Internet Security

U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog

February 3, 2026 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency... Read more »

Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

February 3, 2026 add comment
Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw... Read more »

APT28 exploits Microsoft Office flaw in Operation Neusploit

February 3, 2026 add comment
Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation... Read more »

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

February 3, 2026 add comment
Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s... Read more »

MoltBot Skills exploited to distribute 400+ malware packages in days

February 2, 2026 add comment
Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and... Read more »

Panera Bread breach affected 5.1 Million accounts, HIBP Confirms

February 2, 2026 add comment
Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by... Read more »

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

February 2, 2026 add comment
Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured... Read more »

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

February 2, 2026 add comment
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s... Read more »

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

February 2, 2026 add comment
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors   Who... Read more »

Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION

February 2, 2026 add comment
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new... Read more »
Subscribe to our Newsletter