Snap Store Domain Hijacking – Poisoned Linux Packages
Attackers are exploiting domain hijacking in the Canonical Snap Store, turning trusted Linux packages into malware delivery mechanisms. This campaign represents a critical escalation in […]
Month: January 2026
FortiGate Firewalls Targeted in Automated Attacks
Security researchers have identified a new wave of automated intrusions against FortiGate firewall devices, beginning January 15, 2026, with attackers stealing configuration data, creating persistence […]
ClearFake Campaign – Proxy Execution via Trusted Windows Feature
The ClearFake malware operation has evolved into a highly evasive delivery chain, combining fake CAPTCHA lures with proxy execution techniques that abuse legitimate Windows components […]
Cisco Unified Communications Zero-Day RCE – CVE-2026-20045
Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability in its Unified Communications (UC) suite, actively exploited in the wild to gain root […]
Zendesk Ticket Systems Hijacked in Global Spam Wave
A massive spam campaign has been observed worldwide, exploiting unsecured Zendesk support systems to flood inboxes with hundreds of bizarre and alarming emails. How the […]
Tesla & Automotive Tech Hacked – Pwn2Own Automotive 2026
The Pwn2Own Automotive 2026 competition in Tokyo has already made headlines: researchers exploited 37 zero-days on day one, earning $516,500 in rewards while demonstrating critical […]
Microsoft Teams – External Domain Anomalies Report
Microsoft is introducing a new proactive security feature for Teams called the External Domains Anomalies Report, designed to help defenders detect suspicious external communications at […]
VS Code for Malware Delivery
Researchers have uncovered a new evolution of the “Contagious Interview” campaign, where North Korean-linked attackers weaponize Visual Studio Code (VS Code) to deliver malicious payloads […]
ACF Extended Plugin Vulnerability – CVE-2025-14533
A critical privilege escalation flaw has been disclosed in the Advanced Custom Fields: Extended (ACF Extended) WordPress plugin, potentially exposing ~50,000 sites to complete compromise. […]
VoidLink – Next-Generation Linux Rootkit Framework
VoidLink represents a major evolution in rootkit design, specifically targeting Linux cloud environments with advanced evasion and adaptability. First identified by Check Point Research (Jan […]