Posted inVulnerabilities
From Cybersecurity Help – Cyber Security Week in Review: January 30, 2026
In brief: Ivanti, Microsoft and Fortinet fix zero-days, eScan hit with a supply chain attack, and more. Read More
Posted inVulnerabilities
From Cybersecurity Help – Google disrupts one of the world’s largest residential proxy networks IPIDEA
In a separate development, US authorities have seized the dark web and clearnet domains of the RAMP cybercrime forum. Read More
Posted inVulnerabilities
From Cybersecurity Help – Russia-affiliated Electrum hackers linked to cyberattack on Polish power grid
Dragos assessed that Electrum works closely with another threat cluster Kamacite that focuses on initial access. Read More
Posted inVulnerabilities
From Cybersecurity Help – Fortinet begins rolling out fixes for critical FortiOS zero-day
The flaw (CVE-2026-24858) was actively exploited in the wild by two malicious FortiCloud accounts. Read More
Posted inVulnerabilities
From Cybersecurity Help – Recent WinRAR flaw now widely exploited by state hackers and cybercrime groups
The flaw, tracked as CVE-2025-8088, allows attackers to place malicious files on a victim’s system by tricking users into opening specially crafted RAR archives. Read More
Posted inVulnerabilities
From Cybersecurity Help – Indian government entities targeted in new Pakistan-linked cyber campaigns
The campaigns, dubbed ‘Gopher Strike’ and ‘Sheet Attack,’ were discovered in September 2025. Read More
Posted inVulnerabilities
From Cybersecurity Help – New Stanley MaaS pushes phishing via Chrome extensions
Stanley is marketed as an easy-to-use phishing platform that works by hijacking user navigation and overlaying a full-screen iframe with attacker-controlled content. Read More
Posted inVulnerabilities
From Cybersecurity Help – China-linked APT groups deploy PeckBirdy JScript-based framework
PeckBirdy is JScript-based, which allows it to run across different environments using legitimate system tools. Read More
Posted inVulnerabilities
From Cybersecurity Help – Malicious Chrome extensions masquerade as ChatGPT tools to steal user accounts
The extensions share a common mechanism that hijacks ChatGPT session authentication tokens and sends them to a third-party backend. Read More
Posted inVulnerabilities
From Cybersecurity Help – New ClickFix сampaign abuses Microsoft App-V to deliver Amatera infostealer
The attack begins with a fake CAPTCHA verification that instructs victims to manually paste and run a command using the Windows Run dialog. Read More
Posted inVulnerabilities
From Cybersecurity Help – Microsoft rolls out emergency fix for actively exploited Office zero-day
Patches are currently available for most supported versions, but updates for Office 2016 and Office 2019 have not yet been released. Read More
Posted inVulnerabilities
From Cybersecurity Help – Zimbra, VMware flaws actively exploited in the wild
CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Read More
Posted inVulnerabilities
From Cybersecurity Help – North Korean Konni hackers deploy AI-Generated PowerShell malware against blockchain devs
The attack chain begins with a Discord-hosted link that delivers a ZIP archive containing a PDF lure and a malicious Windows shortcut (LNK). Read More
Posted inVulnerabilities
From Cybersecurity Help – Multi-stage phishing campaign targets Russian users with Amnesia RAT and ransomware
The attack uses social engineering lures delivered via business-themed documents. Read More
Posted inVulnerabilities
From Cybersecurity Help – Russian Sandworm APT behind DynoWiper attack on Poland’s power grid
The attacks targeted two combined heat and power plants, as well as a system used to manage electricity generated from renewable sources. Read More