20resea…

A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, researchers at ESET told me. zetter-zeroday.com/cyberattack-ta…

#BREAKNG #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the 🇵🇱 Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

Oh, Poland is fair game now? (Great work by ESET Research as always!)

ESET Research observed a new instance of Operation DreamJob under the Lazarus umbrella targeting European defence companies, including firms tied to the UAV sector. Researchers provide a high-level overview of the tools used. welivesecurity.com/en/eset-resear…

North Korean Lazarus Group creates new version of Contagious Interview that uses VS Code tasks to lauch malware hiding in fake fonts OpenSourceMalware opensourcemalware.com/blog/contagiou…

What separates Chinese cyber ops from Five Eyes? Three things that shifted my thinking about this topic: 1. Early cyber training (90s-2000s) happened on live targets. Not sandboxes, not simulations...actual foreign infrastructure. The "practice" was the operation. Operational

Last year, a human trafficking victim trapped in a crypto scam compound in the Golden Triangle region of Laos contacted me. He proceeded to leak a huge trove of the compound's internal materials. Then he had to get out alive. This is his story. 🧵👇 wired.com/story/he-leake…

Building and car alarm systems managed by Russian company Delta have been disrupted by a cyberattack blamed on a "hostile foreign state" therecord.media/russia-delta-s…