We are always asked what we are reading and paying attention to, whilst we want to keep you updated with this there is just too much stuff. Here is a sample of the daily reading lists.
Security researchers uncover evidence that the Windows-based 'RenEngine loader' malware has infected around 30000 users in the US alone.
Go to External Site
First, a pet owner posts a lost dog alert in the Ring app · Next, nearby outdoor Ring cameras scan footage using AI · Then, camera owners receive alerts ...
Go to External Site
This week, officers from our Proactive Economic Crime Team have been out conducting warrants in relation to smishing fraud.
Go to External Site
People are giving these AI tools access to private files, passwords, even company secrets. But one of the most popular ones had hidden malware that ...
Go to External Site
Four weeks ago, researchers at Cyera published details of a critical vulnerability, after it had been patched, that would allow unauthenticated ...
Go to External Site
Follow Hoplon Infosec for modern cybersecurity tips. To view or add a comment, sign in. More from this author. Penetration Testing Methodologies in ...
Go to External Site
A critical vulnerability in Moltbook, a viral social network for AI agents, exposed 1.5 million API Keys. 1 day ago. Cybersecurity Magazine.
Go to External Site
WeChat activities are tracked more analytically, Cisco Talos says, with DKnife monitoring for voice and video calls, text messages, images sent and ...
Go to External Site
A malware framework that remained hidden for years has been discovered by security researchers at Cisco Talos. The researchers were hunting for ...
Go to External Site
This allows the attackers to install backdoors on devices connected to the compromised network without the user's knowledge. Cisco Talos analysts ...
Go to External Site
Vulnerability assessment and penetration testing: Ongoing vulnerability assessments and penetration testing are equally important for identifying ...
Go to External Site
... Windows updates. As Microsoft continues to experiment and adapt, the overarching narrative remains centered on the evolution of Xbox as a leading ...
Go to External Site
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage ...
Go to External Site
The partisan group warned that Russia's reliance on civilian technologies, such as Starlink, has become a critical vulnerability. “As soon as ...
Go to External Site
... identify. This escalating digital fraud erodes consumer wealth and highlights a critical vulnerability in India's rapidly digitizing economy.
Go to External Site
Preventive Actions: 2 pre-emptive Complaints. National Commission for Scheduled Castes (NCSC): Battling caste-based atrocities. In early January 2025 ...
Go to External Site
Andy Ward, SVP International at Absolute Security commented: “Last year, NCSC reported a 50% rise in highly significant attacks, alongside our recent ...
Go to External Site
The researchers were hunting for samples of DarkNimbus, a backdoor linked to the MOONSHINE exploit kit which have both been known about since 2023, , ...
Go to External Site
On the enforcement front, the Ministry of Industry and Information Technology (“MIIT”), Ministry of Public Security (“MPS”), National Computer Virus ...
Go to External Site
While unrelated, these incidents underscored a critical vulnerability, the report said: a small number of cloud providers now support a ...
Go to External Site
... critical vulnerability in SmarterMail that allows remote code execution without authentication. SmarterMail is a self-hosted, Windows-based email ...
Go to External Site
A second core pillar of the package focuses on Russia's financial system, which EU officials describe as a critical vulnerability. The measures ...
Go to External Site
Novee is an AI-native penetration testing company focused on autonomous attacker simulation in modern enterprise environments. The platform is ...
Go to External Site
"DKnife," a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework that turns Linux-based routers and edge devices into ...
Go to External Site
Italy says it blocked Russian-linked cyberattacks hitting Milano Cortina 2026 sites and Cortina hotels, as Olympic cybersecurity tightens.
Go to External Site
Malicious "skills" and persnickety configuration are just a few issues that security researchers have found when installing the OpenClaw AI ...
Go to External Site
AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked.
Go to External Site
A slew of malware attacks against open source software components have compromised thousands of software packages and repositories, ...
Go to External Site
... (NCSC). Despite this, he said he would personally step in to resolve the situation. “Wala sa DSWD 'yung centenarian gift na, nasa Commission on ...
Go to External Site
The NCSC guidance emphasizes that even basic DDoS attacks can drain IT resources, affect revenue, and more. Beyond DDoS. Threat intelligence shows ...
Go to External Site
The National Commission of Senior Citizens (NCSC) is bringing back its radio program “Golden Heart: Puso para sa Seniors” as part of efforts to ...
Go to External Site
... (NCSC) with office located at the fourth floor, Development Bank of the Philippines (DBP) building, Lower Session road. This is according to NCSC ...
Go to External Site
... Cisco Talos Cisco User Protection Cisco XDR Cybersecurity Network Operations Center Network Operations Center (NOC) RSAC Security Operations ...
Go to External Site
"DKnife's attacks target a wide range of devices, including PCs, mobile devices, and Internet of Things (IoT) devices," Cisco Talos researcher Ashley ...
Go to External Site
Code to forward password (Source : Cisco Talos). In one observed case, attackers replaced a legitimate executable (TosBtKbd.exe) ...
Go to External Site
Barracuda Cloud-to-Cloud Backup, winner of the 2025 Cloud Computing Backup and Disaster Recovery Award, stands out for its innovative, ...
Go to External Site
“For $2,000 to $6,000, Stanley provides a turnkey website-spoofing operation disguised as a Chrome extension, with its premium tier promising ...
Go to External Site
Virtual Hard Disks masquerading as PDF files are allowing hackers to sneak remote-access software through enterprise defenses.
Go to External Site
Behind what looks like a normal homepage, malware is using the Domain Name System (DNS) – the same protocol that basically “runs” the internet, ...
Go to External Site
China-linked DKnife framework uses router-level AitM implants for traffic hijacking, credential theft, and malware delivery targeting edge ...
Go to External Site
The coordinated destructive campaign against critical energy infrastructure occurred on December 29, 2025, during a period of severe winter ...
Go to External Site
Water supply management emerges as a critical vulnerability in arid mining regions. On-site water reserves provide temporary operational buffers ...
Go to External Site
Most Windows 11 systems likely have KB5074109 installed automatically unless users have disabled Windows updates. To check if you have the update ...
Go to External Site
The National Institute of Standards and Technology Feb. 2 published details on a critical vulnerability that impacted Notepad++, a free, ...
Go to External Site
... to field a home-grown fifth-generation fighter jet, the Advanced Medium Combat Aircraft (AMCA), faces a silent but critical vulnerability...
Go to External Site
The partisan movement argued that Russia's reliance on civilian communication technology had turned into a critical vulnerability. “Once ...
Go to External Site
WhatsApp users are being urged to take immediate action following the discovery of a critical vulnerability that may expose personal information ...
Go to External Site
A critical vulnerability in V8 could be weaponized in phishing campaigns, watering hole attacks, or drive-by download schemes, potentially ...
Go to External Site
Docker's AI assistant is vulnerable to cyber attack. A critical vulnerability named “DockerDash” was discovered in Docker's Ask Gordon AI ...
Go to External Site
Processing infrastructure deficits represent the most critical vulnerability point across North American supply chains. While mining capacity ...
Go to External Site
... Penetration Testing Courses - LHN · Did you know ? How To. From Log Aggregation to Threat Hunting: Maximizing Your SIEM Investment. Mic Johnson ...
Go to External Site
ESET shares findings of its H2 2025 Threat Report based on its telemetry research, highlighting the ongoing impact of phishing and ransomware.
Go to External Site
TeamViewer has fixed a security vulnerability that allowed logged-in users to access a system in certain situations,
Go to External Site
FireCompass Launches AI Agents for Autonomous Web and API Penetration Testing With Freemium Access. Next Post. AI Agents in Business: From ...
Go to External Site
Researchers at Palo Alto Networks' Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate ...
Go to External Site
A sneaky spam campaign is hitting inboxes with fake PDF files. These emails trick users into thinking they need to update Adobe Acrobat.
Go to External Site
The DKnife gateway-monitoring and AitM framework is targeting Chinese users' desktop, mobile, and IoT devices with backdoors.
Go to External Site
In 2026 stolen credentials and unmanaged identities drive breaches—small buys, phone scams, and weak IAM make identity the real perimeter.
Go to External Site
In mid-January 2026, CyStack's security team detected unusual activity in a corporate environment that, at first, did not seem alarming.
Go to External Site
A newly uncovered surveillance campaign illustrates how consistently mobile threats have evolved and are now deliberately misusing everyday ...
Go to External Site
This is the alarming reality of Remote Access Trojans (RATs), a malicious software that can give cybercriminals control over your devices.
Go to External Site
Spain's Ministry of Science (Ministerio de Ciencia) announced a partial shutdown of its IT systems, affecting several citizen- and company-facing ...
Go to External Site
A study found nearly 5 million servers exposing Git metadata, with 250000 leaking deployment credentials via .git/config files.
Go to External Site
KEV Collider combines data from multiple open-source vulnerability frameworks to help cybersecurity teams assess which issues need their attention ...
Go to External Site
Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000 stars on GitHub, OpenClaw is ...
Go to External Site
U.S. and UK education organizations have been subjected to more clandestine attacks by the Interlock ransomware gang for nearly a year, ...
Go to External Site
BleepingComputer reports that the high-severity VMware ESXi sandbox escape issue, tracked as CVE-2025-22225, was confirmed by the Cybersecurity ...
Go to External Site
Asian state-linked hackers breached 70 entities, used phishing, N-day exploits, and rootkits for global espionage.
Go to External Site
A look at how different MCPs and AI agents can be targeted and how, in practice, enterprise AI becomes part of a cyberattacker's playbook.
Go to External Site
This pertains to temporary files which are from old Windows updates and device drivers, we're told, so hopefully Microsoft will be aware of this, and ...
Go to External Site
Windows 11 didn't have the best start to 2026. After Microsoft rolled out the January update, people have been reporting all sorts of strange bugs ...
Go to External Site
These Changes Stopped Windows Updates From Wrecking My PC Performance. ghacks ...
Go to External Site
Microsoft often includes new code in Windows updates but keeps it locked behind features flags for A/B testing or limited rollouts. ViVeTool lets ...
Go to External Site
Windows 11 Now Requires Admin Rights To Open Storage Settings. Arthur Kay. Feb 6, 2026. Windows Updates. Opening the Storage settings in recent ...
Go to External Site
Now, it should be noted that the original benchmarks were from a 2024 test, so it's not entirely fair, given that graphics drivers and Windows updates ...
Go to External Site
Cybersecurity experts have issued an urgent alert after discovering a new malware campaign exploiting a critical vulnerability in WordPress sites ...
Go to External Site
Responsible Disclosure: Critical Vulnerability in OpenClaw (C****.ru Marketplace) · 1. Executive Summary · 2. Technical Evidence (OSINT & Replication).
Go to External Site
... critical vulnerability: we don't have a heart for our fighter jets. In this episode of In Our Defence, host Dev Goswami and defence and national ...
Go to External Site
At the end of January, SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE ...
Go to External Site
... critical vulnerability. He also has brought his players into contact with Army Green Berets and Navy SEALs at the Seahawks' facility and at their ...
Go to External Site
A critical vulnerability in Moltbook, a viral social network for AI agents, exposed 1.5 million API Keys. 15 hours ago. Substack Discloses Breach ...
Go to External Site
APT28 hackers exploited a critical vulnerability in Microsoft Office. ... Using sophisticated techniques, the APT28 hacking group turned vulnerabilities ...
Go to External Site
A critical vulnerability in Moltbook, a viral social network for AI agents, exposed 1.5 million API Keys. 13 hours ago. Substack Discloses Breach ...
Go to External Site
... computer virus. c. Fears about the impact of AI. The sell-off occurred after AI-powerhouse Anthropic released a plug-in for its AI platform that it ...
Go to External Site
A dangerous new variant of the Odyssey Stealer malware is hitting macOS users hard. Security researchers have spotted this fresh wave of.
Go to External Site
Python based malware is also playing a larger role, enabling attackers to target macOS and Windows with the same code. Microsoft reported growing ...
Go to External Site
Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
Go to External Site
... malware. Enforce MFA on all accounts, remove users excluded from MFA ... Malware, – Malicious python payload observed, Microsoft Defender for Endpoint – ...
Go to External Site
Hacktool.Webshell · Ransom.Basta · Trojan Horse · Trojan.Gen.MBT · WS.Malware.1.
Go to External Site
Unlike traditional malware focused on data theft or encryption, SystemBC is designed to function as an infrastructure layer. Once deployed, it ...
Go to External Site
In recent years, Android malware campaigns in India have increasingly abused the trust associated with government services and.
Go to External Site
Google has just confirmed that more than 40% of all Android phones are now at risk from new malware and spyware attacks. If you're one of those ...
Go to External Site
Cowbell Resiliency Services (CRS) – Expert-led support, including micro penetration testing, cybersecurity awareness training, vendor risk ...
Go to External Site
COIMBATORE: The National Commission for Scheduled Castes (NCSC) has ... In this backdrop, the NCSC took suo motu cognisance of the matter and ...
Go to External Site
Cisco Talos Intelligence Group (@TalosSecurity). 419 views. Welcome to AI church, where the spirit is willing but the Clawdbot security is weak.
Go to External Site
When your mouse is not working in Windows 11, the issue is usually tied to drivers, power management, or Windows updates, not a broken mouse.
Go to External Site
AMD users, meanwhile, have not reported similar issues so far. Windows updates have repeatedly frustrated users in recent months. Past problems have ...
Go to External Site
A critical vulnerability in Moltbook, a viral social network for AI agents, exposed 1.5 million API Keys. 6 hours ago. Russian Cyberattacks Target ...
Go to External Site
A critical vulnerability in Moltbook, a viral social network for AI agents, exposed 1.5 million API Keys. 6 hours ago. Substack Discloses Breach ...
Go to External Site
... Windows features and fileless execution mechanisms to facilitate the sophisticated multistage Dead#Vax malware campaign.
Go to External Site
The infostealers leverage Python to deliver malware that steals credentials. Privacy concept: pixelated words Malware on digital background, 3d render.
Go to External Site
Italian outlet Il Corriere della Sera reports hackers sent ransom demand with 72-hour countdown using BabLock malware. □. Previously unknown group ...
Go to External Site
GlassWorm Malware Returns to Shatter Developer EcosystemsGlassWorm Malware Returns to Shatter Developer Ecosystems. byAlexander Culafi. Feb 3, 2026.
Go to External Site
The attack chain used fileless malware, encrypted payloads running entirely in memory, and legitimate cloud services to avoid detection; Defense ...
Go to External Site
Cohesity deepens Google Cloud partnership to bake threat intel and sandbox scanning into backup, tackling stealthy malware in stored data.
Go to External Site
... malware, data breach incidents, and hacks. Previous Article · Next Article. Post a Comment Community Rules. You need to login in order to post a ...
Go to External Site
... malware campaigns involving RedLine and Lummar info-stealers. Wiz. Location of devices using the same ...
Go to External Site