A newly documented Linux botnet dubbed SSHStalker is actively targeting cloud infrastructure, with a particular focus on Oracle Cloud instances. The campaign combines large-scale SSH credential brute-forcing, worm-like self-propagation and exploitation of outdated Linux kernel vulnerabilities to gain root access and establish a resilient foothold on compromised servers. New SSHStalker Linux botnet focuses on cloud … Read more

Buying used laptops, smartphones, routers, or smart home gadgets is increasingly coming with an unwanted extra: preinstalled malware that silently turns the device into a botnet node for DDoS attacks and other abuse. Under risk are not only traditional computers and phones, but also home routers, IP cameras, Android TV boxes, and a wide range … Read more

More than 500,000 VKontakte (VK) users have been exposed to a large-scale browser malware campaign dubbed VK Styles, according to Koi Security. The attackers used seemingly harmless Chrome extensions for interface customization to gain persistent control over VK accounts, silently subscribing victims to a promoted community, resetting settings, and building an infrastructure that could easily … Read more

SecurityScorecard has identified a critical exposure affecting the rapidly growing OpenClaw ecosystem: more than 220,000 OpenClaw instances are reachable directly from the public internet. Given the deep level of system integration typical for such AI agents, this exposure creates a significant new attack vector for both individual users and organizations. What OpenClaw Is and Why … Read more

A critical security flaw in the popular WPvivid Backup & Migration plugin for WordPress enables unauthenticated remote code execution (RCE) through arbitrary file upload. More than 900,000 WordPress sites using this backup and migration tool may be exposed if specific configuration conditions are met. Overview of CVE-2026-1357 in WPvivid Backup & Migration The vulnerability has … Read more

Security researchers have identified a new wave of ClickFix attacks targeting macOS, in which threat actors combine paid Google Ads with public Claude artifacts from Anthropic to distribute the MacSync infostealer. In one case tracked by Moonlock Lab, a single malicious Claude artifact attracted more than 15,600 views, underscoring the scale and reach of the … Read more

A new wave of offline phishing attacks is targeting owners of Trezor and Ledger hardware wallets. Instead of traditional scam emails, attackers are sending carefully crafted paper letters by regular mail, impersonating the security teams of these manufacturers. The objective is predictable — to trick users into revealing their seed phrases and fully compromise their … Read more

Google’s Threat Intelligence Group (GTIG) has published a detailed report describing how threat actors are systematically abusing the Gemini large language model (LLM) in real-world cyber operations. According to the findings, Gemini is being leveraged across the entire attack lifecycle — from reconnaissance and social engineering to infrastructure development and data exfiltration. A particularly concerning … Read more

Apple has released out-of-band security updates for iOS, iPadOS, macOS, tvOS, watchOS and visionOS to close a critical zero-day vulnerability tracked as CVE-2026-20700 in the dyld (Dynamic Link Editor) component. According to Apple, the flaw was already being leveraged in highly targeted, real-world attacks against a limited set of users and was identified by Google … Read more

Security analysts from Howler Cell have documented a large-scale malware distribution campaign that weaponizes pirated games and cracked commercial software. At the core of this operation is a new loader dubbed RenEngine, embedded into modified launchers for games built on the Ren’Py engine. According to telemetry from Kaspersky, the first samples in this infection chain … Read more