On November 2, 1988, graduate student Robert Morris released a self-replicating program into the early Internet. Within 24 hours, the Morris worm had infected roughly 10 percent of all connected computers, crashing systems at Harvard, Stanford, NASA, and Lawrence Livermore National Laboratory. The worm exploited security flaws in Unix systems that administrators knew existed but had not bothered to patch. READ MORE...
The Russian cyberespionage group APT28 has rushed to add a recently patched Office vulnerability to its arsenal, with the first attacks observed just days after Microsoft announced fixes. The flaw, tracked as CVE-2026-21509, was addressed by Microsoft on January 26. The tech giant warned at the time that the vulnerability had been exploited as a zero-day and urged customers to apply the patches immediately. READ MORE...
When data resurfaces, it never comes back weaker. A newly shared dataset tied to AT&T shows just how much more dangerous an "old" breach can become once criminals have enough of the right details to work with. The dataset, privately circulated since February 2, 2026, is described as AT&T customer data likely gathered over the years. It doesn't just contain a few scraps of contact information. It reportedly includes roughly 176 million records, with… READ MORE...
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims reportedly are paying - perhaps as much to contain the stolen data as to stop the escalating personal attacks. READ MORE...
A new phishing scheme aims to trick organizations into giving up their Dropbox logins using a multistage obfuscation strategy. Data security vendor Forcepoint on Monday published research concerning an email-based social engineering campaign observed in the wild. It follows a pattern often seen: The threat actor sends an email to the target requesting the latter open a linked PDF to review a phony "request order." READ MORE...
A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. The threat actor gained access to the account of a legitimate developer (oorzc) and pushed malicious updates with the GlassWorm payload to four extensions that had been downloaded 22,000 times. GlassWorm attacks first appeared in late October, hiding the malicious code using "invisible" Unicode characters. READ MORE...
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully targeted in these latest hacking spree are Panera Bread, SoundCloud, Match Group (owner of online dating services Tinder, Hinge, Match and OkCupid) and Crunchbase. READ MORE...
Infrastructure delivering updates for Notepad++-a widely used text editor for Windows-was compromised for six months by suspected China-state hackers who used their control to deliver backdoored versions of the app to select targets, developers said Monday. "I deeply apologize to all users affected by this hijacking," the author of a post published to the official notepad-plus-plus.org site wrote Monday. READ MORE...
The developers of OpenClaw recently patched a critical vulnerability that could be exploited to hijack the increasingly popular AI assistant by tricking the target user into visiting a malicious website. OpenClaw (previously known as Clawdbot and Moltbot) is an open source, self-hosted AI agent that can autonomously execute terminal commands, manage file systems, and orchestrate complex workflows across messaging apps. READ MORE...