Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Ravie LakshmananJan 28, 2026Supply Chain Security / Malware Cybersecurity researchers have discovered two malicious packages in the Python Package Index...
Hacking
Category Added in a WPeMatico Campaign
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Ravie LakshmananJan 28, 2026Network Security / Zero-Day Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS...
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
Ravie LakshmananJan 27, 2026Mobile Security / Spyware Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure...
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Ravie LakshmananJan 27, 2026Threat Intelligence / Cyber Espionage Indian government entities have been targeted in two campaigns undertaken by a...
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization...
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
The Hacker NewsJan 27, 2026Attack Surface Management / Cyber Risk Cybersecurity teams increasingly want to move beyond looking at threats...
Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation
Ravie LakshmananJan 27, 2026Zero-Day / Vulnerability Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability...
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
Ravie LakshmananJan 27, 2026Vulnerability / Cloud Security A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version...
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Ravie LakshmananJan 27, 2026Web Security / Malware Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has...
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Ravie LakshmananJan 26, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a...
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Ravie LakshmananJan 26, 2026AI Security / Vulnerability Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions...
⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
Ravie LakshmananJan 26, 2026Hacking News / Cybersecurity Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems,...
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
The Hacker NewsJan 26, 2026Endpoint Security / Artificial Intelligence If there's a constant in cybersecurity, it's that adversaries are always...
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers
Ravie LakshmananJan 26, 2026Malware / Endpoint Security The North Korean threat actor known as Konni has been observed using PowerShell...
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called...
