Attackers Hijacked 200+ Websites Exploiting Magento Vulnerability to Gain Root-level Access
A critical security breach has exposed multiple Magento e-commerce platforms worldwide as threat actors successfully exploited a severe authentication flaw to achieve complete system control. The attack campaign, identified in January 2026, represents one of the most significant waves of coordinated web server compromises in recent months, affecting hundreds of online stores across different regions […]
The post https://cybersecuritynews.com/attackers-hijacked-200-websites-exploiting-magento-vulnerability/
.
https://cybersecuritynews.com/attackers-hijacked-200-websites-exploiting-magento-vulnerability/
Attackers Using Hugging Face Hosting to Deliver Android RAT Payload
A new Android threat campaign has emerged that uses social engineering combined with a legitimate machine learning platform to spread dangerous malware across devices. The attack begins when users see fake security alerts claiming their phones are infected and need protection. These deceptive prompts push users to download a fake security app called TrustBastion, which […]
The post https://cybersecuritynews.com/attackers-using-hugging-face-hosting/
.
https://cybersecuritynews.com/attackers-using-hugging-face-hosting/
Hackers Weaponized Open VSX Extension with Sophisticated Malware After Reaching 5066 Downloads
A dangerous malware campaign has infiltrated the Open VSX extension marketplace, compromising over 5,000 developer workstations through a fake Angular Language Service extension. The malicious package disguised itself as legitimate development tooling, bundling authentic Angular and TypeScript components alongside encrypted malware code that activates when developers open HTML or TypeScript files. The extension operated undetected […]
The post https://cybersecuritynews.com/hackers-weaponized-open-vsx-extension/
.
https://cybersecuritynews.com/hackers-weaponized-open-vsx-extension/
Python-based PyRAT with Cross-Platform Capabilities and Extensive Remote Access Features
A new Python-based remote access trojan has emerged, targeting both Windows and Linux systems with sophisticated surveillance and data theft capabilities. The malware operates by establishing command-and-control communication through unencrypted HTTP channels, allowing attackers to execute commands, steal files, and capture screenshots remotely. When executed, it immediately begins fingerprinting the victim’s system by collecting details […]
The post https://cybersecuritynews.com/python-based-pyrat-with-cross-platform-capabilities/
.
https://cybersecuritynews.com/python-based-pyrat-with-cross-platform-capabilities/
Hackers Exploiting FreePBX Vulnerability to Deploy Webshell and Gain Control of Systems
A sophisticated attack campaign leveraging a critical FreePBX vulnerability to deploy a persistent webshell dubbed “EncystPHP,” enabling threat actors to gain complete administrative control over compromised VoIP systems. The campaign, launched in early December 2025, exploits CVE-2025-64328, a post-authentication command-injection flaw in the FreePBX Endpoint Manager’s administrative interface. The malicious activity is attributed to INJ3CTOR3, […]
The post https://cybersecuritynews.com/freepbx-vulnerability-exploited/
.
https://cybersecuritynews.com/freepbx-vulnerability-exploited/
eSkimming Attacks Fuelled with Persistent Threats, Evolving Tactics, and Unfinished Recovery
eSkimming attacks, commonly known as Magecart attacks, continue to plague e-commerce websites across the globe, stealing payment card data from unsuspecting customers at checkout. These malicious campaigns inject JavaScript code into compromised websites, capturing sensitive financial information as users complete their purchases. Unlike traditional malware that requires system access, eSkimming operates entirely within the browser […]
The post https://cybersecuritynews.com/eskimming-attacks-fuelled-with-persistent-threats/
.
https://cybersecuritynews.com/eskimming-attacks-fuelled-with-persistent-threats/
Threat Actors Using AI Generated Malicious Job Offers to Deploy PureRAT
A Vietnamese cybercrime group is using artificial intelligence to write malicious code in an ongoing phishing campaign that distributes the PureRAT malware through fake job opportunities. The campaign, initially detected in December 2025, represents a concerning evolution in threat actor capabilities, combining social engineering tactics with machine-generated attack tools to compromise organizations worldwide. The attacks […]
The post https://cybersecuritynews.com/ai-generated-malicious-job-offers-deploy-purerat/
.
https://cybersecuritynews.com/ai-generated-malicious-job-offers-deploy-purerat/
Google Warns of WinRAR Vulnerability Exploited to Gain Control Over Windows System
A critical security flaw in WinRAR, one of the most widely used file compression tools for Windows, has become a favorite weapon for attackers seeking unauthorized access to computer systems. The vulnerability, tracked as CVE-2025-8088, allows threat actors to place malicious files into sensitive system directories without user awareness, essentially handing over control of Windows […]
The post https://cybersecuritynews.com/google-warns-of-winrar-vulnerability-exploited/
.
https://cybersecuritynews.com/google-warns-of-winrar-vulnerability-exploited/
Critical Vulnerability in VM2 Sandbox Library for Node.js Let Attackers run Untrusted Code
A critical sandbox escape vulnerability has been identified in vm2. This widely used Node.js library provides sandbox isolation for executing untrusted code. The flaw, tracked as CVE-2026-22709 (GHSA-99p7-6v5w-7xg8), affects all versions up to and including 3.10.0 and carries a CVSS v3.1 base score of 10.0, indicating maximum severity. The vulnerability stems from incomplete callback sanitization […]
The post https://cybersecuritynews.com/vm2-sandbox-vulnerability/
.
APT Hackers Attacking Indian Government Using GOGITTER Tool and GITSHELLPAD Malware
Advanced persistent threat actors operating from Pakistan have launched coordinated attacks against Indian government organizations using newly discovered tools and malware designed to bypass security defenses. The campaign, identified as Gopher Strike, emerged in September 2025 and represents a significant escalation in targeted cyber operations against sensitive government infrastructure. This coordinated assault demonstrates the growing […]
The post https://cybersecuritynews.com/apt-hackers-attacking-indian-government-using-gogitter-tool/
.
https://cybersecuritynews.com/apt-hackers-attacking-indian-government-using-gogitter-tool/
Threat Actors Using Fake Notepad++ and 7-zip Websites to Deploy Remote Monitoring Tools
Cybercriminals are increasingly distributing malicious Remote Monitoring and Management (RMM) tools through fake websites that mimic popular software download pages. These deceptive sites impersonate legitimate utilities like Notepad++ and 7-Zip, tricking users into installing remote access tools such as LogMeIn Resolve instead of the software they intended to download. Once installed, these RMM tools allow […]
The post https://cybersecuritynews.com/threat-actors-using-fake-notepad-and-7-zip-websites/
.
https://cybersecuritynews.com/threat-actors-using-fake-notepad-and-7-zip-websites/
MITRE Releases New Cybersecurity Framework to Protect the Embedded Systems
A new Embedded Systems Threat Matrix™ (ESTM) framework was introduced to help secure embedded systems used in critical infrastructure and defense technologies across the U.S. Developed collaboratively with the Air Force’s Cyber Resiliency Office for Weapon Systems (CROWS). ESTM addresses a critical security gap in protecting mission-critical systems that remain increasingly vulnerable to sophisticated cyber […]
The post https://cybersecuritynews.com/mitre-releases-framework-protect-embedded-systems/
.
https://cybersecuritynews.com/mitre-releases-framework-protect-embedded-systems/
Hackers Use ‘rn’ Typo Trick to Impersonate Marriott in New Phishing Attack
A sophisticated “homoglyph” phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter “m” with the combination “rn” (r + n), creating fake websites that look nearly identical to the real ones. This technique, known as typosquatting or a homoglyph attack, exploits the way modern fonts display text. […]
The post https://cybersecuritynews.com/rn-typo-phishing-attack/
.
76 Zero-day Vulnerabilities Uncovered by Hackers on Pwn2Own Automotive 2026
Security researchers at Pwn2Own Automotive 2026 demonstrated 76 unique zero-day vulnerabilities across electric vehicle chargers and in-vehicle infotainment systems. The three-day event in Tokyo awarded $1,047,000 USD total, with Fuzzware.io claiming the Master of Pwn title. Day One Activities Day One featured 30 entries targeting systems like Alpine iLX-F511, Kenwood DNR1007XR, and various EV chargers, […]
The post https://cybersecuritynews.com/0-day-vulnerabilities-pwn2own-automotive-2026-2/
.
https://cybersecuritynews.com/0-day-vulnerabilities-pwn2own-automotive-2026-2/
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, actively exploited in the wild. Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access. The Cisco Product Security Incident Response Team (PSIRT) confirmed exploitation attempts and urged immediate patching. The […]
The post https://cybersecuritynews.com/cisco-unified-cm-rce/
.
Google Gemini Privacy Controls Bypassed to Access Private Meeting Data Using Calendar Invite
A significant vulnerability within the Google ecosystem allowed attackers to bypass Google Calendar’s privacy controls using a standard calendar invitation. The discovery highlights a growing class of threats known as “Indirect Prompt Injection,” where malicious instructions are hidden within legitimate data sources processed by Artificial Intelligence (AI) models. This specific exploit enabled unauthorized access to […]
The post https://cybersecuritynews.com/gemini-privacy-controls-bypassed/
.
https://cybersecuritynews.com/gemini-privacy-controls-bypassed/
Ukraine Police Exposed Russian Hacker Group Specializes in Ransomware Attack
Ukrainian and German law enforcement have disrupted a Russian‑affiliated hacker group that has been carrying out high‑impact ransomware attacks against organizations worldwide, causing losses estimated in the hundreds of millions of euros. According to Ukraine’s Cyber Police and the Main Investigation Department of the National Police, working under the guidance of the Cyber Department of […]
The post https://cybersecuritynews.com/ukraine-police-exposed-russian-hacker-group/
.
https://cybersecuritynews.com/ukraine-police-exposed-russian-hacker-group/
Windows Remote Assistance Vulnerability Allow Attacker to Bypass Security Features
Critical security updates addressing CVE-2026-20824, a protection mechanism failure in Windows Remote Assistance that permits attackers to circumvent the Mark of the Web (MOTW) defense system. The vulnerability was disclosed on January 13, 2026, and affects multiple Windows platforms spanning from Windows 10 through Windows Server 2025. CVE-2026-20824 represents a security feature bypass vulnerability with […]
The post https://cybersecuritynews.com/windows-remote-assistance-vulnerability/
.
https://cybersecuritynews.com/windows-remote-assistance-vulnerability/
MonetaStealer Malware Powered with AI Code Attacking macOS Users in the Wild
A new information-stealing malware named MonetaStealer has been discovered actively targeting macOS users through deceptive file disguises and social engineering tactics. Security researchers at Iru first identified this threat on January 6, 2026, when they found a suspicious Mach-O binary masquerading as a Windows executable file named Portfolio_Review.exe. The malware represents a growing concern for […]
The post https://cybersecuritynews.com/monetastealer-malware-powered/
.
https://cybersecuritynews.com/monetastealer-malware-powered/
Palo Alto Networks Firewall Vulnerability Allows Unauthenticated Attackers to Trigger Denial of Service
Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals. The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from improper checks for unusual conditions that force firewalls into maintenance mode after repeated exploitation attempts. […]
The post https://cybersecuritynews.com/palo-alto-networks-firewall-dos-vulnerability/
.
https://cybersecuritynews.com/palo-alto-networks-firewall-dos-vulnerability/