Microsoft Warns of DNS-Based ClickFix Attack Using Nslookup Microsoft has disclosed a new variant of the ClickFix social engineering attack that abuses DNS and the Windows nslookup utility to deliver malware. Instead of relying on traditional web downloads, attackers trick victims into running DNS queries that retrieve encoded malicious payloads. The technique allows threat actors […]

New Chrome Zero-Day (CVE-2026-2441) Under Active Exploitation Google has released an emergency security update to address CVE-2026-2441, a high-severity zero-day vulnerability in Chrome that is being actively exploited in the wild. The flaw stems from a use-after-free bug in the browser’s CSS engine, which can allow attackers to execute arbitrary code by tricking users into […]

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft Security researchers have uncovered a new mobile spyware platform called ZeroDayRAT, actively marketed on Telegram to cybercriminals. The malware targets both Android and iOS devices and offers real-time surveillance capabilities, including location tracking, keystroke logging, SMS interception, microphone and camera access, and credential harvesting. It […]

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers A new academic study looked at popular cloud-based password managers — including Bitwarden, Dashlane, and LastPass — to see if their “zero-knowledge” encryption held water when sent on rough seas. Researchers found 25 distinct attack vectors tied to password recovery and vault logic. Under […]

SolarWinds fixes four critical Web Help Desk flaws Summary SolarWinds patched four critical vulnerabilities in Web Help Desk that could enable unauthenticated remote code execution and data access. Users should apply the latest updates, restrict external exposure, and review logs for suspicious behaviour. Given prior supply-chain headlines, timely patching and network segmentation are essential. Help […]

Two Ivanti EPMM zero-day RCE flaws (actively exploited) Ivanti released fixes for two actively exploited zero-day RCE vulnerabilities in Endpoint Manager Mobile (EPMM), including CVE-2026-1281, now in CISA’s KEV. Impacted versions and mitigations are detailed by vendors and advisories; exploitation has been observed in the wild. Admins should patch urgently, restrict management interfaces, monitor logs […]

Malicious Chrome extensions steal data and ChatGPT tokens Researchers uncovered malicious Google Chrome extensions that hijack affiliate traffic, harvest data and even steal OpenAI ChatGPT tokens. Some impersonate HR/ERP tools (e.g., Workday/NetSuite) to increase trust, then exfiltrate cookies and credentials. Recommended actions include allowlisting, permission reviews, removing untrusted add-ons, and monitoring for suspicious extension activity […]

Mandiant: “ShinyHunters-style” vishing + SSO/MFA theft Google-owned Mandiant reports an expansion of tactics associated with “ShinyHunters” operations: vishing and victim-branded login pages to harvest SSO credentials and MFA codes, then raid SaaS apps and extort victims. The campaigns lean on believable phone calls, fake portals and quick token reuse to bypass defences. Recommended actions include […]

APT28 is poking Microsoft Office again—patch CVE-2026-21509 APT28 is exploiting CVE-2026-21509, a Microsoft Office security feature bypass. The group uses malicious RTF files to trigger the flaw and deliver either a dropper that installs an Outlook stealer (“MiniDoor”) or a loader that fetches a Covenant implant. Targets include organisations in Ukraine and parts of the […]