Collaborate Disseminate
Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, d… Continue reading Self-spreading npm malware targets developers in new supply chain attack
A new malware delivery campaign has hit ClawHub, the official online repository for “skills” that augment the capabilities of the popular OpenClaw AI agent. Unlike previous ones, this campaign does not aim to trick users into downloading a … Continue reading Fake troubleshooting tip on ClawHub leads to infostealer infection
Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026. What happened? Tokyo-based Advantest is a leading manufactur… Continue reading Japanese chip-testing toolmaker Advantest suffers ransomware attack
A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The fake RMM tool, called TrustConnect, was being marketed via an LLM-created web… Continue reading Criminals create business website to sell RAT disguised as RMM tool
Microsoft has disclosed a privilege-escalation vulnerability in Windows Admin Center (WAC), a browser-based platform widely used by IT administrators and infrastructure teams to manage Windows clients, servers, clusters, Hyper-V hosts and virtual machi… Continue reading Microsoft reveals critical Windows Admin Center vulnerability (CVE-2026-26119)
In late January 2026, a malicious intruder accessed France’s national bank account registry, FICOBA, enabling them to view information tied to 1.2 million accounts, the Ministry of the Economy and Finance disclosed on Wednesday. TV5 Monde reported that… Continue reading Data on 1.2 million French bank accounts accessed in registry breach
A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 researchers discovered. “The vulnerability is present in the device’s … Continue reading Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329)
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines software since at least mid-2024, according to new research from Google’s threat intelligen… Continue reading China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
Threat actors have leveraged legitimate email notification feature of Atlassian Jira to deliver localized scam emails at scale. The emails From late December 2025 through late January 2026, victims were targeted with spam emails from legitimate-looking… Continue reading Scammers exploit trust in Atlassian Jira to target organizations
Threat actors have leveraged legitimate email notification feature of Atlassian Jira to deliver localized scam emails at scale. The emails From late December 2025 through late January 2026, victims were targeted with spam emails from legitimate-looking… Continue reading Scammers exploit trust in Atlassian Jira to target organizations